Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Security Tool

Started by VanDavies , Nov 12 2009 07:48 AM

  • This topic is locked This topic is locked
57 replies to this topic

#31 VanDavies

VanDavies

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 13 November 2009 - 09:23 PM

OK I've managed to run ComboFix in Normal mode without any interruption from Security Tool (which now seems to have gone) and this is the log:

ComboFix 09-11-14.01 - Keymar 14/11/2009 2:38..1 - FAT32x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.894.378 [GMT 0:00]
Running from: c:\users\Keymar\Desktop\ComboFix.exe
Command switches used :: c:\users\Keymar\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-2393766080-3187394018-3383541026-500
c:\$recycle.bin\S-1-5-21-899496415-1834721142-2599837188-500
c:\programdata\91415146.ini
c:\programdata\CrucialSoft Ltd
c:\programdata\tuwezune\tuwezune.dll
c:\users\Keymar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk
c:\users\Keymar\Desktop\Security Tool.lnk
c:\windows\system32\AutoRun.inf
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.

2009-11-14 02:53 . 2009-11-14 02:53 -------- d-----w- c:\users\Keymar\AppData\Local\temp
2009-11-14 02:53 . 2009-11-14 02:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-14 02:34 . 2009-11-14 02:35 24576 d-----w- C:\32788R22FWJFW
2009-11-13 23:16 . 2009-11-13 23:16 -------- d-----w- C:\_OTM
2009-11-13 23:14 . 2009-11-13 23:14 53248 d-----w- C:\Combo.com32719C
2009-11-13 22:52 . 2009-11-13 22:52 53248 d-----w- C:\Combo.com1757C
2009-11-13 22:51 . 2009-11-13 22:51 53248 d-----w- C:\Combo.com
2009-11-13 22:49 . 2009-11-13 22:49 53248 d-----w- C:\ComboFix.com
2009-11-10 22:52 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 22:51 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 12:15 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-10 12:15 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-11-10 12:15 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-11-10 12:15 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-22 15:18 . 2009-11-13 23:11 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-17 15:43 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-17 15:43 . 2009-08-27 14:02 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-17 15:38 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-17 15:38 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-17 15:35 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 02:54 . 2009-05-19 21:38 8192 d-----w- c:\program files\Steam
2009-11-14 01:47 . 2008-04-01 17:53 1356 ----a-w- c:\users\Keymar\AppData\Local\d3d9caps.dat
2009-11-14 01:02 . 2009-07-29 20:05 -------- d-----w- c:\programdata\tuwezune
2009-11-11 23:35 . 2009-05-19 21:39 -------- d-----w- c:\program files\Common Files\Steam
2009-11-11 18:32 . 2007-08-31 08:24 74752 ----a-w- c:\users\Keymar\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-11 03:23 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 03:16 . 2007-08-31 08:32 8192 d-----w- c:\programdata\Microsoft Help
2009-11-11 03:11 . 2007-08-31 08:36 4096 d-----w- c:\program files\Microsoft Works
2009-11-10 19:51 . 2008-04-01 10:00 4096 d-----w- c:\users\Keymar\AppData\Roaming\dvdcss
2009-10-29 10:28 . 2009-09-23 17:25 -------- d-----w- c:\programdata\huzedapi
2009-09-23 17:25 . 2009-06-23 17:25 88576 --sha-w- c:\programdata\fazudodo\fazudodo.dll
2009-09-23 17:25 . 2009-06-23 17:25 80384 ------w- c:\programdata\huzedapi\huzedapi.dll
2009-09-23 17:25 . 2009-09-23 17:25 -------- d-----w- c:\programdata\fazudodo
2009-09-23 17:24 . 2009-09-22 11:16 -------- d-----w- c:\programdata\jadelamo
2009-09-22 11:16 . 2009-06-22 11:16 87552 --sha-w- c:\programdata\pufikere\pufikere.dll
2009-09-22 11:16 . 2009-06-22 11:16 80384 ------w- c:\programdata\jadelamo\jadelamo.dll
2009-09-22 11:16 . 2009-09-22 11:16 -------- d-----w- c:\programdata\pufikere
2009-09-21 16:32 . 2009-06-21 16:32 88576 --sha-w- c:\programdata\hetudeba\hetudeba.dll
2009-09-21 16:32 . 2009-06-21 16:32 80384 --sha-w- c:\programdata\rutumene\rutumene.dll
2009-09-21 16:32 . 2009-09-21 16:32 -------- d-----w- c:\programdata\rutumene
2009-09-21 16:32 . 2009-09-21 16:32 -------- d-----w- c:\programdata\hetudeba
2009-09-21 04:32 . 2009-06-21 04:32 88576 --sha-w- c:\programdata\kavusopu\kavusopu.dll
2009-09-21 04:32 . 2009-06-21 04:32 80384 --sha-w- c:\programdata\juyanuma\juyanuma.dll
2009-09-21 04:32 . 2009-09-21 04:32 -------- d-----w- c:\programdata\kavusopu
2009-09-21 04:32 . 2009-09-21 04:32 -------- d-----w- c:\programdata\juyanuma
2009-09-20 14:40 . 2009-06-20 14:40 88576 --sha-w- c:\programdata\repeniyi\repeniyi.dll
2009-09-20 14:40 . 2009-06-20 14:40 80384 --sha-w- c:\programdata\tajonini\tajonini.dll
2009-09-20 14:40 . 2009-09-20 14:40 -------- d-----w- c:\programdata\tajonini
2009-09-20 14:40 . 2009-09-20 14:40 -------- d-----w- c:\programdata\repeniyi
2009-09-19 23:48 . 2008-05-27 18:23 -------- d-----w- c:\users\Keymar\AppData\Roaming\Microgaming
2009-09-19 23:22 . 2009-06-19 23:22 88064 --sha-w- c:\programdata\hokitoke\hokitoke.dll
2009-09-19 23:22 . 2009-06-19 23:22 80384 --sha-w- c:\programdata\jehitesu\jehitesu.dll
2009-09-19 23:22 . 2009-09-19 23:22 -------- d-----w- c:\programdata\jehitesu
2009-09-19 23:22 . 2009-09-19 23:22 -------- d-----w- c:\programdata\hokitoke
2009-09-19 11:43 . 2009-09-19 11:43 -------- d-----w- c:\users\Keymar\AppData\Roaming\SecondLife
2009-09-19 11:01 . 2009-06-19 11:01 88064 --sha-w- c:\programdata\yagedema\yagedema.dll
2009-09-19 11:01 . 2009-06-19 11:01 80384 --sha-w- c:\programdata\dofasube\dofasube.dll
2009-09-19 11:01 . 2009-09-19 11:01 -------- d-----w- c:\programdata\yagedema
2009-09-19 11:01 . 2009-09-19 11:01 -------- d-----w- c:\programdata\dofasube
2009-09-18 22:40 . 2009-06-18 22:40 80384 --sha-w- c:\programdata\vineviza\vineviza.dll
2009-09-18 22:40 . 2009-06-18 22:40 88576 --sha-w- c:\programdata\gisayesu\gisayesu.dll
2009-09-18 22:40 . 2009-09-18 22:40 -------- d-----w- c:\programdata\vineviza
2009-09-18 22:40 . 2009-09-18 22:40 -------- d-----w- c:\programdata\gisayesu
2009-09-18 08:39 . 2009-09-18 08:39 -------- d-----w- c:\programdata\yesobuje
2009-09-18 08:39 . 2009-06-18 08:39 89088 --sha-w- c:\programdata\yiyekubi\yiyekubi.dll
2009-09-18 08:39 . 2009-06-18 08:39 80384 --sha-w- c:\programdata\yesobuje\yesobuje.dll
2009-09-18 08:39 . 2009-09-18 08:39 -------- d-----w- c:\programdata\yiyekubi
2009-09-17 11:14 . 2009-09-17 10:03 -------- d-----w- c:\programdata\sekofeha
2009-09-17 10:03 . 2009-06-17 10:03 89088 --sha-w- c:\programdata\wakisoma\wakisoma.dll
2009-09-17 10:03 . 2009-06-17 10:03 80384 ------w- c:\programdata\sekofeha\sekofeha.dll
2009-09-17 10:03 . 2009-09-17 10:03 -------- d-----w- c:\programdata\wakisoma
2009-09-17 10:03 . 2009-06-17 10:03 89088 --sha-w- c:\programdata\nerurowe\nerurowe.dll
2009-09-17 10:03 . 2009-06-17 10:03 80384 --sha-w- c:\programdata\hebeliri\hebeliri.dll
2009-09-17 10:03 . 2009-09-17 10:03 -------- d-----w- c:\programdata\nerurowe
2009-09-17 10:03 . 2009-09-17 10:03 -------- d-----w- c:\programdata\hebeliri
2009-09-16 23:28 . 2009-06-16 23:28 88576 --sha-w- c:\programdata\bikesiza\bikesiza.dll
2009-09-16 23:28 . 2009-06-16 23:28 80384 --sha-w- c:\programdata\seluheyo\seluheyo.dll
2009-09-16 23:28 . 2009-09-16 23:28 -------- d-----w- c:\programdata\seluheyo
2009-09-16 23:28 . 2009-09-16 23:28 -------- d-----w- c:\programdata\bikesiza
2009-09-16 11:04 . 2009-09-16 11:04 -------- d-----w- c:\programdata\ganepuze
2009-09-16 11:04 . 2009-06-16 11:04 80384 --sha-w- c:\programdata\ganepuze\ganepuze.dll
2009-09-16 11:04 . 2009-06-16 11:04 88064 --sha-w- c:\programdata\sewezago\sewezago.dll
2009-09-16 11:04 . 2009-09-16 11:04 -------- d-----w- c:\programdata\sewezago
2009-09-15 16:38 . 2009-09-15 12:41 -------- d-----w- c:\programdata\samubivi
2009-09-15 12:41 . 2009-06-15 12:41 88576 --sha-w- c:\programdata\zodikebu\zodikebu.dll
2009-09-15 12:41 . 2009-06-15 12:41 80384 ------w- c:\programdata\samubivi\samubivi.dll
2009-09-15 12:41 . 2009-09-15 12:41 -------- d-----w- c:\programdata\zodikebu
2009-09-14 12:29 . 2009-06-14 12:29 89088 --sha-w- c:\programdata\gevayaya\gevayaya.dll
2009-09-14 12:29 . 2009-06-14 12:29 80384 --sha-w- c:\programdata\tamonudo\tamonudo.dll
2009-09-13 12:18 . 2009-06-13 12:18 80384 ------w- c:\programdata\buguroru\buguroru.dll
2009-09-13 12:18 . 2009-06-13 12:18 88064 --sha-w- c:\programdata\jubimiso\jubimiso.dll
2009-09-13 02:37 . 2009-06-13 02:37 80384 --sha-w- c:\programdata\lapoyepe\lapoyepe.dll
2009-09-13 02:37 . 2009-06-13 02:37 89088 --sha-w- c:\programdata\benosafi\benosafi.dll
2009-09-13 01:31 . 2009-06-13 01:31 89088 --sha-w- c:\programdata\vetujavo\vetujavo.dll
2009-09-13 01:31 . 2009-06-13 01:31 80384 --sha-w- c:\programdata\vepagini\vepagini.dll
2009-09-13 00:24 . 2009-06-13 00:24 80384 --sha-w- c:\programdata\podezowu\podezowu.dll
2009-09-13 00:24 . 2009-06-13 00:24 89088 --sha-w- c:\programdata\datefayu\datefayu.dll
2009-09-12 09:45 . 2009-06-12 09:45 88064 --sha-w- c:\programdata\yegofoju\yegofoju.dll
2009-09-12 09:45 . 2009-06-12 09:45 80384 --sha-w- c:\programdata\wavojami\wavojami.dll
2009-09-11 13:23 . 2009-06-11 13:23 89088 --sha-w- c:\programdata\bajapeze\bajapeze.dll
2009-09-11 13:23 . 2009-06-11 13:23 80384 --sha-w- c:\programdata\bivayoli\bivayoli.dll
2009-09-10 17:28 . 2009-06-10 17:28 88576 --sha-w- c:\programdata\vedoveze\vedoveze.dll
2009-09-10 17:28 . 2009-06-10 17:28 80384 --sha-w- c:\programdata\movedobo\movedobo.dll
2009-09-09 16:33 . 2009-06-09 16:33 89088 --sha-w- c:\programdata\yujukumi\yujukumi.dll
2009-09-09 16:33 . 2009-06-09 16:33 80384 ------w- c:\programdata\yiriyidi\yiriyidi.dll
2009-09-09 13:37 . 2009-06-09 13:37 89088 --sha-w- c:\programdata\gevesome\gevesome.dll
2009-09-09 13:37 . 2009-06-09 13:37 80384 --sha-w- c:\programdata\pizotoyo\pizotoyo.dll
2009-09-08 12:47 . 2009-06-08 12:47 89088 --sha-w- c:\programdata\kuyisose\kuyisose.dll
2009-09-08 12:47 . 2009-06-08 12:47 80384 --sha-w- c:\programdata\jupakofu\jupakofu.dll
2009-09-07 21:46 . 2009-06-07 21:46 88576 --sha-w- c:\programdata\sodimafe\sodimafe.dll
2009-09-07 21:46 . 2009-06-07 21:46 80384 ------w- c:\programdata\marewugo\marewugo.dll
2009-09-07 09:47 . 2009-06-07 09:47 80384 ------w- c:\programdata\minokeda\minokeda.dll
2009-09-07 09:47 . 2009-06-07 09:47 89088 --sha-w- c:\programdata\higiwate\higiwate.dll
2009-09-06 08:10 . 2009-06-06 08:10 88576 --sha-w- c:\programdata\simibomi\simibomi.dll
2009-09-06 08:10 . 2009-06-06 08:10 80384 --sha-w- c:\programdata\vawipayu\vawipayu.dll
2009-09-05 17:22 . 2009-06-05 17:22 88064 --sha-w- c:\programdata\tabupulu\tabupulu.dll
2009-09-05 17:22 . 2009-06-05 17:22 80384 ------w- c:\programdata\bubejebu\bubejebu.dll
2009-09-05 00:52 . 2009-06-05 00:52 80384 ------w- c:\programdata\yezuyaye\yezuyaye.dll
2009-09-05 00:52 . 2009-06-05 00:52 89088 --sha-w- c:\programdata\vuhosuga\vuhosuga.dll
2009-09-04 02:02 . 2009-06-04 02:02 88576 --sha-w- c:\programdata\roveyala\roveyala.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-24 1217808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-14 1006264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-01 3772416]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071212.002\IDSvix86.sys [12/12/2007 13:46 180272]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [24/10/2006 12:40 37008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-11-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-11-13 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Keymar.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{5B20AB85-1483-4A8C-A9EC-4E3B38E2DB85}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch...acker_url.pl?EN
TCP: {64269981-636F-4FAD-B04A-F32E57C2C26A} = 212.74.112.66,212.74.112.67
FF - ProfilePath - c:\users\Keymar\AppData\Roaming\Mozilla\Firefox\Profiles\7orh28pe.default\
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-pihekeyove - c:\programdata\tuwezune\tuwezune.dll
HKLM-Run-yomutujav - c:\progra~2\jojejure\jojejure.dll
SharedTaskScheduler-{6c334697-7c02-44c3-ba14-7b9a71dc0a10} - c:\progra~2\jojejure\jojejure.dll
SSODL-vapumubuw-{6c334697-7c02-44c3-ba14-7b9a71dc0a10} - c:\progra~2\jojejure\jojejure.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 02:53
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????????? ???H?????????????

scanning hidden files ...


c:\users\Keymar\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-11-14 03:00
ComboFix-quarantined-files.txt 2009-11-14 03:00

Pre-Run: 39,204,753,408 bytes free
Post-Run: 39,142,141,952 bytes free

- - End Of File - - 8EA2D592B52DCDAD3F71A9EB224A3E5C

    Advertisements

Register to Remove

#32 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 13 November 2009 - 10:14 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.whatthetech.com/Security_Tool_t108235.html&view=findpost&p=610548#entry610548

Collect::
c:\programdata\fazudodo\fazudodo.dll
c:\programdata\huzedapi\huzedapi.dll
c:\programdata\pufikere\pufikere.dll
c:\programdata\jadelamo\jadelamo.dll
c:\programdata\hetudeba\hetudeba.dll
c:\programdata\rutumene\rutumene.dll
c:\programdata\kavusopu\kavusopu.dll
c:\programdata\juyanuma\juyanuma.dll
c:\programdata\repeniyi\repeniyi.dll
c:\programdata\tajonini\tajonini.dll
c:\programdata\hokitoke\hokitoke.dll
c:\programdata\jehitesu\jehitesu.dll
c:\programdata\yagedema\yagedema.dll
c:\programdata\dofasube\dofasube.dll
c:\programdata\vineviza\vineviza.dll
c:\programdata\gisayesu\gisayesu.dll
c:\programdata\yiyekubi\yiyekubi.dll
c:\programdata\yesobuje\yesobuje.dll
c:\programdata\wakisoma\wakisoma.dll
c:\programdata\sekofeha\sekofeha.dll
c:\programdata\nerurowe\nerurowe.dll
c:\programdata\hebeliri\hebeliri.dll
c:\programdata\bikesiza\bikesiza.dll
c:\programdata\seluheyo\seluheyo.dll
c:\programdata\ganepuze\ganepuze.dll
c:\programdata\sewezago\sewezago.dll
c:\programdata\zodikebu\zodikebu.dll
c:\programdata\samubivi\samubivi.dll
c:\programdata\gevayaya\gevayaya.dll
c:\programdata\tamonudo\tamonudo.dll
c:\programdata\buguroru\buguroru.dll
c:\programdata\jubimiso\jubimiso.dll
c:\programdata\lapoyepe\lapoyepe.dll
c:\programdata\benosafi\benosafi.dll
c:\programdata\vetujavo\vetujavo.dll
c:\programdata\vepagini\vepagini.dll
c:\programdata\podezowu\podezowu.dll
c:\programdata\datefayu\datefayu.dll
c:\programdata\yegofoju\yegofoju.dll
c:\programdata\wavojami\wavojami.dll
c:\programdata\bajapeze\bajapeze.dll
c:\programdata\bivayoli\bivayoli.dll
c:\programdata\vedoveze\vedoveze.dll
c:\programdata\movedobo\movedobo.dll
c:\programdata\yujukumi\yujukumi.dll
c:\programdata\yiriyidi\yiriyidi.dll
c:\programdata\gevesome\gevesome.dll
c:\programdata\pizotoyo\pizotoyo.dll
c:\programdata\kuyisose\kuyisose.dll
c:\programdata\jupakofu\jupakofu.dll
c:\programdata\sodimafe\sodimafe.dll
c:\programdata\marewugo\marewugo.dll
c:\programdata\minokeda\minokeda.dll
c:\programdata\higiwate\higiwate.dll
c:\programdata\simibomi\simibomi.dll
c:\programdata\vawipayu\vawipayu.dll
c:\programdata\tabupulu\tabupulu.dll
c:\programdata\bubejebu\bubejebu.dll
c:\programdata\yezuyaye\yezuyaye.dll
c:\programdata\vuhosuga\vuhosuga.dll
c:\programdata\roveyala\roveyala.dll

Folder::
c:\programdata\tuwezune
c:\programdata\huzedapi
c:\programdata\fazudodo
c:\programdata\jadelamo
c:\programdata\pufikere
c:\programdata\rutumene
c:\programdata\hetudeba
c:\programdata\kavusopu
c:\programdata\juyanuma
c:\programdata\tajonini
c:\programdata\repeniyi
c:\programdata\jehitesu
c:\programdata\hokitoke
c:\programdata\yagedema
c:\programdata\dofasube
c:\programdata\vineviza
c:\programdata\gisayesu
c:\programdata\yesobuje
c:\programdata\yiyekubi
c:\programdata\sekofeha
c:\programdata\wakisoma
c:\programdata\nerurowe
c:\programdata\hebeliri
c:\programdata\seluheyo
c:\programdata\bikesiza
c:\programdata\ganepuze
c:\programdata\sewezago
c:\programdata\samubivi
c:\programdata\zodikebu

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.



NEXT

Please do the following:

Click Start then type cmd.exe in the Start Search window.
When cmd.exe populates in the Programs list, right click the entry and select 'Run as Administrator' to open an elevated command window.

then copy the contents of the code box and paste it into the command box

cd %userprofile%\desktop
dir c:\programdata /a:d >look.txt
start notepad look.txt
exit
cls

the command window will close and look.txt will open
post the contents of look.txt

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#33 VanDavies

VanDavies

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 14 November 2009 - 01:45 PM

It says cmd.exe cannot be found. I've tried searching just cmd and no .exe files come up. I've got the log from the ComboFix though if that helps?

#34 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 14 November 2009 - 02:48 PM

yes, please post the ComboFix log


what happens if you just type cmd into the Start search window?

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#35 VanDavies

VanDavies

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 14 November 2009 - 05:20 PM

Hi

This is the ComboFix log:


ComboFix 09-11-14.01 - Keymar 14/11/2009 19:04..1 - FAT32x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.894.325 [GMT 0:00]
Running from: c:\users\Keymar\Desktop\ComboFix.exe
Command switches used :: c:\users\Keymar\Desktop\ComboFix.exe c:\users\Keymar\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.

2009-11-14 19:19 . 2009-11-14 19:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-14 19:19 . 2009-11-14 19:19 -------- d-----w- c:\users\Keymar\AppData\Local\temp
2009-11-14 19:19 . 2009-11-14 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-14 18:59 . 2009-11-14 18:59 -------- d-----w- C:\32788R22FWJFW
2009-11-14 17:02 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-14 17:02 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-14 17:02 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-14 17:02 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-14 17:00 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-14 17:00 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-13 23:16 . 2009-11-13 23:16 -------- d-----w- C:\_OTM
2009-11-13 23:14 . 2009-11-13 23:14 -------- d-----w- C:\Combo.com32719C
2009-11-13 22:52 . 2009-11-13 22:52 -------- d-----w- C:\Combo.com1757C
2009-11-13 22:51 . 2009-11-13 22:51 -------- d-----w- C:\Combo.com
2009-11-13 22:49 . 2009-11-13 22:49 -------- d-----w- C:\ComboFix.com
2009-11-10 22:52 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 22:51 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 12:15 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-10 12:15 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-11-10 12:15 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-11-10 12:15 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-22 15:18 . 2009-11-14 03:11 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-17 15:43 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-17 15:43 . 2009-08-27 14:02 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-17 15:38 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-17 15:38 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-17 15:35 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 18:50 . 2009-05-19 21:38 8192 d-----w- c:\program files\Steam
2009-11-14 01:47 . 2008-04-01 17:53 1356 ----a-w- c:\users\Keymar\AppData\Local\d3d9caps.dat
2009-11-14 01:02 . 2009-07-29 20:05 -------- d-----w- c:\programdata\tuwezune
2009-11-11 23:35 . 2009-05-19 21:39 -------- d-----w- c:\program files\Common Files\Steam
2009-11-11 18:32 . 2007-08-31 08:24 74752 ----a-w- c:\users\Keymar\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-11 03:23 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 03:16 . 2007-08-31 08:32 8192 d-----w- c:\programdata\Microsoft Help
2009-11-11 03:11 . 2007-08-31 08:36 4096 d-----w- c:\program files\Microsoft Works
2009-11-10 19:51 . 2008-04-01 10:00 4096 d-----w- c:\users\Keymar\AppData\Roaming\dvdcss
2009-10-29 10:28 . 2009-09-23 17:25 -------- d-----w- c:\programdata\huzedapi
2009-09-23 17:25 . 2009-06-23 17:25 88576 --sha-w- c:\programdata\fazudodo\fazudodo.dll
2009-09-23 17:25 . 2009-06-23 17:25 80384 ------w- c:\programdata\huzedapi\huzedapi.dll
2009-09-23 17:25 . 2009-09-23 17:25 -------- d-----w- c:\programdata\fazudodo
2009-09-23 17:24 . 2009-09-22 11:16 -------- d-----w- c:\programdata\jadelamo
2009-09-22 11:16 . 2009-06-22 11:16 87552 --sha-w- c:\programdata\pufikere\pufikere.dll
2009-09-22 11:16 . 2009-06-22 11:16 80384 ------w- c:\programdata\jadelamo\jadelamo.dll
2009-09-22 11:16 . 2009-09-22 11:16 -------- d-----w- c:\programdata\pufikere
2009-09-21 16:32 . 2009-06-21 16:32 88576 --sha-w- c:\programdata\hetudeba\hetudeba.dll
2009-09-21 16:32 . 2009-06-21 16:32 80384 --sha-w- c:\programdata\rutumene\rutumene.dll
2009-09-21 16:32 . 2009-09-21 16:32 -------- d-----w- c:\programdata\rutumene
2009-09-21 16:32 . 2009-09-21 16:32 -------- d-----w- c:\programdata\hetudeba
2009-09-21 04:32 . 2009-06-21 04:32 88576 --sha-w- c:\programdata\kavusopu\kavusopu.dll
2009-09-21 04:32 . 2009-06-21 04:32 80384 --sha-w- c:\programdata\juyanuma\juyanuma.dll
2009-09-21 04:32 . 2009-09-21 04:32 -------- d-----w- c:\programdata\kavusopu
2009-09-21 04:32 . 2009-09-21 04:32 -------- d-----w- c:\programdata\juyanuma
2009-09-20 14:40 . 2009-06-20 14:40 88576 --sha-w- c:\programdata\repeniyi\repeniyi.dll
2009-09-20 14:40 . 2009-06-20 14:40 80384 --sha-w- c:\programdata\tajonini\tajonini.dll
2009-09-20 14:40 . 2009-09-20 14:40 -------- d-----w- c:\programdata\tajonini
2009-09-20 14:40 . 2009-09-20 14:40 -------- d-----w- c:\programdata\repeniyi
2009-09-19 23:48 . 2008-05-27 18:23 -------- d-----w- c:\users\Keymar\AppData\Roaming\Microgaming
2009-09-19 23:22 . 2009-06-19 23:22 88064 --sha-w- c:\programdata\hokitoke\hokitoke.dll
2009-09-19 23:22 . 2009-06-19 23:22 80384 --sha-w- c:\programdata\jehitesu\jehitesu.dll
2009-09-19 23:22 . 2009-09-19 23:22 -------- d-----w- c:\programdata\jehitesu
2009-09-19 23:22 . 2009-09-19 23:22 -------- d-----w- c:\programdata\hokitoke
2009-09-19 11:43 . 2009-09-19 11:43 -------- d-----w- c:\users\Keymar\AppData\Roaming\SecondLife
2009-09-19 11:01 . 2009-06-19 11:01 88064 --sha-w- c:\programdata\yagedema\yagedema.dll
2009-09-19 11:01 . 2009-06-19 11:01 80384 --sha-w- c:\programdata\dofasube\dofasube.dll
2009-09-19 11:01 . 2009-09-19 11:01 -------- d-----w- c:\programdata\yagedema
2009-09-19 11:01 . 2009-09-19 11:01 -------- d-----w- c:\programdata\dofasube
2009-09-18 22:40 . 2009-06-18 22:40 80384 --sha-w- c:\programdata\vineviza\vineviza.dll
2009-09-18 22:40 . 2009-06-18 22:40 88576 --sha-w- c:\programdata\gisayesu\gisayesu.dll
2009-09-18 22:40 . 2009-09-18 22:40 -------- d-----w- c:\programdata\vineviza
2009-09-18 22:40 . 2009-09-18 22:40 -------- d-----w- c:\programdata\gisayesu
2009-09-18 08:39 . 2009-09-18 08:39 -------- d-----w- c:\programdata\yesobuje
2009-09-18 08:39 . 2009-06-18 08:39 89088 --sha-w- c:\programdata\yiyekubi\yiyekubi.dll
2009-09-18 08:39 . 2009-06-18 08:39 80384 --sha-w- c:\programdata\yesobuje\yesobuje.dll
2009-09-18 08:39 . 2009-09-18 08:39 -------- d-----w- c:\programdata\yiyekubi
2009-09-17 11:14 . 2009-09-17 10:03 -------- d-----w- c:\programdata\sekofeha
2009-09-17 10:03 . 2009-06-17 10:03 89088 --sha-w- c:\programdata\wakisoma\wakisoma.dll
2009-09-17 10:03 . 2009-06-17 10:03 80384 ------w- c:\programdata\sekofeha\sekofeha.dll
2009-09-17 10:03 . 2009-09-17 10:03 -------- d-----w- c:\programdata\wakisoma
2009-09-17 10:03 . 2009-06-17 10:03 89088 --sha-w- c:\programdata\nerurowe\nerurowe.dll
2009-09-17 10:03 . 2009-06-17 10:03 80384 --sha-w- c:\programdata\hebeliri\hebeliri.dll
2009-09-17 10:03 . 2009-09-17 10:03 -------- d-----w- c:\programdata\nerurowe
2009-09-17 10:03 . 2009-09-17 10:03 -------- d-----w- c:\programdata\hebeliri
2009-09-16 23:28 . 2009-06-16 23:28 88576 --sha-w- c:\programdata\bikesiza\bikesiza.dll
2009-09-16 23:28 . 2009-06-16 23:28 80384 --sha-w- c:\programdata\seluheyo\seluheyo.dll
2009-09-16 23:28 . 2009-09-16 23:28 -------- d-----w- c:\programdata\seluheyo
2009-09-16 23:28 . 2009-09-16 23:28 -------- d-----w- c:\programdata\bikesiza
2009-09-16 11:04 . 2009-09-16 11:04 -------- d-----w- c:\programdata\ganepuze
2009-09-16 11:04 . 2009-06-16 11:04 80384 --sha-w- c:\programdata\ganepuze\ganepuze.dll
2009-09-16 11:04 . 2009-06-16 11:04 88064 --sha-w- c:\programdata\sewezago\sewezago.dll
2009-09-16 11:04 . 2009-09-16 11:04 -------- d-----w- c:\programdata\sewezago
2009-09-15 12:41 . 2009-06-15 12:41 88576 --sha-w- c:\programdata\zodikebu\zodikebu.dll
2009-09-15 12:41 . 2009-06-15 12:41 80384 ------w- c:\programdata\samubivi\samubivi.dll
2009-09-14 12:29 . 2009-06-14 12:29 89088 --sha-w- c:\programdata\gevayaya\gevayaya.dll
2009-09-14 12:29 . 2009-06-14 12:29 80384 --sha-w- c:\programdata\tamonudo\tamonudo.dll
2009-09-13 12:18 . 2009-06-13 12:18 80384 ------w- c:\programdata\buguroru\buguroru.dll
2009-09-13 12:18 . 2009-06-13 12:18 88064 --sha-w- c:\programdata\jubimiso\jubimiso.dll
2009-09-13 02:37 . 2009-06-13 02:37 80384 --sha-w- c:\programdata\lapoyepe\lapoyepe.dll
2009-09-13 02:37 . 2009-06-13 02:37 89088 --sha-w- c:\programdata\benosafi\benosafi.dll
2009-09-13 01:31 . 2009-06-13 01:31 89088 --sha-w- c:\programdata\vetujavo\vetujavo.dll
2009-09-13 01:31 . 2009-06-13 01:31 80384 --sha-w- c:\programdata\vepagini\vepagini.dll
2009-09-13 00:24 . 2009-06-13 00:24 80384 --sha-w- c:\programdata\podezowu\podezowu.dll
2009-09-13 00:24 . 2009-06-13 00:24 89088 --sha-w- c:\programdata\datefayu\datefayu.dll
2009-09-12 09:45 . 2009-06-12 09:45 88064 --sha-w- c:\programdata\yegofoju\yegofoju.dll
2009-09-12 09:45 . 2009-06-12 09:45 80384 --sha-w- c:\programdata\wavojami\wavojami.dll
2009-09-11 13:23 . 2009-06-11 13:23 89088 --sha-w- c:\programdata\bajapeze\bajapeze.dll
2009-09-11 13:23 . 2009-06-11 13:23 80384 --sha-w- c:\programdata\bivayoli\bivayoli.dll
2009-09-10 17:28 . 2009-06-10 17:28 88576 --sha-w- c:\programdata\vedoveze\vedoveze.dll
2009-09-10 17:28 . 2009-06-10 17:28 80384 --sha-w- c:\programdata\movedobo\movedobo.dll
2009-09-09 16:33 . 2009-06-09 16:33 89088 --sha-w- c:\programdata\yujukumi\yujukumi.dll
2009-09-09 16:33 . 2009-06-09 16:33 80384 ------w- c:\programdata\yiriyidi\yiriyidi.dll
2009-09-09 13:37 . 2009-06-09 13:37 89088 --sha-w- c:\programdata\gevesome\gevesome.dll
2009-09-09 13:37 . 2009-06-09 13:37 80384 --sha-w- c:\programdata\pizotoyo\pizotoyo.dll
2009-09-08 12:47 . 2009-06-08 12:47 89088 --sha-w- c:\programdata\kuyisose\kuyisose.dll
2009-09-08 12:47 . 2009-06-08 12:47 80384 --sha-w- c:\programdata\jupakofu\jupakofu.dll
2009-09-07 21:46 . 2009-06-07 21:46 88576 --sha-w- c:\programdata\sodimafe\sodimafe.dll
2009-09-07 21:46 . 2009-06-07 21:46 80384 ------w- c:\programdata\marewugo\marewugo.dll
2009-09-07 09:47 . 2009-06-07 09:47 80384 ------w- c:\programdata\minokeda\minokeda.dll
2009-09-07 09:47 . 2009-06-07 09:47 89088 --sha-w- c:\programdata\higiwate\higiwate.dll
2009-09-06 08:10 . 2009-06-06 08:10 88576 --sha-w- c:\programdata\simibomi\simibomi.dll
2009-09-06 08:10 . 2009-06-06 08:10 80384 --sha-w- c:\programdata\vawipayu\vawipayu.dll
2009-09-05 17:22 . 2009-06-05 17:22 88064 --sha-w- c:\programdata\tabupulu\tabupulu.dll
2009-09-05 17:22 . 2009-06-05 17:22 80384 ------w- c:\programdata\bubejebu\bubejebu.dll
2009-09-05 00:52 . 2009-06-05 00:52 80384 ------w- c:\programdata\yezuyaye\yezuyaye.dll
2009-09-05 00:52 . 2009-06-05 00:52 89088 --sha-w- c:\programdata\vuhosuga\vuhosuga.dll
2009-09-04 02:02 . 2009-06-04 02:02 88576 --sha-w- c:\programdata\roveyala\roveyala.dll
2009-09-04 02:02 . 2009-06-04 02:02 80384 --sha-w- c:\programdata\mevopupe\mevopupe.dll
2009-09-03 14:02 . 2009-06-03 14:02 80384 ------w- c:\programdata\sahanudi\sahanudi.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-14_02.53.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-14 17:02 . 2009-08-07 02:24 44768 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wups2.dll
+ 2009-11-14 17:02 . 2009-08-07 02:24 53472 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe
+ 2009-11-14 17:00 . 2009-08-06 18:44 33792 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuapp.exe
+ 2009-11-14 17:01 . 2009-08-07 02:24 35552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wups.dll
+ 2009-11-14 17:01 . 2009-08-07 01:44 87552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wudriver.dll
- 2006-12-20 11:57 . 2009-11-14 01:52 45958 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-12-20 11:57 . 2009-11-14 03:16 45958 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-11-14 03:16 53490 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-08-31 08:26 . 2009-11-14 03:16 10816 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4180222272-2330032099-3635075793-1000_UserData.bin
- 2007-08-31 08:20 . 2009-11-14 02:50 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-08-31 08:20 . 2009-11-14 18:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-14 01:55 . 2009-11-14 18:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-14 01:55 . 2009-11-14 02:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-31 08:20 . 2009-11-14 02:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-08-31 08:20 . 2009-11-14 18:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-06 19:23 . 2009-08-06 19:23 73288 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2009-11-14 01:49 . 2009-11-14 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-14 03:12 . 2009-11-14 03:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-14 03:12 . 2009-11-14 03:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-14 01:49 . 2009-11-14 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-14 17:00 . 2009-08-06 19:23 171608 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuwebv.dll
+ 2009-11-14 17:01 . 2009-08-07 02:23 575704 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wuapi.dll
+ 2007-08-31 08:56 . 2009-11-14 18:49 350820 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-11-14 17:02 . 2009-08-07 01:45 2421760 c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.4.7600.226_none_672645e7fba0c4cc\wucltux.dll
+ 2009-11-14 17:02 . 2009-08-07 02:23 1929952 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuaueng.dll
+ 2006-11-02 10:22 . 2009-11-14 17:05 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-11-11 03:27 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-12-13 03:22 . 2009-11-13 23:11 1157528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-12-13 03:22 . 2009-11-14 03:11 1157528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-11-14 19:02 . 2009-11-14 19:02 6115328 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-05-30 02:03 . 2009-11-14 17:03 174907474 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-24 1217808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-14 1006264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-01 3772416]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071212.002\IDSvix86.sys [12/12/2007 13:46 180272]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [24/10/2006 12:40 37008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-11-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-11-13 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Keymar.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{5B20AB85-1483-4A8C-A9EC-4E3B38E2DB85}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch...acker_url.pl?EN
TCP: {64269981-636F-4FAD-B04A-F32E57C2C26A} = 212.74.112.66,212.74.112.67
FF - ProfilePath - c:\users\Keymar\AppData\Roaming\Mozilla\Firefox\Profiles\7orh28pe.default\
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????????? ???H?????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-11-14 19:25
ComboFix-quarantined-files.txt 2009-11-14 19:25
ComboFix2.txt 2009-11-14 03:00

Pre-Run: 39,347,384,320 bytes free
Post-Run: 39,316,938,752 bytes free

- - End Of File - - DBAF0404D3BAF839132E8BB65F7FB1D0







If I just type in cmd it comes up with a load of .cmd files. I alphabetised it so I could look for cmd.exe but it wasn't there.

#36 VanDavies

VanDavies

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 14 November 2009 - 05:28 PM

OK I searched the net on how to find cmd and I found it in C>Windows>System32 so I'll carry out the steps you mentioned above now.

#37 VanDavies

VanDavies

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 14 November 2009 - 05:31 PM

OK look.txt comes back with this: Volume in drive C is Vista Volume Serial Number is A065-55DF Directory of c:\programdata 14/11/2009 01:02 <DIR> . 14/11/2009 01:02 <DIR> .. 13/06/2009 11:53 <DIR> 11405154 12/06/2009 20:00 <DIR> 91415146 20/12/2006 13:01 <DIR> Adobe 27/05/2008 18:07 <DIR> Apple 27/05/2008 18:26 <DIR> Apple Computer 02/11/2006 12:59 <JUNCTION> Application Data [C:\ProgramData] 13/06/2009 12:02 <DIR> avg8 11/09/2009 13:23 <DIR> bajapeze 05/06/2009 20:18 <DIR> balakago 15/08/2009 09:11 <DIR> barapira 10/07/2009 23:03 <DIR> bawepuve 27/07/2009 13:36 <DIR> bawezada 17/08/2009 08:02 <DIR> bawiwoge 29/07/2009 08:04 <DIR> bayitite 16/06/2009 10:11 <DIR> bazigiza 24/05/2009 07:54 <DIR> bejeturo 07/07/2009 00:39 <DIR> bejuhegu 13/09/2009 02:37 <DIR> benosafi 03/06/2009 00:30 <DIR> besazeko 13/05/2009 18:03 <DIR> besoraza 11/07/2009 12:00 <DIR> bewanayi 13/05/2009 05:55 <DIR> bewihafu 07/07/2009 00:39 <DIR> bewohuze 05/08/2009 19:28 <DIR> bifopeku 03/06/2009 00:52 <DIR> bifuholu 28/06/2009 22:36 <DIR> bihopani 27/08/2009 12:05 <DIR> bikehana 16/09/2009 23:28 <DIR> bikesiza 28/07/2009 16:31 <DIR> binapido 11/09/2009 13:45 <DIR> bivayoli 23/06/2009 10:34 <DIR> biwejube 13/05/2009 18:03 <DIR> biyibipa 29/07/2009 08:04 <DIR> bofigaro 29/07/2009 20:05 <DIR> borogino 13/07/2009 19:39 <DIR> bowekano 31/05/2009 10:26 <DIR> boyapade 15/07/2009 20:15 <DIR> bozehuka 05/09/2009 17:44 <DIR> bubejebu 14/08/2009 12:43 <DIR> buduwito 14/09/2009 12:29 <DIR> buguroru 31/08/2009 18:18 <DIR> buhabova 27/05/2009 11:09 <DIR> burujetu 09/05/2009 23:26 <DIR> buyimoza 14/05/2009 18:14 <DIR> buzokike 14/05/2009 18:36 <DIR> buzutewu 11/03/2009 10:31 <DIR> Channel4 21/06/2009 15:34 <DIR> dabesori 22/05/2009 10:12 <DIR> dabivomi 10/06/2009 08:12 <DIR> dafavidi 21/06/2009 15:12 <DIR> dahesefu 29/08/2009 18:01 <DIR> dahovifo 13/09/2009 00:24 <DIR> datefayu 03/07/2009 12:37 <DIR> davujapu 29/07/2009 08:04 <DIR> dayeromu 17/08/2009 20:02 <DIR> defumave 12/06/2009 08:22 <DIR> deneloyu 02/11/2006 12:59 <JUNCTION> Desktop [C:\Users\Public\Desktop] 25/06/2009 10:34 <DIR> deteboje 20/05/2009 10:13 <DIR> deyegeri 11/05/2009 17:27 <DIR> deyohapo 23/08/2009 14:22 <DIR> difeyeka 26/05/2009 23:09 <DIR> difusibu 10/06/2009 07:51 <DIR> dimugone 14/05/2009 05:55 <DIR> dipawobu 26/07/2009 14:48 <DIR> dirazuno 21/06/2009 15:11 <DIR> diwumohi 04/07/2009 00:37 <DIR> diwunoza 19/07/2009 21:36 <DIR> diwuzisi 02/11/2006 12:59 <JUNCTION> Documents [C:\Users\Public\Documents] 19/09/2009 11:01 <DIR> dofasube 02/09/2009 16:40 <DIR> dologemo 03/06/2009 13:42 <DIR> dotakato 14/05/2009 10:30 <DIR> dugazuli 05/08/2009 19:33 <DIR> duhekuwe 11/05/2009 17:27 <DIR> dujotaro 09/06/2009 08:13 <DIR> dumiweja 06/08/2009 21:21 <DIR> dupulabe 25/06/2009 10:34 <DIR> durovuwi 27/06/2009 10:35 <DIR> dusorika 11/08/2009 10:04 <DIR> fagafeyo 03/06/2009 13:20 <DIR> fapasile 29/07/2009 20:04 <DIR> fasunoza 02/11/2006 12:59 <JUNCTION> Favorites [C:\Users\Public\Favorites] 23/09/2009 17:25 <DIR> fazudodo 31/07/2009 22:57 <DIR> fekelida 01/06/2009 23:57 <DIR> felehuta 17/05/2009 16:40 <DIR> feruyodu 10/06/2009 19:52 <DIR> fesewabo 08/07/2009 00:39 <DIR> fetawife 16/07/2009 11:37 <DIR> fetepopi 18/07/2009 09:36 <DIR> fewovaka 07/06/2009 10:59 <DIR> fezemiri 25/05/2009 23:10 <DIR> fidevuza 12/08/2009 11:16 <DIR> fifoveto 05/08/2009 18:16 <DIR> fihanuwu 28/05/2009 22:25 <DIR> fikineju 30/08/2009 16:22 <DIR> fipejaju 18/07/2009 21:57 <DIR> firovopa 11/06/2009 08:00 <DIR> fiseziju 11/07/2009 08:49 <DIR> fivewapo 29/06/2009 10:36 <DIR> fiwatiho 21/06/2009 16:19 <DIR> fiwipivu 06/08/2009 21:21 <DIR> fiyugale 19/06/2009 09:18 <DIR> fomopopi 16/05/2009 09:11 <DIR> forikede 29/05/2009 22:26 <DIR> fowoluye 25/05/2009 23:09 <DIR> foyibaga 26/07/2009 00:41 <DIR> fufuvavi 15/08/2009 21:11 <DIR> fulifapu 24/05/2009 21:08 <DIR> fumubupo 14/06/2009 10:44 <DIR> fupizaho 16/07/2009 23:37 <DIR> gabiwela 28/08/2009 00:05 <DIR> gademoma 13/07/2009 07:40 <DIR> gadenodi 31/07/2009 22:57 <DIR> gagupara 17/06/2009 07:34 <DIR> gamemuzo 24/06/2009 10:34 <DIR> gamuduji 02/08/2009 00:15 <DIR> ganazoba 16/09/2009 11:04 <DIR> ganepuze 09/06/2009 20:12 <DIR> gawopaji 17/06/2009 07:34 <DIR> gehufuwu 18/05/2009 21:01 <DIR> gekujedo 11/08/2009 22:04 <DIR> geriyoyi 27/06/2009 10:35 <DIR> gesomuya 30/05/2009 10:47 <DIR> getareku 14/09/2009 12:29 <DIR> gevayaya 09/09/2009 13:37 <DIR> gevesome 03/08/2009 14:38 <DIR> gezufoku 05/08/2009 19:32 <DIR> gidemuwo 06/08/2009 21:21 <DIR> gijumigi 11/08/2009 20:45 <DIR> gikiyati 14/08/2009 12:43 <DIR> gikokigu 14/07/2009 11:30 <DIR> gikuvadi 15/07/2009 10:29 <DIR> giludeye 10/07/2009 20:49 <DIR> gipafobi 27/07/2009 13:36 <DIR> gipalapo 16/08/2009 15:39 <DIR> gipoporo 18/09/2009 22:40 <DIR> gisayesu 27/08/2009 18:20 <DIR> gokenaba 03/06/2009 14:27 <DIR> gorumeko 27/07/2009 13:35 <DIR> goyusodo 14/07/2009 17:03 <DIR> gupehimu 08/07/2009 07:55 <DIR> guresoso 02/07/2009 00:37 <DIR> gutebiva 10/06/2009 19:52 <DIR> guzubite 28/05/2009 22:25 <DIR> hahegizi 24/08/2009 22:14 <DIR> hajigeme 20/06/2009 14:52 <DIR> hajimaji 17/08/2009 08:03 <DIR> hajobeso 09/06/2009 19:51 <DIR> halobego 17/09/2009 10:03 <DIR> hebeliri 21/09/2009 16:32 <DIR> hetudeba 09/01/2008 17:30 <DIR> Hewlett-Packard 18/06/2009 09:21 <DIR> heyajele 07/09/2009 09:47 <DIR> higiwate 27/07/2009 13:35 <DIR> hijogiyo 25/07/2009 12:41 <DIR> himafiru 03/06/2009 00:52 <DIR> himivido 24/08/2009 10:07 <DIR> hipatade 17/05/2009 16:40 <DIR> hizajite 21/05/2009 10:12 <DIR> hohihosa 19/09/2009 23:22 <DIR> hokitoke 06/07/2009 12:39 <DIR> holomoha 09/05/2009 23:26 <DIR> hominide 19/05/2009 20:48 <DIR> hopalusa 28/05/2009 10:26 <DIR> hopeheko 18/06/2009 09:21 <DIR> hovisevo 18/06/2009 21:18 <DIR> hovivuyi 09/01/2008 17:34 <DIR> HP 09/01/2008 17:20 <DIR> HP Product Assistant 09/01/2008 17:24 <DIR> HPSSUPPLY 14/06/2009 10:44 <DIR> hufazone 27/07/2009 13:36 <DIR> hujusiyo 19/05/2009 08:47 <DIR> hukasize 07/06/2009 22:58 <DIR> husekezu 29/10/2009 10:28 <DIR> huzedapi 12/05/2009 06:09 <DIR> jabinosi 23/09/2009 17:24 <DIR> jadelamo 23/05/2009 17:52 <DIR> jagubeve 09/08/2009 13:36 <DIR> jaguresu 03/07/2009 00:37 <DIR> jajidipe 04/06/2009 08:18 <DIR> jamagiro 03/06/2009 15:11 <DIR> janazizi 19/09/2009 23:22 <DIR> jehitesu 13/06/2009 10:21 <DIR> jeniguju 18/08/2009 12:23 <DIR> jepegaki 30/05/2009 22:48 <DIR> jesifewu 21/06/2009 16:19 <DIR> jetemegu 14/05/2009 18:59 <DIR> jezihibi 14/05/2009 21:11 <DIR> jifitavi 10/07/2009 20:49 <DIR> jigolova 18/05/2009 08:43 <DIR> jikofogo 01/08/2009 11:17 <DIR> jimetizi 02/09/2009 16:40 <DIR> jimikenu 22/05/2009 22:12 <DIR> jitusisi 04/06/2009 20:39 <DIR> jobepoho 11/05/2009 05:27 <DIR> jobunane 13/09/2009 12:18 <DIR> jubimiso 19/06/2009 23:19 <DIR> jufiroka 22/06/2009 22:33 <DIR> jufodolu 25/08/2009 11:54 <DIR> julapato 30/07/2009 20:54 <DIR> jumaruri 08/09/2009 13:50 <DIR> jupakofu 19/06/2009 23:19 <DIR> jutivomu 22/06/2009 10:34 <DIR> juvewesi 21/09/2009 04:32 <DIR> juyanuma 22/05/2009 10:12 <DIR> kaduyito 08/07/2009 12:39 <DIR> kafiseri 12/08/2009 11:15 <DIR> kalumufe 29/07/2009 20:05 <DIR> kasofuku 21/09/2009 04:32 <DIR> kavusopu 05/06/2009 08:40 <DIR> kazigite 01/09/2009 16:37 <DIR> kedojodu 02/07/2009 00:37 <DIR> kegabuya 19/07/2009 21:57 <DIR> kemifave 06/08/2009 09:18 <DIR> kenetuto 01/06/2009 11:30 <DIR> kewujumo 15/06/2009 07:50 <DIR> keyerozi 21/05/2009 10:12 <DIR> kezisimi 24/07/2009 12:40 <DIR> kigoleki 27/07/2009 13:35 <DIR> kinikegu 29/07/2009 08:04 <DIR> kogopohu 10/08/2009 10:05 <DIR> konikawa 05/08/2009 19:28 <DIR> koreriya 08/07/2009 12:39 <DIR> kotefale 30/06/2009 22:36 <DIR> kovemivu 15/06/2009 07:52 <DIR> kuboyepu 30/07/2009 08:53 <DIR> kugobiri 01/06/2009 23:35 <DIR> kuherono 11/08/2009 10:04 <DIR> kukemigi 22/06/2009 10:33 <DIR> kutajive 08/09/2009 12:47 <DIR> kuyisose 06/07/2009 00:39 <DIR> lajikowa 13/06/2009 23:06 <DIR> lamufute 13/09/2009 02:37 <DIR> lapoyepe 17/12/2007 21:10 <DIR> Lavasoft 19/08/2009 20:01 <DIR> ledagoho 15/06/2009 19:50 <DIR> lelujazo 26/05/2009 23:09 <DIR> lenojamo 09/07/2009 15:10 <DIR> lesakohe 14/05/2009 05:56 <DIR> lesatiza 11/05/2009 22:51 <DIR> leselehu 26/08/2009 12:05 <DIR> levegahe 07/07/2009 12:39 <DIR> levonupo 18/05/2009 21:23 <DIR> lifobuju 06/08/2009 21:22 <DIR> lipibefu 21/06/2009 20:22 <DIR> lirayebi 27/07/2009 13:36 <DIR> litukive 03/06/2009 13:20 <DIR> lizatayi 19/06/2009 09:18 <DIR> lobuwane 22/05/2009 22:12 <DIR> lodiluve 10/04/2008 14:43 <DIR> Logishrd 10/04/2008 14:21 <DIR> Logitech 29/07/2009 08:04 <DIR> lolozima 20/05/2009 22:12 <DIR> loranana 12/06/2009 08:00 <DIR> losedega 18/06/2009 21:20 <DIR> loyanimi 17/07/2009 00:08 <DIR> lulilupa 27/07/2009 13:36 <DIR> luyazapi 25/07/2009 12:41 <DIR> madureyu 19/06/2009 09:18 <DIR> mahitale 18/05/2009 08:43 <DIR> majobonu 20/06/2009 14:53 <DIR> malepeso 07/09/2009 22:07 <DIR> marewugo 17/07/2009 19:29 <DIR> marojibe 20/05/2009 10:12 <DIR> matiwize 21/06/2009 20:21 <DIR> matuyamu 07/08/2009 09:22 <DIR> mavohawa 11/08/2009 22:04 <DIR> mayivoro 19/05/2009 21:53 <DIR> Media Center Programs 15/06/2009 07:50 <DIR> mefapiga 21/05/2009 22:12 <DIR> megejiwe 24/05/2009 07:53 <DIR> mejonivo 25/06/2009 22:34 <DIR> mejutoti 07/06/2009 22:37 <DIR> melimiwu 02/08/2009 23:32 <DIR> memowuli 26/06/2009 22:35 <DIR> mesomego 04/09/2009 02:09 <DIR> mevopupe 27/08/2009 00:05 <DIR> mevurone 04/10/2007 07:24 <DIR> Microsoft 11/11/2009 03:16 <DIR> Microsoft Help 13/07/2009 19:39 <DIR> miguzuyi 23/08/2009 14:21 <DIR> mihivoni 07/09/2009 17:46 <DIR> minokeda 15/05/2009 21:11 <DIR> mirosite 07/08/2009 23:29 <DIR> misatuto 22/06/2009 10:33 <DIR> miwikazu 21/05/2009 17:46 <DIR> miyowepa 08/08/2009 23:31 <DIR> mokajaha 13/06/2009 22:44 <DIR> momukome 23/06/2009 22:34 <DIR> mopifoti 10/09/2009 17:28 <DIR> movedobo 10/06/2009 19:51 <DIR> mozujufa 15/07/2009 07:14 <DIR> mujulemo 11/05/2009 05:26 <DIR> mutijilu 06/06/2009 11:19 <DIR> nadeweba 06/07/2009 12:38 <DIR> nafemoje 12/07/2009 01:50 <DIR> nagubabu 28/07/2009 16:31 <DIR> nalesido 08/06/2009 10:58 <DIR> nametaya 15/06/2009 19:50 <DIR> nanofidi 21/06/2009 15:57 <DIR> napirego 01/06/2009 11:30 <DIR> narizezo 04/06/2009 03:17 <DIR> nayoliyi 24/03/2009 14:21 <DIR> NCH Swift Sound 03/06/2009 12:57 <DIR> nebosejo 06/08/2009 09:19 <DIR> nedozafa 29/07/2009 20:05 <DIR> nekepuso 17/09/2009 10:03 <DIR> nerurowe 06/06/2009 11:41 <DIR> nevokumo 01/06/2009 23:35 <DIR> nimejiba 28/07/2009 16:32 <DIR> nipebiju 04/07/2009 12:38 <DIR> nivujuhe 07/07/2009 12:39 <DIR> nivutofe 05/08/2009 19:28 <DIR> niwuzodo 16/05/2009 09:11 <DIR> nizifubu 02/08/2009 11:27 <DIR> nodefaja 23/03/2009 21:16 <DIR> NOS 13/08/2009 12:19 <DIR> notetiki 30/06/2009 22:37 <DIR> notifefe 28/06/2009 22:36 <DIR> nujevevo 24/07/2009 12:41 <DIR> nunuwege 01/08/2009 23:22 <DIR> nurobumo 09/05/2009 23:26 <DIR> nusajope 27/08/2009 00:06 <DIR> pakabape 20/05/2009 22:12 <DIR> panidoti 01/09/2009 16:37 <DIR> pelefogi 12/06/2009 20:00 <DIR> pewizasi 22/08/2009 12:58 <DIR> peyedibe 15/08/2009 09:11 <DIR> pifugena 05/08/2009 19:28 <DIR> pigepuvu 21/06/2009 15:57 <DIR> pihufema 08/07/2009 00:39 <DIR> pilekolu 08/08/2009 23:31 <DIR> pinamofa 11/06/2009 08:22 <DIR> pirovowi 26/05/2009 11:10 <DIR> pitukuwe 12/07/2009 13:49 <DIR> piyamamo 09/09/2009 16:34 <DIR> pizotoyo 21/07/2009 12:14 <DIR> pizureke 13/09/2009 00:24 <DIR> podezowu 17/07/2009 19:29 <DIR> potavaji 13/06/2009 22:44 <DIR> povisema 28/08/2009 22:19 <DIR> powabino 29/06/2009 10:36 <DIR> pubigeno 22/09/2009 11:16 <DIR> pufikere 28/08/2009 12:29 <DIR> pugaloji 25/05/2009 11:10 <DIR> puhuhigo 20/06/2009 14:53 <DIR> puhuzani 10/06/2009 19:51 <DIR> pulaniro 13/06/2009 22:44 <DIR> punagazi 06/06/2009 11:18 <DIR> punejeyu 15/07/2009 20:37 <DIR> punibuya 26/05/2009 23:09 <DIR> pusikedu 27/07/2009 13:36 <DIR> puvudoki 25/06/2009 22:35 <DIR> puzojazi 08/08/2009 11:28 <DIR> ranitawa 03/06/2009 14:26 <DIR> ravuripo 30/08/2009 16:21 <DIR> relezeho 23/06/2009 22:34 <DIR> relovuzo 20/09/2009 14:40 <DIR> repeniyi 19/07/2009 09:35 <DIR> rerurepo 27/07/2009 13:35 <DIR> retitogi 04/08/2009 20:02 <DIR> retuzele 31/07/2009 11:00 <DIR> revedopu 05/08/2009 19:28 <DIR> rewomijo 30/07/2009 20:53 <DIR> rezuyero 05/07/2009 00:38 <DIR> rigulama 04/06/2009 08:39 <DIR> rikevuku 05/08/2009 19:28 <DIR> riwibevo 20/06/2009 14:53 <DIR> rohiwuyi 04/06/2009 02:56 <DIR> rokizuga 25/07/2009 01:13 <DIR> rosajita 24/08/2009 22:14 <DIR> rosoyovi 04/09/2009 02:02 <DIR> roveyala 19/07/2009 09:57 <DIR> rovokoko 14/05/2009 18:36 <DIR> rujabazu 27/05/2009 11:09 <DIR> rupuwuyo 21/09/2009 16:32 <DIR> rutumene 29/05/2009 22:47 <DIR> sabiyogi 20/06/2009 14:52 <DIR> sadopina 13/10/2008 10:18 <DIR> SafeNet Sentinel 03/09/2009 14:25 <DIR> sahanudi 19/08/2009 20:02 <DIR> sajolufi 15/09/2009 16:38 <DIR> samubivi 09/05/2009 11:27 <DIR> sapalesa 13/05/2009 18:04 <DIR> sasazola 23/08/2009 14:57 <DIR> sefavezo 17/09/2009 11:14 <DIR> sekofeha 16/09/2009 23:28 <DIR> seluheyo 14/06/2009 10:44 <DIR> semefase 06/07/2009 00:38 <DIR> serikuyo 29/08/2009 06:23 <DIR> serubimu 19/06/2009 23:19 <DIR> sesuwive 08/08/2009 11:28 <DIR> setelaki 16/09/2009 11:04 <DIR> sewezago 05/08/2009 19:28 <DIR> seyejutu 22/07/2009 15:36 <DIR> seyohale 04/08/2009 12:21 <DIR> seziliwe 20/08/2009 13:38 <DIR> sibufiki 05/08/2009 18:16 <DIR> sibukigu 26/07/2009 00:42 <DIR> sigisigu 05/07/2009 00:38 <DIR> sihedava 06/09/2009 08:10 <DIR> simibomi 17/08/2009 20:02 <DIR> sipozavi 26/06/2009 22:35 <DIR> sisamaro 18/07/2009 21:35 <DIR> sobipore 07/09/2009 21:46 <DIR> sodimafe 18/06/2009 21:18 <DIR> sojimolo 04/08/2009 16:52 <DIR> sojipeje 07/07/2009 12:39 <DIR> sokimawu 29/08/2009 06:01 <DIR> sokipafu 30/08/2009 16:44 <DIR> sokupolo 18/06/2009 09:21 <DIR> solipade 23/07/2009 13:50 <DIR> sosizoka 19/05/2009 22:38 <DIR> Sports Interactive 13/10/2008 10:13 <DIR> SPSS 02/11/2006 12:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 10/06/2009 20:13 <DIR> subudojo 31/07/2009 11:00 <DIR> sufagika 07/06/2009 10:37 <DIR> sufovetu 12/06/2009 22:24 <DIR> sugemage 29/07/2009 20:05 <DIR> sumidila 13/07/2009 07:40 <DIR> sumozaja 29/07/2009 08:04 <DIR> suyehahi 16/07/2008 22:32 <DIR> Symantec 05/09/2009 17:22 <DIR> tabupulu 01/06/2009 23:57 <DIR> tahadoke 12/07/2009 01:50 <DIR> tahemuwu 27/07/2009 13:35 <DIR> tahoyido 20/09/2009 14:40 <DIR> tajonini 03/06/2009 00:07 <DIR> takodeku 14/09/2009 12:29 <DIR> tamonudo 27/07/2009 13:36 <DIR> tariwane 07/08/2009 23:29 <DIR> tasupada 18/08/2009 12:24 <DIR> tegoyodo 21/06/2009 20:21 <DIR> tekugusa 02/11/2006 12:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates] 09/05/2009 23:26 <DIR> tesejuju 26/07/2009 14:48 <DIR> tetuluyu 02/07/2009 12:37 <DIR> tewajuno 27/06/2009 22:38 <DIR> tezekiju 03/06/2009 12:57 <DIR> tihofuje 21/07/2009 13:43 <DIR> tijawife 21/06/2009 02:53 <DIR> tikikele 26/05/2009 23:09 <DIR> timewogo 04/07/2009 00:37 <DIR> tisodiza 15/08/2009 21:11 <DIR> tizayepa 02/06/2009 12:02 <DIR> tobimiyo 20/12/2006 12:33 <DIR> Toshiba 31/08/2007 08:24 <DIR> ToshibaEurope 02/07/2009 12:37 <DIR> totetoni 21/06/2009 15:34 <DIR> tuhiyega 21/06/2009 16:19 <DIR> tulolima 25/08/2009 11:54 <DIR> tunakige 28/05/2009 23:33 <DIR> tunatope 16/08/2009 15:39 <DIR> tunimipu 21/06/2009 15:57 <DIR> tupisamo 15/06/2009 19:50 <DIR> tupudami 03/07/2009 00:37 <DIR> turazufe 03/06/2009 14:49 <DIR> tutogejo 14/11/2009 01:02 <DIR> tuwezune 20/12/2006 12:46 <DIR> Ulead Systems 13/06/2009 10:21 <DIR> vafunavu 22/07/2009 00:12 <DIR> vakuwuti 04/08/2009 18:57 <DIR> vanuveli 03/07/2009 12:37 <DIR> vatonopa 06/09/2009 08:11 <DIR> vawipayu 09/05/2009 23:26 <DIR> vawohoto 21/07/2009 12:12 <DIR> vazipuve 03/06/2009 14:04 <DIR> vebuwalo 10/09/2009 17:28 <DIR> vedoveze 21/06/2009 15:12 <DIR> vedufenu 10/06/2009 19:52 <DIR> vegasifa 15/05/2009 09:11 <DIR> vehoride 02/06/2009 12:02 <DIR> vemikesu 13/09/2009 01:42 <DIR> vepagini 31/05/2009 10:48 <DIR> vesujoku 13/09/2009 01:31 <DIR> vetujavo 25/05/2009 11:08 <DIR> vevaforu 26/05/2009 23:09 <DIR> vibulaze 20/06/2009 14:52 <DIR> vifegoji 16/06/2009 10:11 <DIR> vigedumi 27/07/2009 13:35 <DIR> vigiwivu 09/06/2009 07:51 <DIR> vimeyiha 18/09/2009 22:40 <DIR> vineviza 10/08/2009 22:04 <DIR> visezire 09/07/2009 15:32 <DIR> vodademo 23/08/2009 14:44 <DIR> vogajuwa 12/08/2009 11:16 <DIR> vonehuri 26/08/2009 12:05 <DIR> vorowapo 26/05/2009 23:09 <DIR> vorudope 05/07/2009 12:38 <DIR> votiwehe 17/06/2009 07:34 <DIR> vowusaku 21/06/2009 15:34 <DIR> voyaginu 04/06/2009 20:18 <DIR> vudileno 12/05/2009 17:55 <DIR> vufehodo 05/09/2009 00:52 <DIR> vuhosuga 11/06/2009 20:00 <DIR> vunuwime 13/06/2009 11:26 <DIR> vupivino 12/08/2009 11:15 <DIR> vuvaguni 15/05/2009 09:11 <DIR> wahuzehu 17/09/2009 10:03 <DIR> wakisoma 27/07/2009 13:36 <DIR> wamudaki 10/08/2009 10:05 <DIR> watitatu 12/09/2009 10:15 <DIR> wavojami 09/01/2008 17:34 <DIR> WEBREG 13/05/2009 05:55 <DIR> webudiwe 05/06/2009 08:18 <DIR> wejimowe 03/06/2009 14:05 <DIR> wejukale 08/06/2009 10:37 <DIR> wemikusa 27/07/2009 13:36 <DIR> weramuji 12/05/2009 05:46 <DIR> weroyufo 29/05/2009 10:26 <DIR> wibuzupo 19/05/2009 20:47 <DIR> wigadege 09/07/2009 15:10 <DIR> wisovuhu 07/08/2009 09:22 <DIR> witihoji 09/08/2009 13:36 <DIR> wivahire 24/05/2009 21:06 <DIR> wizipuko 21/08/2009 23:10 <DIR> wonekinu 20/07/2009 13:35 <DIR> wonufeji 29/07/2009 20:05 <DIR> worekofo 29/08/2009 18:22 <DIR> worojulo 22/07/2009 15:42 <DIR> wozosiro 01/08/2009 13:08 <DIR> wurigime 12/05/2009 06:09 <DIR> wuvidaro 30/05/2009 10:26 <DIR> wuvijodo 23/05/2009 17:51 <DIR> wuwilava 03/06/2009 00:07 <DIR> yafujivu 19/09/2009 11:01 <DIR> yagedema 11/06/2009 20:22 <DIR> yahazeme 17/06/2009 19:34 <DIR> yahukiye 27/06/2009 22:38 <DIR> yajoleso 04/07/2009 12:38 <DIR> yakevanu 30/06/2009 10:36 <DIR> yasarobe 30/05/2009 22:26 <DIR> yavidihi 12/09/2009 09:45 <DIR> yegofoju 15/05/2009 21:11 <DIR> yekuvute 18/09/2009 08:39 <DIR> yesobuje 05/07/2009 12:39 <DIR> yetihusa 22/07/2009 12:12 <DIR> yevazani 27/07/2009 13:36 <DIR> yewususi 30/06/2009 10:36 <DIR> yeyuneva 05/09/2009 01:25 <DIR> yezuyaye 13/08/2009 12:19 <DIR> yihigiyo 22/06/2009 22:34 <DIR> yileduki 18/07/2009 20:22 <DIR> yipagone 10/09/2009 17:29 <DIR> yiriyidi 03/09/2009 14:02 <DIR> yisaliti 30/07/2009 02:15 <DIR> yivomadu 18/09/2009 08:39 <DIR> yiyekubi 23/06/2009 10:34 <DIR> yowilugi 29/06/2009 22:36 <DIR> yufudufo 14/05/2009 21:11 <DIR> yuhayudi 09/09/2009 16:33 <DIR> yujukumi 26/05/2009 11:09 <DIR> yuyataka 03/06/2009 14:50 <DIR> yuyawezi 21/06/2009 02:53 <DIR> zadupuda 12/06/2009 20:00 <DIR> zafabodo 30/08/2009 16:22 <DIR> zahedotu 16/07/2009 17:15 <DIR> zakahime 13/08/2009 12:41 <DIR> zamikeri 24/06/2009 10:34 <DIR> zarufeto 17/06/2009 19:34 <DIR> zasosowi 14/05/2009 18:59 <DIR> zavigoke 12/07/2009 13:50 <DIR> zavukena 29/06/2009 22:36 <DIR> zawayupi 14/05/2009 18:14 <DIR> zebipufe 10/07/2009 08:49 <DIR> zelijudo 31/08/2009 18:18 <DIR> zeyuvome 17/06/2009 19:34 <DIR> zifirebi 12/05/2009 05:46 <DIR> zikuvoya 28/06/2009 10:36 <DIR> ziselero 24/08/2009 18:04 <DIR> zisudifi 28/05/2009 10:28 <DIR> zivihofo 16/06/2009 10:11 <DIR> zobekota 15/09/2009 12:41 <DIR> zodikebu 28/08/2009 12:28 <DIR> zohebuyi 27/07/2009 13:36 <DIR> zokekaye 21/06/2009 02:53 <DIR> zolivoga 03/06/2009 00:30 <DIR> zomojuya 28/06/2009 10:36 <DIR> zoravugi 09/05/2009 23:26 <DIR> zovakuha 29/05/2009 10:26 <DIR> zujasema 27/08/2009 12:05 <DIR> zujerivi 25/07/2009 00:41 <DIR> zuvafuya 0 File(s) 0 bytes 587 Dir(s) 38,001,098,752 bytes free

#38 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 14 November 2009 - 05:42 PM

Hi Please do the following: Please navigate to the C:\Qoobox\ folder and look for CFScript_used_14/11/2009 19:04.txt The date and time would be 14/11/2009 19:04 or something very close to that time. Right click the file and select Send To>Compressed (zipped) file and attach the zipped file in your next reply.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#39 VanDavies

VanDavies

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 14 November 2009 - 07:21 PM

OK I have the following in Qoobox: ComboFix2.txt ComboFix-quarantined-files.txt SnapShot@2009-11-14_02:53:54.DAT Which one should I upload?

#40 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 14 November 2009 - 08:04 PM

Hi,

the file I was looking for isn't there.

i have uploaded a CFScript for you to use.

Please do the following:

save this file to your desktop:

[attachment=6093:CFScript.txt]

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove

#41 VanDavies

VanDavies

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 15 November 2009 - 06:52 PM

ComboFix 09-11-16.01 - Keymar 15/11/2009 18:09..1 - FAT32x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.894.211 [GMT 0:00]
Running from: c:\users\Keymar\Desktop\ComboFix.exe
Command switches used :: c:\users\Keymar\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\programdata\bajapeze\bajapeze.dll
file zipped: c:\programdata\benosafi\benosafi.dll
file zipped: c:\programdata\bikesiza\bikesiza.dll
file zipped: c:\programdata\bivayoli\bivayoli.dll
file zipped: c:\programdata\bubejebu\bubejebu.dll
file zipped: c:\programdata\buguroru\buguroru.dll
file zipped: c:\programdata\datefayu\datefayu.dll
file zipped: c:\programdata\dofasube\dofasube.dll
file zipped: c:\programdata\fazudodo\fazudodo.dll
file zipped: c:\programdata\ganepuze\ganepuze.dll
file zipped: c:\programdata\gevayaya\gevayaya.dll
file zipped: c:\programdata\gevesome\gevesome.dll
file zipped: c:\programdata\gisayesu\gisayesu.dll
file zipped: c:\programdata\hebeliri\hebeliri.dll
file zipped: c:\programdata\hetudeba\hetudeba.dll
file zipped: c:\programdata\higiwate\higiwate.dll
file zipped: c:\programdata\hokitoke\hokitoke.dll
file zipped: c:\programdata\huzedapi\huzedapi.dll
file zipped: c:\programdata\jadelamo\jadelamo.dll
file zipped: c:\programdata\jehitesu\jehitesu.dll
file zipped: c:\programdata\jubimiso\jubimiso.dll
file zipped: c:\programdata\jupakofu\jupakofu.dll
file zipped: c:\programdata\juyanuma\juyanuma.dll
file zipped: c:\programdata\kavusopu\kavusopu.dll
file zipped: c:\programdata\kuyisose\kuyisose.dll
file zipped: c:\programdata\lapoyepe\lapoyepe.dll
file zipped: c:\programdata\marewugo\marewugo.dll
file zipped: c:\programdata\mevopupe\mevopupe.dll
file zipped: c:\programdata\minokeda\minokeda.dll
file zipped: c:\programdata\movedobo\movedobo.dll
file zipped: c:\programdata\nerurowe\nerurowe.dll
file zipped: c:\programdata\pizotoyo\pizotoyo.dll
file zipped: c:\programdata\podezowu\podezowu.dll
file zipped: c:\programdata\pufikere\pufikere.dll
file zipped: c:\programdata\repeniyi\repeniyi.dll
file zipped: c:\programdata\roveyala\roveyala.dll
file zipped: c:\programdata\rutumene\rutumene.dll
file zipped: c:\programdata\sahanudi\sahanudi.dll
file zipped: c:\programdata\samubivi\samubivi.dll
file zipped: c:\programdata\sekofeha\sekofeha.dll
file zipped: c:\programdata\seluheyo\seluheyo.dll
file zipped: c:\programdata\sewezago\sewezago.dll
file zipped: c:\programdata\simibomi\simibomi.dll
file zipped: c:\programdata\sodimafe\sodimafe.dll
file zipped: c:\programdata\tabupulu\tabupulu.dll
file zipped: c:\programdata\tajonini\tajonini.dll
file zipped: c:\programdata\tamonudo\tamonudo.dll
file zipped: c:\programdata\vawipayu\vawipayu.dll
file zipped: c:\programdata\vedoveze\vedoveze.dll
file zipped: c:\programdata\vepagini\vepagini.dll
file zipped: c:\programdata\vetujavo\vetujavo.dll
file zipped: c:\programdata\vineviza\vineviza.dll
file zipped: c:\programdata\vuhosuga\vuhosuga.dll
file zipped: c:\programdata\wakisoma\wakisoma.dll
file zipped: c:\programdata\wavojami\wavojami.dll
file zipped: c:\programdata\yagedema\yagedema.dll
file zipped: c:\programdata\yegofoju\yegofoju.dll
file zipped: c:\programdata\yesobuje\yesobuje.dll
file zipped: c:\programdata\yezuyaye\yezuyaye.dll
file zipped: c:\programdata\yiriyidi\yiriyidi.dll
file zipped: c:\programdata\yiyekubi\yiyekubi.dll
file zipped: c:\programdata\yujukumi\yujukumi.dll
file zipped: c:\programdata\zodikebu\zodikebu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\bajapeze
c:\programdata\bajapeze\bajapeze.dll
c:\programdata\balakago
c:\programdata\balakago\balakago.dll
c:\programdata\barapira
c:\programdata\barapira\ariparab.ini
c:\programdata\barapira\barapira.dll
c:\programdata\bawepuve
c:\programdata\bawepuve\bawepuve.dll
c:\programdata\bawepuve\evupewab.ini
c:\programdata\bawezada
c:\programdata\bawezada\bawezada.dll.tmp
c:\programdata\bawiwoge
c:\programdata\bawiwoge\bawiwoge.dll
c:\programdata\bayitite
c:\programdata\bayitite\bayitite.dll
c:\programdata\bazigiza
c:\programdata\bazigiza\bazigiza.dll
c:\programdata\bejeturo
c:\programdata\bejeturo\bejeturo.dll
c:\programdata\bejeturo\orutejeb.ini
c:\programdata\bejuhegu
c:\programdata\bejuhegu\bejuhegu.dll
c:\programdata\bejuhegu\ugehujeb.ini
c:\programdata\benosafi
c:\programdata\benosafi\benosafi.dll
c:\programdata\besazeko
c:\programdata\besazeko\besazeko.dll
c:\programdata\besoraza
c:\programdata\besoraza\besoraza.dll
c:\programdata\bewanayi
c:\programdata\bewihafu
c:\programdata\bewihafu\bewihafu.dll
c:\programdata\bewohuze
c:\programdata\bewohuze\bewohuze.dll
c:\programdata\bifopeku
c:\programdata\bifopeku\bifopeku.dll
c:\programdata\bifopeku\ukepofib.ini
c:\programdata\bifuholu
c:\programdata\bifuholu\bifuholu.dll
c:\programdata\bihopani
c:\programdata\bihopani\bihopani.dll
c:\programdata\bihopani\inapohib.ini
c:\programdata\bikehana
c:\programdata\bikehana\anahekib.ini
c:\programdata\bikehana\bikehana.dll
c:\programdata\bikesiza
c:\programdata\bikesiza\bikesiza.dll
c:\programdata\binapido
c:\programdata\binapido\binapido.dll
c:\programdata\bivayoli
c:\programdata\bivayoli\bivayoli.dll
c:\programdata\bivayoli\iloyavib.ini
c:\programdata\biwejube
c:\programdata\biwejube\biwejube.dll
c:\programdata\biwejube\ebujewib.ini
c:\programdata\biyibipa
c:\programdata\biyibipa\biyibipa.exe
c:\programdata\bofigaro
c:\programdata\bofigaro\bofigaro.dll.tmp
c:\programdata\borogino
c:\programdata\borogino\borogino.dll
c:\programdata\bowekano
c:\programdata\bowekano\bowekano.dll
c:\programdata\boyapade
c:\programdata\boyapade\boyapade.dll
c:\programdata\bozehuka
c:\programdata\bozehuka\bozehuka.dll
c:\programdata\bubejebu
c:\programdata\bubejebu\bubejebu.dll
c:\programdata\bubejebu\ubejebub.ini
c:\programdata\buduwito
c:\programdata\buduwito\buduwito.dll
c:\programdata\buduwito\otiwudub.ini
c:\programdata\buguroru
c:\programdata\buguroru\buguroru.dll
c:\programdata\buguroru\urorugub.ini
c:\programdata\buhabova
c:\programdata\buhabova\avobahub.ini
c:\programdata\buhabova\buhabova.dll
c:\programdata\burujetu
c:\programdata\burujetu\burujetu.dll
c:\programdata\buyimoza
c:\programdata\buyimoza\buyimoza.dll.tmp
c:\programdata\buzokike
c:\programdata\buzokike\buzokike.dll
c:\programdata\buzutewu
c:\programdata\buzutewu\buzutewu.dll
c:\programdata\dabesori
c:\programdata\dabesori\dabesori.dll
c:\programdata\dabesori\irosebad.ini
c:\programdata\dabivomi
c:\programdata\dabivomi\dabivomi.dll
c:\programdata\dabivomi\imovibad.ini
c:\programdata\dafavidi
c:\programdata\dafavidi\dafavidi.dll
c:\programdata\dafavidi\idivafad.ini
c:\programdata\dahesefu
c:\programdata\dahesefu\dahesefu.dll
c:\programdata\dahesefu\ufesehad.ini
c:\programdata\dahovifo
c:\programdata\dahovifo\dahovifo.dll
c:\programdata\datefayu
c:\programdata\datefayu\datefayu.dll
c:\programdata\davujapu
c:\programdata\davujapu\davujapu.dll
c:\programdata\dayeromu
c:\programdata\dayeromu\dayeromu.dll.tmp
c:\programdata\defumave
c:\programdata\defumave\defumave.dll
c:\programdata\deneloyu
c:\programdata\deneloyu\deneloyu.dll
c:\programdata\deneloyu\uyolened.ini
c:\programdata\deteboje
c:\programdata\deteboje\deteboje.dll
c:\programdata\deteboje\ejobeted.ini
c:\programdata\deyegeri
c:\programdata\deyegeri\deyegeri.dll
c:\programdata\deyegeri\iregeyed.ini
c:\programdata\deyohapo
c:\programdata\deyohapo\deyohapo.dll
c:\programdata\deyohapo\opahoyed.ini
c:\programdata\difeyeka
c:\programdata\difeyeka\akeyefid.ini
c:\programdata\difeyeka\difeyeka.dll
c:\programdata\difusibu
c:\programdata\difusibu\difusibu.dll
c:\programdata\dimugone
c:\programdata\dimugone\dimugone.dll
c:\programdata\dipawobu
c:\programdata\dipawobu\dipawobu.dll
c:\programdata\dirazuno
c:\programdata\dirazuno\dirazuno.dll
c:\programdata\diwumohi
c:\programdata\diwumohi\diwumohi.dll
c:\programdata\diwunoza
c:\programdata\diwunoza\diwunoza.dll
c:\programdata\diwuzisi
c:\programdata\diwuzisi\diwuzisi.dll
c:\programdata\dofasube
c:\programdata\dofasube\dofasube.dll
c:\programdata\dologemo
c:\programdata\dologemo\dologemo.dll
c:\programdata\dotakato
c:\programdata\dotakato\dotakato.dll
c:\programdata\dugazuli
c:\programdata\dugazuli\dugazuli.dll
c:\programdata\dugazuli\iluzagud.ini
c:\programdata\duhekuwe
c:\programdata\duhekuwe\duhekuwe.dll
c:\programdata\duhekuwe\ewukehud.ini
c:\programdata\dujotaro
c:\programdata\dujotaro\dujotaro.dll
c:\programdata\dumiweja
c:\programdata\dumiweja\ajewimud.ini
c:\programdata\dumiweja\dumiweja.dll
c:\programdata\dupulabe
c:\programdata\dupulabe\dupulabe.dll
c:\programdata\durovuwi
c:\programdata\durovuwi\durovuwi.dll
c:\programdata\dusorika
c:\programdata\dusorika\akirosud.ini
c:\programdata\dusorika\dusorika.dll
c:\programdata\fagafeyo
c:\programdata\fagafeyo\fagafeyo.dll
c:\programdata\fagafeyo\oyefagaf.ini
c:\programdata\fapasile
c:\programdata\fapasile\fapasile.dll
c:\programdata\fasunoza
c:\programdata\fasunoza\fasunoza.dll
c:\programdata\fazudodo
c:\programdata\fazudodo\fazudodo.dll
c:\programdata\fekelida
c:\programdata\fekelida\adilekef.ini
c:\programdata\fekelida\fekelida.dll
c:\programdata\felehuta
c:\programdata\felehuta\atuhelef.ini
c:\programdata\felehuta\felehuta.dll
c:\programdata\feruyodu
c:\programdata\feruyodu\feruyodu.dll
c:\programdata\fesewabo
c:\programdata\fesewabo\fesewabo.dll.tmp
c:\programdata\fetawife
c:\programdata\fetawife\fetawife.exe
c:\programdata\fetepopi
c:\programdata\fetepopi\fetepopi.dll
c:\programdata\fewovaka
c:\programdata\fewovaka\fewovaka.dll
c:\programdata\fezemiri
c:\programdata\fezemiri\fezemiri.dll
c:\programdata\fezemiri\irimezef.ini
c:\programdata\fidevuza
c:\programdata\fidevuza\azuvedif.ini
c:\programdata\fidevuza\fidevuza.dll
c:\programdata\fifoveto
c:\programdata\fifoveto\fifoveto.dll
c:\programdata\fifoveto\otevofif.ini
c:\programdata\fihanuwu
c:\programdata\fihanuwu\fihanuwu.dll
c:\programdata\fihanuwu\uwunahif.ini
c:\programdata\fikineju
c:\programdata\fikineju\fikineju.dll
c:\programdata\fipejaju
c:\programdata\fipejaju\fipejaju.dll
c:\programdata\firovopa
c:\programdata\firovopa\apovorif.ini
c:\programdata\firovopa\firovopa.dll
c:\programdata\fiseziju
c:\programdata\fiseziju\fiseziju.dll
c:\programdata\fivewapo
c:\programdata\fivewapo\fivewapo.dll
c:\programdata\fiwatiho
c:\programdata\fiwatiho\fiwatiho.dll
c:\programdata\fiwipivu
c:\programdata\fiwipivu\fiwipivu.exe
c:\programdata\fiyugale
c:\programdata\fiyugale\fiyugale.dll
c:\programdata\fomopopi
c:\programdata\fomopopi\fomopopi.exe
c:\programdata\forikede
c:\programdata\forikede\forikede.dll
c:\programdata\fowoluye
c:\programdata\fowoluye\fowoluye.dll
c:\programdata\foyibaga
c:\programdata\foyibaga\foyibaga.dll
c:\programdata\fufuvavi
c:\programdata\fufuvavi\fufuvavi.dll
c:\programdata\fulifapu
c:\programdata\fulifapu\fulifapu.dll
c:\programdata\fumubupo
c:\programdata\fumubupo\fumubupo.dll
c:\programdata\fumubupo\opubumuf.ini
c:\programdata\fupizaho
c:\programdata\fupizaho\fupizaho.exe
c:\programdata\gabiwela
c:\programdata\gabiwela\gabiwela.dll
c:\programdata\gademoma
c:\programdata\gademoma\gademoma.dll
c:\programdata\gadenodi
c:\programdata\gadenodi\gadenodi.dll
c:\programdata\gagupara
c:\programdata\gagupara\gagupara.dll
c:\programdata\gamemuzo
c:\programdata\gamemuzo\gamemuzo.dll
c:\programdata\gamuduji
c:\programdata\gamuduji\gamuduji.dll
c:\programdata\ganazoba
c:\programdata\ganazoba\abozanag.ini
c:\programdata\ganazoba\ganazoba.dll
c:\programdata\ganepuze
c:\programdata\ganepuze\ezupenag.ini
c:\programdata\ganepuze\ganepuze.dll
c:\programdata\gawopaji
c:\programdata\gawopaji\gawopaji.dll
c:\programdata\gawopaji\ijapowag.ini
c:\programdata\gehufuwu
c:\programdata\gehufuwu\gehufuwu.exe
c:\programdata\gekujedo
c:\programdata\gekujedo\gekujedo.dll
c:\programdata\geriyoyi
c:\programdata\geriyoyi\geriyoyi.dll
c:\programdata\gesomuya
c:\programdata\gesomuya\gesomuya.dll
c:\programdata\getareku
c:\programdata\getareku\getareku.dll
c:\programdata\getareku\ukerateg.ini
c:\programdata\gevayaya
c:\programdata\gevayaya\gevayaya.dll
c:\programdata\gevesome
c:\programdata\gevesome\gevesome.dll
c:\programdata\gezufoku
c:\programdata\gezufoku\gezufoku.dll
c:\programdata\gidemuwo
c:\programdata\gidemuwo\gidemuwo.dll
c:\programdata\gijumigi
c:\programdata\gijumigi\gijumigi.dll
c:\programdata\gijumigi\igimujig.ini
c:\programdata\gikiyati
c:\programdata\gikiyati\gikiyati.dll
c:\programdata\gikiyati\itayikig.ini
c:\programdata\gikokigu
c:\programdata\gikokigu\gikokigu.dll
c:\programdata\gikuvadi
c:\programdata\gikuvadi\gikuvadi.dll
c:\programdata\giludeye
c:\programdata\giludeye\eyedulig.ini
c:\programdata\giludeye\giludeye.dll
c:\programdata\gipafobi
c:\programdata\gipafobi\gipafobi.dll
c:\programdata\gipafobi\ibofapig.ini
c:\programdata\gipalapo
c:\programdata\gipalapo\gipalapo.dll
c:\programdata\gipalapo\opalapig.ini
c:\programdata\gipoporo
c:\programdata\gipoporo\gipoporo.dll
c:\programdata\gisayesu
c:\programdata\gisayesu\gisayesu.dll
c:\programdata\gokenaba
c:\programdata\gokenaba\abanekog.ini
c:\programdata\gokenaba\gokenaba.dll
c:\programdata\gorumeko
c:\programdata\gorumeko\gorumeko.dll
c:\programdata\goyusodo
c:\programdata\goyusodo\goyusodo.dll
c:\programdata\goyusodo\odosuyog.ini
c:\programdata\gupehimu
c:\programdata\gupehimu\gupehimu.dll
c:\programdata\gupehimu\umihepug.ini
c:\programdata\guresoso
c:\programdata\guresoso\guresoso.dll
c:\programdata\guresoso\ososerug.ini
c:\programdata\gutebiva
c:\programdata\gutebiva\avibetug.ini
c:\programdata\gutebiva\gutebiva.dll
c:\programdata\guzubite
c:\programdata\guzubite\guzubite.dll.tmp
c:\programdata\hahegizi
c:\programdata\hahegizi\hahegizi.dll
c:\programdata\hajigeme
c:\programdata\hajigeme\hajigeme.dll
c:\programdata\hajimaji
c:\programdata\hajimaji\hajimaji.dll
c:\programdata\hajimaji\ijamijah.ini
c:\programdata\hajobeso
c:\programdata\hajobeso\hajobeso.dll
c:\programdata\hajobeso\osebojah.ini
c:\programdata\halobego
c:\programdata\halobego\halobego.dll
c:\programdata\hebeliri
c:\programdata\hebeliri\hebeliri.dll
c:\programdata\hetudeba
c:\programdata\hetudeba\hetudeba.dll
c:\programdata\heyajele
c:\programdata\heyajele\heyajele.dll
c:\programdata\higiwate
c:\programdata\higiwate\higiwate.dll
c:\programdata\hijogiyo
c:\programdata\hijogiyo\hijogiyo.dll.tmp
c:\programdata\himafiru
c:\programdata\himafiru\himafiru.dll
c:\programdata\himafiru\urifamih.ini
c:\programdata\himivido
c:\programdata\himivido\himivido.dll
c:\programdata\himivido\odivimih.ini
c:\programdata\hipatade
c:\programdata\hipatade\hipatade.dll
c:\programdata\hizajite
c:\programdata\hizajite\hizajite.dll
c:\programdata\hohihosa
c:\programdata\hohihosa\asohihoh.ini
c:\programdata\hohihosa\hohihosa.dll
c:\programdata\hokitoke
c:\programdata\hokitoke\hokitoke.dll
c:\programdata\holomoha
c:\programdata\holomoha\ahomoloh.ini
c:\programdata\holomoha\holomoha.dll
c:\programdata\hominide
c:\programdata\hominide\hominide.dll
c:\programdata\hopalusa
c:\programdata\hopalusa\asulapoh.ini
c:\programdata\hopalusa\hopalusa.dll
c:\programdata\hopeheko
c:\programdata\hopeheko\hopeheko.dll
c:\programdata\hovisevo
c:\programdata\hovisevo\hovisevo.dll
c:\programdata\hovisevo\ovesivoh.ini
c:\programdata\hovivuyi
c:\programdata\hovivuyi\hovivuyi.exe
c:\programdata\hufazone
c:\programdata\hufazone\hufazone.dll
c:\programdata\hujusiyo
c:\programdata\hujusiyo\hujusiyo.dll.tmp
c:\programdata\hukasize
c:\programdata\hukasize\hukasize.dll
c:\programdata\husekezu
c:\programdata\husekezu\husekezu.dll
c:\programdata\husekezu\uzekesuh.ini
c:\programdata\huzedapi
c:\programdata\huzedapi\huzedapi.dll
c:\programdata\huzedapi\ipadezuh.ini
c:\programdata\jabinosi
c:\programdata\jabinosi\jabinosi.dll
c:\programdata\jadelamo
c:\programdata\jadelamo\jadelamo.dll
c:\programdata\jadelamo\omaledaj.ini
c:\programdata\jagubeve
c:\programdata\jagubeve\evebugaj.ini
c:\programdata\jagubeve\jagubeve.dll
c:\programdata\jaguresu
c:\programdata\jaguresu\jaguresu.dll
c:\programdata\jaguresu\userugaj.ini
c:\programdata\jajidipe
c:\programdata\jajidipe\jajidipe.dll
c:\programdata\jamagiro
c:\programdata\jamagiro\jamagiro.dll
c:\programdata\janazizi
c:\programdata\janazizi\izizanaj.ini
c:\programdata\janazizi\janazizi.dll
c:\programdata\jehitesu
c:\programdata\jehitesu\jehitesu.dll
c:\programdata\jeniguju
c:\programdata\jeniguju\jeniguju.dll
c:\programdata\jepegaki
c:\programdata\jepegaki\jepegaki.dll
c:\programdata\jesifewu
c:\programdata\jesifewu\jesifewu.dll
c:\programdata\jesifewu\uwefisej.ini
c:\programdata\jetemegu
c:\programdata\jetemegu\jetemegu.dll
c:\programdata\jetemegu\ugemetej.ini
c:\programdata\jezihibi
c:\programdata\jezihibi\jezihibi.dll
c:\programdata\jifitavi
c:\programdata\jifitavi\jifitavi.dll
c:\programdata\jigolova
c:\programdata\jigolova\jigolova.dll
c:\programdata\jikofogo
c:\programdata\jikofogo\jikofogo.dll
c:\programdata\jimetizi
c:\programdata\jimetizi\jimetizi.dll
c:\programdata\jimikenu
c:\programdata\jimikenu\jimikenu.dll
c:\programdata\jimikenu\unekimij.ini
c:\programdata\jitusisi
c:\programdata\jitusisi\isisutij.ini
c:\programdata\jitusisi\jitusisi.dll
c:\programdata\jobepoho
c:\programdata\jobepoho\jobepoho.dll
c:\programdata\jobepoho\ohopeboj.ini
c:\programdata\jobunane
c:\programdata\jobunane\enanuboj.ini
c:\programdata\jobunane\jobunane.dll
c:\programdata\jubimiso
c:\programdata\jubimiso\jubimiso.dll
c:\programdata\jufiroka
c:\programdata\jufiroka\jufiroka.dll
c:\programdata\jufodolu
c:\programdata\jufodolu\jufodolu.dll
c:\programdata\julapato
c:\programdata\julapato\julapato.dll
c:\programdata\jumaruri
c:\programdata\jumaruri\iruramuj.ini
c:\programdata\jumaruri\jumaruri.dll
c:\programdata\jupakofu
c:\programdata\jupakofu\jupakofu.dll
c:\programdata\jupakofu\ufokapuj.ini
c:\programdata\jutivomu
c:\programdata\jutivomu\jutivomu.exe
c:\programdata\juvewesi
c:\programdata\juvewesi\isewevuj.ini
c:\programdata\juvewesi\juvewesi.dll
c:\programdata\juyanuma
c:\programdata\juyanuma\juyanuma.dll
c:\programdata\kaduyito
c:\programdata\kaduyito\kaduyito.dll
c:\programdata\kafiseri
c:\programdata\kafiseri\kafiseri.exe
c:\programdata\kalumufe
c:\programdata\kalumufe\efumulak.ini
c:\programdata\kalumufe\kalumufe.dll
c:\programdata\kasofuku
c:\programdata\kasofuku\kasofuku.dll.tmp
c:\programdata\kavusopu
c:\programdata\kavusopu\kavusopu.dll
c:\programdata\kazigite
c:\programdata\kazigite\etigizak.ini
c:\programdata\kazigite\kazigite.dll
c:\programdata\kedojodu
c:\programdata\kedojodu\kedojodu.dll
c:\programdata\kedojodu\udojodek.ini
c:\programdata\kegabuya
c:\programdata\kegabuya\kegabuya.dll
c:\programdata\kemifave
c:\programdata\kemifave\evafimek.ini
c:\programdata\kemifave\kemifave.dll
c:\programdata\kenetuto
c:\programdata\kenetuto\kenetuto.dll
c:\programdata\kewujumo
c:\programdata\kewujumo\kewujumo.dll
c:\programdata\keyerozi
c:\programdata\keyerozi\keyerozi.exe
c:\programdata\kezisimi
c:\programdata\kezisimi\kezisimi.dll
c:\programdata\kigoleki
c:\programdata\kigoleki\kigoleki.dll
c:\programdata\kinikegu
c:\programdata\kinikegu\kinikegu.dll.tmp
c:\programdata\kogopohu
c:\programdata\kogopohu\kogopohu.dll
c:\programdata\konikawa
c:\programdata\konikawa\konikawa.dll
c:\programdata\koreriya
c:\programdata\koreriya\ayirerok.ini
c:\programdata\koreriya\koreriya.dll
c:\programdata\kotefale
c:\programdata\kotefale\kotefale.dll
c:\programdata\kovemivu
c:\programdata\kovemivu\kovemivu.dll
c:\programdata\kuboyepu
c:\programdata\kuboyepu\kuboyepu.dll
c:\programdata\kuboyepu\upeyobuk.ini
c:\programdata\kugobiri
c:\programdata\kugobiri\kugobiri.dll
c:\programdata\kuherono
c:\programdata\kuherono\kuherono.dll
c:\programdata\kuherono\onorehuk.ini
c:\programdata\kukemigi
c:\programdata\kukemigi\kukemigi.dll
c:\programdata\kutajive
c:\programdata\kutajive\kutajive.dll
c:\programdata\kuyisose
c:\programdata\kuyisose\kuyisose.dll
c:\programdata\lajikowa
c:\programdata\lajikowa\awokijal.ini
c:\programdata\lajikowa\lajikowa.dll
c:\programdata\lamufute
c:\programdata\lamufute\etufumal.ini
c:\programdata\lamufute\lamufute.dll
c:\programdata\lapoyepe
c:\programdata\lapoyepe\epeyopal.ini
c:\programdata\lapoyepe\lapoyepe.dll
c:\programdata\ledagoho
c:\programdata\ledagoho\ledagoho.dll
c:\programdata\lelujazo
c:\programdata\lelujazo\lelujazo.dll
c:\programdata\lenojamo
c:\programdata\lenojamo\lenojamo.dll
c:\programdata\lenojamo\omajonel.ini
c:\programdata\lesakohe
c:\programdata\lesakohe\lesakohe.dll
c:\programdata\lesatiza
c:\programdata\lesatiza\azitasel.ini
c:\programdata\lesatiza\lesatiza.dll
c:\programdata\leselehu
c:\programdata\leselehu\leselehu.dll
c:\programdata\leselehu\uhelesel.ini
c:\programdata\levegahe
c:\programdata\levegahe\levegahe.dll
c:\programdata\levonupo
c:\programdata\levonupo\levonupo.dll
c:\programdata\levonupo\opunovel.ini
c:\programdata\lifobuju
c:\programdata\lifobuju\lifobuju.dll
c:\programdata\lifobuju\ujubofil.ini
c:\programdata\lipibefu
c:\programdata\lipibefu\lipibefu.dll
c:\programdata\lipibefu\ufebipil.ini
c:\programdata\lirayebi
c:\programdata\lirayebi\ibeyaril.ini
c:\programdata\lirayebi\lirayebi.dll
c:\programdata\litukive
c:\programdata\litukive\litukive.dll
c:\programdata\lizatayi
c:\programdata\lizatayi\iyatazil.ini
c:\programdata\lizatayi\lizatayi.dll
c:\programdata\lobuwane
c:\programdata\lobuwane\lobuwane.dll
c:\programdata\lodiluve
c:\programdata\lodiluve\lodiluve.dll
c:\programdata\lolozima
c:\programdata\lolozima\lolozima.dll.tmp
c:\programdata\loranana
c:\programdata\loranana\loranana.dll
c:\programdata\losedega
c:\programdata\losedega\losedega.dll
c:\programdata\loyanimi
c:\programdata\loyanimi\iminayol.ini
c:\programdata\loyanimi\loyanimi.dll
c:\programdata\lulilupa
c:\programdata\lulilupa\apulilul.ini
c:\programdata\lulilupa\lulilupa.dll
c:\programdata\luyazapi
c:\programdata\luyazapi\luyazapi.dll
c:\programdata\madureyu
c:\programdata\madureyu\madureyu.dll
c:\programdata\mahitale
c:\programdata\mahitale\elatiham.ini
c:\programdata\mahitale\mahitale.dll
c:\programdata\majobonu
c:\programdata\majobonu\majobonu.dll
c:\programdata\malepeso
c:\programdata\malepeso\malepeso.exe
c:\programdata\marewugo
c:\programdata\marewugo\marewugo.dll
c:\programdata\marewugo\oguweram.ini
c:\programdata\marojibe
c:\programdata\marojibe\marojibe.dll
c:\programdata\matiwize
c:\programdata\matiwize\matiwize.dll
c:\programdata\matuyamu
c:\programdata\matuyamu\matuyamu.dll
c:\programdata\mavohawa
c:\programdata\mavohawa\mavohawa.dll
c:\programdata\mayivoro
c:\programdata\mayivoro\mayivoro.dll
c:\programdata\mayivoro\oroviyam.ini
c:\programdata\mefapiga
c:\programdata\mefapiga\mefapiga.dll
c:\programdata\megejiwe
c:\programdata\megejiwe\megejiwe.dll
c:\programdata\mejonivo
c:\programdata\mejonivo\mejonivo.dll
c:\programdata\mejutoti
c:\programdata\mejutoti\mejutoti.dll
c:\programdata\melimiwu
c:\programdata\melimiwu\melimiwu.dll
c:\programdata\memowuli
c:\programdata\memowuli\memowuli.dll
c:\programdata\mesomego
c:\programdata\mesomego\mesomego.dll
c:\programdata\mesomego\ogemosem.ini
c:\programdata\mevopupe
c:\programdata\mevopupe\epupovem.ini
c:\programdata\mevopupe\mevopupe.dll
c:\programdata\mevurone
c:\programdata\mevurone\mevurone.dll
c:\programdata\miguzuyi
c:\programdata\miguzuyi\iyuzugim.ini
c:\programdata\miguzuyi\miguzuyi.dll
c:\programdata\mihivoni
c:\programdata\mihivoni\mihivoni.dll
c:\programdata\minokeda
c:\programdata\minokeda\adekonim.ini
c:\programdata\minokeda\minokeda.dll
c:\programdata\mirosite
c:\programdata\mirosite\mirosite.dll
c:\programdata\misatuto
c:\programdata\misatuto\misatuto.dll
c:\programdata\misatuto\otutasim.ini
c:\programdata\miwikazu
c:\programdata\miwikazu\miwikazu.exe
c:\programdata\miyowepa
c:\programdata\miyowepa\apewoyim.ini
c:\programdata\miyowepa\miyowepa.dll
c:\programdata\mokajaha
c:\programdata\mokajaha\ahajakom.ini
c:\programdata\mokajaha\mokajaha.dll
c:\programdata\momukome
c:\programdata\momukome\momukome.exe
c:\programdata\mopifoti
c:\programdata\mopifoti\mopifoti.dll
c:\programdata\movedobo
c:\programdata\movedobo\movedobo.dll
c:\programdata\movedobo\obodevom.ini
c:\programdata\mozujufa
c:\programdata\mozujufa\mozujufa.dll
c:\programdata\mujulemo
c:\programdata\mujulemo\mujulemo.dll
c:\programdata\mutijilu
c:\programdata\mutijilu\mutijilu.dll
c:\programdata\nadeweba
c:\programdata\nadeweba\nadeweba.dll
c:\programdata\nafemoje
c:\programdata\nafemoje\nafemoje.dll
c:\programdata\nagubabu
c:\programdata\nagubabu\nagubabu.dll
c:\programdata\nalesido
c:\programdata\nalesido\nalesido.dll
c:\programdata\nametaya
c:\programdata\nametaya\ayateman.ini
c:\programdata\nametaya\nametaya.dll
c:\programdata\nanofidi
c:\programdata\nanofidi\idifonan.ini
c:\programdata\nanofidi\nanofidi.dll
c:\programdata\napirego
c:\programdata\napirego\napirego.dll
c:\programdata\narizezo
c:\programdata\narizezo\narizezo.dll
c:\programdata\narizezo\ozeziran.ini
c:\programdata\nayoliyi
c:\programdata\nayoliyi\iyiloyan.ini
c:\programdata\nayoliyi\nayoliyi.dll
c:\programdata\nebosejo
c:\programdata\nebosejo\nebosejo.dll
c:\programdata\nedozafa
c:\programdata\nedozafa\afazoden.ini
c:\programdata\nedozafa\nedozafa.dll
c:\programdata\nekepuso
c:\programdata\nekepuso\nekepuso.dll.tmp
c:\programdata\nerurowe
c:\programdata\nerurowe\nerurowe.dll
c:\programdata\nevokumo
c:\programdata\nevokumo\nevokumo.dll
c:\programdata\nevokumo\omukoven.ini
c:\programdata\nimejiba
c:\programdata\nimejiba\nimejiba.dll
c:\programdata\nipebiju
c:\programdata\nipebiju\nipebiju.dll
c:\programdata\nipebiju\ujibepin.ini
c:\programdata\nivujuhe
c:\programdata\nivujuhe\nivujuhe.dll
c:\programdata\nivutofe
c:\programdata\nivutofe\nivutofe.exe
c:\programdata\niwuzodo
c:\programdata\niwuzodo\niwuzodo.dll
c:\programdata\niwuzodo\odozuwin.ini
c:\programdata\nizifubu
c:\programdata\nizifubu\nizifubu.dll
c:\programdata\nodefaja
c:\programdata\nodefaja\nodefaja.dll
c:\programdata\notetiki
c:\programdata\notetiki\notetiki.dll
c:\programdata\notifefe
c:\programdata\notifefe\efefiton.ini
c:\programdata\notifefe\notifefe.dll
c:\programdata\nujevevo
c:\programdata\nujevevo\nujevevo.dll
c:\programdata\nunuwege
c:\programdata\nunuwege\egewunun.ini
c:\programdata\nunuwege\nunuwege.dll
c:\programdata\nurobumo
c:\programdata\nurobumo\nurobumo.dll
c:\programdata\nusajope
c:\programdata\nusajope\nusajope.dll
c:\programdata\pakabape
c:\programdata\pakabape\epabakap.ini
c:\programdata\pakabape\pakabape.dll
c:\programdata\panidoti
c:\programdata\panidoti\itodinap.ini
c:\programdata\panidoti\panidoti.dll
c:\programdata\pelefogi
c:\programdata\pelefogi\pelefogi.dll
c:\programdata\pewizasi
c:\programdata\pewizasi\pewizasi.dll
c:\programdata\peyedibe
c:\programdata\peyedibe\peyedibe.dll
c:\programdata\pifugena
c:\programdata\pifugena\pifugena.dll
c:\programdata\pigepuvu
c:\programdata\pigepuvu\pigepuvu.dll
c:\programdata\pigepuvu\uvupegip.ini
c:\programdata\pihufema
c:\programdata\pihufema\amefuhip.ini
c:\programdata\pihufema\pihufema.dll
c:\programdata\pilekolu
c:\programdata\pilekolu\pilekolu.dll
c:\programdata\pinamofa
c:\programdata\pinamofa\pinamofa.dll
c:\programdata\pirovowi
c:\programdata\pirovowi\iwovorip.ini
c:\programdata\pirovowi\pirovowi.dll
c:\programdata\pitukuwe
c:\programdata\pitukuwe\ewukutip.ini
c:\programdata\pitukuwe\pitukuwe.dll
c:\programdata\piyamamo
c:\programdata\piyamamo\piyamamo.dll
c:\programdata\pizotoyo
c:\programdata\pizotoyo\oyotozip.ini
c:\programdata\pizotoyo\pizotoyo.dll
c:\programdata\pizureke
c:\programdata\pizureke\ekeruzip.ini
c:\programdata\pizureke\pizureke.dll
c:\programdata\podezowu
c:\programdata\podezowu\podezowu.dll
c:\programdata\podezowu\uwozedop.ini
c:\programdata\potavaji
c:\programdata\potavaji\ijavatop.ini
c:\programdata\potavaji\potavaji.dll
c:\programdata\povisema
c:\programdata\povisema\povisema.exe
c:\programdata\powabino
c:\programdata\powabino\onibawop.ini
c:\programdata\powabino\powabino.dll
c:\programdata\pubigeno
c:\programdata\pubigeno\onegibup.ini
c:\programdata\pubigeno\pubigeno.dll
c:\programdata\pufikere
c:\programdata\pufikere\pufikere.dll
c:\programdata\pugaloji
c:\programdata\pugaloji\pugaloji.dll
c:\programdata\puhuhigo
c:\programdata\puhuhigo\ogihuhup.ini
c:\programdata\puhuhigo\puhuhigo.dll
c:\programdata\puhuzani
c:\programdata\puhuzani\inazuhup.ini
c:\programdata\puhuzani\puhuzani.dll
c:\programdata\pulaniro
c:\programdata\pulaniro\pulaniro.dll
c:\programdata\punagazi
c:\programdata\punagazi\punagazi.dll
c:\programdata\punejeyu
c:\programdata\punejeyu\punejeyu.dll
c:\programdata\punejeyu\uyejenup.ini
c:\programdata\punibuya
c:\programdata\punibuya\ayubinup.ini
c:\programdata\punibuya\punibuya.dll
c:\programdata\pusikedu
c:\programdata\pusikedu\pusikedu.dll.tmp
c:\programdata\puvudoki
c:\programdata\puvudoki\puvudoki.dll.tmp
c:\programdata\puzojazi
c:\programdata\puzojazi\izajozup.ini
c:\programdata\puzojazi\puzojazi.dll
c:\programdata\ranitawa
c:\programdata\ranitawa\awatinar.ini
c:\programdata\ranitawa\ranitawa.dll
c:\programdata\ravuripo
c:\programdata\ravuripo\opiruvar.ini
c:\programdata\ravuripo\ravuripo.dll
c:\programdata\relezeho
c:\programdata\relezeho\relezeho.dll
c:\programdata\relovuzo
c:\programdata\relovuzo\ozuvoler.ini
c:\programdata\relovuzo\relovuzo.dll
c:\programdata\repeniyi
c:\programdata\repeniyi\repeniyi.dll
c:\programdata\rerurepo
c:\programdata\rerurepo\rerurepo.dll
c:\programdata\retitogi
c:\programdata\retitogi\retitogi.dll.tmp
c:\programdata\retuzele
c:\programdata\retuzele\retuzele.dll
c:\programdata\revedopu
c:\programdata\revedopu\revedopu.dll
c:\programdata\revedopu\upodever.ini
c:\programdata\rewomijo
c:\programdata\rewomijo\ojimower.ini
c:\programdata\rewomijo\rewomijo.dll
c:\programdata\rezuyero
c:\programdata\rezuyero\rezuyero.dll
c:\programdata\rigulama
c:\programdata\rigulama\rigulama.dll
c:\programdata\rikevuku
c:\programdata\rikevuku\rikevuku.dll
c:\programdata\rikevuku\ukuvekir.ini
c:\programdata\riwibevo
c:\programdata\riwibevo\ovebiwir.ini
c:\programdata\riwibevo\riwibevo.dll
c:\programdata\rohiwuyi
c:\programdata\rohiwuyi\rohiwuyi.dll
c:\programdata\rokizuga
c:\programdata\rokizuga\rokizuga.dll
c:\programdata\rosajita
c:\programdata\rosajita\atijasor.ini
c:\programdata\rosajita\rosajita.dll
c:\programdata\rosoyovi
c:\programdata\rosoyovi\ivoyosor.ini
c:\programdata\rosoyovi\rosoyovi.dll
c:\programdata\roveyala
c:\programdata\roveyala\roveyala.dll
c:\programdata\rovokoko
c:\programdata\rovokoko\okokovor.ini
c:\programdata\rovokoko\rovokoko.dll
c:\programdata\rujabazu
c:\programdata\rujabazu\rujabazu.dll
c:\programdata\rupuwuyo
c:\programdata\rupuwuyo\oyuwupur.ini
c:\programdata\rupuwuyo\rupuwuyo.dll
c:\programdata\rutumene
c:\programdata\rutumene\rutumene.dll
c:\programdata\sabiyogi
c:\programdata\sabiyogi\igoyibas.ini
c:\programdata\sabiyogi\sabiyogi.dll
c:\programdata\sadopina
c:\programdata\sadopina\sadopina.exe
c:\programdata\sahanudi
c:\programdata\sahanudi\idunahas.ini
c:\programdata\sahanudi\sahanudi.dll
c:\programdata\sajolufi
c:\programdata\sajolufi\ifulojas.ini
c:\programdata\sajolufi\sajolufi.dll
c:\programdata\samubivi
c:\programdata\samubivi\ivibumas.ini
c:\programdata\samubivi\samubivi.dll
c:\programdata\sapalesa
c:\programdata\sapalesa\sapalesa.dll
c:\programdata\sasazola
c:\programdata\sasazola\alozasas.ini
c:\programdata\sasazola\sasazola.dll
c:\programdata\sefavezo
c:\programdata\sefavezo\sefavezo.dll
c:\programdata\sekofeha
c:\programdata\sekofeha\ahefokes.ini
c:\programdata\sekofeha\sekofeha.dll
c:\programdata\seluheyo
c:\programdata\seluheyo\seluheyo.dll
c:\programdata\semefase
c:\programdata\semefase\esafemes.ini
c:\programdata\semefase\semefase.dll
c:\programdata\serikuyo
c:\programdata\serikuyo\serikuyo.dll
c:\programdata\serubimu
c:\programdata\serubimu\serubimu.dll
c:\programdata\serubimu\umibures.ini
c:\programdata\sesuwive
c:\programdata\sesuwive\eviwuses.ini
c:\programdata\sesuwive\sesuwive.dll
c:\programdata\setelaki
c:\programdata\setelaki\setelaki.dll
c:\programdata\sewezago
c:\programdata\sewezago\sewezago.dll
c:\programdata\seyejutu
c:\programdata\seyejutu\seyejutu.dll
c:\programdata\seyejutu\utujeyes.ini
c:\programdata\seyohale
c:\programdata\seyohale\elahoyes.ini
c:\programdata\seyohale\seyohale.dll
c:\programdata\seziliwe
c:\programdata\seziliwe\seziliwe.dll
c:\programdata\sibufiki
c:\programdata\sibufiki\sibufiki.dll
c:\programdata\sibukigu
c:\programdata\sibukigu\sibukigu.dll
c:\programdata\sigisigu
c:\programdata\sigisigu\sigisigu.dll
c:\programdata\sigisigu\ugisigis.ini
c:\programdata\sihedava
c:\programdata\sihedava\avadehis.ini
c:\programdata\sihedava\sihedava.dll
c:\programdata\simibomi
c:\programdata\simibomi\simibomi.dll
c:\programdata\sipozavi
c:\programdata\sipozavi\ivazopis.ini
c:\programdata\sipozavi\sipozavi.dll
c:\programdata\sisamaro
c:\programdata\sisamaro\sisamaro.dll
c:\programdata\sobipore
c:\programdata\sobipore\sobipore.dll
c:\programdata\sodimafe
c:\programdata\sodimafe\sodimafe.dll
c:\programdata\sojimolo
c:\programdata\sojimolo\sojimolo.dll
c:\programdata\sojipeje
c:\programdata\sojipeje\sojipeje.dll
c:\programdata\sokimawu
c:\programdata\sokimawu\sokimawu.dll
c:\programdata\sokipafu
c:\programdata\sokipafu\sokipafu.dll
c:\programdata\sokupolo
c:\programdata\sokupolo\olopukos.ini
c:\programdata\sokupolo\sokupolo.dll
c:\programdata\solipade
c:\programdata\solipade\solipade.exe
c:\programdata\sosizoka
c:\programdata\sosizoka\sosizoka.dll
c:\programdata\subudojo
c:\programdata\subudojo\ojodubus.ini
c:\programdata\subudojo\subudojo.dll
c:\programdata\sufagika
c:\programdata\sufagika\sufagika.dll
c:\programdata\sufovetu
c:\programdata\sufovetu\sufovetu.dll
c:\programdata\sugemage
c:\programdata\sugemage\egamegus.ini
c:\programdata\sugemage\sugemage.dll
c:\programdata\sumidila
c:\programdata\sumidila\sumidila.dll
c:\programdata\sumozaja
c:\programdata\sumozaja\ajazomus.ini
c:\programdata\sumozaja\sumozaja.dll
c:\programdata\suyehahi
c:\programdata\suyehahi\suyehahi.dll
c:\programdata\tabupulu
c:\programdata\tabupulu\tabupulu.dll
c:\programdata\tahadoke
c:\programdata\tahadoke\tahadoke.dll
c:\programdata\tahemuwu
c:\programdata\tahemuwu\tahemuwu.dll
c:\programdata\tahemuwu\uwumehat.ini
c:\programdata\tahoyido
c:\programdata\tahoyido\tahoyido.dll
c:\programdata\tajonini
c:\programdata\tajonini\tajonini.dll
c:\programdata\takodeku
c:\programdata\takodeku\takodeku.dll
c:\programdata\takodeku\ukedokat.ini
c:\programdata\tamonudo
c:\programdata\tamonudo\odunomat.ini
c:\programdata\tamonudo\tamonudo.dll
c:\programdata\tariwane
c:\programdata\tariwane\tariwane.dll
c:\programdata\tasupada
c:\programdata\tasupada\tasupada.dll
c:\programdata\tegoyodo
c:\programdata\tegoyodo\odoyoget.ini
c:\programdata\tegoyodo\tegoyodo.dll
c:\programdata\tekugusa
c:\programdata\tekugusa\tekugusa.exe
c:\programdata\tesejuju
c:\programdata\tesejuju\tesejuju.dll.tmp
c:\programdata\tetuluyu
c:\programdata\tetuluyu\tetuluyu.dll
c:\programdata\tetuluyu\uyulutet.ini
c:\programdata\tewajuno
c:\programdata\tewajuno\onujawet.ini
c:\programdata\tewajuno\tewajuno.dll
c:\programdata\tezekiju
c:\programdata\tezekiju\tezekiju.dll
c:\programdata\tihofuje
c:\programdata\tihofuje\ejufohit.ini
c:\programdata\tihofuje\tihofuje.dll
c:\programdata\tijawife
c:\programdata\tijawife\efiwajit.ini
c:\programdata\tijawife\tijawife.dll
c:\programdata\tikikele
c:\programdata\tikikele\tikikele.exe
c:\programdata\timewogo
c:\programdata\timewogo\timewogo.dll.tmp
c:\programdata\tisodiza
c:\programdata\tisodiza\azidosit.ini
c:\programdata\tisodiza\tisodiza.dll
c:\programdata\tizayepa
c:\programdata\tizayepa\apeyazit.ini
c:\programdata\tizayepa\tizayepa.dll
c:\programdata\tobimiyo
c:\programdata\tobimiyo\tobimiyo.dll
c:\programdata\totetoni
c:\programdata\totetoni\totetoni.dll
c:\programdata\tuhiyega
c:\programdata\tuhiyega\tuhiyega.dll
c:\programdata\tulolima
c:\programdata\tulolima\tulolima.dll
c:\programdata\tunakige
c:\programdata\tunakige\egikanut.ini
c:\programdata\tunakige\tunakige.dll
c:\programdata\tunatope
c:\programdata\tunatope\epotanut.ini
c:\programdata\tunatope\tunatope.dll
c:\programdata\tunimipu
c:\programdata\tunimipu\tunimipu.dll
c:\programdata\tunimipu\upiminut.ini
c:\programdata\tupisamo
c:\programdata\tupisamo\tupisamo.exe
c:\programdata\tupudami
c:\programdata\tupudami\tupudami.exe
c:\programdata\turazufe
c:\programdata\turazufe\efuzarut.ini
c:\programdata\turazufe\turazufe.dll
c:\programdata\tutogejo
c:\programdata\tutogejo\ojegotut.ini
c:\programdata\tutogejo\tutogejo.dll
c:\programdata\tuwezune
c:\programdata\vafunavu
c:\programdata\vafunavu\vafunavu.exe
c:\programdata\vakuwuti
c:\programdata\vakuwuti\vakuwuti.dll
c:\programdata\vanuveli
c:\programdata\vanuveli\vanuveli.dll
c:\programdata\vatonopa
c:\programdata\vatonopa\aponotav.ini
c:\programdata\vatonopa\vatonopa.dll
c:\programdata\vawipayu
c:\programdata\vawipayu\uyapiwav.ini
c:\programdata\vawipayu\vawipayu.dll
c:\programdata\vawohoto
c:\programdata\vawohoto\otohowav.ini
c:\programdata\vawohoto\vawohoto.dll
c:\programdata\vazipuve
c:\programdata\vazipuve\vazipuve.dll
c:\programdata\vebuwalo
c:\programdata\vebuwalo\olawubev.ini
c:\programdata\vebuwalo\vebuwalo.dll
c:\programdata\vedoveze
c:\programdata\vedoveze\vedoveze.dll
c:\programdata\vedufenu
c:\programdata\vedufenu\vedufenu.exe
c:\programdata\vegasifa
c:\programdata\vegasifa\vegasifa.dll.tmp
c:\programdata\vehoride
c:\programdata\vehoride\vehoride.dll
c:\programdata\vemikesu
c:\programdata\vemikesu\usekimev.ini
c:\programdata\vemikesu\vemikesu.dll
c:\programdata\vepagini
c:\programdata\vepagini\inigapev.ini
c:\programdata\vepagini\vepagini.dll
c:\programdata\vesujoku
c:\programdata\vesujoku\ukojusev.ini
c:\programdata\vesujoku\vesujoku.dll
c:\programdata\vetujavo
c:\programdata\vetujavo\vetujavo.dll
c:\programdata\vevaforu
c:\programdata\vevaforu\vevaforu.dll
c:\programdata\vibulaze
c:\programdata\vibulaze\vibulaze.dll
c:\programdata\vifegoji
c:\programdata\vifegoji\vifegoji.dll
c:\programdata\vigedumi
c:\programdata\vigedumi\imudegiv.ini
c:\programdata\vigedumi\vigedumi.dll
c:\programdata\vigiwivu
c:\programdata\vigiwivu\vigiwivu.dll
c:\programdata\vimeyiha
c:\programdata\vimeyiha\vimeyiha.dll
c:\programdata\vineviza
c:\programdata\vineviza\vineviza.dll
c:\programdata\visezire
c:\programdata\visezire\visezire.dll
c:\programdata\vodademo
c:\programdata\vodademo\omedadov.ini
c:\programdata\vodademo\vodademo.dll
c:\programdata\vogajuwa
c:\programdata\vogajuwa\awujagov.ini
c:\programdata\vogajuwa\vogajuwa.dll
c:\programdata\vonehuri
c:\programdata\vonehuri\vonehuri.dll
c:\programdata\vorowapo
c:\programdata\vorowapo\opaworov.ini
c:\programdata\vorowapo\vorowapo.dll
c:\programdata\vorudope
c:\programdata\vorudope\vorudope.dll.tmp
c:\programdata\votiwehe
c:\programdata\votiwehe\votiwehe.dll
c:\programdata\vowusaku
c:\programdata\vowusaku\ukasuwov.ini
c:\programdata\vowusaku\vowusaku.dll
c:\programdata\voyaginu
c:\programdata\voyaginu\voyaginu.exe
c:\programdata\vudileno
c:\programdata\vudileno\vudileno.dll
c:\programdata\vufehodo
c:\programdata\vufehodo\vufehodo.dll
c:\programdata\vuhosuga
c:\programdata\vuhosuga\vuhosuga.dll
c:\programdata\vunuwime
c:\programdata\vunuwime\vunuwime.dll
c:\programdata\vupivino
c:\programdata\vupivino\onivipuv.ini
c:\programdata\vupivino\vupivino.dll
c:\programdata\vuvaguni
c:\programdata\vuvaguni\vuvaguni.dll
c:\programdata\wahuzehu
c:\programdata\wahuzehu\wahuzehu.dll
c:\programdata\wakisoma
c:\programdata\wakisoma\wakisoma.dll
c:\programdata\wamudaki
c:\programdata\wamudaki\ikadumaw.ini
c:\programdata\wamudaki\wamudaki.dll
c:\programdata\watitatu
c:\programdata\watitatu\utatitaw.ini
c:\programdata\watitatu\watitatu.dll
c:\programdata\wavojami
c:\programdata\wavojami\imajovaw.ini
c:\programdata\wavojami\wavojami.dll
c:\programdata\webudiwe
c:\programdata\webudiwe\ewidubew.ini
c:\programdata\webudiwe\webudiwe.dll
c:\programdata\wejimowe
c:\programdata\wejimowe\wejimowe.dll
c:\programdata\wejukale
c:\programdata\wejukale\wejukale.dll
c:\programdata\wemikusa
c:\programdata\wemikusa\wemikusa.dll
c:\programdata\weramuji
c:\programdata\weramuji\ijumarew.ini
c:\programdata\weramuji\weramuji.dll
c:\programdata\weroyufo
c:\programdata\weroyufo\weroyufo.dll
c:\programdata\wibuzupo
c:\programdata\wibuzupo\wibuzupo.dll
c:\programdata\wigadege
c:\programdata\wigadege\wigadege.dll
c:\programdata\wisovuhu
c:\programdata\wisovuhu\uhuvosiw.ini
c:\programdata\wisovuhu\wisovuhu.dll
c:\programdata\witihoji
c:\programdata\witihoji\ijohitiw.ini
c:\programdata\witihoji\witihoji.dll
c:\programdata\wivahire
c:\programdata\wivahire\wivahire.dll
c:\programdata\wizipuko
c:\programdata\wizipuko\wizipuko.dll
c:\programdata\wonekinu
c:\programdata\wonekinu\unikenow.ini
c:\programdata\wonekinu\wonekinu.dll
c:\programdata\wonufeji
c:\programdata\wonufeji\wonufeji.dll
c:\programdata\worekofo
c:\programdata\worekofo\worekofo.dll.tmp
c:\programdata\worojulo
c:\programdata\worojulo\olujorow.ini
c:\programdata\worojulo\worojulo.dll
c:\programdata\wozosiro
c:\programdata\wozosiro\orisozow.ini
c:\programdata\wozosiro\wozosiro.dll
c:\programdata\wurigime
c:\programdata\wurigime\emigiruw.ini
c:\programdata\wurigime\wurigime.dll
c:\programdata\wuvidaro
c:\programdata\wuvidaro\wuvidaro.dll
c:\programdata\wuvijodo
c:\programdata\wuvijodo\wuvijodo.dll
c:\programdata\wuwilava
c:\programdata\wuwilava\wuwilava.dll
c:\programdata\yafujivu
c:\programdata\yafujivu\yafujivu.dll
c:\programdata\yagedema
c:\programdata\yagedema\yagedema.dll
c:\programdata\yahazeme
c:\programdata\yahazeme\emezahay.ini
c:\programdata\yahazeme\yahazeme.dll
c:\programdata\yahukiye
c:\programdata\yahukiye\yahukiye.dll
c:\programdata\yajoleso
c:\programdata\yajoleso\oselojay.ini
c:\programdata\yajoleso\yajoleso.dll
c:\programdata\yakevanu
c:\programdata\yakevanu\unavekay.ini
c:\programdata\yakevanu\yakevanu.dll
c:\programdata\yasarobe
c:\programdata\yasarobe\yasarobe.dll
c:\programdata\yavidihi
c:\programdata\yavidihi\yavidihi.dll
c:\programdata\yegofoju
c:\programdata\yegofoju\yegofoju.dll
c:\programdata\yekuvute
c:\programdata\yekuvute\yekuvute.dll
c:\programdata\yesobuje
c:\programdata\yesobuje\ejubosey.ini
c:\programdata\yesobuje\yesobuje.dll
c:\programdata\yetihusa
c:\programdata\yetihusa\asuhitey.ini
c:\programdata\yetihusa\yetihusa.dll
c:\programdata\yevazani
c:\programdata\yevazani\yevazani.dll
c:\programdata\yewususi
c:\programdata\yewususi\yewususi.dll
c:\programdata\yeyuneva
c:\programdata\yeyuneva\avenuyey.ini
c:\programdata\yeyuneva\yeyuneva.dll
c:\programdata\yezuyaye
c:\programdata\yezuyaye\eyayuzey.ini
c:\programdata\yezuyaye\yezuyaye.dll
c:\programdata\yihigiyo
c:\programdata\yihigiyo\oyigihiy.ini
c:\programdata\yihigiyo\yihigiyo.dll
c:\programdata\yileduki
c:\programdata\yileduki\ikudeliy.ini
c:\programdata\yileduki\yileduki.dll
c:\programdata\yipagone
c:\programdata\yipagone\enogapiy.ini
c:\programdata\yipagone\yipagone.dll
c:\programdata\yiriyidi
c:\programdata\yiriyidi\idiyiriy.ini
c:\programdata\yiriyidi\yiriyidi.dll
c:\programdata\yisaliti
c:\programdata\yisaliti\yisaliti.dll
c:\programdata\yivomadu
c:\programdata\yivomadu\udamoviy.ini
c:\programdata\yivomadu\yivomadu.dll
c:\programdata\yiyekubi
c:\programdata\yiyekubi\yiyekubi.dll
c:\programdata\yowilugi
c:\programdata\yowilugi\yowilugi.dll
c:\programdata\yufudufo
c:\programdata\yufudufo\ofudufuy.ini
c:\programdata\yufudufo\yufudufo.dll
c:\programdata\yuhayudi
c:\programdata\yuhayudi\yuhayudi.dll
c:\programdata\yujukumi
c:\programdata\yujukumi\yujukumi.dll
c:\programdata\yuyataka
c:\programdata\yuyataka\yuyataka.dll
c:\programdata\yuyawezi
c:\programdata\yuyawezi\yuyawezi.dll
c:\programdata\zadupuda
c:\programdata\zadupuda\zadupuda.dll
c:\programdata\zafabodo
c:\programdata\zafabodo\zafabodo.exe
c:\programdata\zahedotu
c:\programdata\zahedotu\utodehaz.ini
c:\programdata\zahedotu\zahedotu.dll
c:\programdata\zakahime
c:\programdata\zakahime\emihakaz.ini
c:\programdata\zakahime\zakahime.dll
c:\programdata\zamikeri
c:\programdata\zamikeri\irekimaz.ini
c:\programdata\zamikeri\zamikeri.dll
c:\programdata\zarufeto
c:\programdata\zarufeto\otefuraz.ini
c:\programdata\zarufeto\zarufeto.dll
c:\programdata\zasosowi
c:\programdata\zasosowi\zasosowi.exe
c:\programdata\zavigoke
c:\programdata\zavigoke\zavigoke.dll
c:\programdata\zavukena
c:\programdata\zavukena\anekuvaz.ini
c:\programdata\zavukena\zavukena.dll
c:\programdata\zawayupi
c:\programdata\zawayupi\zawayupi.dll
c:\programdata\zebipufe
c:\programdata\zebipufe\zebipufe.dll
c:\programdata\zelijudo
c:\programdata\zelijudo\zelijudo.dll
c:\programdata\zeyuvome
c:\programdata\zeyuvome\zeyuvome.dll
c:\programdata\zifirebi
c:\programdata\zifirebi\iberifiz.ini
c:\programdata\zifirebi\zifirebi.dll
c:\programdata\zikuvoya
c:\programdata\zikuvoya\zikuvoya.dll
c:\programdata\ziselero
c:\programdata\ziselero\ziselero.dll
c:\programdata\zisudifi
c:\programdata\zisudifi\ifidusiz.ini
c:\programdata\zisudifi\zisudifi.dll
c:\programdata\zivihofo
c:\programdata\zivihofo\ofohiviz.ini
c:\programdata\zivihofo\zivihofo.dll
c:\programdata\zobekota
c:\programdata\zobekota\zobekota.exe
c:\programdata\zodikebu
c:\programdata\zodikebu\zodikebu.dll
c:\programdata\zohebuyi
c:\programdata\zohebuyi\iyubehoz.ini
c:\programdata\zohebuyi\zohebuyi.dll
c:\programdata\zokekaye
c:\programdata\zokekaye\zokekaye.dll
c:\programdata\zolivoga
c:\programdata\zolivoga\agoviloz.ini
c:\programdata\zolivoga\zolivoga.dll
c:\programdata\zomojuya
c:\programdata\zomojuya\ayujomoz.ini
c:\programdata\zomojuya\zomojuya.dll
c:\programdata\zoravugi
c:\programdata\zoravugi\iguvaroz.ini
c:\programdata\zoravugi\zoravugi.dll
c:\programdata\zovakuha
c:\programdata\zovakuha\zovakuha.dll.tmp
c:\programdata\zujasema
c:\programdata\zujasema\zujasema.dll
c:\programdata\zujerivi
c:\programdata\zujerivi\zujerivi.dll
c:\programdata\zuvafuya
c:\programdata\zuvafuya\zuvafuya.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.

2009-11-15 18:37 . 2009-11-15 18:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-15 18:37 . 2009-11-15 18:37 -------- d-----w- c:\users\Keymar\AppData\Local\temp
2009-11-15 18:37 . 2009-11-15 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-15 18:03 . 2009-11-15 18:04 -------- d-----w- C:\32788R22FWJFW
2009-11-14 17:02 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-14 17:02 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-14 17:02 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-14 17:02 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-14 17:01 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-14 17:01 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-14 17:01 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-14 17:00 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-14 17:00 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-13 23:16 . 2009-11-13 23:16 -------- d-----w- C:\_OTM
2009-11-13 23:14 . 2009-11-13 23:14 53248 d-----w- C:\Combo.com32719C
2009-11-13 22:52 . 2009-11-13 22:52 53248 d-----w- C:\Combo.com1757C
2009-11-13 22:51 . 2009-11-13 22:51 53248 d-----w- C:\Combo.com
2009-11-13 22:49 . 2009-11-13 22:49 53248 d-----w- C:\ComboFix.com
2009-11-10 22:52 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 22:51 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 12:15 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-10 12:15 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-11-10 12:15 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-11-10 12:15 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-22 15:18 . 2009-11-14 19:29 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-17 15:43 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-17 15:43 . 2009-08-27 14:02 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-17 15:38 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-17 15:38 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-17 15:35 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 17:59 . 2009-05-19 21:38 8192 d-----w- c:\program files\Steam
2009-11-14 19:34 . 2009-05-19 21:39 -------- d-----w- c:\program files\Common Files\Steam
2009-11-14 01:47 . 2008-04-01 17:53 1356 ----a-w- c:\users\Keymar\AppData\Local\d3d9caps.dat
2009-11-11 18:32 . 2007-08-31 08:24 74752 ----a-w- c:\users\Keymar\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-11 03:23 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 03:16 . 2007-08-31 08:32 8192 d-----w- c:\programdata\Microsoft Help
2009-11-11 03:11 . 2007-08-31 08:36 4096 d-----w- c:\program files\Microsoft Works
2009-11-10 19:51 . 2008-04-01 10:00 4096 d-----w- c:\users\Keymar\AppData\Roaming\dvdcss
2009-09-19 23:48 . 2008-05-27 18:23 -------- d-----w- c:\users\Keymar\AppData\Roaming\Microgaming
2009-09-19 11:43 . 2009-09-19 11:43 -------- d-----w- c:\users\Keymar\AppData\Roaming\SecondLife
2009-08-29 03:41 . 2009-09-02 19:58 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40 . 2009-09-02 19:58 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31 . 2009-09-02 19:58 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:57 . 2009-10-17 15:42 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57 . 2009-10-17 15:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56 . 2009-10-17 15:42 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24 . 2009-10-17 15:42 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51 . 2009-10-17 15:42 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\91415146 ----

2009-06-12 20:00 . 2009-06-12 20:00 47148 ----a-w- c:\programdata\91415146\91415146.exe

---- Directory of c:\programvdata\11405154 ----



((((((((((((((((((((((((((((( SnapShot@2009-11-14_02.53.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-14 17:02 . 2009-08-07 02:24 44768 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wups2.dll
+ 2009-11-14 17:02 . 2009-08-07 02:24 53472 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe
+ 2009-11-14 17:00 . 2009-08-06 18:44 33792 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuapp.exe
+ 2009-11-14 17:01 . 2009-08-07 02:24 35552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wups.dll
+ 2009-11-14 17:01 . 2009-08-07 01:44 87552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wudriver.dll
+ 2006-12-20 11:57 . 2009-11-14 19:34 45958 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-12-20 11:57 . 2009-11-14 01:52 45958 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-11-14 19:34 53506 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-08-31 08:26 . 2009-11-14 19:34 10824 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4180222272-2330032099-3635075793-1000_UserData.bin
+ 2007-08-31 08:20 . 2009-11-15 17:57 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-31 08:20 . 2009-11-14 02:50 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-14 01:55 . 2009-11-14 02:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-14 01:55 . 2009-11-15 17:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-31 08:20 . 2009-11-15 17:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-08-31 08:20 . 2009-11-14 02:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-06 19:23 . 2009-08-06 19:23 73288 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2009-11-14 19:31 . 2009-11-14 19:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-14 01:49 . 2009-11-14 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-14 19:31 . 2009-11-14 19:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-14 01:49 . 2009-11-14 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-14 17:00 . 2009-08-06 19:23 171608 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuwebv.dll
+ 2009-11-14 17:01 . 2009-08-07 02:23 575704 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wuapi.dll
+ 2007-08-31 08:56 . 2009-11-15 17:56 350916 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-11-14 17:02 . 2009-08-07 01:45 2421760 c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.4.7600.226_none_672645e7fba0c4cc\wucltux.dll
+ 2009-11-14 17:02 . 2009-08-07 02:23 1929952 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuaueng.dll
+ 2006-11-02 10:22 . 2009-11-14 19:30 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-11-11 03:27 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-12-13 03:22 . 2009-11-13 23:11 1157528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-12-13 03:22 . 2009-11-14 19:29 1157528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-05-30 02:03 . 2009-11-14 17:03 174907474 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-24 1217808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-14 1006264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-01 3772416]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071212.002\IDSvix86.sys [12/12/2007 13:46 180272]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [24/10/2006 12:40 37008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-11-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-11-13 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Keymar.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

2009-11-14 c:\windows\Tasks\User_Feed_Synchronization-{5B20AB85-1483-4A8C-A9EC-4E3B38E2DB85}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch...acker_url.pl?EN
TCP: {64269981-636F-4FAD-B04A-F32E57C2C26A} = 212.74.112.66,212.74.112.67
FF - ProfilePath - c:\users\Keymar\AppData\Roaming\Mozilla\Firefox\Profiles\7orh28pe.default\
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????????? ???H?????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-11-15 18:43
ComboFix-quarantined-files.txt 2009-11-15 18:43
ComboFix2.txt 2009-11-14 19:25
ComboFix3.txt 2009-11-14 03:00

Pre-Run: 38,374,162,432 bytes free
Post-Run: 38,334,562,304 bytes free

- - End Of File - - 478F47EEAF9CA0F94AF83D77608CA57E
Upload was successful

#42 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 15 November 2009 - 09:47 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.whatthetech.com/Security_Tool_t108235.html&view=findpost&p=611026#entry611026

Collect::
c:\programdata\91415146\91415146.exe

Folder::
c:\programdata\11405154
c:\programdata\91415146

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

**Vista users - right click on the IE icon and run as administrator

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#43 VanDavies

VanDavies

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 16 November 2009 - 12:35 PM

Hi CatByte

OK here is the latest log:

ComboFix 09-11-16.01 - Keymar 16/11/2009 13:12..1 - FAT32x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.894.332 [GMT 0:00]
Running from: c:\users\Keymar\Desktop\ComboFix.exe
Command switches used :: c:\users\Keymar\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\programdata\91415146\91415146.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\11405154
c:\programdata\11405154\11405154.glu
c:\programdata\11405154\pc11405154cnf
c:\programdata\11405154\pc11405154ins
c:\programdata\91415146
c:\programdata\91415146\91415146.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-16 13:28 . 2009-11-16 13:28 -------- d-----w- c:\users\Keymar\AppData\Local\temp
2009-11-16 13:28 . 2009-11-16 13:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-16 13:28 . 2009-11-16 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-16 13:07 . 2009-11-16 13:08 24576 d-----w- C:\32788R22FWJFW
2009-11-16 01:01 . 2009-11-16 01:01 -------- d-----w- c:\windows\Sun
2009-11-14 17:02 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-14 17:02 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-14 17:02 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-14 17:02 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-14 17:01 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-14 17:01 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-14 17:01 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-14 17:00 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-14 17:00 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-13 23:16 . 2009-11-13 23:16 -------- d-----w- C:\_OTM
2009-11-13 23:14 . 2009-11-13 23:14 53248 d-----w- C:\Combo.com32719C
2009-11-13 22:52 . 2009-11-13 22:52 53248 d-----w- C:\Combo.com1757C
2009-11-13 22:51 . 2009-11-13 22:51 53248 d-----w- C:\Combo.com
2009-11-13 22:49 . 2009-11-13 22:49 53248 d-----w- C:\ComboFix.com
2009-11-10 22:52 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 22:51 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 12:15 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-10 12:15 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-11-10 12:15 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-11-10 12:15 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-22 15:18 . 2009-11-16 12:52 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-17 15:43 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-17 15:43 . 2009-08-27 14:02 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-17 15:38 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-17 15:38 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-17 15:35 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 12:57 . 2009-05-19 21:38 8192 d-----w- c:\program files\Steam
2009-11-16 12:56 . 2009-05-19 21:39 -------- d-----w- c:\program files\Common Files\Steam
2009-11-14 01:47 . 2008-04-01 17:53 1356 ----a-w- c:\users\Keymar\AppData\Local\d3d9caps.dat
2009-11-11 18:32 . 2007-08-31 08:24 74752 ----a-w- c:\users\Keymar\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-11 03:23 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 03:16 . 2007-08-31 08:32 8192 d-----w- c:\programdata\Microsoft Help
2009-11-11 03:11 . 2007-08-31 08:36 4096 d-----w- c:\program files\Microsoft Works
2009-11-10 19:51 . 2008-04-01 10:00 4096 d-----w- c:\users\Keymar\AppData\Roaming\dvdcss
2009-09-19 23:48 . 2008-05-27 18:23 -------- d-----w- c:\users\Keymar\AppData\Roaming\Microgaming
2009-09-19 11:43 . 2009-09-19 11:43 -------- d-----w- c:\users\Keymar\AppData\Roaming\SecondLife
2009-08-29 03:41 . 2009-09-02 19:58 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40 . 2009-09-02 19:58 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31 . 2009-09-02 19:58 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:57 . 2009-10-17 15:42 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57 . 2009-10-17 15:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56 . 2009-10-17 15:42 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24 . 2009-10-17 15:42 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51 . 2009-10-17 15:42 48128 ----a-w- c:\windows\system32\mshtmler.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-14_02.53.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-14 17:02 . 2009-08-07 02:24 44768 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wups2.dll
+ 2009-11-14 17:02 . 2009-08-07 02:24 53472 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe
+ 2009-11-14 17:00 . 2009-08-06 18:44 33792 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuapp.exe
+ 2009-11-14 17:01 . 2009-08-07 02:24 35552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wups.dll
+ 2009-11-14 17:01 . 2009-08-07 01:44 87552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wudriver.dll
+ 2006-12-20 11:57 . 2009-11-16 12:56 46286 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-11-16 12:56 53522 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-08-31 08:26 . 2009-11-16 12:56 10824 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4180222272-2330032099-3635075793-1000_UserData.bin
+ 2007-08-31 08:20 . 2009-11-16 13:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-31 08:20 . 2009-11-14 02:50 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-14 01:55 . 2009-11-16 13:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-14 01:55 . 2009-11-14 02:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-31 08:20 . 2009-11-16 13:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-08-31 08:20 . 2009-11-14 02:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-06 19:23 . 2009-08-06 19:23 73288 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2009-11-14 01:49 . 2009-11-14 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-16 12:54 . 2009-11-16 12:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-14 01:49 . 2009-11-14 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-16 12:54 . 2009-11-16 12:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-14 17:00 . 2009-08-06 19:23 171608 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuwebv.dll
+ 2009-11-14 17:01 . 2009-08-07 02:23 575704 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wuapi.dll
+ 2007-08-31 08:56 . 2009-11-16 12:46 351274 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-11-14 17:02 . 2009-08-07 01:45 2421760 c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.4.7600.226_none_672645e7fba0c4cc\wucltux.dll
+ 2009-11-14 17:02 . 2009-08-07 02:23 1929952 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuaueng.dll
+ 2006-11-02 10:22 . 2009-11-14 19:30 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-11-11 03:27 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-12-13 03:22 . 2009-11-13 23:11 1157528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-12-13 03:22 . 2009-11-16 12:52 1157528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-05-30 02:03 . 2009-11-14 17:03 174907474 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-24 1217808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-14 1006264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-01 3772416]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071212.002\IDSvix86.sys [12/12/2007 13:46 180272]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [24/10/2006 12:40 37008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-11-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-11-13 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Keymar.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

2009-11-16 c:\windows\Tasks\User_Feed_Synchronization-{5B20AB85-1483-4A8C-A9EC-4E3B38E2DB85}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch...acker_url.pl?EN
TCP: {64269981-636F-4FAD-B04A-F32E57C2C26A} = 212.74.112.66,212.74.112.67
FF - ProfilePath - c:\users\Keymar\AppData\Roaming\Mozilla\Firefox\Profiles\7orh28pe.default\
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-16 13:28
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????????? ???H?????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-11-16 13:34
ComboFix-quarantined-files.txt 2009-11-16 13:34
ComboFix2.txt 2009-11-15 19:55
ComboFix3.txt 2009-11-14 19:25
ComboFix4.txt 2009-11-14 03:00

Pre-Run: 38,261,506,048 bytes free
Post-Run: 39,026,851,840 bytes free

- - End Of File - - 654DE4114B4DAC95528416242B68E014
Upload was successful

#44 VanDavies

VanDavies

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 16 November 2009 - 01:02 PM

Ant the MBAM report: Malwarebytes' Anti-Malware 1.41 Database version: 3180 Windows 6.0.6000 16/11/2009 18:48:16 mbam-log-2009-11-16 (18-48-16).txt Scan type: Quick Scan Objects scanned: 94201 Time elapsed: 7 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Keymar\downloads\install(2).exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\Users\Keymar\downloads\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. C:\Users\Keymar\downloads\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#45 VanDavies

VanDavies

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 16 November 2009 - 05:57 PM

And this is the Kaspersky report: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, November 16, 2009 Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit (build 6000) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, November 16, 2009 09:36:53 Records in database: 3222683 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ E:\ Scan statistics: Objects scanned: 129900 Threats found: 12 Infected objects found: 346 Suspicious objects found: 0 Scan duration: 02:48:15 File name / Threat / Threats count C:\Qoobox\Quarantine\C\ProgramData\91415146\91415146.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wcfw 1 C:\Qoobox\Quarantine\C\ProgramData\balakago\balakago.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\bawepuve\bawepuve.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\bazigiza\bazigiza.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\bejeturo\bejeturo.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\bejuhegu\bejuhegu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\besazeko\besazeko.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\besoraza\besoraza.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\bewihafu\bewihafu.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\bewohuze\bewohuze.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\bifuholu\bifuholu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\bihopani\bihopani.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\biwejube\biwejube.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\biyibipa\biyibipa.exe.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\bowekano\bowekano.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\boyapade\boyapade.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\bozehuka\bozehuka.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\burujetu\burujetu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\buyimoza\buyimoza.dll.tmp.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\buzokike\buzokike.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\buzutewu\buzutewu.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\dabesori\dabesori.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\dabivomi\dabivomi.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\dafavidi\dafavidi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\dahesefu\dahesefu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\davujapu\davujapu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\deneloyu\deneloyu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\deteboje\deteboje.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\deyegeri\deyegeri.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\deyohapo\deyohapo.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\difusibu\difusibu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\dimugone\dimugone.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\dipawobu\dipawobu.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\dirazuno\dirazuno.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\diwumohi\diwumohi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\diwunoza\diwunoza.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\diwuzisi\diwuzisi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\dotakato\dotakato.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\dugazuli\dugazuli.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\dujotaro\dujotaro.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\dumiweja\dumiweja.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\durovuwi\durovuwi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\dusorika\dusorika.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\fapasile\fapasile.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\felehuta\felehuta.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\feruyodu\feruyodu.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\fetawife\fetawife.exe.vir Infected: Packed.Win32.Krap.r 1 C:\Qoobox\Quarantine\C\ProgramData\fetepopi\fetepopi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\fewovaka\fewovaka.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\fezemiri\fezemiri.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\fidevuza\fidevuza.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\fikineju\fikineju.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\firovopa\firovopa.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\fiseziju\fiseziju.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\fivewapo\fivewapo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\fiwatiho\fiwatiho.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\forikede\forikede.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\fowoluye\fowoluye.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\foyibaga\foyibaga.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\fufuvavi\fufuvavi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\fumubupo\fumubupo.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\fupizaho\fupizaho.exe.vir Infected: Net-Worm.Win32.Koobface.ast 1 C:\Qoobox\Quarantine\C\ProgramData\gabiwela\gabiwela.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\gadenodi\gadenodi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\gamemuzo\gamemuzo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\gamuduji\gamuduji.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\gawopaji\gawopaji.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\gekujedo\gekujedo.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\gesomuya\gesomuya.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\getareku\getareku.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\gikuvadi\gikuvadi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\giludeye\giludeye.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\gipafobi\gipafobi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\gipalapo\gipalapo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1 C:\Qoobox\Quarantine\C\ProgramData\gisayesu\gisayesu.dll.vir Infected: Trojan.Win32.Stuh.acvk 1 C:\Qoobox\Quarantine\C\ProgramData\gorumeko\gorumeko.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\gupehimu\gupehimu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\guresoso\guresoso.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\gutebiva\gutebiva.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\hahegizi\hahegizi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\hajimaji\hajimaji.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\halobego\halobego.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\hetudeba\hetudeba.dll.vir Infected: Trojan.Win32.Monder.ctjg 1 C:\Qoobox\Quarantine\C\ProgramData\heyajele\heyajele.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\himafiru\himafiru.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\himivido\himivido.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\hizajite\hizajite.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\hohihosa\hohihosa.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\hokitoke\hokitoke.dll.vir Infected: Trojan.Win32.Stuh.acvk 1 C:\Qoobox\Quarantine\C\ProgramData\holomoha\holomoha.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\hominide\hominide.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\hopalusa\hopalusa.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\hopeheko\hopeheko.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\hovisevo\hovisevo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\hufazone\hufazone.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\hukasize\hukasize.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\husekezu\husekezu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\jabinosi\jabinosi.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\jagubeve\jagubeve.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\jajidipe\jajidipe.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\jamagiro\jamagiro.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\janazizi\janazizi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\jeniguju\jeniguju.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\jesifewu\jesifewu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\jetemegu\jetemegu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\jezihibi\jezihibi.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\jifitavi\jifitavi.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\jigolova\jigolova.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\jikofogo\jikofogo.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\jitusisi\jitusisi.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\jobepoho\jobepoho.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\jobunane\jobunane.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\jubimiso\jubimiso.dll.vir Infected: Trojan.Win32.Stuh.acvk 1 C:\Qoobox\Quarantine\C\ProgramData\jufiroka\jufiroka.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\jufodolu\jufodolu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\juvewesi\juvewesi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\kaduyito\kaduyito.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\kafiseri\kafiseri.exe.vir Infected: Packed.Win32.Krap.r 1 C:\Qoobox\Quarantine\C\ProgramData\kazigite\kazigite.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\kegabuya\kegabuya.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\kemifave\kemifave.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\kewujumo\kewujumo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\keyerozi\keyerozi.exe.vir Infected: Net-Worm.Win32.Koobface.ast 1 C:\Qoobox\Quarantine\C\ProgramData\kezisimi\kezisimi.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\kigoleki\kigoleki.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\kotefale\kotefale.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\kovemivu\kovemivu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\kuboyepu\kuboyepu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\kuherono\kuherono.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\kutajive\kutajive.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\lajikowa\lajikowa.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\lamufute\lamufute.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\lelujazo\lelujazo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\lenojamo\lenojamo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\lesakohe\lesakohe.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\lesatiza\lesatiza.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\leselehu\leselehu.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\levonupo\levonupo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\lifobuju\lifobuju.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\lirayebi\lirayebi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\lizatayi\lizatayi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\lobuwane\lobuwane.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\lodiluve\lodiluve.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\loranana\loranana.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\losedega\losedega.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\loyanimi\loyanimi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\lulilupa\lulilupa.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\luyazapi\luyazapi.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\ProgramData\madureyu\madureyu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\mahitale\mahitale.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\majobonu\majobonu.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\marojibe\marojibe.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\matiwize\matiwize.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\matuyamu\matuyamu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\mefapiga\mefapiga.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\megejiwe\megejiwe.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\mejonivo\mejonivo.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\mejutoti\mejutoti.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\melimiwu\melimiwu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\mesomego\mesomego.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\miguzuyi\miguzuyi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\mirosite\mirosite.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\miyowepa\miyowepa.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\momukome\momukome.exe.vir Infected: Trojan-Dropper.Win32.Agent.atmg 1 C:\Qoobox\Quarantine\C\ProgramData\mopifoti\mopifoti.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\mozujufa\mozujufa.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\mujulemo\mujulemo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\mutijilu\mutijilu.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\nadeweba\nadeweba.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nafemoje\nafemoje.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nagubabu\nagubabu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nametaya\nametaya.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nanofidi\nanofidi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\napirego\napirego.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\narizezo\narizezo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nayoliyi\nayoliyi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nebosejo\nebosejo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nerurowe\nerurowe.dll.vir Infected: Trojan.Win32.Stuh.acvk 1 C:\Qoobox\Quarantine\C\ProgramData\nevokumo\nevokumo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nimejiba\nimejiba.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nivujuhe\nivujuhe.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nivutofe\nivutofe.exe.vir Infected: Packed.Win32.Krap.r 1 C:\Qoobox\Quarantine\C\ProgramData\nizifubu\nizifubu.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\notifefe\notifefe.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nujevevo\nujevevo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nunuwege\nunuwege.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\nusajope\nusajope.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\panidoti\panidoti.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\pewizasi\pewizasi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\pihufema\pihufema.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\pilekolu\pilekolu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\pirovowi\pirovowi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\pitukuwe\pitukuwe.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\piyamamo\piyamamo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\pizureke\pizureke.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\potavaji\potavaji.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\povisema\povisema.exe.vir Infected: Net-Worm.Win32.Koobface.ast 1 C:\Qoobox\Quarantine\C\ProgramData\pubigeno\pubigeno.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\puhuhigo\puhuhigo.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\puhuzani\puhuzani.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\punagazi\punagazi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\punejeyu\punejeyu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\punibuya\punibuya.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\pusikedu\pusikedu.dll.tmp.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\puzojazi\puzojazi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\ravuripo\ravuripo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\relovuzo\relovuzo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\repeniyi\repeniyi.dll.vir Infected: Trojan.Win32.Stuh.acvk 1 C:\Qoobox\Quarantine\C\ProgramData\rerurepo\rerurepo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\rigulama\rigulama.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\rikevuku\rikevuku.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\rohiwuyi\rohiwuyi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\rokizuga\rokizuga.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\rosajita\rosajita.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\rovokoko\rovokoko.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\rujabazu\rujabazu.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\rupuwuyo\rupuwuyo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sabiyogi\sabiyogi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sapalesa\sapalesa.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\sasazola\sasazola.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\semefase\semefase.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\serikuyo\serikuyo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sesuwive\sesuwive.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\seyohale\seyohale.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sigisigu\sigisigu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sihedava\sihedava.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sisamaro\sisamaro.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sobipore\sobipore.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sojimolo\sojimolo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sokimawu\sokimawu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sosizoka\sosizoka.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\subudojo\subudojo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sufovetu\sufovetu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sugemage\sugemage.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\sumozaja\sumozaja.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\tahadoke\tahadoke.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\tahemuwu\tahemuwu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\takodeku\takodeku.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\tariwane\tariwane.dll.vir Infected: Trojan.Win32.Monder.bzdz 1 C:\Qoobox\Quarantine\C\ProgramData\tesejuju\tesejuju.dll.tmp.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\tetuluyu\tetuluyu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\tewajuno\tewajuno.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\tezekiju\tezekiju.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\tihofuje\tihofuje.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\tijawife\tijawife.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\timewogo\timewogo.dll.tmp.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\tisodiza\tisodiza.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\tobimiyo\tobimiyo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\totetoni\totetoni.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\tuhiyega\tuhiyega.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\tulolima\tulolima.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\tunatope\tunatope.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\tupudami\tupudami.exe.vir Infected: Net-Worm.Win32.Koobface.ast 1 C:\Qoobox\Quarantine\C\ProgramData\turazufe\turazufe.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\tutogejo\tutogejo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vafunavu\vafunavu.exe.vir Infected: Trojan-Dropper.Win32.Agent.atmg 1 C:\Qoobox\Quarantine\C\ProgramData\vakuwuti\vakuwuti.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vatonopa\vatonopa.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vawohoto\vawohoto.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\vazipuve\vazipuve.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vebuwalo\vebuwalo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vehoride\vehoride.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\vemikesu\vemikesu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vesujoku\vesujoku.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vevaforu\vevaforu.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\vifegoji\vifegoji.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vigedumi\vigedumi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vimeyiha\vimeyiha.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vodademo\vodademo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vorudope\vorudope.dll.tmp.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\votiwehe\votiwehe.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vowusaku\vowusaku.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vudileno\vudileno.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vufehodo\vufehodo.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\vunuwime\vunuwime.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\vupivino\vupivino.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\wahuzehu\wahuzehu.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\wakisoma\wakisoma.dll.vir Infected: Trojan.Win32.Stuh.acvk 1 C:\Qoobox\Quarantine\C\ProgramData\wamudaki\wamudaki.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\ProgramData\webudiwe\webudiwe.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\wejimowe\wejimowe.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\wejukale\wejukale.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\wemikusa\wemikusa.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\weroyufo\weroyufo.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\wibuzupo\wibuzupo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\wigadege\wigadege.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\wisovuhu\wisovuhu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\wizipuko\wizipuko.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\wonufeji\wonufeji.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\wozosiro\wozosiro.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\wuvidaro\wuvidaro.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\wuvijodo\wuvijodo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\wuwilava\wuwilava.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\yafujivu\yafujivu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yagedema\yagedema.dll.vir Infected: Trojan.Win32.Stuh.acvk 1 C:\Qoobox\Quarantine\C\ProgramData\yahazeme\yahazeme.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yahukiye\yahukiye.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yajoleso\yajoleso.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yakevanu\yakevanu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yasarobe\yasarobe.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yavidihi\yavidihi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yegofoju\yegofoju.dll.vir Infected: Trojan.Win32.Stuh.acvk 1 C:\Qoobox\Quarantine\C\ProgramData\yekuvute\yekuvute.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\yetihusa\yetihusa.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yevazani\yevazani.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yeyuneva\yeyuneva.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yileduki\yileduki.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yipagone\yipagone.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yivomadu\yivomadu.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yowilugi\yowilugi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yufudufo\yufudufo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\yuhayudi\yuhayudi.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\yuyataka\yuyataka.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\yuyawezi\yuyawezi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zadupuda\zadupuda.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zafabodo\zafabodo.exe.vir Infected: Trojan-Dropper.Win32.Agent.atmg 1 C:\Qoobox\Quarantine\C\ProgramData\zakahime\zakahime.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zarufeto\zarufeto.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zavigoke\zavigoke.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\zavukena\zavukena.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zawayupi\zawayupi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zebipufe\zebipufe.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\zelijudo\zelijudo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zifirebi\zifirebi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zikuvoya\zikuvoya.dll.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\ziselero\ziselero.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zivihofo\zivihofo.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zobekota\zobekota.exe.vir Infected: Net-Worm.Win32.Koobface.ast 1 C:\Qoobox\Quarantine\C\ProgramData\zolivoga\zolivoga.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zomojuya\zomojuya.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zoravugi\zoravugi.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zovakuha\zovakuha.dll.tmp.vir Infected: Packed.Win32.Krap.q 1 C:\Qoobox\Quarantine\C\ProgramData\zujasema\zujasema.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\C\ProgramData\zuvafuya\zuvafuya.dll.vir Infected: Trojan.Win32.Monder.cmwt 1 C:\Qoobox\Quarantine\[4]-Submit_2009-11-15_18.07.29.zip Infected: Trojan.Win32.Stuh.acvk 8 C:\Qoobox\Quarantine\[4]-Submit_2009-11-15_18.07.29.zip Infected: Trojan.Win32.Monder.ctjg 1 C:\Qoobox\Quarantine\[4]-Submit_2009-11-16_13.12.09.zip Infected: Trojan-Downloader.Win32.FraudLoad.wcfw 1 C:\_OTM\MovedFiles\11132009_231646\c_programdata\69947237\69947237.exe Infected: Trojan.Win32.FraudPack.zux 1 C:\_OTM\MovedFiles\11132009_231646\c_programdata\jehiyile\jehiyile.exe Infected: Trojan.Win32.FraudPack.zux 1 Selected area has been scanned.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·