I somehow got the virtumonde trojan on my PC a couple days ago. Here is my HJT log. Thanks for any help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:31 AM, on 02/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {4a8b84e1-d7c8-4e63-8a76-d8cb363c4953} - C:\WINDOWS\system32\hupojoyu.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [keruyelanu] Rundll32.exe "C:\WINDOWS\system32\vakumene.dll",s
O4 - HKLM\..\Run: [CPM33fecc99] Rundll32.exe "c:\windows\system32\gohugomo.dll",a
O4 - HKLM\..\Run: [30cdff05] rundll32.exe "C:\WINDOWS\system32\gavehere.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [keruyelanu] Rundll32.exe "C:\WINDOWS\system32\vakumene.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [keruyelanu] Rundll32.exe "C:\WINDOWS\system32\vakumene.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\yofabutu.dll c:\windows\system32\ c:\windows\system32\vamibedi.dll c:\windows\system32\gohugomo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gohugomo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gohugomo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 10016 bytes

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.

I apologize for the wait, volunteers are swamped at all forums with infected computers. If you have resolved your issues, please post to let me know so I can close this topic.

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks

Here is the combofix log:

ComboFix 09-01-06.01 - Admin 2009-01-07 1:34:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.3071.2331 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\IE4 Error Log.txt
c:\windows\system32\barinoka.dll
c:\windows\system32\bijepivo.dll
c:\windows\system32\damahifi.dll
c:\windows\system32\defurine.dll
c:\windows\system32\dojodojo.dll
c:\windows\system32\fawaputu.dll
c:\windows\system32\gadibure.dll
c:\windows\system32\gavehere.dll
c:\windows\system32\gohubine.dll
c:\windows\system32\gohugomo.dll
c:\windows\system32\humevose.dll
c:\windows\system32\humisure.dll
c:\windows\system32\jekosefu.dll
c:\windows\system32\jogejoze.dll
c:\windows\system32\luveteyo.dll
c:\windows\system32\modigege.dll
c:\windows\system32\pinojudu.dll
c:\windows\system32\pugofohe.dll
c:\windows\system32\rehenano.dll
c:\windows\system32\renibupu.dll
c:\windows\system32\sejazogu.dll
c:\windows\system32\tenedefi.dll
c:\windows\system32\tipiyipo.dll
c:\windows\system32\vovunahe.dll
c:\windows\system32\vujayoda.dll
c:\windows\system32\yubabipu.dll
c:\windows\system32\yusoviyo.dll
c:\windows\system32\zikebenu.dll
c:\windows\system32\zolekare.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-07 01:08 . 2009-01-07 01:08 121 ---hs---- c:\windows\system32\akonirab.ini
2009-01-06 13:07 . 2009-01-06 13:08 121 ---hs---- c:\windows\system32\ufesokej.ini
2009-01-06 12:08 . 2009-01-06 12:08 121 ---hs---- c:\windows\system32\oyetevul.ini
2009-01-06 00:07 . 2009-01-06 00:07 121 ---hs---- c:\windows\system32\upibabuy.ini
2009-01-05 12:07 . 2009-01-05 12:07 121 ---hs---- c:\windows\system32\amozoyij.ini
2009-01-05 00:07 . 2009-01-05 00:07 121 ---hs---- c:\windows\system32\ehanuvov.ini
2009-01-04 12:07 . 2009-01-04 12:07 120 ---hs---- c:\windows\system32\ehulenuv.ini
2009-01-04 00:06 . 2009-01-04 00:06 120 ---hs---- c:\windows\system32\ojodojod.ini
2009-01-03 12:06 . 2009-01-03 12:06 120 ---hs---- c:\windows\system32\erusimuh.ini
2009-01-03 00:06 . 2009-01-03 00:06 120 ---hs---- c:\windows\system32\unebekiz.ini
2009-01-02 12:06 . 2009-01-02 12:06 120 ---hs---- c:\windows\system32\oyivosuy.ini
2009-01-02 08:35 . 2009-01-02 08:35 <DIR> d-------- c:\program files\Trend Micro
2009-01-02 00:06 . 2009-01-02 00:06 120 ---hs---- c:\windows\system32\erehevag.ini
2009-01-01 12:35 . 2009-01-01 12:35 <DIR> d-------- C:\VundoFix Backups
2009-01-01 12:06 . 2009-01-01 12:06 1,294,028 ---hs---- c:\windows\system32\enirufed.ini
2009-01-01 00:06 . 2009-01-01 00:06 1,294,028 ---hs---- c:\windows\system32\awutohos.ini
2008-12-31 17:31 . 2008-12-31 20:20 <DIR> d-------- c:\documents and settings\Admin\.housecall6.6
2008-12-31 12:06 . 2008-12-31 12:06 1,294,028 ---hs---- c:\windows\system32\egegidom.ini
2008-12-30 20:04 . 2009-01-04 17:45 326 --a------ c:\windows\wininit.ini
2008-12-30 19:23 . 2008-12-30 19:23 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-30 19:23 . 2008-12-30 20:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-30 19:21 . 2008-12-30 19:21 <DIR> d-------- c:\program files\Lavasoft
2008-12-30 19:21 . 2008-12-30 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-30 16:59 . 2008-12-30 16:59 1,294,028 ---hs---- c:\windows\system32\aguvutun.ini
2008-12-30 13:46 . 2008-12-30 13:46 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-30 13:46 . 2008-12-30 13:46 1,409 --a------ c:\windows\QTFont.for
2008-12-29 23:00 . 2008-12-29 23:00 <DIR> d-------- c:\program files\PopCap Games
2008-12-29 23:00 . 2008-12-29 23:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-12-19 01:10 . 2008-12-19 01:10 <DIR> d-------- c:\program files\KeyHoleTV
2008-12-15 02:46 . 2008-12-15 02:46 <DIR> d-------- c:\documents and settings\Admin\Application Data\Corel
2008-12-15 02:37 . 2008-12-15 02:37 <DIR> d-------- c:\program files\Corel
2008-12-15 02:37 . 2008-12-15 02:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 06:40 --------- d-----w c:\documents and settings\Admin\Application Data\WTablet
2009-01-07 06:40 --------- d-----w c:\documents and settings\Admin\Application Data\Orbit
2009-01-07 06:30 --------- d-----w c:\documents and settings\Admin\Application Data\Skype
2009-01-07 05:52 --------- d-----w c:\documents and settings\Admin\Application Data\uTorrent
2009-01-07 05:06 --------- d-----w c:\documents and settings\Admin\Application Data\skypePM
2009-01-05 19:21 --------- d-----w c:\program files\Steam
2009-01-04 16:52 --------- d-----w c:\documents and settings\Admin\Application Data\Bioshock
2009-01-04 06:41 --------- d-----w c:\documents and settings\Admin\Application Data\U3
2009-01-03 18:03 --------- d-----w c:\program files\ebRO
2008-12-31 00:21 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-31 00:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-29 17:37 --------- d-----w c:\program files\Java
2008-12-08 09:40 --------- d-----w c:\documents and settings\Admin\Application Data\dvdcss
2008-12-07 02:44 --------- d-----w c:\documents and settings\Admin\Application Data\mIRC
2008-12-07 02:39 --------- d-----w c:\program files\mIRC
2008-12-02 05:38 --------- d-----w c:\program files\Tablet
2008-11-28 08:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-26 05:46 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-26 05:46 --------- d-----w c:\documents and settings\Admin\Application Data\Yahoo!
2008-11-26 05:45 --------- d-----w c:\program files\Yahoo!
2008-11-21 20:05 --------- d-----w c:\program files\Apple Software Update
2008-11-21 20:05 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-17 05:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 04:53 --------- d-----w c:\program files\trust
2003-07-31 09:53 147,456 ----a-w c:\windows\inf\EL2K_XP.sys
2003-07-31 09:50 448,768 ----a-w c:\windows\inf\EL2K_N64.sys
2003-07-31 09:43 147,456 ----a-w c:\windows\inf\EL2K_2K.sys
1601-01-01 00:12 11,264 --sha-w c:\windows\system32\fodedozu.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-12-31 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-12-31 455168]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-04-27 1678536]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2008-04-27 565248]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 08:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2002-12-31 07:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 18:10 1688872 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2002-12-31 07:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 13:21 2213160 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 13:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCDEmuApp.exe]
--a------ 2006-01-01 01:33 180224 c:\program files\PowerISO\SCDEmuApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-23 16:45 22058792 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-15 10:38 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 13:49 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 13:56 17920 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 13:56 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\GameOverlayUI.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\day of defeat\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\half-life blue shift\\hl.exe"=
"c:\\Program Files\\KeyHoleTV\\KeyHoleTV.exe"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\WINDOWS\\system32\\Pen_Tablet.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft IntelliType Pro\\itype.exe"=

R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [2003-10-28 72192]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-06-03 178913]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-04-29 15144]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-26 206096]
R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-02 3024168]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4a8b84e1-d7c8-4e63-8a76-d8cb363c4953} - c:\windows\system32\gadibure.dll
MSConfigStartUp-30cdff05 - c:\windows\system32\yubabipu.dll
MSConfigStartUp-CPM33fecc99 - c:\windows\system32\pugofohe.dll
MSConfigStartUp-keruyelanu - c:\windows\system32\luhetiya.dll
MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6172\SiteAdv.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\pblotv4w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\pblotv4w.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 01:40:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-1788223648-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
[HKEY_USERS\S-1-5-21-725345543-1788223648-839522115-1003\ ?�Ef*NULL*t*NULL*w*NULL*a*NULL*r*NULL*e*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
.
**************************************************************************
.
Completion time: 2009-01-07 1:43:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-07 06:43:38

Pre-Run: 375,862,722,560 bytes free
Post-Run: 376,516,792,320 bytes free

860 --- E O F --- 2008-12-19 08:01:47

And HJT:

And the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:02 AM, on 07/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 8004 bytes

This is a very infected computer! You need to read the directions and follow them carefully, that includes posting the uninstall list I requested in my instruction #3 3) Post also an uninstall list
Do this in the numbered order.

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

Make sure to allow combofix to install Recovery Console if it asks to do so.

2) Open notepad and copy/paste the text in the codebox below into it:


File::
c:\windows\system32\akonirab.ini
c:\windows\system32\ufesokej.ini
c:\windows\system32\oyetevul.ini
c:\windows\system32\upibabuy.ini
c:\windows\system32\amozoyij.ini
c:\windows\system32\ehanuvov.ini
c:\windows\system32\ehulenuv.ini
c:\windows\system32\ojodojod.ini
c:\windows\system32\erusimuh.ini
c:\windows\system32\unebekiz.ini
c:\windows\system32\oyivosuy.ini
c:\windows\system32\erehevag.ini
c:\windows\system32\enirufed.ini
c:\windows\system32\awutohos.ini
c:\windows\system32\egegidom.ini
c:\windows\system32\aguvutun.ini
c:\windows\system32\fodedozu.dll

Folder::
C:\VundoFix Backups
c:\program files\PopCap Games
c:\documents and settings\Admin\Application Data\uTorrent

Save this as CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

5) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

How is the computer running now?

Thanks

Here is the log that was forgotten before. I had it, just forgot to post it. :oops:

3dsmax ancillary install
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Encore CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 8.1.2
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Software Update
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
Backburner
Command & Conquer 3
Corel Painter X
Corel Painter X
Counter-Strike
Counter-Strike: Source
Creative Audio Console
Creative Live! Cam Vista IM Driver (1.01.03.1104)
CuteFTP 8 Professional
Day of Defeat
Day of Defeat: Source
DivX Web Player
eMule
EPSON TWAIN 5
Fallout 3
FBX Plugin 2006.08 for Max 9.0
FLV Player 2.0, build 24
Fraps
Google Gmail Notifier
GTA San Andreas
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life: Blue Shift
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KeyHoleTV
Left 4 Dead
Magic ISO Maker v5.4 (build 0256)
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft AppLocale
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Application Compatibility Database
mIRC
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Nero 8
neroxml
OpenSSL 0.9.8i Light
Orbit Downloader
PDF Settings
Pen Tablet
PopCap Browser Plugin
PowerISO
QuickTime
Ricochet
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
Skype? 3.8
Spybot - Search & Destroy
Steam
Team Fortress 2
Team Fortress Classic
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VCRedistSetup
Ventrilo Client
VIA Integrated Setup Wizard
VideoLAN VLC media player 0.8.6f
Winamp
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
World of Warcraft
Yahoo! Messenger
ZBrush3

Combo Fix part 1 of 2

ComboFix 09-01-07.02 - Admin 2009-01-08 1:38:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.3071.2237 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\aguvutun.ini
c:\windows\system32\akonirab.ini
c:\windows\system32\amozoyij.ini
c:\windows\system32\awutohos.ini
c:\windows\system32\egegidom.ini
c:\windows\system32\ehanuvov.ini
c:\windows\system32\ehulenuv.ini
c:\windows\system32\enirufed.ini
c:\windows\system32\erehevag.ini
c:\windows\system32\erusimuh.ini
c:\windows\system32\fodedozu.dll
c:\windows\system32\ojodojod.ini
c:\windows\system32\oyetevul.ini
c:\windows\system32\oyivosuy.ini
c:\windows\system32\ufesokej.ini
c:\windows\system32\unebekiz.ini
c:\windows\system32\upibabuy.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\uTorrent
c:\documents and settings\Admin\Application Data\uTorrent\(SOD)同夏目奈奈一起去參加，2天1夜的熱呼呼?泉巴士旅行團 Xvid+nike.torrent
c:\documents and settings\Admin\Application Data\uTorrent\[2007] The Birthday Massacre - Walking With Strangers.torrent
c:\documents and settings\Admin\Application Data\uTorrent\[DB]_Naruto_Shippuuden_057-058_[6052A918].avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\[DB]_Naruto_Shippuuden_083_[4CA898F3].avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\[DB]_Naruto_Shippuuden_084_[007E6FEF].avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\[DB]_Naruto_Shippuuden_085_[5962F2C8].avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\[DB]_Naruto_Shippuuden_086-087_[B46272E9].avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\[DB]_Naruto_Shippuuden_088_[1248AFEF].avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\[DB]_Naruto_Shippuuden_Movie_[75F57621].avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\[HentaiShare].Artificial.Girl.3.Plus.torrent
c:\documents and settings\Admin\Application Data\uTorrent\[HentaiShare].Ryoujoku.Scout.torrent
c:\documents and settings\Admin\Application Data\uTorrent\[Jappydolls]Tina_Yuzuki-DGC_Vol_1.zip.torrent
c:\documents and settings\Admin\Application Data\uTorrent\[Q-R] Theatrical feature Sword of the Stranger (DVD XviD 880x496 24fps AC3 5.1ch).avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\3D Studio Max 9 + Tutorials and Keygen.torrent
c:\documents and settings\Admin\Application Data\uTorrent\3D_Studio_Max _9_Keygen.torrent
c:\documents and settings\Admin\Application Data\uTorrent\A.Knights.Tale[2001]DvDrip[Eng]AnArchyTorrents.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Ace in the Hole (1951) DVDRip (SiRiUs sHaRe).torrent
c:\documents and settings\Admin\Application Data\uTorrent\Akane Hotaru - The Best Nurse - 1pondo.tv No. 1051.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Aqua - Discography.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Au revoir les enfants.avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\AV\?_ ¨a - ￣≪AA￢u-≫!@.torrent
c:\documents and settings\Admin\Application Data\uTorrent\BNDV-332 DVD.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Carnival Of Souls.avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\corel_painter_10_en.torrent
c:\documents and settings\Admin\Application Data\uTorrent\CuteFTP 8 Pro.zip.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Dead.Space.PC.CLONEDVD.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Delerium.torrent
c:\documents and settings\Admin\Application Data\uTorrent\dht.dat
c:\documents and settings\Admin\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Admin\Application Data\uTorrent\DivX+nike(AVGL017).torrent
c:\documents and settings\Admin\Application Data\uTorrent\DivX+nike(SOE030)A.avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\DivX+nike(SOE030)B.avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\DivX+nike(STAR052).torrent
c:\documents and settings\Admin\Application Data\uTorrent\End.Of.The.Line.2006.XviD.DVDRip-KooKoo.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Fallout.3-RELOADED.torrent
c:\documents and settings\Admin\Application Data\uTorrent\General Idi Amin Dada (1974) Barbet Schroeder.mp4.torrent
c:\documents and settings\Admin\Application Data\uTorrent\ggt001-asiamoviepass.wmv.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Gold Angel Vol 6 - Hotaru Akane.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Gravure Idol Collection.torrent
c:\documents and settings\Admin\Application Data\uTorrent\haruka_sanada.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Hungry Lucy Music - Before We Stand____ We Crawl.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Ikkitousen.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Japanese babes Maria Ozawa and Erika Sato in hardcore sex scenes.wmv.torrent
c:\documents and settings\Admin\Application Data\uTorrent\kird062.torrent
c:\documents and settings\Admin\Application Data\uTorrent\kird063.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Lat den ratte komma in.avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Les Diaboliques.torrent
c:\documents and settings\Admin\Application Data\uTorrent\maria ozawa - black.avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Maria Ozawa - Bondage Chair (Legend).avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Maria Ozawa - Let's Have Sex At School [ONED-439].torrent
c:\documents and settings\Admin\Application Data\uTorrent\Maria Ozawa - Meath Note vol.15 (OPD-022).torrent
c:\documents and settings\Admin\Application Data\uTorrent\Maria Ozawa - The Queen of DAS.mp4.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Maria Ozawa.1.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Maria Ozawa.torrent
c:\documents and settings\Admin\Application Data\uTorrent\MEMBERS_SOAP-Maria Ozawa-OPD021.avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Microsoft Office 2007 Enterprise(no serial or activation required)+magic iso with crack-johonievision.rar.torrent
c:\documents and settings\Admin\Application Data\uTorrent\mimip2p+nike(XV506).torrent
c:\documents and settings\Admin\Application Data\uTorrent\Mongol.2007.DVDRIP-ZEKTORM.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Nothing And Nowhere.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Pervert Hell - Akane Hotaru Yui Matsuno.torrent
c:\documents and settings\Admin\Application Data\uTorrent\PhotoBook - Reon Kadena - Hadaka No Reon.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Priceless.Fantasies.XXX.DVDRip.XvD.torrent
c:\documents and settings\Admin\Application Data\uTorrent\reina.torrent
c:\documents and settings\Admin\Application Data\uTorrent\resume.dat
c:\documents and settings\Admin\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Admin\Application Data\uTorrent\Rio (Tina Yuzuki) - BakoBako Orgy (SOE-079).avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Rio girigiri mosaic.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Roman Polanski - Repulsion (1965) DVRip (SiRiUs sHaRe).torrent
c:\documents and settings\Admin\Application Data\uTorrent\rss.dat
c:\documents and settings\Admin\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Admin\Application Data\uTorrent\Sarah Palin Hustler Movie Sc 1 - Nailin Paylin - Omerta.torrent
c:\documents and settings\Admin\Application Data\uTorrent\settings.dat
c:\documents and settings\Admin\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Admin\Application Data\uTorrent\Sex is Zero [Miyuki-Fansubs&Korean-Movies].torrent
c:\documents and settings\Admin\Application Data\uTorrent\Sweet Smell Of Success (1957) DVDRip (SiRiUs sHaRe).torrent
c:\documents and settings\Admin\Application Data\uTorrent\Teriyaki Boyz - Tokyo Drift (Fast & Furious Tokio Drift Soundtrack).mp3.torrent
c:\documents and settings\Admin\Application Data\uTorrent\The Twilight Samurai.torrent
c:\documents and settings\Admin\Application Data\uTorrent\The.Ghost.And.The.Darkness[1996]DVDrip.XivD[Eng]-AndrewIII.torrent
c:\documents and settings\Admin\Application Data\uTorrent\The.Testament.of.Dr.Mabuse.1933.DVDRip.XviD.EngSubs.INC.EXTRAS-KamuiX.torrent
c:\documents and settings\Admin\Application Data\uTorrent\THE_HUNCHBACK_OF_NOTRE_DAME.1.torrent
c:\documents and settings\Admin\Application Data\uTorrent\THE_HUNCHBACK_OF_NOTRE_DAME.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Tina Yuzuki - Make my dream.torrent
c:\documents and settings\Admin\Application Data\uTorrent\TinaYuzukiHotWind.rmvb.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Tokyo.Gore.Police.2008.DVDRip.XviD-DOMiNO.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Tora Tora Platinum Vol.49 - Maria Ozawa (TRP049).avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Admin\Application Data\uTorrent\Videodrome.1983.WS.DVDRip.XviD-AXIAL.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Viva Hotbabes Gone Wild - Philippines.avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\WANTED [2008][ENG][AC3][R5RIP-M333]-FLAWL3SS.1.torrent
c:\documents and settings\Admin\Application Data\uTorrent\WANTED [2008][ENG][AC3][R5RIP-M333]-FLAWL3SS.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Wanted.REAL.PROPER.R5.LiNE.XVID-mVs.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Winsor.Pilates.20.Minute.Workout.DVDr-adajad.torrent
c:\documents and settings\Admin\Application Data\uTorrent\WoW-2.4.0-enUS-patch.exe.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Xam 01&02.torrent
c:\documents and settings\Admin\Application Data\uTorrent\XVN_Maria Ozawa_Uncensored_Clips.avi.torrent
c:\documents and settings\Admin\Application Data\uTorrent\ZBrush v3.1 + Keygen.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Zeichnen Lernpack 1 - Video-Tutorials.torrent
c:\documents and settings\Admin\Application Data\uTorrent\Zombie.Strippers[2008]DvDrip-aXXo.torrent
c:\documents and settings\Admin\Application Data\uTorrent\原幹恵 - M.torrent
c:\program files\PopCap Games
c:\program files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
C:\VundoFix Backups
c:\windows\system32\aguvutun.ini
c:\windows\system32\akonirab.ini
c:\windows\system32\amozoyij.ini
c:\windows\system32\awutohos.ini
c:\windows\system32\egegidom.ini
c:\windows\system32\ehanuvov.ini
c:\windows\system32\ehulenuv.ini
c:\windows\system32\enirufed.ini
c:\windows\system32\erehevag.ini
c:\windows\system32\erusimuh.ini
c:\windows\system32\fodedozu.dll
c:\windows\system32\ojodojod.ini
c:\windows\system32\oyetevul.ini
c:\windows\system32\oyivosuy.ini
c:\windows\system32\ufesokej.ini
c:\windows\system32\unebekiz.ini
c:\windows\system32\upibabuy.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-02 08:35 . 2009-01-02 08:35 <DIR> d-------- c:\program files\Trend Micro
2008-12-31 17:31 . 2008-12-31 20:20 <DIR> d-------- c:\documents and settings\Admin\.housecall6.6
2008-12-30 20:04 . 2009-01-04 17:45 326 --a------ c:\windows\wininit.ini
2008-12-30 19:23 . 2008-12-30 19:23 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-30 19:23 . 2008-12-30 20:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-30 19:21 . 2008-12-30 19:21 <DIR> d-------- c:\program files\Lavasoft
2008-12-30 19:21 . 2008-12-30 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-30 13:46 . 2008-12-30 13:46 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-30 13:46 . 2008-12-30 13:46 1,409 --a------ c:\windows\QTFont.for
2008-12-29 23:00 . 2008-12-29 23:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-12-19 01:10 . 2008-12-19 01:10 <DIR> d-------- c:\program files\KeyHoleTV
2008-12-15 02:46 . 2008-12-15 02:46 <DIR> d-------- c:\documents and settings\Admin\Application Data\Corel
2008-12-15 02:37 . 2008-12-15 02:37 <DIR> d-------- c:\program files\Corel
2008-12-15 02:37 . 2008-12-15 02:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 06:24 --------- d-----w c:\documents and settings\Admin\Application Data\Skype
2009-01-08 05:01 --------- d-----w c:\documents and settings\Admin\Application Data\skypePM
2009-01-07 16:06 --------- d-----w c:\documents and settings\Admin\Application Data\WTablet
2009-01-07 16:06 --------- d-----w c:\documents and settings\Admin\Application Data\Orbit
2009-01-07 07:15 --------- d-----w c:\program files\Steam
2009-01-04 16:52 --------- d-----w c:\documents and settings\Admin\Application Data\Bioshock
2009-01-04 06:41 --------- d-----w c:\documents and settings\Admin\Application Data\U3
2009-01-03 18:03 --------- d-----w c:\program files\ebRO
2009-01-02 21:24 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-31 00:21 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-31 00:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-29 17:37 --------- d-----w c:\program files\Java
2008-12-08 09:40 --------- d-----w c:\documents and settings\Admin\Application Data\dvdcss
2008-12-07 02:44 --------- d-----w c:\documents and settings\Admin\Application Data\mIRC
2008-12-07 02:39 --------- d-----w c:\program files\mIRC
2008-12-02 05:38 --------- d-----w c:\program files\Tablet
2008-11-28 08:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-26 05:46 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-26 05:46 --------- d-----w c:\documents and settings\Admin\Application Data\Yahoo!
2008-11-26 05:45 --------- d-----w c:\program files\Yahoo!
2008-11-21 20:05 --------- d-----w c:\program files\Apple Software Update
2008-11-21 20:05 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-17 05:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 04:53 --------- d-----w c:\program files\trust
2008-11-10 10:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
2003-07-31 09:53 147,456 ----a-w c:\windows\inf\EL2K_XP.sys
2003-07-31 09:50 448,768 ----a-w c:\windows\inf\EL2K_N64.sys
2003-07-31 09:43 147,456 ----a-w c:\windows\inf\EL2K_2K.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-07_ 1.42.23.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-07 05:01:06 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-08 05:48:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-07 05:01:06 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-08 05:48:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-07 16:06:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_42c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-12-31 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-12-31 455168]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-04-27 1678536]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2008-04-27 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 08:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2002-12-31 07:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 18:10 1688872 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2002-12-31 07:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 13:21 2213160 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 13:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCDEmuApp.exe]
--a------ 2006-01-01 01:33 180224 c:\program files\PowerISO\SCDEmuApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-23 16:45 22058792 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-15 10:38 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 13:49 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 13:56 17920 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 13:56 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\GameOverlayUI.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\day of defeat\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\half-life blue shift\\hl.exe"=
"c:\\Program Files\\KeyHoleTV\\KeyHoleTV.exe"=
"c:\\Program Files\\Steam\\steamapps\\conteart\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\WINDOWS\\system32\\Pen_Tablet.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\Program Files\\Microsoft IntelliType Pro\\itype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [2003-10-28 72192]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-06-03 178913]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-04-29 15144]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-26 206096]
R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-02 3024168]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\pblotv4w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\pblotv4w.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 01:41:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

Combo Fix part 2 of 2:

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-1788223648-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"?慴"=hex:97,9a,26,cf,f2,48,7c,2f,08,3a,f3,08,0d,7b,38,cc,a0,b8,ae,ef,ae,04,5a,\
b9,44,d2,67,4d,bb,1e,57,68,2c,e0,3d,ee,cb,93,ee,99,20,eb,58,12,f7,54,de,ee,\
1f,5a,09,60,19,45,a3,f9,83,c9,8b,92,f7,55,02,db,cd,c4,22,83,70,68,d4,77,56,\
f6,57,7b,66,8e,e9,57,08,b2,df,75,9f,ed,9c,e3,4c,7e,04,16,b3,94,6e,ad,78,c9,\
2a,a0,29,0b,2f,3b,77,10,5c,78,2b,2f,24,6d,6a,86,f7,b3,97,02,0a,ef,e1,e3,b0,\
85,7f,e8,3a,41,8d,bc,5b,9a,d4,b6,75,4e,e3,ed,5c,ee,9d,a4,78,b6,db,64,b9,6d,\
79,79,27,d4,94,ad,ae,42,27,13,45,74,7a,86,a1,2c,6c,bc,b2,12,64,3b,3d,dd,00,\
3b,a9,19,cc,ea,e3,ac,b3,1e,c4,26,ae,2f,e3,24,0c,4d,eb,cc,72,2e,fb,16,50,c7,\
d9,c4,a6,33,d6,12,9f,36,27,4f,53,81,a0,9b,1e,2f,5d,fd,99,be,15,df,89,79,69,\
d1,02,8b,ed,26,ce,0e,6f,b8,51,13,bb,78,a8,a8,53,fa,b5,53,00,2a,cc,f0,e4,d8,\
d0,45,27,fb,5e,2e,fd,26,43,11,e1,96,a5,01,68,58,ed,bd,9f,77,0e,27,b9,e0,66,\
f8,f8,a4,ba,5d,e3,4d,cc,d8,d3,e9,02,7b,dc,2b,6e,92,37,c9,de,f1,dc,99,5e,ef,\
7d,ea,20,5a,68,8a,c1,d7,55,57,02,38,0c,56,21,cc,d6,c3,c1,eb,36,7c,b9,dc,e0,\
44,50,d4,28,ed,e9,7d,ab,82,05,d1,52,4e,ce,5f,84,47,5e,fb,7a,14,dc,a0,b9,b8,\
72,fc,15,f5,05,5a,2e,96,da,0a,de,5b,05,90,51,45,13,e7,8c,92,e8,0d,6f,cb,34,\
0a,90,c8,18,b2,2c,f2,e0,be,74,0d,be,43,a0,9c,a6,9e,0a,7c,83,5b,96,d2,d9,4a,\
2d,79,5e,25,56,d5,db,8c,8f,2e,d8,19,6d,b4,5c,1b,48,96,03,e0,c6,44,65,9e,45,\
03,24,a6,25,a2,b8,46,61,53,ee,8b,31,9a,6b,7f,a1,a5,ad,fc,b7,8a,90,1e,e0,b5,\
c8,3d,67,81,08,23,d9,82,fa,e2,a1,39,17,75,46,6f,39,02,7f,f5,9c,3b,6b,97,a1,\
2b,ee,e3,d2,10,d9,54,ee,e5,eb,a5,6d,0f,4c,4a,8a,30,28,c9,ab,c1,ac,68,d8,59,\
9c,a4,2a,c4,64,43,7b,66,3d,1a,17,b3,a0,e3,16,8b,bd,5c,c3,5f,b6,89,59,12,a3,\
06,78,77,dc,6e,f9,69,8f,7d,fa,8d,4b,27,95,44,44,ff,ca,13,3a,b8,71,a1,5e,b4,\
c8,8b,71,ec,c9,72,bb,da,df,9d,e3,c4,a6,f9,40,0b,c3,16,04,55,46,3d,8f,00,84,\
00,fc,5c,34,a4,b8,bc,69,59,7a,17,92,e7,1d,54,53,f0,36,d9,87,bb,1b,11,aa,ef,\
1d,3f,03,a6,77,98,3c,ed,ba,d8,ba,ce,81,08,22,4e,aa,18,68,61,63,7c,47,a8,98,\
fd,ab,60,96,76,99,ee,48,f8,8c,ff,8e,41,8f,e1,c3,d0,68,62,64,85,55,d1,cc,8c,\
e6,97,18,03,f9,a1,77,fa,21,86,ba,90,a6,bc,c6,6f,f6,9b,b7,6d,eb,29,11,ca,09,\
85,fa,dc,0f,47,25,9c,80,9f,9e,a7,a3,6a,6e,f0,d2,e3,ba,fa,83,cb,80,14,b9,2e,\
ac,a4,13,a7,b8,5d,7a,6b,f9,c1,f9,eb,d6,92,77,b1,7f,d8,9e,0d,60,04,42,4f,3d,\
37,cb,f3,4c,51,93,1e,2f,0e,e5,41,46,36,da,9c,a0,33,fc,da,55,a4,b6,a7,79,47,\
e3,13,7a,bb,f7,23,a8,fd,31,11,0f,86,11,98,f8,08,43,44,b4,36,1e,02,7a,79,c5,\
4a,f9,14,ec,01,9a,5b,aa,ae,f5,dc,7d,e7,cf,bb,b4,43,ac,93,74,1f,ed,31,5b,e9,\
59,3a,34,75,0b,e2,d7,c4,c1,70,1c,9b,db,73,77,bb,e7,f6,09,0f,5e,70,b0,10,d6,\
17,03,da,02,f3,f1,d4,a3,27,c7,15,e6,a1,b8,02,81,33,9c,ec,95,5e,a3,7d,6d,e9,\
86,fe,e6,84,20,55,c6,9b,ee,8d,71,b9,e9,a7,57,b4,72,1a,b2,fa,91,e8,ec,96,10,\
ef,b6,29,aa,66,17,49,a3,0c,59,16,a5,7d,a3,45,75,6e,84,8c,2c,b6,f6,d8,b9,36,\
27,54,76,ea,c5,0d,1b,68,e6,c4,11,d2,f7,09,17,0f,68,00,b7,1e,fb,0b,4e,c3,b6,\
59,13,21,c7,92,a3,b7,b3,c4,81,e1,c7,2b,c4,8c,a0,a0,82,aa,00,30,35,6d,ea,84,\
b2,6f,f3,2c,cd,5c,ab,5f,7d,2a,77,c5,9a,d8,c5,72,8c,60,49,38,f2,f1,75,70,71,\
22,26,ac,46,23,3c,7f,07,f5,92,64,f2,52,08,45,bd,39,e4,a9,06,79,69,b3,61,ae,\
e7,4e,14,58,90,59,77,1c,73,82,fd,d9,1f,b1,6e,b1,43,35,07,0b,7b,4b,88,e0,dd,\
41,3e,f0,1b,2e,1a,9d,83,fd,ff,b9,f6,99,9f,3a,98,35,da,33,de,16,d9,d9,6c,96,\
a5,ef,27,a9,92,f1,d7,e1,8a,7a,45,f1,39,a9,94,58,0a,c6,26,54,5c,0d,28,53,6f,\
39,1c,90,58,76,5b,6d,c2,4c,41,0b,1e,41,53,e8,2f,6e,28,fc,23,4f,89,33,2d,2b,\
c6,7e,86,c7,ab,07,93,46,bd,5e,e8,4a,46,25,21,4f,26,88,f6,c5,bd,b3,ed,70,c2,\
0a,e0,fa,a9,f8,04,f9,6c,4d,2f,9a,8b,60,86,65,47,0c,f1,74,7c,d3,6b,d4,e1,74,\
d3,34,de,58,e5,f6,41,01,ef,58,c0,dd,cb,87,70,40,46,27,bd,f1,6c,d0,2d,22,24,\
3f,54,e2,75,c0,76,36,5d,a0,46,e2,8a,97,89,98,17,6b,31,0b,8d,ec,c0,1d,59,c4,\
32,50,0f,47,52,59,48,3e,f9,92,ce,36,ba,b1,d2,a0,db,35,f0,98,a6,52,10,50,c6,\
35,8d,4d,82,d5,d9,ed,5e,47,0c,9e,d0,fd,0c,ae,1e,bb,a7,ea,bf,a7,86,c1,35,9b,\
c0,3b,3e,19,85,6f,5e,ce,83,9c,4f,f0,97,cb,19,25,07,f2,a2,eb,c2,e5,a0,61,07,\
42,70,a6,c3,9b,0d,55,c7,1b,7b,2d,0e,8f,01,e8,a4,0b,ac,00,cf,d0,9f,93,b6,1b,\
d5,d0,30,10,cd,01,c4,d1,03,c4,84,57,59,b2,4c,3e,63,43,54,45,06,20,58,03,df,\
d7,3e,0e,a8,53,c6,d6,96,94,47,dd,99,92,8f,6e,e5,0d,02,32,43,b5,50,4e,da,20,\
55,21,51,77,34,ab,6f,67,66,bc,a8,c4,a2,8b,a6,79,9f,f5,82,56,27,87,89,ca,14,\
cf,b4,19,94,c5,59,a3,9a,7d,f2,f2,6e,4c,c5,84,02,18,22,06,89,d2,82,35,d3,9c,\
f7,02,31,0c,0b,58,16,2f,53,7a,e6,a7,47,32,f1,84,3f,e2,c3,b2,44,0b,7f,59,75,\
97,fd,49,29,5a,9b,57,78,d9,76,f2,d2,1c,22,63,da,c2,e4,ee,3b,73,f7,9e,d5,32,\
a1,78,67,df,69,5f,8b,ce,16,d9,d8,d6,64,2d,82,ef,11,2e,56,0a,86,3a,f5,63,70,\
de,f7,c7,0e,20,ac,22,49,b6,d8,eb,e8,7d,6d,e2,4d,b7,ed,d6,12,cd,21,f9,56,ee,\
2a,02,2f,2a,9e,a0,f1,91,9f,14,3c,e2,18,91,4a,8f,8d,f1,4c,2b,66,7f,13,3c,14,\
b0,d0,47,54,01,69,51,54,17,ea,95,94,97,10,29,9d,9c,53,e1,f7,82,c5,37,49,6a,\
94,0b,a3,f8,bd,53,47,3f,f3,f1,e8,fb,66,d0,07,38,df,ef,99,db,33,4f,d6,ed,b6,\
8a,35,7e,b1,d7,21,87,d2,2e,1c,ad,35,99,85,08,12,87,ff,b3,76,c8,0a,7b,a2,ad,\
66,9f,81,b8,f3,b0,a7,ec,cd,c1,2e,94,94,56,de,80,2a,c2,f2,47,f6,b9,4f,f4,24,\
a4,33,0e,9b,b0,81,36,e4,65,64,c9,48,2f,5a,23,a3,f9,fe,f0,99,d9,8c,12,95,e2,\
3e,2d,bf,e8,06,a4,ab,ed,42,d3,64,70,88,e7,6d,93,3e,65,bd,e9,b8,2a,d4,d4,89,\
89,57,7e,a1,2b,2d,e7,4d,c4,2c,b4,5c,b1,b3,f3,1a,78,9d,91,84,dd,f3,1c,df,12,\
4b,c5,06,b2,a9,2b,5b,a3,f0,15,46,7b,cc,90,35,8f,5a,4c,3b,ef,8c,7f,c1,ee,51,\
f0,d6,b9,19,a3,37,ca,12,78,cf,03,33,05,66,42,17,a6,25,e3,29,85,e6,25,8a,59,\
ba,4f,6c,04,83,6c,cc,de,f4,14,95,96,81,00,13,8b,08,cf,1b,79,73,73,59,dd,bd,\
c1,da,66,6f,e6,1e,ee,48,bb,19,c4,a2,30,84,a7,ed,53,51,3a,f4,63,3f,b4,fb,1e,\
4e,63,cc,a9,76,57,ab,5b,20,83,e4,40,43,b0,50,35,fd,7e,0f,60,60,a3,98,8d,f2,\
67,8f,f3,7d,80,ea,72,8c,3d,3d,80,1d,be,25,8f,60,ec,cd,2a,26,f1,5a,79,7e,5a,\
a6,a3,ec,b1,f0,39,59,04,fa,b5,24,0f,a3,2d,97,b3,aa,60,c3,64,6f,c1,25,9b,7f,\
d2,8b,d0,c9,02,1c,6f,93,5d,a2,04,47,9a,34,71,3d,92,63,b5,77,78,fb,f4,ab,4d,\
a3,26,10,8e,46,30,10,d0,c0,8b,de,65,de,19,7b,60,af,41,f3,98,20,db,cb,7e,c6,\
23,d8,63,ed,b6,a8,1e,26,13,f7,0f,53,23,34,17,32,e6,87,64,6d,d1,27,9a,cd,db,\
07,98,1a,de,51,2c,53,99,38,40,d5,c7,d0,78,6e,1f,32,9b,9a,7b,be,4b,34,58,34,\
2f,bd,ed,b4,8c,bb,cd,84,78,6b,f3,de,27,3d,7d,c1,3a,02,c4,62,17,47,23,b6,e6,\
bc,73,6a,de,24,ce,9d,e6,5e,01,11,3c,98,0c,a5,9a,2e,e2,96,89,47,75,a0,a1,01,\
6e,4d,de,ae,fe,9a,05,10,65,60,e5,82,31,14,b9,78,be,e5,70,88,48,cf,5c,99,b1,\
8a,a6,7f,24,5d,a8,98,63,4a,43,2f,e4,cd,ba,c3,6c,50,c1,69,da,91,0a,ff,69,8c,\
89,57,ea,49,cd,65,85,36,f5,10,9f,3e,df,38,a1,c0,57,2c,82,60,37,96,ba,79,17,\
2f,87,5f,81,a3,27,53,48,8b,73,03,72,12,cf,0e,b5,32,30,6b,af,9b,29,00,fe,a4,\
fd,b8,75,d5,62,75,6c,83,b5,6c,d0,95,3a,ed,73,eb,24,ed,ee,7a,8b,66,6a,72,61,\
a7,3d,be,44,83,cb,39,71,64,34,26,a1,91,16,7a,f2,94,90,2b,67,a7,27,8f,96,af,\
ae,da,ce,fc,7a,4e,96,56,bd,3b,b4,fc,cf,7b,49,2c,f1,08,ee,75,a2,71,f8,dc,79,\
c1,5a,38,b6,61,39,c0,4f,f1,24,bd,32,57,b9,4a,b8,dc,7e,d2,4c,6a,52,92,b9,c2,\
05,d9,0a,45,a7,7f,bf,c1,d5,6d,c0,21,f8,96,22,27,a1,67,21,46,27,03,19,71,f9,\
d9,64,06,5a,4c,bd,30,0d,b7,d2,31,e5,1e,02,50,8d,f3,f1,77,ad,f6,1d,70,e0,3c,\
88,2f,ea,2a,d9,19,b6,e3,5f,92,15,42,3e,a8,0d,b9,18,0a,76,1d,27,92,79,9f,f1,\
bb,c0,db,bc,d6,b9,6c,26,4d,4c,21,6d,5c,f5,3f,64,d6,6b,fc,19,ad,52,e7,3c,13,\
82,e8,a3,7f,65,25,4e,e6,13,11,b8,5f,eb,ce,86,f7,c8,01,b0,c5,9e,ec,a6,d4,e3,\
d2,0d,5c,dd,18,89,ae,2b,4e,22,b4,78,43,b2,7e,8e,a9,ca,24,fd,46,0d,a8,da,d0,\
ea,40,6a,7e,0b,57,be,17,d3,5c,4b,70,c7,0b,90,35,0c,5c,30,c2,b2,86,bb,b6,60,\
45,51,0c,8b,45,27,2c,be,ff,08,d7,38,a0,94,b5,f1,59,fa,a7,a2,38,ba,e4,9d,49,\
d2,67,13,0d,ed,8b,70,17,ef,3f,17,d6,fb,68,f3,92,31,d4,d9,86,e4,2c,2b,33,78,\
2b,f7,d5,37,19,44,15,73,f9,4c,ec,b4,52,d7,ce,af,41,05,6a,53,cf,7a,9c,ef,4b,\
a3,88,c1,81,bf,4b,9c,10,85,9a,d8,e1,cf,14,72,d3,51,3f,08,20,1e,3b,6e,df,3d,\
0f,ba,05,7f,ac,46,a4,8a,99,2e,eb,70,98,73,a7,01,37,35,f3,e6,24,0f,64,38,d2,\
75,89,d3,4b,15,8e,f8,af,6b,a5,a1,95,df,57,0c,4e,ac,76,15,3e,b8,7c,d4,af,3a,\
f1,6e,c0,a1,fd,4c,6d,a8,69,69,50,b4,8c,ac,e2,58,90,eb,ea,96,b5,37,4f,a4,f8,\
96,0c,a0,92,7a,56,0b,a7,22,f8,78,c2,06,ef,a3,ab,ad,23,de,95,9a,47,45,fc,a4,\
7e,6e,22,74,d8,21,b4,8f,b9,61,cf,bc,b6,12,b8,3a,ff,14,3a,f7,96,db,a9,d9,92,\
d6,36,8d,05,a6,bd,31,fa,3a,eb,02,8f,10,b3,c9,6a,6e,20,03,81,9f,74,4d,c6,94,\
32,70,cc,d3,2b,f9,6f,be,be,15,64,c1,7d,2c,54,7c,1a,42,59,77,45,4e,68,76,90,\
68,53,cd,15,09,b7,db,0d,7a,03,b2,d0,a8,54,af,18,ab,64,2c,04,b7,30,41,0c,f1,\
59,75,5e,07,4f,f8,d7,95,b6,28,cd,a2,a5,6d,13,f0,69,e4,92,0f,ab,49,15,ba,df,\
24,75,e9,02,88,c4,b3,02,02,7b,3e,5d,3d,f1,5c,83,4d,65,60,fc,b8,38,5e,c5,d9,\
f4,44,ef,23,97,8c,28,93,a6,78,12,8c,77,88,89,f7,c2,12,02,d1,2f,ad,30,ed,71,\
d9,86,bd,58,d6,38,be,3a,7a,cc,2a,0e,c0,78,55,9e,a7,f9,bd,cf,0f,52,a4,2f,bd,\
73,9a,1a,ef,15,c4,97,ff,4a,75,8e,13,ca,d2,d3,57,c6,37,64,e8,4d,52,f9,31,4c,\
72,0c,84,a5,39,30,6c,92,fa,d2,62,0b,3e,89,cb,1f,f0,18,5d,dd,8a,12,82,20,90,\
df,b4,7e,38,ae,41,3b,1d,bc,4c,91,e4,cd,d1,48,98,b8,15,16,32,22,da,8b,74,94,\
32,61,a2,71,96,81,58,52,d6,bd,18,ad,66,30,93,4b,14,b3,e5,9b,ea,7a,e0,b9,9f,\
7c,21,53,4d,4f,3c,cd,c6,66,d6,f6,04,c9,55,79,f6,6c,60,cb,6c,b9,59,07,2b,69,\
29,97,46,ef,09,6e,d6,4d,28,11,e1,78,b8,1d,b8,a7,ea,34,b9,79,a9,ac,c2,1b,94,\
32,53,90,d3,7a,ce,7d,f0,7a,52,4a,02,83,cc,b3,5e,11,af,8d,cb,f7,27,81,e1,be,\
88,cf,61,59,8d,76,34,30,cf,42,e0,f8,ef,b2,1b,d7,3f,7c,48,5d,40,d1,49,2e,e3,\
d2,f2,cd,d5,7d,9b,6d,92,f5,70,a7,96,85,cc,0d,2f,c4,fc,b9,15,b3,1c,71,4f,37,\
94,78,48,e9,23,b8,36,67,97,01,79,7d,5e,87,95,64,64,4c,47,b9,79,a8,1f,64,c7,\
6b,72,db,62,60,4e,4b,cd,af,54,3d,78,1e,a9,28,b2,07,64,d9,27,8a,31,c2,0b,da,\
e4,b1,7c,84,bd,ab,3d,8b,20,87,7e,21,56,3f,09,5b,2e,d8,45,1e,fb,8c,08,cb,46,\
75,2d,22,e3,83,6e,2a,de,dc,38,ca,41,ab,d7,68,c8,10,2d,57,fc,4a,b1,74,73,8d,\
22,07,32,47,4b,8f,fe,c4,b5,f9,e0,c3,ee,3a,17,a7,5e,e1,5d,d6,01,2a,15,0b,fe,\
af,9d,7f,2f,3a,9b,5c,a3,5c,a2,46,a5,6f,a5,80,ae,cb,7c,3d,a9,5a,d4,ba,3e,c2,\
9a,d2,50,be,6b,4b,4d,b0,5e,72,b4,ab,05,12,2d,5f,ed,1a,a0,30,b1,33,25,26,95,\
c4,c3,80,86,7d,07,f2,fa,5a,58,b0,2c,6b,80,e4,0f,bf,7a,bc,19,a9,dd,b9,32,c5,\
72,1c,0c,e5,fb,ec,e4,a9,40,aa,0a,f3,a3,53,d0,71,2f,10,e5,94,40,42,bf,bd,88,\
fd,57,ee,b4,c5,be,2a,6c,f3,e1,bb,fa,46,51,4b,89,0f,0d,e8,e3,4f,43,b0,c8,7c,\
dd,a5,3f,68,cd,35,42,5d,ab,7d,35,6c,c7,38,9b,ca,fc,0d,dd,ff,5b,87,94,a0,32,\
2d,a9,25,1a,2a,c4,8d,e0,a8,eb,53,86,d8,81,72,70,8b,ab,c7,5e,01,9c,53,17,af,\
49,93,64,cc,5d,19,02,87,12,38,ce,da,46,f3,4e,e4,6c,b0,13,79,ef,cd,6c,38,48,\
04,26,74,d3,07,3e,0f,2f,fa,3d,8c,96,6a,db,3a,95,a8,35,01,d1,47,24,16,ec,57,\
f4,89,01,4a,a1,8b,36,a6,2a,ac,a5,6c,16,02,d5,d8,4f,06,2d,a7,cf,92,2e,2a,0a,\
eb,cd,be,36,a6,03,ae,52,5e,22,33,38,3d,f7,8c,5b,19,e2,a0,99,42,0d,39,65,16,\
d4,f5,0d,ca,97,06,5a,e1,a1,2c,dc,62,1a,27,dc,e1,3f,d5,91,b2,78,84,83,c0,bd,\
7e,a4,e0,00,f3,d5,72,c5,f4,1a,8d,da,08,df,05,a9,a4,fc,07,a8,ab,31,dd,b3,b1,\
90,ce,8f,4e,85,8e,dc,a4,dd,a6,3d,3e,b0,cd,f9,d0,8f,79,1b,84,9f,3b,90,f3,5c,\
ad,50,a9,09,63,5e,2f,7b,61,01,6e,d3,98,b0,e9,ec,f9,56,96,62,23,da,aa,78,63,\
79,cb,55,62,de,3a,79,56,fd,10,e5,69,27,c4,6a,f7,6f,c0,20,bb,7e,05,8f,13,73,\
86,77,1e,ad,8d,59,04,a8,71,71,69,df,9a,80,a8,9e,24,c9,bb,dc,a5,9f,e9,1c,80,\
65,0e,06,39,38,a5,67,96,05,cd,4d,a9,3c,a6,01,8a,f1,c9,9a,e4,ac,7f,23,b7,a5,\
05,01,a0,15,4f,ab,ae,cb,1a,22,49,13,b0,90,64,21,7d,bf,4d,5e,6b,eb,70,c7,98,\
76,cd,dc,d8,66,6e,dc,96,10,2e,1a,56,cf,f1,a1,bf,50,09,c8,c6,28,a1,6e,b5,85,\
eb,75,3d,8a,02,6b,dc,ef,b4,1d,96,a3,e6,59,48,eb,7b,fb,71,f4,c1,fa,5d,05,38,\
9d,10,d1,29,10,b8,f1,4a,04,78,5c,c8,d5,b9,e5,e8,9d,47,db,eb,3d,22,3c,79,d0,\
90,5e,81,ea,d7,e7,f5,53,73,0c,07,b9,b9,85,f8,02,e5,18,14,e5,9a,04,39,5a,84,\
58,13,30,29,a1,67,31,ce,fb,e7,82,36,60,e7,ed,32,bc,87,c1,18,c6,23,29,0d,13,\
c1,8e,20,8e,8a,78,73,8d,30,0d,1f,1a,e7,2e,cb,cd,32,79,76,8a,40,e2,af,42,60,\
0a,c9,b3,55,ca,11,72,21,ea,c3,65,f1,90,dd,84,53,2b,2b,83,90,3f,93,ec,ce,18,\
d7,94,63,51,1e,de,ac,af,79,a9,73,d7,12,2e,8b,8c,f4,09,4d,41,69,e3,41,70,ee,\
95,01,86,ce,ca,13,bf,cf,e7,b8,77,9d,f3,8c,2e,d1,ef,38,35,e4,8f,15,c9,26,e4,\
8f,ab,4a,0d,d3,5a,83,b8,44,8c,d4,84,ea,2d,83,6b,02,18,84,76,b2,b5,56,89,b7,\
31,9d,9c,1c,ec,16,27,2f,90,67,3e,98,65,67,cc,09,0e,e6,64,4a,c8,6d,25,b1,31,\
a1,70,e2,56,b6,d0,3a,a8,1c,76,5e,8e,aa,68,10,40,2d,78,fb,d6,a5,58,84,d4,ee,\
20,21,70,b1,b0,08,5e,35,78,4f,86,a4,6e,f4,6c,ac,46,30,aa,1d,83,b2,72,9c,b3,\
bc,44,78,d2,74,1e,c3,8b,e6,04,8e,92,b0,91,7e,ae,b9,75,5f,6c,e3,ab,c7,d2,30,\
f1,0e,31,48,3a,76,39,97,af,f7,6c,dd,bb,c0,1b,f2,4c,41,c5,a9,c5,17,5a,17,4f,\
61,21,f5,78,ef,3b,79,5f,61,aa,fe,48,20,aa,a2,3e,37,58,50,04,89,d1,39,dc,17,\
36,5e,26,00,a3,cf,dc,65,b6,ba,5b,9b,28,4c,db,3a,2e,02,74,06,f0,2d,2d,a0,59,\
74,40,1a,6a,35,6b,d0,db,70,b8,ad,ca,64,e0,c8,24,a7,a0,96,90,27,4c,1a,68,fa,\
3e,92,ae,f7,b7,af,36,82,f8,d0,92,69,c8,0d,f6,dc,27,13,1d,35,bc,de,0f,b6,80,\
cf,39,30,ec,e9,ff,c3,f7,63,bf,82,70,be,0d,4b,30,5e,74,eb,7c,d1,c8,f7,c6,65,\
74,33,3b,fb,ef,39,c6,73,19,cd,6d,b2,68,0d,95,10,7f,bd,5f,3e,a2,b8,ba,22,8f,\
9b,95,d6,ad,e5,2a,ea,46,f4,af,a1,00,3f,b6,11,a5,d6,b0,9c,3d,2e,dd,df,77,dc,\
e0,73,d9,74,6f,e4,95,58,73,4f,93,aa,fd,d1,61,c4,a7,00,55,cd,71,82,68,5b,cf,\
93,14,16,f6,c5,5e,f6,ce,70,a4,93,77,ec,28,04,f7,dc,83,49,47,13,84,d5,f0,4a,\
27,7a,59,43,90,3d,cf,f0,51,98,dc,ad,28,7b,d6,0a,ce,c3,21,f4,a4,45,b2,3c,59,\
1e,4d,2a,42,43,88,9b,6d,cb,39,2c,48,2a,88,f8,72,d3,74,43,46,2b,21,74,df,a2,\
5a,96,02,ed,07,b6,85,91,44,0a,ea,2b,5f,f9,58,0b,b2,4a,d2,51,d6,e0,f1,26,89,\
8d,ed,2c,8f,2c,08,be,05,95,af,8c,5c,a8,5a,57,d0,a7,03,fe,da,61,76,4c,7a,ae,\
03,2d,a0,57,7f,6e,f2,02,d1,ce,c5,61,08,9c,64,25,33,86,5c,08,a0,38,d6,e6,a4,\
6f,04,d8,09,87,54,7d,39,04,86,91,2f,fe,d4,76,cc,78,53,a4,cf,8a,02,cc,36,41,\
55,45,f7,bc,5a,66,c8,00,38,36,08,7c,06,82,72,b4,f6,53,9b,60,77,22,b9,40,94,\
8a,51,f1,8b,15,25,25,08,77,d3,3f,0f,da,ab,4e,cf,7e,60,d6,01,7b,46,1d,1f,4a,\
73,f4,08,86,22,ea,f7,1c,2a,fb,8d,ab,08,f7,a8,f8,84,bc,6d,a1,66,d9,94,c0,c6,\
1d,56,bf,f1,d9,c9,66,c0,2e,a2,d0,2b,8a,2f,30,4b,8f,04,34,e2,93,f2,a0,9a,b9,\
1e,93,e5,b6,c8,dd,d2,4a,91,b9,1f,9b,f6,61,75,8a,0e,9d,c8,94,80,87,4c,89,ad,\
08,04,ae,58,e9,95,af,53,8b,0a,8e,98,af,08,f3,fd,1d,60,00,85,72,c5,fd,29,a9,\
8d,70,cc,6b,78,16,91,c2,6b,86,4c,8c,32,da,1c,f1,2d,b9,7c,62,6d,fb,e9,7f,77,\
04,a4,ce,bd,84,bd,82,f1,27,4f,8e,10,69,ef,f1,24,23,42,48,9d,ca,85,f0,72,7a,\
9c,59,90,db,8c,b6,41,80,07,46,d9,74,41,70,8c,d1,bc,fd,7a,c7,42,0b,e4,8c,67,\
84,a1,75,8a,52,33,7f,c3,c8,c7,44,95,5c,ce,92,83,8e,9e,08,b3,44,b2,1a,1f,f8,\
2b,b5,83,36,6a,5c,82,89,97,c5,09,82,2c,3f,0e,37,88,fe,ef,84,c5,8c,de,c1,b5,\
c0,09,b0,f4,45,ef,03,59,f7,74,21,dc,74,9e,15,ae,b0,21,2a,1c,97,d4,fb,14,c7,\
74,f2,29,eb,81,91,54,47,25,b7,cd,74,d9,04,fc,c0,e7,3c,d7,ae,aa,ff,55,37,84,\
0b,17,da,51,f7,89,e2,bf,44,fc,be,a8,49,df,26,bf,ef,f6,89,1c,18,c4,cb,39,d9,\
bd,df,da,64,e5,ba,7e,d8,d3,8f,fc,17,1f,4f,36,12,f9,a4,94,03,50,e3,81,02,e1,\
7e,69,ec,bb,69,df,98,c0,8f,e3,fb,9a,89,f5,c9,ef,aa,bd,3b,1d,b1,28,8a,3e,9b,\
80,84,ed,e3,fa,b7,c2,6e,ba,d2,cd,3b,2a,6f,38,ae,c0,88,90,08,63,49,0a,09,dd,\
af,ab,3a,81,dc,b5,1a,16,38,78,9f,6b,e6,84,d8,1f,84,f6,cc,b2,d7,b4,8e,b6,df,\
e6,60,16,e5,be,62,6c,25,2f,17,69,0d,88,7b,aa,f0,5a,cb,bf,fc,c7,8f,db,ca,eb,\
c8,53,7c,95,9b,0a,99,e2,1c,33,f6,8d,ea,36,54,96,ec,0c,a6,35,a4,40,9b,68,32,\
2a,0e,a6,17,63,d8,48,db,17,66,e6,e6,c0,fc,d5,46,fa,34,33,6f,04,1e,5e,3e,31,\
76,96,ff,f2,0b,15,f8,63,9c,c5,56,6c,3a,b7,e3,f7,55,1a,8e,35,18,d4,1a,ba,00,\
97,be,6c,c9,aa,56,f8,a3,a1,14,fe,7c,69,41,46,24,e3,d4,c9,d5,c9,2c,d6,d9,fc,\
ef,15,11,19,58,5e,4e,a0,53,68,03,cd,24,43,08,d2,d8,36,6f,bd,63,35,b0,5f,7b,\
c9,09,29,3f,87,d0,57,5d,4f,fb,29,e5,0d,c6,54,e3,a5,24,5a,bb,b8,d1,fa,0f,0c,\
86,64,31,f0,8b,55,2a,a0,0e,9a,41,75,00,a1,a2,f2,c3,ea,27,87,cd,0a,f8,82,f6,\
90,42,1e,9b,4d,d9,56,2b,53,99,b4,2d,50,13,c7,6d,f5,0e,0f,0d,a3,d1,a1,3e,c4,\
3a,62,49,0a,d7,7c,af,8c,60,88,d4,7a,ae,3e,93,8e,17,9b,9c,03,e8,a3,d3,86,88,\
6b,74,08,bd,9f,4a,1b,cb,02,50,f1,0f,09,a8,79,0d,bd,91,7d,9d,03,89,f1,b9,f7,\
5f,09,6f,50,5a,98,a2,4c,37,2f,03,3d,ac,42,ea,51,ff,d4,db,da,db,f3,f6,9d,68,\
cc,7b,ab,0a,65,6c,91,d6,a8,f4,df,6c,ec,1b,e2,73,28,90,d4,d0,5d,6b,79,8f,1a,\
e9,93,2b,e7,b7,71,06,19,7d,03,d5,0f,23,8c,bf,48,41,c1,66,02,9e,43,b7,3b,bf,\
65,46,db,95,82,6a,08,55,78,e6,33,c4,f1,ae,69,f6,b1,32,66,ed,ed,9d,6e,55,b8,\
59,e7,78,7f,e2,37,24,ef,98,d8,c8,80,b3,9d,8c,99,67,9d,67,82,69,f5,e1,72,cb,\
3d,14,0b,ab,f5,1e,ff,95,fc,09,e1,1d,8d,1d,d4,1a,b7,5a,04,bd,23,7d,a2,0c,09,\
bd,e7,8e,fc,eb,da,fa,3f,11,18,eb,0d,aa,1b,bd,f1,16,3d,d2,c3,31,66,86,4e,19,\
15,13,b5,ff,e1,d1,2a,46,b1,f2,05,7c,2c,8e,76,c9,95,05,84,83,38,3b,eb,a4,76,\
be,1e,d9,bb,41,d0,b5,27,67,e6,af,aa,a8,18,fb,b0,c9,3e,8d,2e,98,e9,73,11,0e,\
ca,a6,30,e1,f8,58,f3,ea,03,b6,5b,15,5a,c0,62,0c,f8,f4,98,cd,f0,fc,db,88,a3,\
f5,01,36,58,68,8c,5a,a5,c8,1b,b1,d7,b4,46,f0,78,7c,ee,65,06,f8,64,34,6b,14,\
d6,89,e0,1d,75,b2,41,11,8b,a3,c4,94,98,4e,a8,5c,44,2c,6c,4b,b0,19,df,16,88,\
bc,82,0e,33,11,5a,12,c7,ea,87,4c,0a,68,a9,88,f4,83,78,57,af,23,20,b6,7d,0b,\
83,d8,88,9e,9f,d2,03,a4,45,9c,5b,c6,85,ce,15,14,1e,f0,a8,72,35,08,4c,2e,a0,\
b0,85,36,51,7d,75,ef,53,83,d1,4b,04,74,19,67,52,20,a1,b5,18,e9,b6,2c,b5,ce,\
7f,d1,d5,e2,d5,6a,22,62,0b,6e,59,c5,2d,2d,05,0e,3e,a2,31,c9,1a,9f,b7,bb,5e,\
ab,f8,45,7a,e6,63,ac,ed,e6,78,5d,34,f5,67,6b,c0,ec,9e,90,c9,79,b4,87,51,7b,\
a2,04,f7,d3,00,78,9f,5e,55,42,c1,30,8c,d0,7f,41,b8,a3,48,1f,5d,a5,2e,db,b9,\
0a,42,03,8e,3f,b4,77,7d,a6,f9,6d,0d,c4,e7,87,c3,24,17,37,d0,db,8b,1f,f8,27,\
52,32,06,8f,a5,ae,1e,0e,b2,31,b4,05,83,1a,94,69,3a,fd,e8,3e,ac,54,2b,70,eb,\
b6,d0,d9,f3,38,aa,0a,56,a8,b7,af,4c,03,27,45,1b,24,62,7c,0e,14,c7,86,49,02,\
7e,dc,cd,f6,90,2d,5e,4f,83,45,5f,ca,0f,fc,c2,71,9a,b1,90,52,07,99,02,74,cb,\
f5,23,df,dd,7d,89,84,13,30,88,0d,44,2f,77,eb,af,88,b2,d7,ce,84,bf,fa,84,62,\
74,cb,a6,4a,cb,5d,20,c7,74,f4,69,dd,92,36,6e,5e,ec,cb,a6,70,23,8e,2c,4d,44,\
7f,a0,bf,b8,5e,3d,0f,cd,4a,28,a6,93,38,fc,2a,53,b9,5d,50,67,4e,5d,57,86,69,\
97,ac,32,37,72,ff,72,0f,d1,ab,12,0c,77,4f,b9,8a,2b,31,50,86,2d,53,7e,19,77,\
85,80,83,77,46,66,46,94,2c,be,62,75,e6,74,0d,29,fc,dd,09,dd,23,9d,99,16,d5,\
d8,30,3e,a8,6b,8a,d4,c1,a7,34,ec,c6,2b,4d,84,6b,3c,c0,c5,2a,87,c7,9d,58,1e,\
fe,a3,b3,aa,35,db,84,06,40,48,4a,9b,73,80,a6,3c,65,e9,e1,a3,b3,c3,a3,af,3a,\
40,2d,37,79,df,bf,0b,7c,f4,0d,95,7a,ec,c6,31,72,35,36,6f,62,f9,32,5c,7a,82,\
c4,37,b4,1f,2b,06,4f,e7,e1,39,2d,78,fe,9e,07,c7,c8,36,12,90,db,f1,df,c6,48,\
c7,05,77,cc,e7,3d,7b,53,0d,3c,0c,6b,ee,e3,d4,0f,e1,9e,3c,6c,b9,44,ae,28,f0,\
f5,8f,5f,0f,f9,8d,d5,33,8e,b8,2d,fa,a7,18,71,b2,66,0f,e0,e5,5f,84,94,d4,7e,\
96,ef,e2,82,a4,ed,b7,1c,6f,50,31,40,1c,0e,77,40,32,af,33,f9,12,16,43,1e,8c,\
78,f9,ec,23,a1,b8,a3,85,0e,11,bf,db,2d,04,c7,ce,31,c0,6c,95,8f,41,b9,a5,c0,\
02,1e,8c,c5,c6,45,d5,a7,30,ed,a6,e4,22,1c,f5,16,37,ea,46,2e,dc,3e,34,5c,2b,\
cd,8d,19,ec,d6,b2,da,50,84,57,b6,b5,43,3f,88,18,09,26,ca,4a,12,bd,ca,a8,59,\
d1,ec,ec,e0,fb,b9,3e,1d,89,59,74,3f,24,70,d9,6e,8a,f1,28,eb,74,75,ac,0a,e1,\
81,01,d1,4b,5d,ca,27,65,35,3b,6d,c7,7e,4a,be,0a,8f,d4,5d,3b,17,61,7d,99,e4,\
c0,e3,c6,77,dd,e5,72,b7,66,41,06,37,b3,4b,10,5f,6b,36,3d,9c,94,f5,c7,dc,47,\
60,ae,50,ec,78,db,cb,c3,30,2f,6b,a5,d5,17,b0,67,d2,06,c4,21,f2,63,95,4e,78,\
b3,37,66,02,9a,d4,6c,15,ca,5f,e9,09,1b,f2,83,83,f2,cd,56,1d,3f,f5,48,55,55,\
7a,5f,b4,a3,04,ab,b9,3d,76,0b,71,0c,6c,ef,b5,99,65,9e,75,cb,8c,22,a9,9b,b8,\
90,bb,24,97,4e,9f,9a,90,63,a3,e4,39,f3,94,79,41,35,91,fb,fe,f3,47,1a,a1,21,\
57,2b,91,39,c4,7c,d7,d4,f5,3b,04,ac,67,35,f8,e0,fc,17,b7,69,3c,f6,e0,15,5b,\
69,b7,6a,3a,91,ff,f8,af,50,da,af,d6,6b,a2,19,73,56,29,5b,34,71,59,c1,ad,e2,\
7a,93,9c,b9,b4,19,8c,28,ce,71,bc,c4,6c,46,27,9b,00,61,7c,93,61,90,6f,a1,1c,\
52,1a,78,72,68,ed,95,27,ea,e8,7e,85,a7,72,32,eb,48,79,c9,23,4c,15,c3,94,e9,\
5f,ef,ab,12,d4,5c,5f,89,02,62,95,91,ff,05,95,d5,d3,66,95,32,aa,62,fa,04,07,\
7a,e9,c7,aa,80,43,31,36,ea,f9,9e,41,29,ad,5c,65,45,a3,b9,63,f2,29,fc,e0,23,\
4d,88,fa,45,b4,ad,2b,fe,61,48,aa,8f,4b,e5,70,61,d8,7e,90,8c,d4,45,ae,15,56,\
dc,ba,05,fd,ad,6e,fb,6e,47,c8,1d,1b,00,7f,c6,51,7b,60,e1,15,fb,74,e0,8c,46,\
18,da,cb,c1,13,50,b6,44,d4,23,b7,67,23,dd,07,d6,fd,99,21,06,e7,4c,07,99,53,\
4f,4c,a2,99,39,56,de,be,6b,a1,65,00,3a,75,fc,dc,ce,92,e4,78,ca,f2,2b,51,18,\
b5,61,aa,b4,9b,a0,fc,ff,79,2f,0e,7c,5b,e4,d6,a7,e9,d9,3f,34,11,2b,bb,61,64,\
26,b5,d7,94,8b,fe,99,2a,ab,ad,20,21,bd,a6,79,21,b8,4e,8b,a1,6c,bb,54,bf,e5,\
3a,33,b5,04,13,af,37,10,d0,da,5a,cb,a3,4e,45,95,01,1b,20,5b,d7,3d,d7,77,6a,\
50,f8,7f,4e,e8,00,7d,38,68,05,9e,47,07,b1,b6,27,f0,b0,91,14,85,4e,0f,03,f7,\
6f,85,ad,a1,f1,c0,c3,87,d2,8f,ab,79,d6,50,73,9e,40,00,5c,5c,14,c5,c2,23,4e,\
00,5c,58,48,62,bd,71,1e,3c,3e,9c,36,40,7f,b5,be,92,37,88,5b,ef,46,8b,9f,47,\
34,46,70,99,5e,a9,e6,0a,ba,0d,95,f1,23,1d,92,91,f5,ec,f5,7e,bb,12,bd,a7,b8,\
2b,98,59,42,98,03,db,60,d9,08,50,71,bb,26,dd,62,39,2c,25,31,81,27,c9,25,f7,\
fc,3b,dc,81,7b,a4,b2,d1,0a,27,21,ba,ee,8d,56,e5,0f,ce,64,46,ae,e9,db,2d,fc,\
f9,48,5a,25,8d,85,04,01,f1,02,e9,e0,d4,65,ca,27,c6,d9,d9,a3,b2,72,1a,2f,bb,\
94,b5,f4,3e,55,7d,40,85,57,bb,70,92,4e,a6,9c,ef,a0,6c,6d,32,f1,9d,c3,f0,08,\
d4,60,4e,c5,2e,09,b6,e7,3d,32,43,cf,46,f9,b3,43,45,ea,ed,b2,54,20,80,3f,ab,\
96,7f,90,7a,04,9a,9d,ae,09,b8,7c,81,1c,89,b9,9d,3d,c7,13,10,44,35,b1,a5,ef,\
d5,3e,a7,a6,bd,24,d5,a0,10,f6,c9,ce,f2,8c,ea,c1,3a,1b,b8,cc,13,84,66,38,79,\
bb,b1,c9,a9,e9,c2,29,45,e0,23,4c,8d,73,05,d1,cf,17,5f,c2,41,87,7a,77,36,3a,\
e8,65,73,cf,17,67,7b,d8,15,fe,c6,84,cc,71,a9,96,ce,ae,e9,41,7b,0b,bb,da,b9,\
4b,e8,a7,59,a1,de,ae,df,25,ed,6b,5b,e6,18,7f,6f,ea,c0,8a,03,3b,f4,8f,85,4f,\
4b,db,5f,80,41,8b,82,2c,37,ac,38,d4,a0,70,14,08,aa,7f,35,31,08,bb,86,93,2d,\
00,07,cf,c7,b7,cb,24,9d,80,5d,cf,e1,03,bc,5c,9a,ec,44,46,eb,98,ee,56,55,04,\
85,1a,dd,79,10,cc,09,bf,ed,f3,e6,ab,14,38,78,3e,c7,93,bd,b2,42,02,4e,7f,30,\
39,2a,d8,1f,94,c0,5f,ce,75,ad,1e,fd,ba,7c,43,4f,a0,3c,75,00,90,93,e5,c3,03,\
c7,e1,9b,5e,67,8f,22,82,f4,48,b8,77,be,d1,a6,6e,26,b8,0e,77,1f,72,51,9d,0f,\
1a,97,90,d4,a6,b9,6e,5b,e0,a4,b3,39,5a,a5,1b,7f,cd,cf,6d,c5,c5,3b,fd,89,37,\
c3,f8,a7,79,b5,77,a9,30,ff,c0,04,f3,93,53,9e,b2,42,cb,26,83,58,88,05,89,01,\
a4,36,94,72,08,88,27,78,7e,e0,cb,9b,c7,44,92,f5,b6,d9,bc,e0,7b,59,a5,ec,26,\
46,05,b7,4b,4e,cf,89,52,61,5e,31,c9,28,0a,5e,23,a8,e8,00,99,03,54,6c,11,7e,\
70,84,78,e6,d4,a7,ca,bc,de,c1,08,18,e5,56,22,ba,e9,d1,c1,c2,c1,ec,a7,ef,56,\
a5,5c,6f,5e,c7,d3,07,65,79,45,79,d3,fc,75,81,28,f2,4b,da,02,cd,d4,98,fa,e6,\
60,3c,b5,7a,bc,7a,66,be,41,ef,d6,57,5c,0a,b0,50,55,de,54,8b,89,e2,5f,b9,64,\
69,d6,06,bb,73,da,30,0a,56,52,a3,44,eb,f4,c5,43,84,45,7b,a9,0d,88,6f,ea,6c,\
17,c7,4f,cd,5d,0f,34,eb,c3,8f,e9,93,70,f2,47,51,95,9c,5b,36,77,0f,1b,c4,5a,\
10,1a,23,30,b6,3d,ca,f4,d3,84,a9,16,fb,db,28,80,c6,54,a7,0f,10,39,cf,13,b7,\
69,4d,9d,1d,f9,89,6f,cd,8c,56,7d,e9,bd,6b,78,9c,d8,bd,a5,1b,c0,13,ef,fe,ab,\
75,54,1c,4a,97,13,e2,8c,33,e1,08,f3,94,07,45,2e,c2,db,8f,cf,de,a8,12,1c,9f,\
8b,d5,cf,a2,aa,c4,01,59,ac,63,28,f0,28,93,56,73,08,a2,01,f3,e8,a2,67,d4,cf,\
08,3e,21,ad,32,69,86,12,61,5d,95,0d,eb,20,d3,ca,52,6c,b4,83,7b,22,b5,23,1b,\
0c,3c,16,e8,73,29,8a,b4,52,f0,4f,01,cf,eb,49,21,73,05,2e,0a,29,2c,30,7f,0e,\
78,ed,3e,fe,16,c4,5f,fa,ae,3a,83,00,1e,7f,e1,46,7e,df,67,b2,4b,2e,d4,3f,e2,\
c4,ea,ab,96,91,ff,92,26,d5,d1,55,7c,ec,15,20,58,39,e9,fc,37,63,a9,06,a0,ff,\
76,24,a4,94,ec,cc,85,d9,11,9b,37,d6,0a,50,17,89,87,8d,51,6c,7e,f7,8d,97,88,\
a4,0c,c5,62,63,fb,6b,ad,65,67,a8,03,f5,eb,40,b0,e3,91,52,f3,39,c6,38,8a,d8,\
fe,6f,19,56,e6,de,00,38,a0,fb,7b,41,54,a1,a9,43,6e,34,52,a2,2e,01,a5,8f,13,\
62,ae,43,27,cf,38,3f,9b,fc,69,bf,2e,dc,50,76,bc,c0,79,31,a9,81,1f,ca,cc,50,\
1d,26,af,e9,95,09,81,c1,24,f6,40,bb,32,03,67,a5,08,11,12,13,b8,a6,e2,cb,6a,\
05,58,bd,aa,d2,ac,86,2d,03,74,ce,a6,81,af,8b,2b,46,15,27,c4,65,d0,b3,86,90,\
91,bb,e1,5c,8b,63,84,44,22,8a,78,7d,24,07,0d,b7,f0,16,ba,2c,3c,be,0f,e4,48,\
cf,3e,20,bf,71,33,d9,bf,94,d8,84,fb,53,62,1f,97,c6,67,34,f7,9d,09,e4,b9,cb,\
c3,eb,58,a8,dd,00,8a,82,0b,eb,fe,6f,b7,b2,19,9f,6a,ce,4d,f8,46,dc,3b,19,23,\
c1,95,11,fb,91,b0,63,83,d9,80,3b,78,2e,c0,be,0e,94,c9,de,6e,c5,37,58,8a,1c,\
a4,9e,52,13,df,bd,bd,4c,e0,1b,b2,2b,18,fa,47,93,72,b2,34,75,b3,dd,7e,96,fe,\
62,25,43,d2,e6,64,06,e5,cc,b1,a3,d2,6e,f5,1a,6e,e4,fa,44,d8,88,ab,5e,88,fb,\
12,d5,95,f3,d9,21,a3,c1,39,2f,64,e1,dd,eb,47,33,13,00,ff,b1,14,26,0c,d2,7e,\
f3,98,56,ca,e3,91,85,0d,1c,42,5c,0b,26,e0,03,f4,3c,50,21,a9,6e,34,77,1a,7d,\
1d,a4,e1,43,0d,1f,2d,b0,de,b9,ab,62,03,68,b8,dc,aa,47,b4,ad,2a,45,dd,f6,75,\
ac,2a,35,b2,86,62,f0,82,56,f8,16,c5,9a,e1,c8,52,82,ee,45,4c,c1,45,99,47,b6,\
c2,1f,25,33,b6,e7,b4,81,97,7f,f5,db,df,d8,1e,02,04,ed,7f,14,b4,b8,c8,40,13,\
a2,80,62,71,29,74,36,fc,22,65,74,19,44,e3,fd,4d,5e,83,9a,f1,9b,d3,fa,38,ea,\
cf,e1,02,b7,a1,9f,c3,1c,24,3f,15,03,d1,a3,f0,b8,30,68,04,55,24,78,a3,c2,0f,\
49,98,4b,01,7a,5e,6d,23,a8,89,c2,ce,65,24,13,34,19,32,3a,46,f0,ba,75,c7,d3,\
c2,18,93,d8,53,78,e3,dd,83,32,04,05,fa,9c,d2,45,f7,3f,d1,b6,c2,e0,07,b2,4a,\
dd,92,09,22,4d,2f,f3,b6,20,e9,13,f3,7c,54,91,5b,19,30,e4,46,38,23,8f,8d,81,\
8d,4d,ff,e9,bd,96,7f,75,62,a5,bc,5e,5c,2d,b8,0d,e6,ed,2e,46,2a,59,e3,bc,84,\
f4,64,07,fe,de,50,90,28,0a,76,83,dd,a7,e8,18,d9,c8,9b,21,fb,e3,4c,04,e8,5e,\
f5,40,1c,6a,63,b8,e9,b0,62,f9,fa,e1,ec,8d,b0,66,c5,c1,bb,98,ac,c7,59,f8,cd,\
8e,0a,4c,45,99,60,41,c7,dd,31,3f,53,ab,64,f4,02,0e,2d,4b,84,c7,d9,bb,a0,4c,\
d5,b9,62,c1,71,05,68,5b,3f,a1,4e,e6,2e,27,53,25,aa,30,38,a3,c8,4a,6a,f9,5e,\
8a,27,3a,e4,95,fe,36,6a,f2,e6,57,b7,c8,fe,25,58,60,9a,a8,2d,6a,2e,7c,69,b7,\
7f,46,a5,f9,6b,f7,14,88,06,03,0b,67,09,16,ed,e5,b5,30,59,dc,06,b1,c1,ce,f2,\
33,e0,60,42,d5,45,17,58,3f,84,da,ed,08,ac,13,63,a6,a4,69,4c,97,78,4b,e1,16,\
1b,6f,27,66,b4,18,6d,8c,11,ba,f7,f5,41,c6,0f,e3,ed,69,bc,73,5e,3b,d7,fa,34,\
b1,27,c5,7e,54,22,ed,21,69,b6,bf,63,5f,ff,78,ff,9a,9e,92,55,86,3f,89,53,04,\
65,37,f5,d9,ae,59,73,5e,aa,1d,4d,6f,7a,fd,12,7a,06,b6,7f,76,20,84,d9,b7,11,\
a2,f0,f9,a5,f0,7a,0b,f5,05,19,86,31,83,2d,70,db,15,f1,f6,ef,a1,21,fb,de,d8,\
56,83,ac,da,47,de,10,c0,15,c1,01,22,e4,c4,56,03,21,d1,59,22,b8,e0,30,62,8d,\
e2,47,fa,df,18,a0,0a,9e,88,f0,bf,20,0d,2b,fc,71,ee,e0,a0,9e,62,04,36,66,cc,\
21,da,86,b4,53,13,3a,5b,7d,e8,a5,1c,b7,1c,5e,cf,04,01,a9,fc,9c,82,e5,7d,98,\
51,52,de,2f,85,47,01,ec,9b,93,6a,af,56,3a,6a,07,94,ba,ee,8a,41,55,cc,75,85,\
28,3a,5a,c6,97,50,c0,af,0c,68,9b,73,2f,c0,4b,07,80,f9,f7,6d,fe,07,08,f1,7a,\
2a,aa,d1,5d,91,a0,45,ef,7f,a5,ac,9f,76,73,41,91,59,ad,fb,f2,0f,9d,06,7d,03,\
4c,0c,fe,81,59,c2,c3,49,b0,bc,a3,ee,d2,c8,6f,4b,8d,29,e0,68,31,8a,b2,b6,20,\
67,53,0d,2d,99,aa,aa,af,6f,a0,4f,69,0b,d5,9b,20,53,fc,1f,ae,b9,86,ae,e3,9e,\
88,92,25,59,25,47,99,8b,dc,36,fe,61,bc,bc,d8,87,ab,80,be,0b,dc,97,3b,5b,00,\
d9,b6,43,e6,01,48,8a,22,99,ed,e2,c4,5e,76,e3,82,31,84,16,5f,a0,33,cd,20,af,\
9e,d6,39,c7,0b,80,7d,8e,4f,72,8b,57,13,08,f7,f4,0c,f8,be,1b,2b,ef,45,e5,b0,\
ef,44,e7,0f,77,be,46,02,5f,4e,73,9a,2d,ac,28,21,36,0c,97,99,7b,99,0d,3e,6a,\
86,a4,f7,f9,cd,07,b1,9c,30,a6,4a,28,40,52,09,16,f2,aa,14,aa,a5,8b,fa,15,25,\
e1,73,b1,bf,e9,b8,82,e4,2d,83,99,01,8a,46,3e,ac,23,a2,d2,db,41,27,f9,a2,e6,\
8a,4e,3e,2b,e0,ca,0d,91,b0,0b,a2,54,76,02,a7,f2,6b,bb,c7,cc,7b,3e,f2,ea,74,\
02,b0,f1,64,2d,97,7c,37,85,b5,e4,b4,2c,f2,b2,70,bc,44,db,a6,02,0c,b3,af,62,\
56,d4,04,1a,5a,fe,b0,af,d7,77,97,ae,7a,57,12,bc,93,06,bd,9d,22,b8,03,cc,06,\
00,5f,10,f0,82,74,97,a0,b6,7d,cf,fd,33,db,db,c6,f3,6f,7c,7a,27,c0,db,75,ab,\
33,1d,e0,c9,f3,4e,4d,be,17,eb,af,b6,b4,82,5c,fa,fd,c6,55,a7,a2,70,2f,ee,c9,\
c6,c5,45,09,27,c0,9f,65,5a,a8,4d,4b,88,de,74,7e,0b,6c,87,79,7e,63,c4,9e,ca,\
87,b7,b3,29,9c,46,ac,4d,c2,b3,8b,9b,ef,d2,04,93,99,e3,9a,21,b8,9e,81,76,e9,\
bb,bb,39,6b,b3,50,6c,64,ea,fd,4b,9d,31,d0,00,da,8a,1a,6d,21,1a,13,80,e3,e0,\
68,e7,f8,d0,36,36,5e,80,04,20,36,70,0b,a3,38,36,4d,a6,dc,b3,9f,8f,24,81,a6,\
d8,9a,f5,0f,1c,59,70,ea,61,b8,de,e5,f4,90,64,3b,e8,b7,9f,91,1a,67,52,33,26,\
35,7e,dd,64,8d,bc,14,ff,39,cc,74,8a,67,d7,7b,bd,30,28,cb,29,74,9c,9c,bc,59,\
ff,0c,73,d1,11,6d,8d,cc,56,48,19,7b,cc,77,da,27,fc,c2,ba,b4,72,a1,c7,8d,90,\
64,24,4e,8c,f2,7f,f6,cc,b7,ab,6f,6c,b4,0d,cf,66,48,e6,b3,d4,bb,60,b8,d0,69,\
37,04,e5,58,22,29,ed,ba,e8,88,7a,ae,f5,03,40,d5,ae,ac,6c,43,88,f2,21,68,c1,\
01,95,24,ff,30,0d,af,94,fa,57,47,29,ff,53,0a,b7,0e,e3,08,4f,f9,ec,6f,9b,15,\
ec,e9,c0,25,28,8b,df,17,6a,31,0a,a3,d6,6f,e3,67,a9,c4,24,0a,4f,d7,0a,c2,db,\
ea,f4,af,a3,67,71,57,00,5b,e8,75,95,17,be,82,c4,de,6e,9d,b6,44,36,2d,31,5c,\
b4,e6,35,3a,b6,67,d8,d8,1a,f1,41,1e,c3,6f,2c,fb,fa,06,a5,63,4c,31,22,d9,8f,\
44,90,91,57,d4,69,16,a1,f7,98,aa,53,6a,ab,fd,9d,85,0f,ae,d1,24,6b,33,47,44,\
09,f4,27,dd,58,13,82,75,99,eb,b4,3d,71,36,1d,f5,82,3e,62,2f,ae,78,a5,c3,33,\
89,19,24,3c,32,2d,bd,2a,b4,49,7c,c1,2d,41,85,a7,e2,e6,5d,4c,c3,44,b5,fc,56,\
f1,a9,06,1c,32,08,81,02,c0,f4,82,44,d4,ca,0e,3d,0a,14,6e,03,c0,cd,c7,db,55,\
66,73,68,3b,14,5f,f8,cf,d1,dd,52,d1,fb,db,b0,f0,6e,54,64,5c,93,e2,cb,db,56,\
c5,41,5d,31,5c,1f,2e,b8,b5,dd,41,86,cb,ae,e6,57,0c,1e,bd,bc,f6,9c,c6,04,12,\
0c,3b,c2,88,3c,7d,50,e1,f0,3f,02,40,ce,01,f2,31,00,f9,f4,e3,8f,ab,77,94,bc,\
b2,88,3d,d9,e6,a7,81,22,b2,22,69,c5,62,7b,c2,1e,b2,ce,e7,5a,8b,6f,e3,a6,71,\
a5,73,e2,06,c0,97,aa,43,2f,6c,6b,f8,39,39,7d,4c,77,96,75,1f,f1,4a,5e,bd,94,\
6e,c8,4d,74,55,7f,74,45,b7,1c,c5,d6,dd,9e,4d,04,b3,6e,a9,e4,aa,60,e7,0d,47,\
8d,9d,04,0b,c6,a5,5d,21,49,f2,e8,27,2c,2a,41,13,ae,9a,2e,90,4a,d7,79,47,46,\
61,75,bb,c9,6f,a1,77,31,a8,24,25,b8,c0,b3,16,cf,69,8e,45,f5,6d,ec,6c,54,a0,\
d2,26,f6,e6,2b,66,f9,ad,d6,54,4a,dd,f5,9e,cd,a9,04,24,ed,e0,1a,d7,56,05,88,\
21,28,e4,c2,93,00,16,d5,c2,d6,2b,26,5b,10,cb,95,a7,9e,75,3b,16,20,eb,ff,85,\
84,b5,4a,cf,44,09,b4,1e,2b,3c,b1,5d,a7,3f,37,09,0e,bc,6e,ee,58,81,05,9a,b3,\
53,8a,f6,5b,d6,f8,93,4f,67,8b,4b,2e,14,d6,3c,32,ee,a4,d6,41,5b,35,81,ae,cb,\
ad,af,1f,0f,8a,d3,f4,7b,6f,e0,b4,4c,0a,41,c6,8c,3f,86,1d,a3,9e,d8,e7,ea,75,\
d3,ce,60,6f,b0,63,d8,5e,18,47,ea,89,16,49,97,71,3e,64,e1,24,21,82,68,ac,05,\
ca,0c,ec,cf,83,d1,75,04,2d,cf,e5,c4,88,85,1f,39,96,fa,8c,88,c4,fc,ca,e0,09,\
da,4d,e2,27,cd,86,55,fe,9a,39,64,02,45,f4,9a,92,b7,04,3e,60,24,ce,56,4d,03,\
18,2f,11,4e,4f,56,c1,b7,99,83,80,86,9f,be,4b,db,b1,3c,c3,be,92,ae,83,da,7b,\
fb,84,56,bd,91,c6,e6,12,41,27,47,b9,52,72,7f,71,91,a2,fa,a2,e6,f1,7a,2e,95,\
01,0b,ad,6e,b4,83,c4,6c,72,fb,69,29,16,a0,35,8f,14,c3,4f,89,fb,e1,9e,ad,0b,\
b5,70,bb,94,63,44,e8,8f,4c,f3,4e,48,69,18,f2,33,85,a2,fa,f7,47,07,ce,e0,39,\
4b,4f,fc,95,13,39,6f,b7,58,13,da,81,5d,89,9b,8a,87,0a,07,b3,a1,9c,69,4c,07,\
5c,83,07,c8,cf,7f,fb,ca,72,2d,d7,00,9a,ca,1a,02,06,5c,43,75,d2,fd,0d,ff,72,\
f4,21,56,c0,af,3e,19,98,47,55,bd,22,4e,30,b4,c1,e0,97,12,39,63,d2,e6,a6,f0,\
49,28,d9,42,90,56,ab,90,3f,1e,38,bb,46,fd,e8,f5,a1,8d,fe,de,7e,30,03,6d,bd,\
c2,f2,e0,ea,7b,2a,9c,1a,8f,82,83,7c,53,a6,b3,75,7f,2a,42,a5,3d,3f,c2,34,cf,\
12,61,54,80,c3,41,6e,63,7b,c1,7a,61,12,ac,d6,9d,31,a1,31,c1,66,eb,30,02,6a,\
e1,cd,6c,52,36,31,86,f4,a3,71,0e,19,3e,36,74,3f,e0,99,21,cb,ed,29,57,ae,35,\
ca,09,1b,83,40,34,37,33,59,f2,d6,9e,1d,b6,27,9b,e1,d4,dd,9e,9a,c0,96,a3,5f,\
e7,f8,fb,87,d4,7d,b9,fb,63,8d,27,5b,76,36,f2,a1,7c,d0,1b,3f,b5,e6,de,15,0e,\
2d,1f,c3,9f,5b,75,d7,bc,40,91,9b,7b,54,79,bd,bd,b2,2a,dd,6f,8b,89,bc,44,ff,\
27,97,b6,39,94,5a,b2,f3,41,f5,f7,be,74,b6,a2,2c,33,87,cc,45,cc,7f,c9,cb,bc,\
5b,e5,38,9b,b9,3c,0b,bb,63,11,94,cd,2f,34,1c,fc,d8,73,47,78,97,b2,81,ca,57,\
2c,a7,5c,2c,b6,a6,24,3d,1f,71,a6,c0,4c,5d,a7,26,c6,64,9e,74,12,de,e6,3e,90,\
61,cc,ad,68,d0,c1,ae,b3,d0,74,fc,d3,8a,1f,f9,ac,2c,f8,53,fc,85,24,07,81,0d,\
9d,47,7c,79,0c,89,3e,c3,84,be,b1,7e,ba,22,8a,77,8a,7f,a1,c0,77,f2,5b,94,e6,\
fd,4e,65,7a,89,58,76,d9,f0,4b,38,9a,9b,8b,6a,f3,24,8b,91,b9,f4,b0,13,6d,77,\
fc,fd,3c,15,21,d8,5f,5f,41,cb,d3,de,a5,fd,63,00,e3,1c,5b,31,ee,8e,58,7b,28,\
43,b6,1e,7c,a4,82,56,fe,f0,f7,6b,02,d1,5f,2a,a2,4c,ae,38,7b,22,3d,7e,f9,ed,\
c7,61,f6,fe,42,72,09,3c,62,cc,6e,e4,cc,57,46,87,4a,9d,be,5a,7d,99,bd,b3,c6,\
34,29,40,92,3c,67,b7,33,34,ec,46,34,dc,a8,6e,d4,7e,8e,6d,f8,a5,72,b6,c1,5a,\
c9,99,78,4a,6b,8f,f0,44,de,55,f7,ac,2e,ad,89,3f,d4,57,49,09,82,cb,bd,c9,36,\
f9,b2,b1,53,57,fe,0a,0c,59,75,cc,6c,e9,35,5c,46,80,b9,f8,f9,27,fa,a0,0e,de,\
78,ad,33,de,fd,4d,4b,3d,f8,93,2f,73,04,b7,a4,9d,86,91,56,4a,97,be,73,ac,45,\
eb,b5,e0,b9,dc,d4,10,ee,4b,fa,c0,6b,80,ce,be,fa,d1,ff,02,a5,e5,22,78,2e,e6,\
6b,72,cf,ac,dc,32,e7,39,e8,a2,ab,9b,98,ab,e4,c8,72,21,fe,83,db,b4,9a,57,8f,\
f4,70,0b,39,ee,fb,aa,b1,0d,73,7e,ee,f2,ce,e0,b0,fe,c0,93,c9,e3,93,78,a8,a6,\
26,e9,01,d4,5f,f9,ef,55,f7,87,79,fd,7e,8e,0c,a3,9a,92,2c,e3,b8,29,74,86,f1,\
0a,42,f3,5c,24,53,b9,c8,a3,d6,26,4e,aa,4a,68,10,1e,ab,b7,a1,ed,b7,54,50,bb,\
09,96,56,c0,50,9a,38,99,3f,c8,3a,95,85,4f,df,19,98,9a,cb,43,dd,30,f5,8c,2f,\
47,78,81,b4,90,da,c4,b6,17,16,63,1e,0d,a4,e3,c8,28,6c,9b,7c,7c,76,55,90,8a,\
34,59,1a,20,50,37,db,97,1f,12,6f,ba,9f,ef,16,92,29,0a,2e,fb,9b,87,1e,d9,a4,\
54,00,eb,1a,b2,9d,3f,c2,93,b7,49,e8,2e,46,b8,83,f4,b6,19,38,a8,98,0e,70,b1,\
b2,24,81,26,c9,4e,69,88,2f,c9,14,07,31,15,a9,f4,40,45,13,9f,82,d0,16,37,f2,\
b0,ea,f2,c3,9c,51,bf,ea,09,f1,45,e6,c8,1a,9d,86,3e,9b,a3,3e,63,c7,cb,f8,b6,\
68,1e,3e,10,0f,4f,b3,a9,f5,b5,28,de,71,e7,04,d1,d9,b9,b8,b9,88,13,30,20,63,\
90,8b,8b,58,67,96,e7,e6,44,f8,a1,00,64,da,93,e0,cc,14,a7,1c,98,b7,9f,1d,eb,\
11,97,6b,c9,85,fa,98,87,29,88,d4,fa,25,e1,90,7b,2a,85,8a,d4,00,76,06,39,c0,\
10,a2,01,97,b6,8d,8a,ca,ec,3e,a6,af,2f,fb,0a,29,74,8e,7a,16,b4,8b,20,b3,2f,\
08,8a,a8,c2,b8,b2,d9,dd,56,11,17,63,c5,d7,0d,32,aa,71,e4,39,9d,8f,41,f3,c6,\
3c,c7,a6,d6,fb,0b,2c,f6,7c,76,cc,28,4c,49,54,fd,4f,9f,bb,50,1a,7a,26,ec,86,\
e6,57,e5,1d,b2,86,0a,e1,2a,80,14,2b,fc,81,28,f8,00,73,21,b3,9f,6e,f5,72,08,\
98,4f,9c,0e,80,73,30,51,b2,11,f5,cb,86,dd,c8,3d,93,0d,13,19,c5,52,9d,15,86,\
b2,9b,84,2d,1c,67,2f,22,ac,cc,bf,ed,29,1d,ac,3a,64,08,ed,3c,4a,b0,3c,a3,75,\
32,5c,f1,4c,46,9e,dd,e2,76,58,24,a7,c2,77,6c,fc,f9,82,4a,a5,59,1e,76,23,2a,\
19,e1,66,a8,a8,3c,9c,20,4e,4f,3f,92,61,48,82,b2,eb,d1,9e,33,a2,0a,ea,c5,38,\
ec,68,57,c0,fc,69,c5,a2,c6,55,5f,c2,3e,84,49,2d,0e,16,cc,11,e9,04,06,0c,69,\
f8,d5,bb,63,b3,9f,bc,51,49,3a,f2,c8,e0,3b,60,09,00,10,6b,f6,f8,92,95,48,89,\
5c,2a,cc,2e,f2,e8,cf,fe,8d,20,c5,8b,d5,35,3f,b1,28,f2,70,fd,5e,09,bc,a5,fd,\
35,5f,c2,36,8d,ef,b6,66,7c,9d,8e,b9,8d,a8,eb,4a,be,6b,4b,10,88,80,6e,f0,6c,\
29,3c,90,80,59,a5,46,c8,35,d9,e2,90,4d,67,e2,4f,fc,28,2d,19,8b,01,8a,73,67,\
03,f5,fa,ff,11,42,ab,d1,05,ec,f4,48,8e,c2,b2,db,b8,79,27,96,08,5a,42,69,0e,\
a1,40,6a,cd,25,f3,9c,dd,e9,cc,41,5c,ca,18,d2,0a,48,af,30,1d,a5,b5,a0,19,58,\
21,ae,3e,93,be,19,7e,02,60,fe,ba,28,1d,81,0b,f4,c3,13,f9,fb,68,52,71,2b,a3,\
12,b0,4e,0f,58,f6,0e,fc,7a,25,c5,2c,2a,64,8a,9b,3b,69,21,e0,74,b6,76,3c,43,\
57,a3,9e,99,15,f2,bd,28,35,f1,a2,ef,a7,c6,e4,8a,6d,ae,e3,ac,bf,6a,2f,39,cf,\
8a,95,45,04,32,1e,7f,b6,b4,1c,59,59,6b,1a,83,e6,8c,7d,f5,14,15,02,ce,f6,98,\
aa,b5,42,2d,71,7c,8b,08,e6,7f,bc,ed,57,05,7d,c6,74,b3,1d,51,1f,07,40,53,81,\
31,54,9a,82,11,f6,d6,53,74,e6,4c,ed,1e,76,53,7f,f8,c1,4d,ca,51,17,c3,b5,4f,\
80,f2,d2,f0,3b,1f,4c,74,bf,79,a9,0e,6c,da,f2,58,75,fb,58,0f,79,d9,f2,8c,d5,\
e5,23,9e,5a,20,44,5e,b1,19,3d,21,bd,f6,62,de,67,ca,79,97,1c,3b,3d,8f,b5,ef,\
fe,83,93,54,f7,e2,90,28,4d,33,7b,42,26,05,51,36,0e,d8,9c,83,19,3d,a3,cc,91,\
72,ae,3a,f0,c7,46,9e,ef,03,64,8f,46,24,ee,06,f5,5c,74,3c,63,c3,09,74,fd,80,\
c2,39,d6,aa,8d,52,5d,67,a2,0c,61,dc,56,8c,4c,8e,ff,bf,17,45,8d,64,45,4c,25,\
47,d7,f2,61,5b,d9,1d,d5,24,66,0d,85,e9,af,13,a1,30,17,68,c0,4d,93,c7,e8,60,\
5c,cd,a4,54,9f,26,16,8f,c3,c5,28,52,06,d0,b7,06,33,e9,ec,a0,8a,62,47,1f,99,\
76,c0,b9,67,49,76,97,ed,c7,4a,b9,7c,ba,36,0d,2d,41,c3,90,cd,91,64,2a,b4,8d,\
43,ca,f1,e4,7c,cc,e4,b8,2e,8b,d4,5e,02,df,11,76,5c,24,0d,6d,f6,0f,6b,ca,95,\
b5,db,25,56,06,6c,a7,03,54,be,d8,2f,34,e9,dd,48,12,82,a1,c1,6d,9e,53,d1,cb,\
d6,df,e6,41,0f,4f,dc,ec,38,9f,1a,38,16,d0,68,9d,ec,94,e7,85,1a,6d,b2,a8,fb,\
a1,1e,da,03,40,ce,93,f1,d6,ca,fc,87,e9,10,2f,ea,f1,c3,73,8a,96,51,87,d2,da,\
3f,d6,23,54,c4,f2,79,41,13,c2,e8,04,39,11,0a,d3,32,ab,c4,24,da,84,d4,63,a1,\
5a,d7,ab,f0,6e,8d,fb,9d,01,1a,b1,16,fd,2c,68,be,20,bd,c2,7e,11,62,55,c9,0a,\
e3,e3,f7,93,9b,d2,13,5e,b3,a7,43,33,f7,9c,cf,df,c7,f5,f0,85,2f,5c,7a,2d,4c,\
a1,14,b1,54,98,85,fc,69,0e,a2,5f,61,b8,c9,10,99,7e,c0,56,a1,e2,0e,a0,2b,f2,\
83,b4,45,95,4b,33,8c,70,f9,a5,0a,0f,73,dd,d4,59,1c,08,c9,35,f3,a9,e9,38,5f,\
30,c8,ea,bc,2a,f6,43,a8,17,ea,88,29,0a,a5,45,58,64,c3,c7,34,da,6f,ca,bc,73,\
c8,5e,3b,05,18,a3,c6,2b,62,59,80,55,c4,50,71,52,97,68,fb,b0,07,76,b1,6f,a4,\
ee,58,c0,58,7a,67,5c,eb,a1,8b,2a,ef,83,1a,a6,16,d8,8f,d1,e7,d7,fb,ac,cd,3e,\
c2,d9,86,66,20,05,28,59,93,60,42,ef,17,bb,be,0b,a1,1e,3e,4b,1d,da,60,90,18,\
c0,8e,8b,c7,09,be,31,25,17,1b,e5,23,b8,7f,dc,36,e7,3a,ed,9a,ad,0f,52,74,e6,\
ca,04,3a,f6,89,11,71,30,26,37,7a,b4,2d,6f,e5,a0,6d,d5,83,50,7e,c7,c3,6d,1c,\
25,08,8b,22,b1,ad,44,76,cf,c9,e3,f9,2c,95,35,69,a4,e5,dc,b0,44,77,ca,af,f6,\
c6,a8,64,d5,48,bd,dd,0d,91,df,f9,a0,86,c5,4e,ba,0d,a0,5e,27,c2,24,dd,74,8d,\
78,8a,73,54,7a,bc,80,03,7b,08,89,45,a2,2b,00,a1,05,2c,05,e7,9c,1c,68,8f,d6,\
51,df,7f,53,e7,8a,0e,40,3f,0b,52,81,39,3c,b6,d0,a4,74,15,22,cc,a1,eb,9c,a8,\
98,2c,8b,73,71,a2,e7,0e,fe,bf,ce,29,62,d9,1c,38,01,28,d0,88,10,72,b5,a4,28,\
d1,80,28,7d,52,98,60,41,82,df,13,7d,51,a4,6d,d4,21,dd,93,c1,98,77,ec,5f,69,\
e2,e9,0a,b7,e9,dc,90,22,c5,e5,d4,3b,c9,95,ae,88,7a,20,07,83,a7,a3,f1,ac,e4,\
d4,fa,33,22,ee,47,03,36,a1,97,f9,08,67,f2,88,51,1c,ed,7e,2a,d5,07,30,92,53,\
a2,a4,be,3a,25,f4,8b,d6,85,d4,97,fe,b0,80,9d,c8,e2,a8,ea,04,59,37,7c,b7,b8,\
54,34,98,90,04,ea,c4,75,d6,28,df,00,77,34,04,94,2f,7f,df,bc,84,86,1d,e4,d7,\
7a,5f,8c,04,8c,6f,2f,7f,05,52,cd,6a,91,8a,5b,ed,1c,67,c6,6d,36,f4,24,da,8a,\
78,ef,32,45,3b,7c,f6,24,3e,64,db,69,eb,15,33,29,05,24,d1,25,10,a0,68,cf,5a,\
c6,7e,89,b0,40,7b,46,1a,8b,fa,ae,ce,1f,38,d4,d8,fe,78,d7,63,08,25,e7,39,e0,\
9d,57,84,d5,73,3d,a4,b7,0f,15,70,90,b5,65,30,f7,df,9c,ae,c6,1c,48,03,ab,f2,\
ba,53,43,02,85,64,1d,6d,3b,1f,3e,f2,9a,c0,14,d3,5a,11,e9,30,f6,e3,19,be,0c,\
54,16,26,5c,c3,b6,ff,b3,33,08,82,e3,a9,e3,53,32,e8,db,8f,26,a4,c3,95,6c,64,\
5f,cf,b8,5c,87,87,f6,77,0d,c0,c3,ff,bc,17,fc,ab,e7,b9,5f,f3,8f,57,8e,61,5f,\
bd,a2,87,23,ef,59,5c,68,c4,3a,1d,88,11,44,8c,c3,33,ef,93,04,44,81,f2,92,a2,\
61,4b,de,c3,07,e1,82,fc,49,05,fa,6d,a1,c8,52,8e,86,6f,f6,5f,b5,0a,8c,0e,46,\
82,9a,4c,ae,74,fc,67,2d,24,d4,e5,44,14,41,9c,e0,c6,f8,fd,2a,3e,2b,de,16,08,\
24,04,b6,76,d9,1e,8a,ed,a4,22,84,2e,e4,7d,1a,56,8d,5e,0b,c3,88,78,b0,df,62,\
f4,45,5b,da,55,f0,80,d0,1d,6b,ff,43,2c,38,f4,7a,62,9b,f0,04,5e,04,2a,25,8f,\
e8,40,e0,a1,96,7e,e7,36,22,e9,2d,1c,1a,36,60,12,6b,73,91,fc,20,0e,23,b8,ec,\
ae,ef,7e,72,85,19,bd,91,98,7a,fa,a5,71,e3,1f,68,25,c9,66,55,56,c8,00,58,96,\
32,02,a4,73,b7,b8,d2,54,7f,8c,53,11,20,7e,88,7f,8a,8f,ae,8d,20,79,f3,bc,53,\
1a,c5,78,44,fc,f3,6f,d5,ec,03,e5,ee,4f,7a,61,99,6f,92,d1,7a,6d,82,43,ac,c4,\
89,f5,92,b9,76,6e,20,f2,06,2c,a4,16,17,8b,7d,61,62,c3,96,3e,86,c2,b7,4c,d1,\
f2,f7,14,23,9b,7d,3a,90,9f,55,af,c8,75,c8,39,38,42,1f,39,a0,3e,6c,c8,b4,a2,\
f6,10,60,f9,0a,e8,70,df,35,80,3d,20,fe,47,49,1b,01,e5,fc,56,9d,05,81,f9,38,\
14,82,9c,4a,47,97,2c,31,cc,7b,16,4a,99,88,ab,9e,5a,fd,63,d8,1c,98,23,81,75,\
1f,82,84,37,f6,63,29,f4,7d,7d,75,51,ea,3a,70,16,d1,13,d3,db,11,48,f3,b6,d5,\
30,5b,53,bd,d6,a8,6f,f1,0b,bc,41,bd,2f,33,17,f6,18,07,0d,71,9f,b0,af,01,09,\
d2,db,af,f1,d8,e8,ae,09,b6,a0,59,f3,9c,fb,c8,9c,96,b1,f6,f8,4b,e4,ad,1f,f2,\
50,c8,b9,de,e4,64,d8,e2,5e,20,69,ca,7d,3b,66,51,5d,b7,69,68,6c,1e,aa,ac,38,\
b6,b5,f8,5e,f0,ec,21,9b,e8,82,42,4c,88,ad,5e,df,e0,7c,45,bf,b1,1b,26,eb,79,\
1a,10,c2,0b,c6,8d,88,85,9e,ff,12,51,5f,18,e2,a1,a1,0f,cd,6d,09,d9,e6,01,8d,\
39,26,44,f7,0f,11,92,57,e5,ae,24,75,06,2f,5e,04,05,e2,5d,36,50,9e,3c,3e,fb,\
d7,49,b2,3f,64,8a,3f,15,a1,49,fe,ad,9e,f5,0e,43,b1,09,7f,05,f5,2c,7c,85,bf,\
ee,44,d8,13,6c,1d,fe,ec,59,f7,89,02,f2,a8,f5,4b,ec,88,c8,db,24,f2,fe,47,80,\
3d,08,ba,49,dc,7f,39,1a,73,3c,22,40,ff,84,d5,f1,1c,b8,26,af,fe,f6,45,a3,3d,\
b0,41,8d,ae,d2,2a,f6,cc,69,9c,a9,e4,79,e5,14,7d,02,5c,b5,4c,2b,b1,f0,e3,9f,\
79,e4,5b,88,38,49,5b,f5,9e,cd,fd,4b,03,86,b7,84,01,b7,9c,40,92,7d,82,ec,52,\
9e,ac,d9,9b,03,82,f0,7e,aa,a9,b9,0e,92,fc,28,16,74,a2,3e,bf,13,24,69,e6,8c,\
a5,bd,6b,1f,05,d6,9e,09,94,ae,68,b6,78,f1,0a,a7,58,bb,e9,7c,fd,83,95,06,61,\
31,f2,93,78,1d,06,92,6f,f5,eb,e4,44,d3,e3,f9,25,d5,79,12,b9,22,21,62,ab,36,\
c6,e8,19,41,e4,aa,36,5e,04,c3,c4,d1,d7,28,54,3e,f2,c6,32,99,c8,b1,d3,18,35,\
91,18,70,3a,92,cf,1c,85,23,18,3b,24,20,6d,fb,12,3d,2d,dd,8c,1b,56,54,1f,49,\
d1,bf,7b,d3,5b,7b,6e,f4,3e,57,47,36,f7,8a,87,89,49,1f,d7,b7,f7,a4,5d,be,c2,\
02,ee,ff,d9,c7,a0,1a,75,9e,a6,b7,86,f5,de,8e,41,a3,0e,c8,91,f6,9b,f9,af,66,\
a6,fe,31,c4,d7,f3,61,18,3f,e5,7c,c6,ce,86,ec,91,68,5f,2a,bc,43,be,e9,44,be,\
78,6c,3c,78,cd,57,79,b2,2d,4a,a8,8c,a5,0e,b8,2a,0e,b9,47,d6,04,f7,f9,66,1d,\
ba,de,f7,5a,8a,be,5f,45,df,77,24,4e,96,87,22,c1,43,ef,96,15,c9,da,b0,fa,c7,\
cc,b6,9e,8a,8a,9f,21,18,65,0b,a4,1d,a9,a6,6c,98,1d,c0,70,fb,ac,37,36,36,75,\
75,76,fb,d1,8c,aa,1b,c5,b3,b2,28,55,40,ea,56,68,ab,9d,64,c0,32,76,28,65,09,\
d5,75,80,34,ea,19,68,95,66,76,ad,c3,a8,a4,54,cc,50,08,b6,27,e9,47,df,c0,1d,\
f7,b7,4b,bd,11,51,d8,85,8c,73,79,4b,72,73,39,74,2f,c1,25,e6,ac,ca,31,3d,24,\
d2,2e,d9,be,91,51,f1,db,6d,25,5d,1f,7f,ca,bb,7f,e3,f3,4e,7d,93,8a,5c,27,95,\
6c,90,e6,29,7e,25,7e,c6,a3,8c,da,f5,a9,89,9a,15,3f,54,fa,e6,36,6f,27,9b,37,\
ce,b7,96,d1,5e,2e,72,a8,e8,80,81,11,32,d6,31,98,64,c0,4d,70,d5,c6,f9,05,63,\
59,28,77,ab,20,a0,23,29,ec,4f,55,ec,0b,a5,c1,5c,0c,d4,e6,8a,fe,a8,41,dd,91,\
80,b8,1c,9b,03,69,d8,36,dd,40,ef,bb,8b,5b,ea,72,1e,28,6d,1a,70,ef,fd,66,cb,\
ff,4b,fb,df,5d,a1,8b,51,ce,2e,29,90,94,1e,58,07,70,60,31,7e,c0,89,d3,a2,ca,\
cf,a2,8a,87,01,98,07,00,aa,50,5d,82,ef,f2,b9,a1,20,0e,25,e3,4d,a7,ba,29,02,\
1c,cb,c6,60,4c,49,fc,fc,ba,5c,b9,d7,68,f2,56,15,24,fe,e5,70,97,60,84,ad,e5,\
ee,6f,c9,37,08,cd,25,c0,e2,ab,31,99,30,38,1e,b0,29,d8,48,e9,8b,77,05,ce,37,\
b5,cd,bb,b1,71,64,66,ae,98,62,6e,95,ee,46,36,43,12,1c,5b,d0,41,3c,59,6d,e1,\
ed,6c,dc,42,92,54,77,eb,55,69,0e,7d,a3,5d,17,05,28,9c,76,7d,4a,e3,49,c9,7a,\
90,8a,ef,ff,f3,0a,8e,f5,c7,c4,9b,f4,88,a0,a0,95,ee,6a,27,e1,d6,78,a4,71,5d,\
fd,be,19,93,f9,cc,28,d8,92,1f,77,c1,26,ed,89,dc,5e,16,e8,87,49,f2,82,2a,6b,\
91,8c,70,d0,68,43,ff,c0,73,7d,a0,08,59,73,72,d9,ee,47,5a,8c,c8,d3,b6,be,b0,\
85,8a,f4,4d,f1,4c,3c,b9,c2,44,69,68,83,17,d6,33,d7,ca,8b,92,92,51,4b,45,3c,\
77,55,08,cb,19,d6,ff,78,6a,ec,2d,2d,43,fc,62,67,19,e7,f9,03,f4,af,ed,e4,fd,\
3a,1d,b7,09,f0,79,8a,be,0b,1b,87,9a,20,c2,7b,ba,f7,6a,80,d1,81,96,2e,82,de,\
9d,b5,08,66,27,39,2c,ce,e2,c1,75,9d,3d,c1,e1,6b,93,78,c2,82,e6,c8,11,25,90,\
39,68,19,71,15,c2,75,0d,3a,ab,d1,b5,1c,c5,48,eb,87,af,38,3b,df,92,61,00,bd,\
db,25,ef,02,09,84,bc,d6,80,3f,d5,f1,59,d9,87,b0,29,ec,f1,74,41,58,14,80,0b,\
35,4d,70,c5,b7,69,81,46,78,c2,37,9f,5b,1f,eb,0e,86,2b,15,f6,6b,2a,90,58,d9,\
51,d3,2f,99,f9,e1,05,de,b6,40,30,25,17,85,66,59,74,8a,85,7d,86,db,31,58,3e,\
4e,81,b5,97,c9,d1,4e,e5,9b,e5,4b,64,39,72,83,61,8f,e2,bc,8c,79,30,8c,8f,d3,\
fd,f9,32,a4,d3,b6,e7,b3,05,24,90,53,d7,66,a9,0b,44,fe,81,a2,44,fb,26,0d,60,\
10,1e,6f,26,c1,01,aa,e3,8b,63,50,e4,34,47,74,7f,e8,f2,0f,6f,de,72,15,17,6e,\
ef,29,e8,47,f2,f8,b7,b8,44,ee,c4,29,c8,a5,20,53,4a,b0,82,7f,c3,b0,51,b3,b4,\
7e,eb,3b,b6,23,17,e5,5c,bd,96,a5,27,11,44,c8,6f,67,02,70,27,81,97,be,42,3e,\
da,64,2a,fc,41,60,f3,1c,78,36,b0,f5,31,44,76,6e,36,00,9c,f5,32,b7,cd,4d,ae,\
d8,1b,ff,db,a4,cc,30,5a,ec,65,75,de,f8,01,6d,d6
"?祥"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-725345543-1788223648-839522115-1003\ ?・f*NULL*t*NULL*w*NULL*a*NULL*r*NULL*e*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-08 1:43:18
ComboFix-quarantined-files.txt 2009-01-08 06:43:15
ComboFix2.txt 2009-01-07 06:43:42

Pre-Run: 376,330,194,944 bytes free
Post-Run: 376,363,515,904 bytes free

935 --- E O F --- 2008-12-19 08:01:47

MBAM:

Malwarebytes' Anti-Malware 1.32
Database version: 1629
Windows 5.1.2600 Service Pack 2

08/01/2009 3:17:51 AM
mbam-log-2009-01-08 (03-17-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 227586
Time elapsed: 1 hour(s), 2 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 61

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\barinoka.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bijepivo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\damahifi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\defurine.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dojodojo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gohugomo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\humevose.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\humisure.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jekosefu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jogejoze.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\luveteyo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\modigege.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pugofohe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rehenano.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sejazogu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tipiyipo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vovunahe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yubabipu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yusoviyo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zikebenu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fawaputu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gavehere.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gohubine.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP242\A0040318.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP242\A0040319.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP242\A0040320.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP244\A0040630.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP244\A0040631.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP246\A0040878.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP246\A0040880.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP246\A0040881.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP247\A0040998.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP247\A0041037.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP247\A0041038.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041063.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041064.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041065.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041066.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041068.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041070.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041071.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041072.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041073.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041074.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041075.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041077.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041078.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041081.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041083.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041085.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041086.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041088.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041089.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041090.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB68D269-8205-4475-A741-1377B238201C}\RP248\A0041076.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hupojoyu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wufahasa.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wutunoyu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yofabutu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.

And HJT
Everything seems to be working much faster and smoother now, and I haven't gotten any annoying pop ups.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:12 AM, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 8297 bytes

For some reason, combofix is not installing Recovery Console for you. This is your system:
Microsoft Windows XP Professional SP2
This is the download you will need:
http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124&displaylang=en

follow these directions:

I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.
If you do not have access to Recovery Console via a Windows CD, I strongly advise you to install this tool.
If you do not wish to install RC, let me know so I can continue with the cleanup.
If you install RC, post the C:\*CF-RC.txt*.

http://img.photobucket.com/albums/v666/sUBs/RC1-4.gif

Since we do not need to scan with combofix, click NO

http://img.photobucket.com/albums/v666/sUBs/RC_whatnext.gif

http://img.photobucket.com/albums/v666/sUBs/RC_AllDone.gif

Here is the CF-RC:

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, update it and run it once a month or so)

Update McAfee and scan the system, to be sure it is running right and scanning clean. If you have problems with the program, contact tech support for instructions.
http://www.mcafee.com/us/support/

If all is well at this point, let me know and I will close the topic.


Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html

My computer is virus free! Thanks so much for your time and patience! :angel:

Thanks for taking the time to let me know, safe surfing and Happy New Year:santa: