Kodak Easyshare and windows live messenger both run on startup and they take alot of system resources loading up when I reboot.

That folder is now deleted. There is also "Error Safe" that pops up whenever I use IE

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  
  C:\WINDOWS\system32\xxyyayx.dll
  C:\WINDOWS\system32\awtqnnm.dll
  C:\WINDOWS\system32\ljjklkj.dll
  C:\WINDOWS\system32\ddccbyx.dll
  C:\WINDOWS\system32\xxyyywt.dll
  C:\WINDOWS\system32\efccbcy.dll
  C:\WINDOWS\system32\cbxuutt.dll
  C:\WINDOWS\system32\pmnoomj.dll
  C:\WINDOWS\system32\pmnolif.dll
  C:\WINDOWS\system32\byxxyvv.dll
  C:\WINDOWS\system32\ddcbcda.dll
  C:\WINDOWS\system32\tuvsstq.dll
  C:\WINDOWS\system32\jkkhghg.dll
  C:\WINDOWS\system32\ljjgffg.dll
  C:\WINDOWS\system32\ddcbbba.dll
  C:\WINDOWS\system32\rqrqrpn.dll
  C:\WINDOWS\system32\nnnonmk.dll
  C:\WINDOWS\system32\nnnopoo.dll
  C:\WINDOWS\system32\xxywwuu.dll
  C:\WINDOWS\system32\ddcbxus.dll
  C:\WINDOWS\system32\vtuurqr.dll
  C:\WINDOWS\system32\fcccyyx.dll
  C:\WINDOWS\system32\pmnnkhg.dll
  C:\WINDOWS\system32\tuvusrq.dll
  C:\WINDOWS\system32\vtutrro.dll
  C:\WINDOWS\system32\qomnkhg.dll
  C:\WINDOWS\system32\wvuvwts.dll
  C:\WINDOWS\system32\mljhigf.dll
  C:\WINDOWS\system32\awtsqqn.dll
  C:\WINDOWS\system32\awtuuvu.dll
  C:\WINDOWS\system32\hgghfed.dll
  C:\WINDOWS\system32\byxxxvw.dll
  C:\WINDOWS\system32\iifeefe.dll
  C:\WINDOWS\system32\byxyvts.dll
  C:\WINDOWS\system32\byxuuvs.dll
  C:\WINDOWS\system32\khfdbay.dll
  C:\WINDOWS\system32\nnnolmj.dll
  C:\WINDOWS\system32\ssqpqol.dll
  C:\WINDOWS\system32\ssqnoli.dll
  C:\WINDOWS\system32\hggfcba.dll
  C:\WINDOWS\system32\ssqollk.dll
  C:\WINDOWS\system32\ljjgfcb.dll
  C:\WINDOWS\system32\efcbaba.dll
  C:\WINDOWS\system32\nnnmnkj.dll
  C:\WINDOWS\system32\jkklmmk.dll
  C:\WINDOWS\system32\tuvsrpn.dll
  C:\WINDOWS\system32\tuvwwtr.dll
  C:\WINDOWS\system32\yayabyw.dll
  C:\WINDOWS\system32\byxuvsr.dll
  C:\WINDOWS\system32\qomkiff.dll
  C:\WINDOWS\system32\iifffed.dll
  C:\WINDOWS\system32\gebcaxv.dll
  C:\WINDOWS\system32\yaywwur.dll
  C:\WINDOWS\system32\qomkife.dll
  C:\WINDOWS\system32\rqrrspn.dll
  C:\WINDOWS\system32\khfddee.dll
  C:\WINDOWS\system32\iifgghe.dll
  C:\WINDOWS\system32\awtsrsr.dll
  C:\WINDOWS\system32\xxyayvt.dll
  C:\WINDOWS\system32\efccbyx.dll
  C:\WINDOWS\system32\qomkhfd.dll
  C:\WINDOWS\system32\iifccay.dll
  C:\WINDOWS\system32\mljiife.dll
  C:\WINDOWS\system32\yayabxv.dll
  C:\WINDOWS\system32\cbxxwuv.dll
  C:\WINDOWS\system32\pmnkkhe.dll
  C:\WINDOWS\system32\qomjgfc.dll
  C:\WINDOWS\system32\ssqpqqr.dll
  C:\WINDOWS\system32\khfcdby.dll
  C:\WINDOWS\system32\mljiggg.dll
  C:\WINDOWS\system32\mljgddd.dll
  C:\WINDOWS\system32\qomjkkk.dll
  C:\WINDOWS\system32\ppqss.bak1
  C:\WINDOWS\system32\ssqrqqr.dll
  C:\WINDOWS\system32\fccbxwv.dll
  C:\WINDOWS\system32\fccbaxy.dll
  C:\WINDOWS\system32\byxxuvw.dll
  C:\WINDOWS\system32\khfccyv.dll
  C:\WINDOWS\system32\nnnmmjk.dll
  C:\WINDOWS\system32\xxyvwur.dll
  C:\WINDOWS\system32\gebbyxw.dll
  C:\WINDOWS\system32\cbxywvw.dll
  C:\WINDOWS\system32\cbxxywt.dll
  C:\WINDOWS\system32\ljjigfe.dll
  C:\WINDOWS\system32\awtqonm.dll
  C:\WINDOWS\system32\tuvuvwu.dll
  C:\WINDOWS\system32\xxyayya.dll
  C:\WINDOWS\system32\gebayxy.dll
  C:\WINDOWS\system32\awtsqqp.dll
  C:\WINDOWS\system32\wvuvwxw.dll
  C:\WINDOWS\system32\fccayyx.dll
  C:\WINDOWS\system32\yayxvwv.dll
  C:\WINDOWS\system32\cbxyaxx.dll
  C:\WINDOWS\system32\qomlife.dll
  C:\WINDOWS\system32\wvurron.dll
  C:\WINDOWS\system32\byxwwvv.dll
  C:\WINDOWS\system32\cbxwwwt.dll
  C:\WINDOWS\system32\ssqoopo.dll
  C:\WINDOWS\system32\tuvtspm.dll
  C:\WINDOWS\system32\cbxxwvw.dll
  C:\WINDOWS\system32\ddccaxx.dll
  C:\WINDOWS\system32\vtusrqn.dll
  C:\WINDOWS\system32\byxvvtt.dll
  C:\WINDOWS\system32\opnonll.dll
  C:\WINDOWS\system32\rqrppqp.dll
  C:\WINDOWS\system32\efcyxxu.dll
  C:\WINDOWS\system32\fccyaxw.dll
  C:\WINDOWS\system32\cbxwtqr.dll
  C:\WINDOWS\system32\ssqrqqp.dll
  C:\WINDOWS\system32\ddcbbby.dll
  C:\WINDOWS\system32\ssqnoml.dll
  C:\WINDOWS\system32\pmnmkij.dll
  C:\WINDOWS\system32\nnnnkjk.dll
  C:\WINDOWS\system32\opnkjif.dll
  C:\WINDOWS\system32\tuvtstt.dll
  C:\WINDOWS\system32\cbxusrs.dll
  C:\WINDOWS\system32\wvusqro.dll
  C:\WINDOWS\system32\awtrqpo.dll
  C:\WINDOWS\system32\khfgheb.dll
  C:\WINDOWS\system32\khfefgf.dll
  C:\WINDOWS\system32\yayvuvu.dll
  C:\WINDOWS\system32\yayawur.dll
  C:\WINDOWS\system32\qommnkk.dll
  C:\WINDOWS\system32\wvusqpp.dll
  C:\WINDOWS\system32\pmnlifc.dll
  C:\WINDOWS\system32\ljjifdc.dll
  C:\WINDOWS\system32\fccdbbx.dll
  C:\WINDOWS\system32\opnkigh.dll
  C:\WINDOWS\system32\urqqnol.dll
  C:\WINDOWS\system32\tuvwuro.dll
  C:\WINDOWS\system32\nnnnlih.dll
  C:\WINDOWS\system32\ssqomji.dll
  C:\WINDOWS\system32\byxwwvw.dll
  C:\WINDOWS\system32\rqroolk.dll
  C:\WINDOWS\system32\ppqss.ini2
  C:\WINDOWS\system32\rqrsspq.dll
  C:\WINDOWS\system32\tuvtuvt.dll
  C:\WINDOWS\system32\nnnmkij.dll
  C:\WINDOWS\system32\urqqool.dll
  C:\WINDOWS\system32\xxyaywx.dll
  C:\WINDOWS\system32\wvuttrp.dll
  C:\WINDOWS\system32\opnlkig.dll
  C:\WINDOWS\system32\urqpmji.dll
  C:\WINDOWS\system32\opnljkj.dll
  C:\WINDOWS\system32\vtuutus.dll
  C:\WINDOWS\system32\yayyawt.dll
  C:\WINDOWS\system32\qomnnnk.dll
  C:\WINDOWS\system32\qomnlll.dll
  C:\WINDOWS\system32\pmnkigd.dll
  C:\WINDOWS\system32\awtqppo.dll
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Re-run the 'combofix' scan and post its latest log contents.

I'm on my 3rd reboot and it still says it needs to remove more... here's the log for this last one though. Going to run combofix next.

File/Folder C:\WINDOWS\system32\xxyyayx.dll not found.
File/Folder C:\WINDOWS\system32\awtqnnm.dll not found.
File/Folder C:\WINDOWS\system32\ljjklkj.dll not found.
File/Folder C:\WINDOWS\system32\ddccbyx.dll not found.
File/Folder C:\WINDOWS\system32\xxyyywt.dll not found.
File/Folder C:\WINDOWS\system32\efccbcy.dll not found.
File/Folder C:\WINDOWS\system32\cbxuutt.dll not found.
File/Folder C:\WINDOWS\system32\pmnoomj.dll not found.
File/Folder C:\WINDOWS\system32\pmnolif.dll not found.
File/Folder C:\WINDOWS\system32\byxxyvv.dll not found.
File/Folder C:\WINDOWS\system32\ddcbcda.dll not found.
File/Folder C:\WINDOWS\system32\tuvsstq.dll not found.
File/Folder C:\WINDOWS\system32\jkkhghg.dll not found.
File/Folder C:\WINDOWS\system32\ljjgffg.dll not found.
File/Folder C:\WINDOWS\system32\ddcbbba.dll not found.
File/Folder C:\WINDOWS\system32\rqrqrpn.dll not found.
File/Folder C:\WINDOWS\system32\nnnonmk.dll not found.
File/Folder C:\WINDOWS\system32\nnnopoo.dll not found.
File/Folder C:\WINDOWS\system32\xxywwuu.dll not found.
File/Folder C:\WINDOWS\system32\ddcbxus.dll not found.
File/Folder C:\WINDOWS\system32\vtuurqr.dll not found.
File/Folder C:\WINDOWS\system32\fcccyyx.dll not found.
File/Folder C:\WINDOWS\system32\pmnnkhg.dll not found.
File/Folder C:\WINDOWS\system32\tuvusrq.dll not found.
File/Folder C:\WINDOWS\system32\vtutrro.dll not found.
File/Folder C:\WINDOWS\system32\qomnkhg.dll not found.
File/Folder C:\WINDOWS\system32\wvuvwts.dll not found.
File/Folder C:\WINDOWS\system32\mljhigf.dll not found.
File/Folder C:\WINDOWS\system32\awtsqqn.dll not found.
File/Folder C:\WINDOWS\system32\awtuuvu.dll not found.
File/Folder C:\WINDOWS\system32\hgghfed.dll not found.
File/Folder C:\WINDOWS\system32\byxxxvw.dll not found.
File/Folder C:\WINDOWS\system32\iifeefe.dll not found.
File/Folder C:\WINDOWS\system32\byxyvts.dll not found.
File/Folder C:\WINDOWS\system32\byxuuvs.dll not found.
File/Folder C:\WINDOWS\system32\khfdbay.dll not found.
File/Folder C:\WINDOWS\system32\nnnolmj.dll not found.
File/Folder C:\WINDOWS\system32\ssqpqol.dll not found.
File/Folder C:\WINDOWS\system32\ssqnoli.dll not found.
File/Folder C:\WINDOWS\system32\hggfcba.dll not found.
File/Folder C:\WINDOWS\system32\ssqollk.dll not found.
File/Folder C:\WINDOWS\system32\ljjgfcb.dll not found.
File/Folder C:\WINDOWS\system32\efcbaba.dll not found.
File/Folder C:\WINDOWS\system32\nnnmnkj.dll not found.
File/Folder C:\WINDOWS\system32\jkklmmk.dll not found.
File/Folder C:\WINDOWS\system32\tuvsrpn.dll not found.
File/Folder C:\WINDOWS\system32\tuvwwtr.dll not found.
File/Folder C:\WINDOWS\system32\yayabyw.dll not found.
File/Folder C:\WINDOWS\system32\byxuvsr.dll not found.
File/Folder C:\WINDOWS\system32\qomkiff.dll not found.
File/Folder C:\WINDOWS\system32\iifffed.dll not found.
File/Folder C:\WINDOWS\system32\gebcaxv.dll not found.
File/Folder C:\WINDOWS\system32\yaywwur.dll not found.
File/Folder C:\WINDOWS\system32\qomkife.dll not found.
File/Folder C:\WINDOWS\system32\rqrrspn.dll not found.
File/Folder C:\WINDOWS\system32\khfddee.dll not found.
File/Folder C:\WINDOWS\system32\iifgghe.dll not found.
File/Folder C:\WINDOWS\system32\awtsrsr.dll not found.
File/Folder C:\WINDOWS\system32\xxyayvt.dll not found.
File/Folder C:\WINDOWS\system32\efccbyx.dll not found.
File/Folder C:\WINDOWS\system32\qomkhfd.dll not found.
File/Folder C:\WINDOWS\system32\iifccay.dll not found.
File/Folder C:\WINDOWS\system32\mljiife.dll not found.
File/Folder C:\WINDOWS\system32\yayabxv.dll not found.
File/Folder C:\WINDOWS\system32\cbxxwuv.dll not found.
File/Folder C:\WINDOWS\system32\pmnkkhe.dll not found.
File/Folder C:\WINDOWS\system32\qomjgfc.dll not found.
File/Folder C:\WINDOWS\system32\ssqpqqr.dll not found.
File/Folder C:\WINDOWS\system32\khfcdby.dll not found.
File/Folder C:\WINDOWS\system32\mljiggg.dll not found.
File/Folder C:\WINDOWS\system32\mljgddd.dll not found.
File/Folder C:\WINDOWS\system32\qomjkkk.dll not found.
File/Folder C:\WINDOWS\system32\ppqss.bak1 not found.
File/Folder C:\WINDOWS\system32\ssqrqqr.dll not found.
File/Folder C:\WINDOWS\system32\fccbxwv.dll not found.
File/Folder C:\WINDOWS\system32\fccbaxy.dll not found.
File/Folder C:\WINDOWS\system32\byxxuvw.dll not found.
File/Folder C:\WINDOWS\system32\khfccyv.dll not found.
File/Folder C:\WINDOWS\system32\nnnmmjk.dll not found.
File/Folder C:\WINDOWS\system32\xxyvwur.dll not found.
File/Folder C:\WINDOWS\system32\gebbyxw.dll not found.
File/Folder C:\WINDOWS\system32\cbxywvw.dll not found.
File/Folder C:\WINDOWS\system32\cbxxywt.dll not found.
File/Folder C:\WINDOWS\system32\ljjigfe.dll not found.
File/Folder C:\WINDOWS\system32\awtqonm.dll not found.
File/Folder C:\WINDOWS\system32\tuvuvwu.dll not found.
File/Folder C:\WINDOWS\system32\xxyayya.dll not found.
File/Folder C:\WINDOWS\system32\gebayxy.dll not found.
File/Folder C:\WINDOWS\system32\awtsqqp.dll not found.
File/Folder C:\WINDOWS\system32\wvuvwxw.dll not found.
File/Folder C:\WINDOWS\system32\fccayyx.dll not found.
File/Folder C:\WINDOWS\system32\yayxvwv.dll not found.
File/Folder C:\WINDOWS\system32\cbxyaxx.dll not found.
File/Folder C:\WINDOWS\system32\qomlife.dll not found.
File/Folder C:\WINDOWS\system32\wvurron.dll not found.
File/Folder C:\WINDOWS\system32\byxwwvv.dll not found.
File/Folder C:\WINDOWS\system32\cbxwwwt.dll not found.
File/Folder C:\WINDOWS\system32\ssqoopo.dll not found.
File/Folder C:\WINDOWS\system32\tuvtspm.dll not found.
File/Folder C:\WINDOWS\system32\cbxxwvw.dll not found.
File/Folder C:\WINDOWS\system32\ddccaxx.dll not found.
File/Folder C:\WINDOWS\system32\vtusrqn.dll not found.
File/Folder C:\WINDOWS\system32\byxvvtt.dll not found.
File/Folder C:\WINDOWS\system32\opnonll.dll not found.
File/Folder C:\WINDOWS\system32\rqrppqp.dll not found.
File/Folder C:\WINDOWS\system32\efcyxxu.dll not found.
File/Folder C:\WINDOWS\system32\fccyaxw.dll not found.
File/Folder C:\WINDOWS\system32\cbxwtqr.dll not found.
File/Folder C:\WINDOWS\system32\ssqrqqp.dll not found.
File/Folder C:\WINDOWS\system32\ddcbbby.dll not found.
File/Folder C:\WINDOWS\system32\ssqnoml.dll not found.
File/Folder C:\WINDOWS\system32\pmnmkij.dll not found.
File/Folder C:\WINDOWS\system32\nnnnkjk.dll not found.
File/Folder C:\WINDOWS\system32\opnkjif.dll not found.
File/Folder C:\WINDOWS\system32\tuvtstt.dll not found.
File/Folder C:\WINDOWS\system32\cbxusrs.dll not found.
File/Folder C:\WINDOWS\system32\wvusqro.dll not found.
File/Folder C:\WINDOWS\system32\awtrqpo.dll not found.
File/Folder C:\WINDOWS\system32\khfgheb.dll not found.
File/Folder C:\WINDOWS\system32\khfefgf.dll not found.
File/Folder C:\WINDOWS\system32\yayvuvu.dll not found.
File/Folder C:\WINDOWS\system32\yayawur.dll not found.
File/Folder C:\WINDOWS\system32\qommnkk.dll not found.
File/Folder C:\WINDOWS\system32\wvusqpp.dll not found.
File/Folder C:\WINDOWS\system32\pmnlifc.dll not found.
File/Folder C:\WINDOWS\system32\ljjifdc.dll not found.
File/Folder C:\WINDOWS\system32\fccdbbx.dll not found.
File/Folder C:\WINDOWS\system32\opnkigh.dll not found.
File/Folder C:\WINDOWS\system32\urqqnol.dll not found.
File/Folder C:\WINDOWS\system32\tuvwuro.dll not found.
File/Folder C:\WINDOWS\system32\nnnnlih.dll not found.
File/Folder C:\WINDOWS\system32\ssqomji.dll not found.
File/Folder C:\WINDOWS\system32\byxwwvw.dll not found.
File/Folder C:\WINDOWS\system32\rqroolk.dll not found.
File/Folder C:\WINDOWS\system32\ppqss.ini2 not found.
File/Folder C:\WINDOWS\system32\rqrsspq.dll not found.
File/Folder C:\WINDOWS\system32\tuvtuvt.dll not found.
File/Folder C:\WINDOWS\system32\nnnmkij.dll not found.
File/Folder C:\WINDOWS\system32\urqqool.dll not found.
File/Folder C:\WINDOWS\system32\xxyaywx.dll not found.
File/Folder C:\WINDOWS\system32\wvuttrp.dll not found.
File/Folder C:\WINDOWS\system32\opnlkig.dll not found.
File/Folder C:\WINDOWS\system32\urqpmji.dll not found.
File/Folder C:\WINDOWS\system32\opnljkj.dll not found.
File/Folder C:\WINDOWS\system32\vtuutus.dll not found.
File/Folder C:\WINDOWS\system32\yayyawt.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qomnnnk.dll
C:\WINDOWS\system32\qomnnnk.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\qomnnnk.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\qomnlll.dll not found.
File/Folder C:\WINDOWS\system32\pmnkigd.dll not found.
File/Folder C:\WINDOWS\system32\awtqppo.dll not found.

Created on 04/15/2007 15:07:49

Combofix

"Owner" - 07-04-15 15:15:14 Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\Owner\Desktop\downloads"


((((((((((((((((((((((((((((((( Files Created from 2007-03-15 to 2007-04-15 ))))))))))))))))))))))))))))))))))


2007-04-15 13:11 123,972 --a------ C:\WINDOWS\system32\extqafsj.dll
2007-04-15 00:11 <DIR> d-------- C:\Program Files\Common Files\Java
2007-04-14 22:35 800,222 ---hs---- C:\WINDOWS\system32\sttss.bak1
2007-04-14 22:35 280,676 ---hs---- C:\WINDOWS\system32\sstts.dll
2007-04-14 20:47 <DIR> d-------- C:\VundoFix Backups
2007-04-14 15:07 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-04-14 02:07 3,310 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-13 00:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-04-12 01:17 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-11 23:45 <DIR> d-------- C:\Program Files\CCleaner
2007-04-11 20:01 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-04-11 07:54 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Opera
2007-04-10 23:32 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-10 23:31 <DIR> d--hs---- C:\WINDOWS\Q2hlcnlsIE1hc3NleQ
2007-04-09 19:27 26,694 --a------ C:\WINDOWS\system32\qomnnnk.dll
2007-04-09 19:26 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-23 15:11 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-03-16 23:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-03-16 23:36 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-03-16 23:36 <DIR> d-------- C:\Program Files\Common Files\Kodak


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2007-04-15 13:16 -------- d-------- C:\Program Files\hijack this
2007-04-15 00:29 -------- d-------- C:\Program Files\java
2007-04-14 23:48 -------- d--h----- C:\Program Files\installshield installation information
2007-04-14 23:25 -------- d-------- C:\Program Files\symantec
2007-04-14 23:25 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-04-14 18:32 -------- d-------- C:\Program Files\msn messenger
2007-04-12 00:15 -------- d-------- C:\Program Files\ewido anti-malware
2007-04-11 23:46 -------- d-------- C:\Program Files\yahoo!
2007-04-09 23:31 -------- d-------- C:\Program Files\windows live safety center
2007-03-17 07:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 23:37 -------- d-------- C:\Program Files\kodak
2007-03-08 09:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 09:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 09:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 07:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 14:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"Uniblue Registry Booster2"="C:\\Program Files\\Uniblue\\RegistryBooster2\\RegistryBooster. exe /S"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.ex e"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc. exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SRUUninstall"="\"C:\\WINDOWS\\System32\\msiexec.e xe\" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Norton Antivirus Startup Entry.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Norton Antivirus Startup Entry.lnk"
"backup"="C:\\WINDOWS\\pss\\Norton Antivirus Startup Entry.lnkStartup"
"location"="Startup"
"item"="Norton Antivirus Startup Entry"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="apitrap.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{970D022E-A884-4D2A-BB4A-EBC22D2FEBD2}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"ClearRecentDocsOnExit"=hex:01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.perfectphotos.ca/albums/I...ides_1_202.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ C:\wedding stuff\wedding_desktop.html

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnnnk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstts

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\EasyShare Registration Task.job


************************************************** ******************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

************************************************** ******************

Completion time: 07-04-15 15:27:38
C:\ComboFix-quarantined-files.txt ... 07-04-15 15:27
C:\ComboFix2.txt ... 07-04-14 21:40



After running that last tool, the nview.dll error is back

Submit the following file to VirusTotal and post back any feedback they might offer:

C:\WINDOWS\system32\extqafsj.dll




The following is a vundofix variation:

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Put a check next to Run VundoFix as a task.
• You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
• When VundoFix re-opens,Click Scan for Vundo button.
• Once the scan is complete, Right Click inside the listbox (white box) and click add more files
• Copy&Paste the 2 entries below into the top 2 boxes
  • C:\WINDOWS\system32\sstts.dll
  • C:\WINDOWS\system32\sttss.*
• Click Add Files and Click Close Window
• Click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt.

VirusTotal scan results

Complete scanning result of "extqafsj.dll", received in VirusTotal at 04.16.2007, 01:18:32 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.4.14.0 04.13.2007 no virus found
AntiVir 7.3.1.52 04.15.2007 TR/Vundo.Gen
Authentium 4.93.8 04.14.2007 no virus found
Avast 4.7.981.0 04.16.2007 no virus found
AVG 7.5.0.447 04.15.2007 no virus found
BitDefender 7.2 04.15.2007 no virus found
CAT-QuickHeal 9.00 04.14.2007 Adware.Virtumonde (Not a Virus)
ClamAV devel-20070312 04.16.2007 Trojan.Packed-7
DrWeb 4.33 04.15.2007 Trojan.Virtumod
eSafe 7.0.15.0 04.15.2007 no virus found
eTrust-Vet 30.7.3567 04.14.2007 no virus found
Ewido 4.0 04.15.2007 no virus found
FileAdvisor 1 04.16.2007 no virus found
Fortinet 2.85.0.0 04.15.2007 suspicious
F-Prot 4.3.2.48 04.13.2007 no virus found
F-Secure 6.70.13030.0 04.15.2007 no virus found
Ikarus T3.1.1.5 04.15.2007 no virus found
Kaspersky 4.0.2.24 04.16.2007 no virus found
McAfee 5009 04.13.2007 no virus found
Microsoft 1.2405 04.16.2007 no virus found
NOD32v2 2187 04.13.2007 no virus found
Norman 5.80.02 04.14.2007 no virus found
Panda 9.0.0.4 04.15.2007 no virus found
Prevx1 V2 04.16.2007 no virus found
Sophos 4.16.0 04.12.2007 no virus found
Sunbelt 2.2.907.0 04.14.2007 VIPRE.Suspicious
Symantec 10 04.15.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.3 04.14.2007 no virus found
VirusBuster 4.3.7:9 04.15.2007 Adware.Vundo.Gen!Pac.8
Webwasher-Gateway 6.0.1 04.15.2007 Trojan.Vundo.Gen

Aditional Information
File size: 123972 bytes
MD5: f15a506974f094b2e6fe1d5972848bba
SHA1: c1739b35ffb22fece6fbc00932f304ef80c33fd0
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Originally Posted by VopThis

[*] Double-click VundoFix.exe to run it. [*] Put a check next to Run VundoFix as a task. [*] You will receive a message saying vundofix will close and re-open in a minute or less. Click OK

This part didn't happen. There was no choice to run as a task

Log after following the rest of the instructions


VundoFix V6.3.19

Checking Java version...

Scan started at 5:46:00 PM 4/15/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Performing Repairs to the registry.
Done!

Sorry for the outdated instructions - vundofix is constantly being updated

2007-04-15 13:11 123,972 --a------ C:\WINDOWS\system32\extqafsj.dll
2007-04-14 22:35 800,222 ---hs---- C:\WINDOWS\system32\sttss.bak1
2007-04-14 22:35 280,676 ---hs---- C:\WINDOWS\system32\sstts.dll
2007-04-09 19:27 26,694 --a------ C:\WINDOWS\system32\qomnnnk.dll

Lets try the following scan:


Click here to download Dr.Web CureIt and save it to your desktop.

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, see if you can click the icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Post the Dr. Web CureIt Results.

Dr. Web report

awtqo.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
qomnnnk.dll;c:\windows\system32;Trojan.Virtumod;Wi ll be cured after reboot.;
Process.exe;C:\Documents and Settings\Owner\Desktop\downloads\SD Fix\SDFix\apps;Tool.Prockill;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Owner\Desktop\downloads\smitfraud removal\SmitfraudFix\SmitfraudFix;Tool.Prockill;In curable.Moved.;
restart.exe;C:\Documents and Settings\Owner\Desktop\downloads\smitfraud removal\SmitfraudFix\SmitfraudFix;Tool.ShutDown.11 ;Incurable.Moved.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable. Moved.;
firstopt.js;C:\hp\bin\Money;Probably SCRIPT.Virus;Incurable.Moved.;
firstopt.js;C:\hp\bin\Works;Probably SCRIPT.Virus;Incurable.Moved.;
EN_CA-ie.reg;C:\hp\region;Trojan.StartPage.1505;Deleted. ;
cleaner.log;C:\Program Files\Microsoft AntiSpyware;Probably MACRO.SCRIPT.IRC.WORM.Virus;Incurable.Moved.;
sstqp.dll.vir;C:\QooBox\Quarantine\WINDOWS\system3 2;Trojan.Virtumod;Deleted.;
awvtq.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
dfadyeyg.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
dvosqwab.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
extqafsj.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
fnvexdyl.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
fophbdem.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
giyxvwul.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ladguwsv.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
nencjthj.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
nkhlkmia.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
nnobwwum.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
oidfxsjo.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
qjeiknun.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ssqpp.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
sstts.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
vehpcxku.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
awtqo.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
jogsqosy.dll;C:\WINDOWS\system32;Trojan.Virtumod;D eleted.;
qomnnnk.dll;C:\WINDOWS\system32;Trojan.Virtumod;Wi ll be cured after reboot.;
awtqnnm.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
awtqonm.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
awtqppo.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
awtrqpo.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
awtsqqn.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
awtsqqp.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
awtsrsr.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
awtuuvu.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
byxuuvs.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
byxuvsr.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
byxvvtt.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
byxwwvv.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
byxwwvw.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
byxxuvw.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
byxxxvw.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
byxxyvv.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
byxyvts.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
cbxusrs.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
cbxuutt.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
cbxwtqr.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
cbxwwwt.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
cbxxwuv.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
cbxxwvw.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
cbxxywt.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
cbxyaxx.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
cbxywvw.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ddcbbba.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ddcbbby.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ddcbcda.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ddcbxus.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ddccaxx.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ddccbyx.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
efcbaba.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
efccbcy.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
efccbyx.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
efcyxxu.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
fccayyx.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
fccbaxy.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
fccbxwv.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
fcccyyx.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
fccdbbx.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
fccyaxw.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
gebayxy.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
gebbyxw.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
gebcaxv.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
hggfcba.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
hgghfed.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
iifccay.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
iifeefe.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
iifffed.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
iifgghe.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
jkkhghg.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
jkklmmk.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
khfccyv.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
khfcdby.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
khfdbay.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
khfddee.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
khfefgf.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
khfgheb.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ljjgfcb.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ljjgffg.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ljjifdc.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ljjigfe.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ljjklkj.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
mljgddd.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
mljhigf.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
mljiggg.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
mljiife.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
nnnmkij.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
nnnmmjk.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
nnnmnkj.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
nnnnkjk.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
nnnnlih.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
nnnolmj.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
nnnonmk.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
nnnopoo.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
opnkigh.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
opnkjif.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
opnljkj.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
opnlkig.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
opnonll.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
pmnkigd.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
pmnkkhe.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
pmnlifc.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
pmnmkij.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
pmnnkhg.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
pmnolif.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
pmnoomj.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
qomjgfc.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
qomjkkk.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
qomkhfd.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
qomkife.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
qomkiff.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
qomlife.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
qommnkk.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
qomnkhg.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
qomnlll.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
rqroolk.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
rqrppqp.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
rqrqrpn.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
rqrrspn.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
rqrsspq.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ssqnoli.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ssqnoml.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ssqollk.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ssqomji.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ssqoopo.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ssqpqol.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ssqpqqr.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ssqrqqp.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
ssqrqqr.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
tuvsrpn.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
tuvsstq.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
tuvtspm.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
tuvtstt.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
tuvtuvt.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
tuvusrq.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
tuvuvwu.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
tuvwuro.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
tuvwwtr.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
urqpmji.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
urqqnol.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
urqqool.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
vtusrqn.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
vtutrro.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
vtuurqr.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
vtuutus.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
wvurron.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
wvusqpp.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
wvusqro.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
wvuttrp.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
wvuvwts.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
wvuvwxw.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
xxyayvt.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
xxyaywx.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
xxyayya.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
xxyvwur.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
xxywwuu.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
xxyyayx.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
xxyyywt.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
yayabxv.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
yayabyw.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
yayawur.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
yayvuvu.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
yaywwur.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
yayxvwv.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;
yayyawt.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system 32;Trojan.Virtumod;Deleted.;