Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot access a folder due to a weird Dr Watson virus


  • This topic is locked This topic is locked
32 replies to this topic

#1 freeeeestyle

freeeeestyle

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 23 November 2008 - 02:51 PM

For the first few days everything worked fine. However, just today whenever I try to open one folder, where i have most of my stuff (movies, school projects, games etc), I get this Windows Explorer needs to close popup, followed by a Dr Watson Postmortem Error - which caused the PC to freeze. It required a manual reboot to start the PC again (Sometimes i can simply send an error report and its over, but yeh, sometimes reboot is the only way :/) . Please help :thumbsup: ! I just can't access that folder, I cant scan that folder or anything like that. This is a beast :/ Btw, my computer might have a copy version of windows XP PRO

Well I just scanned my comp with HiJackThis and here is the logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:37, on 23.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\System32\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mihkel\Desktop\HiJackThis(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\bearflix.exe" /pause
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [C:\windows\system32\kdfai.exe] C:\windows\system32\kdfai.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Explorer] C:\Windows\System32\explorer.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: TrioBet Poker - {019BB34E-96AC-4aa7-A5DE-3CC7442D4E38} - C:\Microgaming\Poker\TriobetMPP\MPPoker.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24A5A84E-9EB0-43F4-884B-1F961EB7BE39}: NameServer = 85.255.112.204;85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4645F08-83E2-4738-9111-E3E06FABA05D}: NameServer = 85.255.112.204;85.255.112.83
O20 - Winlogon Notify: Läbu - Läbu.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8752 bytes

Edited by freeeeestyle, 23 November 2008 - 03:23 PM.


BC AdBot (Login to Remove)

 


#2 freeeeestyle

freeeeestyle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 30 November 2008 - 09:57 AM

Could someone help??

Edited by freeeeestyle, 30 November 2008 - 09:58 AM.


#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:46 AM

Posted 01 December 2008 - 12:54 AM

Hello freeeeestyle,


You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 10.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u10-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
****************

I notice that you have Spybot's TeaTimer running.
While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes.
So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

****************

You have a suspicious file we need to check.

You will need to see hidden files, so follow these directions:
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'


Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\windows\system32\kdfai.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.
Once scanned, copy and paste the results in your next reply.

NOTE: I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to reply.
You can copy/paste the results of scan results here.

****************

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it.
Click Next, then Install, then make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.

You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts.

 If your system does not reboot, then reboot it manually.

Please boot into Normal Mode and select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix"

O3 - Toolbar: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{24A5A84E-9EB0-43F4-884B-1F961EB7BE39}: NameServer = 85.255.112.204;85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4645F08-83E2-4738-9111-E3E06FABA05D}: NameServer = 85.255.112.204;85.255.112.83
O20 - Winlogon Notify: Läbu - Läbu.dll (file missing)


Close HijackThis, and click OK to proceed.


* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step.

Double-click the Network Connections icon
Right-click the Local Area Connection icon and select Properties.
Higlight Internet Protocol (TCP/IP) and click the Properties button.
Be sure Obtain DNS server address automatically is selected.
OK your way out.

* Go to Start > Run and type in cmd
Click OK.
This will open a command prompt.
Type or copy and paste the following line in the command window:

ipconfig /flushdns

Hit Enter.
Exit the command window.


Reboot your computer again.

Please post the contents of the logfile C:\fixwareout\report.txt, a new HijackThis log, and Virus Total results.

Edited by SifuMike, 01 December 2008 - 01:09 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 freeeeestyle

freeeeestyle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 01 December 2008 - 12:19 PM

Thank you for helping :thumbsup:

When i go to http://www.virustotal.com/en/indexf.html and brose kdfai.exe from system 32, it will say "0 bytes size received / Se ha recibido un archivo vacio"
Has my cool computer deleted this file?

And i can't download FixWareout from those sites.

Edited by freeeeestyle, 01 December 2008 - 12:20 PM.


#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:46 AM

Posted 01 December 2008 - 01:13 PM

Hi,

Has my cool computer deleted this file?


Do a files search for the file:
C:\windows\system32\kdfai.exe

Tell me if you find it. It may be gone, previously deleted by your antivirus.




And i can't download FixWareout from those sites.


FixWareout has justed been pulled from service. :thumbsup:


I notice that you have Spybot's TeaTimer running.
While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes.
So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 01 December 2008 - 01:15 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 freeeeestyle

freeeeestyle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 01 December 2008 - 03:48 PM

Do a files search for the file:
C:\windows\system32\kdfai.exe

Tell me if you find it. It may be gone, previously deleted by your antivirus.


Nope, the search doesn't find it.



Sorry, it took long time to reply, because the scan took like 2,5 hours. But here are the results.. Btw, 1 error occurred.
___________________________________________________________________________________________________________________________

Malwarebytes' Anti-Malware report:



Malwarebytes' Anti-Malware 1.30
Database version: 1441
Windows 5.1.2600 Service Pack 2

1.12.2008 22:39:56
mbam-log-2008-12-01 (22-39-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 205904
Time elapsed: 1 hour(s), 49 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 29
Registry Values Infected: 4
Registry Data Items Infected: 15
Folders Infected: 4
Files Infected: 30

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\urqQiGVN.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vhkquaop.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efcYropm.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f9f7980-706a-4633-9c31-cca2f9acd183} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcyropm (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1f9f7980-706a-4633-9c31-cca2f9acd183} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b055b0d-b527-4faa-b6ba-3f3fad1ac6cc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7b055b0d-b527-4faa-b6ba-3f3fad1ac6cc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f9f7980-706a-4633-9c31-cca2f9acd183} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{336e6813-a841-40f7-b5d7-3cc60230495f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{336e6813-a841-40f7-b5d7-3cc60230495f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7b055b0d-b527-4faa-b6ba-3f3fad1ac6cc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1e22eb8-2ae8-4e8e-96ae-74f2a1764533} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{be2ed590-ca49-46b5-8cce-244fb2e0d1aa} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45f09f0f-cd15-4dc7-8649-fe6c4ea75a4f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c30a4ddc-ee8a-ab3e-dae8-501bb5cfab07} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c30a4ddc-ee8a-ab3e-dae8-501bb5cfab07} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef0c94dd-283b-14c9-0efd-8935f006b07b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef0c94dd-283b-14c9-0efd-8935f006b07b} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7cf40399 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1f9f7980-706a-4633-9c31-cca2f9acd183} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gjhrhyefcpllk (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqqigvn -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdfai.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqigvn -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24a5a84e-9eb0-43f4-884b-1f961eb7be39}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.204;85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c4645f08-83e2-4738-9111-e3e06faba05d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.204;85.255.112.83 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c4645f08-83e2-4738-9111-e3e06faba05d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.204;85.255.112.83 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{24a5a84e-9eb0-43f4-884b-1f961eb7be39}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.204;85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{24a5a84e-9eb0-43f4-884b-1f961eb7be39}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.204;85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c4645f08-83e2-4738-9111-e3e06faba05d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.204;85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c4645f08-83e2-4738-9111-e3e06faba05d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.204;85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{24a5a84e-9eb0-43f4-884b-1f961eb7be39}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.204;85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c4645f08-83e2-4738-9111-e3e06faba05d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.204;85.255.112.83 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c4645f08-83e2-4738-9111-e3e06faba05d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.204;85.255.112.83 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{24a5a84e-9eb0-43f4-884b-1f961eb7be39}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.204;85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{c4645f08-83e2-4738-9111-e3e06faba05d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.204;85.255.112.83 -> Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\SrchAstt (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mihkel\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\efcYropm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqQiGVN.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\NVGiQqru.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\NVGiQqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gcujeglx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlgejucg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vhkquaop.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\poauqkhv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUmKbBr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rBbKmUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rBbKmUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdfai.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\WINDOWS\system32\explorer.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\System Volume Information\_restore{CDC3A393-4454-4DD1-B745-C8FFF27EC607}\RP844\A0277942.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CDC3A393-4454-4DD1-B745-C8FFF27EC607}\RP844\A0279161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbYQjJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwTLCV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\up2\EXNL47i.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mihkel\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mihkel\Desktop\Virus - The God Dam Cyrus\Stuff\SonyVegas08\Sony.Vegas.Pro.8+DVD.Architect.4.5.NO.KEYGEN\keygen.exe (Backdoor.SDBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ccuurpubhhvfdmc.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\dwwnw64r.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\whbeyropwybz.dll (Adware.BHO) -> Delete on reboot.


Fresh HijackThis log report : I will in few minutes

Edited by SifuMike, 01 December 2008 - 03:58 PM.
took out quotes so I could read it


#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:46 AM

Posted 01 December 2008 - 03:59 PM

Hi,

Please DO NOT put your replies in quotes. I had to edit you previous post so I could read it.
Use the AddReply button to post your reply, not the Quotes button.

Please disable AVAST anti-virus program before running Kaspersky Online Scanner.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Close any open browsers

Please do a scan with Kaspersky Online Scanner

You can refer to this animation by sundavis.


Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
This scanner will only scan. It does not remove any malware it finds.

Edited by SifuMike, 01 December 2008 - 05:05 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 freeeeestyle

freeeeestyle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 02 December 2008 - 02:51 AM

Im quite screwed. After the scan i restarted my computer and once i logged back in i had no internet connection. Im not able to get in touch with you while im at home, atm im at my teachers's computer. Il get in touch with you asap. I got no clue why my internet got lost after scan :/

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:46 AM

Posted 02 December 2008 - 10:40 AM

Very strange, as Kaspersky Online Scanner does not remove anything, so that is not the problem. It just lists virus, and trojans on your computer.

It may be the keygens you downloaded hosed your computer. :thumbsup:
Keygens are always loaded with a boatload of malware.


Lets try this:
Go to Start > Control Panel, double click on Network Connections
Right click the default connection and select: Properties
(For Cable or DSL, right-click: Local Area Connection )

In the Properties box,
Under: This connection uses the following items
Double-click on the Internet Protocol (TCP/IP) item

Is the following checked?:
Obtain DNS servers automatically

If it is not checked, and there are other settings, write them down in case you need to change them back to what they were.
Then, check: Obtain DNS servers automatically
Press OK twice to go out of the Properties screens



Sometimes a bad DNS entry is cached...

To get rid of it, go to Start > Run, and type in: cmd
Press: Enter after the above, and after every command below:
At the prompt, type in: cd\
At C:\> type in:
ipconfig /flushdns

Click: OK

or, take a look at what is in there...

Go to Start > Run, and type in: cmd
Press: Enter after the above, and after every command below:
At the prompt, type in: cd\
At C:\> type in:
ipconfig /displaydns

Type: Exit to go out of the Command prompt

Let me know!  :)

Edited by SifuMike, 02 December 2008 - 10:43 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 freeeeestyle

freeeeestyle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 03 December 2008 - 01:31 AM

Thanks for tip. Il try it as soon as i arrive home :thumbsup:

You are amazing, it worked, connection is back. Il post the scan results in a min
Obtain DNS server was unchecked

Edited by freeeeestyle, 03 December 2008 - 11:11 AM.


#11 freeeeestyle

freeeeestyle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 03 December 2008 - 11:38 AM

Btw, When i scanned with Malwarebytes before, it didn't delete all the files needed, its not a big problem imo, but maybe it tells something to you.
http://img100.imageshack.us/img100/613/error5kp5.jpg


Here is HiJackThis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:59, on 3.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\MMTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\windows\system32\rundll32.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mihkel\Desktop\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F9F7980-706A-4633-9C31-CCA2F9ACD183} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6DDFBBE5-B0DE-4790-A589-20C8A4AC3114} - (no file)
O2 - BHO: (no name) - {74C59DAA-E2E7-42C2-98E4-47A8C4D4D02D} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {92506C76-4ADE-4816-A5E9-F0F4C5CCD5FE} - C:\WINDOWS\system32\urqQiGVN.dll (file missing)
O2 - BHO: (no name) - {9814E9EC-58E0-4753-BC23-79C619556762} - (no file)
O2 - BHO: (no name) - {A81C569B-8737-406A-9B7D-0B817E51A66E} - (no file)
O2 - BHO: (no name) - {C30A4DDC-EE8A-AB3E-DAE8-501BB5CFAB07} - (no file)
O2 - BHO: (no name) - {C4A6C0AF-8DF8-4D79-A6BE-607A0BBF5B59} - (no file)
O2 - BHO: (no name) - {CB0923F3-C62A-4892-9864-22F7C9687A75} - (no file)
O2 - BHO: (no name) - {D5935D3F-ED4D-48F9-8953-9C64EE6CBF94} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DD778AE4-F9F1-4B0B-9519-B6D84096B1BA} - (no file)
O2 - BHO: (no name) - {DE580087-A560-4FE2-A05F-73B479575D55} - (no file)
O2 - BHO: (no name) - {E12B397D-0BAF-4B29-9A98-2D1DFC35DEE2} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EF0C94DD-283B-14C9-0EFD-8935F006B07B} - (no file)
O3 - Toolbar: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\bearflix.exe" /pause
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [C:\windows\system32\kdfai.exe] C:\windows\system32\kdfai.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: TrioBet Poker - {019BB34E-96AC-4aa7-A5DE-3CC7442D4E38} - C:\Microgaming\Poker\TriobetMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O20 - Winlogon Notify: efcYropm - C:\WINDOWS\
O20 - Winlogon Notify: Läbu - Läbu.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9607 bytes






________________________________________________________________________________
Here is Kaspersky Online Scanner report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 3, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 03, 2008 10:22:18
Records in database: 1434527
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 153954
Threat name: 13
Infected objects: 21
Suspicious objects: 0
Duration of the scan: 03:03:15


File name / Threat name / Threats count
C:\autorun.inf Infected: Worm.Win32.AutoRun.nuu 1
C:\Documents and Settings\Mihkel\Application Data\Sun\Java\Deployment\cache\6.0\34\6df4ce22-386a13e6 Infected: Trojan-Downloader.Java.OpenConnection.ak 2
C:\Documents and Settings\Mihkel\Application Data\Sun\Java\Deployment\cache\6.0\34\6df4ce22-386a13e6 Infected: Trojan.Java.ClassLoader.aq 1
C:\Documents and Settings\Mihkel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-611cd07b-14d03f1c.zip Infected: Trojan-Downloader.Java.OpenConnection.ak 2
C:\Documents and Settings\Mihkel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-611cd07b-14d03f1c.zip Infected: Trojan.Java.ClassLoader.aq 1
C:\Documents and Settings\Mihkel\Desktop\Virus - The God Dam Cyrus\Music\Gala - Freed from Desire - Mr Jack club mix.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Mihkel\Desktop\Virus - The God Dam Cyrus\Music\Incomplete\T-3515161-beer beer beer rob manuel - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Mihkel\Desktop\Virus - The God Dam Cyrus\Music\Incomplete\T-3545425-beer beer beer.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Mihkel\Local Settings\Temporary Internet Files\Content.IE5\ET0VQXCT\index[1].php Infected: Trojan-Downloader.JS.Tabletka.a 1
C:\Program Files\SCAR 3.11\includes\SRL\SCSS\SCSS.exe Infected: Backdoor.Win32.Delf.ixb 1
C:\Program Files\SCAR 3.12\includes\SRL\SCSS\SCSS.exe Infected: Backdoor.Win32.Delf.ixb 1
C:\Temp\dAW8U7.exe Infected: Trojan-Downloader.Win32.Small.buy 1
C:\Temp\dAW8U7.exe Infected: Trojan-Downloader.Win32.Agent.akwa 1
C:\Temp\dAW8U7.exe Infected: Trojan-Downloader.Win32.Agent.afzg 1
C:\WINDOWS\system32\dPI13\dPI131084.exe Infected: Trojan-Downloader.Win32.VB.fen 1
C:\WINDOWS\system32\g86.exe Infected: Trojan-Clicker.Win32.Agent.bsk 1
C:\WINDOWS\system32\rcntlsdl.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ca 1
C:\WINDOWS\system32\rswnw64k.exe Infected: Trojan-Downloader.Win32.Agent.afzg 1
C:\WINDOWS\system32\sn1.exe Infected: Trojan-Downloader.Win32.VB.fen 1

The selected area was scanned.

Edited by freeeeestyle, 03 December 2008 - 02:35 PM.


#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:46 AM

Posted 03 December 2008 - 02:25 PM

When i scanned with Malwarebytes before, it didn't delete all the files needed, its not a big problem imo, but maybe it tells something to you

.

Did you disable Teatimer before running MalwareBytes?

Edited by SifuMike, 03 December 2008 - 02:27 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 freeeeestyle

freeeeestyle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 03 December 2008 - 02:35 PM

Yes I did. I'l let it rescan later, just to be sure..

Edited by freeeeestyle, 03 December 2008 - 02:39 PM.


#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:46 AM

Posted 03 December 2008 - 02:55 PM

Download Lop S&D
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

You can enable them after the scan.

You can find a detailed instructions with visuals here

Double-click Lop S&D.exe

If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 freeeeestyle

freeeeestyle
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 03 December 2008 - 03:13 PM

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : Mihkel ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1201 [VPS 080528-0] 4.8.1201 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:5 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( K 03.12.2008|22:05 )

--------------------\\ Listing folders in APPLIC~1

[06.09.2006|19:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[10.03.2007|22:58] C:\DOCUME~1\ADMINI~1.MIH\APPLIC~1\Microsoft

[16.10.2008|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{DE097E60-7F86-4350-B083-1F09B6906C92}
[07.04.2008|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[30.12.2007|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[15.11.2008|13:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[15.11.2008|13:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[18.08.2008|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[03.07.2007|02:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[06.07.2008|17:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[05.02.2006|14:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blueberry
[10.06.2008|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Codemasters
[10.01.2006|22:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[30.12.2007|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[05.05.2008|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FlashFXP
[02.03.2008|16:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[12.11.2006|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ghost Controls
[01.12.2006|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[01.12.2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[10.09.2008|18:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10.06.2008|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Protexis
[13.05.2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PY_Software
[13.05.2008|23:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Seiz System Engineering
[01.01.2007|23:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[19.10.2008|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[24.12.2006|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[24.08.2008|13:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[18.07.2007|23:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SwiftSwitch
[14.09.2006|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[24.12.2006|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[16.11.2008|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22.11.2008|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
[10.01.2006|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[13.08.2008|02:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[10.01.2006|21:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[27.08.2007|09:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[07.04.2008|20:41] C:\DOCUME~1\Mihkel\APPLIC~1\Adobe
[24.12.2006|23:33] C:\DOCUME~1\Mihkel\APPLIC~1\AdobeAUM
[13.10.2008|23:17] C:\DOCUME~1\Mihkel\APPLIC~1\AdobeUM
[30.12.2007|17:19] C:\DOCUME~1\Mihkel\APPLIC~1\Ahead
[23.05.2006|18:41] C:\DOCUME~1\Mihkel\APPLIC~1\Apple Computer
[24.08.2008|13:07] C:\DOCUME~1\Mihkel\APPLIC~1\ATI
[31.03.2008|22:50] C:\DOCUME~1\Mihkel\APPLIC~1\Audacity
[31.03.2008|21:59] C:\DOCUME~1\Mihkel\APPLIC~1\AVS4YOU
[06.07.2008|17:05] C:\DOCUME~1\Mihkel\APPLIC~1\Azureus
[26.01.2006|19:46] C:\DOCUME~1\Mihkel\APPLIC~1\Blueberry
[21.12.2007|14:15] C:\DOCUME~1\Mihkel\APPLIC~1\BSplayer Pro
[24.04.2007|16:01] C:\DOCUME~1\Mihkel\APPLIC~1\Command & Conquer 3 Tiberium Wars
[08.12.2007|19:56] C:\DOCUME~1\Mihkel\APPLIC~1\CyberLink
[26.10.2008|20:55] C:\DOCUME~1\Mihkel\APPLIC~1\DAEMON Tools
[27.09.2008|23:19] C:\DOCUME~1\Mihkel\APPLIC~1\dvdcss
[05.10.2008|21:26] C:\DOCUME~1\Mihkel\APPLIC~1\Eltima Software
[03.02.2008|13:09] C:\DOCUME~1\Mihkel\APPLIC~1\Gearbox Software
[13.04.2007|14:56] C:\DOCUME~1\Mihkel\APPLIC~1\GetRightToGo
[11.12.2006|21:00] C:\DOCUME~1\Mihkel\APPLIC~1\Google
[13.08.2008|23:58] C:\DOCUME~1\Mihkel\APPLIC~1\GrabPro
[03.12.2008|18:01] C:\DOCUME~1\Mihkel\APPLIC~1\Hamachi
[17.05.2006|16:54] C:\DOCUME~1\Mihkel\APPLIC~1\Help
[10.01.2006|21:54] C:\DOCUME~1\Mihkel\APPLIC~1\Identities
[19.08.2008|14:24] C:\DOCUME~1\Mihkel\APPLIC~1\IGN_DLM
[02.04.2008|15:26] C:\DOCUME~1\Mihkel\APPLIC~1\InstallShield
[25.01.2006|21:22] C:\DOCUME~1\Mihkel\APPLIC~1\Lavasoft
[14.04.2006|16:24] C:\DOCUME~1\Mihkel\APPLIC~1\Leadertech
[01.03.2006|21:03] C:\DOCUME~1\Mihkel\APPLIC~1\Macromedia
[01.12.2008|20:48] C:\DOCUME~1\Mihkel\APPLIC~1\Malwarebytes
[23.11.2008|22:41] C:\DOCUME~1\Mihkel\APPLIC~1\Media Player Classic
[08.09.2008|19:19] C:\DOCUME~1\Mihkel\APPLIC~1\Microgaming
[16.10.2008|21:19] C:\DOCUME~1\Mihkel\APPLIC~1\Microsoft
[03.11.2007|23:37] C:\DOCUME~1\Mihkel\APPLIC~1\mIRC
[10.01.2006|22:34] C:\DOCUME~1\Mihkel\APPLIC~1\Mozilla
[28.02.2007|07:21] C:\DOCUME~1\Mihkel\APPLIC~1\MSNInstaller
[01.05.2007|14:56] C:\DOCUME~1\Mihkel\APPLIC~1\MusicIP
[03.12.2008|18:01] C:\DOCUME~1\Mihkel\APPLIC~1\Orbit
[08.04.2006|20:57] C:\DOCUME~1\Mihkel\APPLIC~1\Publish Providers
[26.03.2008|20:44] C:\DOCUME~1\Mihkel\APPLIC~1\Real
[24.04.2007|15:15] C:\DOCUME~1\Mihkel\APPLIC~1\SecuROM
[21.01.2006|17:29] C:\DOCUME~1\Mihkel\APPLIC~1\Seven Zip
[09.03.2007|07:21] C:\DOCUME~1\Mihkel\APPLIC~1\Skype
[10.05.2006|16:24] C:\DOCUME~1\Mihkel\APPLIC~1\SmartFTP
[16.11.2008|01:38] C:\DOCUME~1\Mihkel\APPLIC~1\Sony
[18.10.2008|20:38] C:\DOCUME~1\Mihkel\APPLIC~1\Sony Setup
[15.01.2006|14:05] C:\DOCUME~1\Mihkel\APPLIC~1\Sun
[17.01.2006|22:27] C:\DOCUME~1\Mihkel\APPLIC~1\Symantec
[28.02.2007|22:45] C:\DOCUME~1\Mihkel\APPLIC~1\Syntrillium
[24.08.2008|13:07] C:\DOCUME~1\Mihkel\APPLIC~1\SystemRequirementsLab
[10.01.2006|22:34] C:\DOCUME~1\Mihkel\APPLIC~1\Talkback
[01.01.2007|23:05] C:\DOCUME~1\Mihkel\APPLIC~1\teamspeak2
[24.12.2006|22:34] C:\DOCUME~1\Mihkel\APPLIC~1\Teleca
[10.01.2006|22:34] C:\DOCUME~1\Mihkel\APPLIC~1\Thunderbird
[30.07.2007|16:47] C:\DOCUME~1\Mihkel\APPLIC~1\U3
[02.12.2008|07:13] C:\DOCUME~1\Mihkel\APPLIC~1\uTorrent
[01.12.2007|12:05] C:\DOCUME~1\Mihkel\APPLIC~1\Ventrilo
[10.03.2007|23:26] C:\DOCUME~1\Mihkel\APPLIC~1\vlc
[30.11.2008|16:33] C:\DOCUME~1\Mihkel\APPLIC~1\Vso

[23.11.2008|20:08] C:\DOCUME~1\Mihkel2\APPLIC~1\Microsoft


[10.01.2006|21:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03.12.2008 18:00][--a------] C:\WINDOWS\tasks\nsglhuvg.job
[22.11.2008 11:41][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[03.12.2008 17:37][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04.08.2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[03.04.2008|23:40] C:\Program Files\802.11 Wireless LAN
[10.01.2006|22:22] C:\Program Files\ACE Mega CoDecS Pack
[13.05.2008|21:46] C:\Program Files\Active WebCam
[02.03.2008|16:43] C:\Program Files\Adobe
[26.10.2008|20:06] C:\Program Files\AGEIA Technologies
[14.09.2006|13:48] C:\Program Files\Alwil Software
[15.11.2008|13:42] C:\Program Files\Apple Software Update
[24.08.2008|13:07] C:\Program Files\ATI
[18.08.2008|00:55] C:\Program Files\ATI Technologies
[31.03.2008|22:52] C:\Program Files\Audacity
[07.09.2006|20:32] C:\Program Files\AvRack
[31.03.2008|22:17] C:\Program Files\AVS4YOU
[26.10.2008|19:50] C:\Program Files\BitLord
[27.04.2008|10:48] C:\Program Files\BitLord2
[16.10.2008|20:36] C:\Program Files\Blaze Media Pro
[02.03.2008|16:41] C:\Program Files\Bonjour
[01.12.2008|18:57] C:\Program Files\Common Files
[10.01.2006|21:45] C:\Program Files\ComPlus Applications
[05.06.2008|23:45] C:\Program Files\Conduit
[08.09.2007|10:44] C:\Program Files\Covey Inc
[10.01.2006|22:05] C:\Program Files\CyberLink
[26.10.2008|20:55] C:\Program Files\DAEMON Tools
[24.11.2008|18:54] C:\Program Files\DAEMON Tools Lite
[24.12.2006|22:30] C:\Program Files\Disc2Phone
[06.05.2006|17:59] C:\Program Files\download
[24.08.2008|13:08] C:\Program Files\Download Manager
[10.04.2007|22:28] C:\Program Files\DurectX
[18.10.2008|20:21] C:\Program Files\EA GAMES
[24.11.2008|19:40] C:\Program Files\Eidos
[24.11.2008|18:59] C:\Program Files\Eidos Interactive
[15.08.2007|09:22] C:\Program Files\EliteSwitch
[10.01.2006|22:14] C:\Program Files\Festart
[06.10.2008|18:50] C:\Program Files\FLV Player
[05.10.2008|21:27] C:\Program Files\Free FLV to AVI Video Converter
[18.11.2007|15:16] C:\Program Files\FREE Hi-Q Recorder
[24.11.2008|19:54] C:\Program Files\GameShadow
[17.06.2007|15:07] C:\Program Files\GameSpy Arcade
[13.07.2008|20:12] C:\Program Files\Hamachi
[10.01.2006|22:54] C:\Program Files\HighMAT CD Writing Wizard
[08.09.2007|16:24] C:\Program Files\HyCam2
[24.11.2008|19:40] C:\Program Files\InstallShield Installation Information
[10.01.2006|21:58] C:\Program Files\Intel
[15.10.2008|23:01] C:\Program Files\Internet Explorer
[01.12.2008|19:06] C:\Program Files\Java
[28.10.2007|22:17] C:\Program Files\JMF2.1.1e
[25.01.2006|21:22] C:\Program Files\Lavasoft
[04.08.2008|22:43] C:\Program Files\LeechFTP
[24.05.2007|22:49] C:\Program Files\LimeWire
[14.09.2006|12:37] C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
[02.03.2008|17:18] C:\Program Files\Live for Speed S2
[08.05.2008|17:48] C:\Program Files\Logitech
[01.12.2008|20:48] C:\Program Files\Malwarebytes' Anti-Malware
[14.08.2008|20:16] C:\Program Files\Messenger
[29.08.2008|07:28] C:\Program Files\MGS FF Helper
[10.01.2006|22:17] C:\Program Files\Microsoft ActiveSync
[29.02.2008|23:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[10.01.2006|21:49] C:\Program Files\microsoft frontpage
[10.01.2006|22:22] C:\Program Files\Microsoft Office
[08.04.2006|20:54] C:\Program Files\Microsoft SQL Server
[10.01.2006|22:17] C:\Program Files\Microsoft.NET
[15.11.2008|20:07] C:\Program Files\Morgan
[06.11.2006|22:19] C:\Program Files\Movie Maker
[03.12.2008|21:53] C:\Program Files\Mozilla Firefox
[10.01.2006|22:34] C:\Program Files\Mozilla Thunderbird
[18.10.2008|20:47] C:\Program Files\MSBuild
[28.02.2007|07:21] C:\Program Files\MSN
[10.01.2006|21:45] C:\Program Files\MSN Gaming Zone
[13.11.2008|00:14] C:\Program Files\MSXML 4.0
[19.10.2008|22:20] C:\Program Files\MSXML 6.0
[31.03.2008|20:42] C:\Program Files\MyXOFT
[10.01.2006|22:08] C:\Program Files\Nero
[07.04.2007|15:14] C:\Program Files\NetMeeting
[17.07.2008|10:39] C:\Program Files\NewDigitalSoft
[28.02.2006|22:37] C:\Program Files\Nexon
[10.01.2006|21:47] C:\Program Files\Online Services
[10.06.2008|12:53] C:\Program Files\OpenAL
[01.12.2008|22:55] C:\Program Files\Orbitdownloader
[26.08.2007|22:38] C:\Program Files\Outlook Express
[01.10.2008|21:54] C:\Program Files\Pokerari
[04.01.2008|22:32] C:\Program Files\PowerISO
[29.04.2008|10:46] C:\Program Files\PulsRadio
[15.11.2008|13:44] C:\Program Files\QuickTime
[18.01.2006|21:04] C:\Program Files\Real
[18.10.2008|20:42] C:\Program Files\Reference Assemblies
[20.08.2007|20:45] C:\Program Files\Rockstar Games
[06.04.2007|14:03] C:\Program Files\samsung
[20.12.2007|16:04] C:\Program Files\SCAR 3.11
[03.01.2008|23:22] C:\Program Files\SCAR 3.12
[06.04.2007|14:00] C:\Program Files\SEC
[17.07.2008|10:31] C:\Program Files\Shark software
[30.03.2008|16:19] C:\Program Files\SmartClose
[05.08.2008|01:57] C:\Program Files\SmartFTP Client
[05.08.2008|13:25] C:\Program Files\SmartFTP Client 3.0 Setup Files
[19.10.2008|00:16] C:\Program Files\Sony
[26.12.2006|00:36] C:\Program Files\Sony Ericsson
[18.10.2008|20:38] C:\Program Files\Sony Setup
[19.10.2008|10:12] C:\Program Files\Spybot - Search & Destroy
[03.12.2008|18:00] C:\Program Files\Steam
[14.09.2006|12:35] C:\Program Files\Symantec
[24.08.2008|13:07] C:\Program Files\SystemRequirementsLab
[03.01.2008|23:14] C:\Program Files\TC UP
[02.06.2006|17:03] C:\Program Files\TEA
[26.10.2008|20:05] C:\Program Files\Ubisoft
[08.04.2006|20:55] C:\Program Files\Uninstall Information
[01.01.2007|23:13] C:\Program Files\USB 3D Sound Configuration
[06.07.2008|17:04] C:\Program Files\uTorrent
[01.12.2007|11:58] C:\Program Files\Ventrilo
[10.03.2007|23:24] C:\Program Files\VideoLAN
[23.06.2008|00:45] C:\Program Files\Vodei
[20.11.2008|23:36] C:\Program Files\vso
[19.10.2008|00:17] C:\Program Files\Vstplugins
[17.08.2008|17:20] C:\Program Files\WarRock
[06.02.2007|17:48] C:\Program Files\Webteh
[20.04.2008|20:17] C:\Program Files\Winamp
[13.08.2008|02:39] C:\Program Files\Windows Live
[13.05.2008|18:37] C:\Program Files\Windows Media Components
[28.02.2007|22:34] C:\Program Files\Windows Media Connect 2
[28.02.2007|22:34] C:\Program Files\Windows Media Player
[10.01.2006|21:45] C:\Program Files\Windows NT
[10.01.2006|21:47] C:\Program Files\WindowsUpdate
[19.01.2006|14:51] C:\Program Files\WinPcap
[02.03.2008|17:15] C:\Program Files\WinRAR
[06.07.2008|20:18] C:\Program Files\Wolfenstein - Enemy Territory
[11.01.2007|21:17] C:\Program Files\WS_FTP
[10.01.2006|21:49] C:\Program Files\xerox
[31.08.2008|16:28] C:\Program Files\Xilisoft
[23.11.2008|19:51] C:\Program Files\XP Codec Pack
[15.11.2008|20:08] C:\Program Files\XviD

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02.03.2008|16:41] C:\Program Files\Common Files\Adobe
[10.01.2006|22:08] C:\Program Files\Common Files\Ahead
[15.11.2008|13:44] C:\Program Files\Common Files\Apple
[31.03.2008|22:17] C:\Program Files\Common Files\AVSMedia
[26.02.2008|07:40] C:\Program Files\Common Files\Blizzard Entertainment
[10.01.2006|22:17] C:\Program Files\Common Files\DESIGNER
[08.07.2008|22:56] C:\Program Files\Common Files\DirectX
[18.11.2007|14:26] C:\Program Files\Common Files\Download Manager
[25.01.2007|22:27] C:\Program Files\Common Files\GC Install
[01.12.2006|17:38] C:\Program Files\Common Files\InstallShield
[21.06.2006|15:04] C:\Program Files\Common Files\InternalLib
[08.05.2008|17:48] C:\Program Files\Common Files\Logitech
[02.03.2008|16:26] C:\Program Files\Common Files\Macrovision Shared
[30.08.2008|19:50] C:\Program Files\Common Files\Microsoft Shared
[10.01.2006|21:46] C:\Program Files\Common Files\MSSoap
[10.01.2006|23:35] C:\Program Files\Common Files\ODBC
[04.02.2008|19:22] C:\Program Files\Common Files\pool
[18.01.2006|21:04] C:\Program Files\Common Files\Real
[10.01.2006|21:46] C:\Program Files\Common Files\Services
[10.01.2006|23:35] C:\Program Files\Common Files\SpeechEngines
[14.09.2006|12:35] C:\Program Files\Common Files\Symantec Shared
[26.08.2007|22:38] C:\Program Files\Common Files\System
[24.12.2006|22:27] C:\Program Files\Common Files\Teleca Shared
[13.08.2008|02:38] C:\Program Files\Common Files\WindowsLiveInstaller
[26.10.2008|20:05] C:\Program Files\Common Files\Wise Installation Wizard
[18.01.2006|21:04] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 39 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\Program Files\Orbitdownloader
C:\Program Files\Orbitdownloader\addons
C:\Program Files\Orbitdownloader\banurl.ini
C:\Program Files\Orbitdownloader\changelog.txt
C:\Program Files\Orbitdownloader\download.dll
C:\Program Files\Orbitdownloader\Grab.exe
C:\Program Files\Orbitdownloader\GrabDll.dll
C:\Program Files\Orbitdownloader\GrabKernel.dll
C:\Program Files\Orbitdownloader\GrabPro.dll
C:\Program Files\Orbitdownloader\idht.dll
C:\Program Files\Orbitdownloader\Lang.ini
C:\Program Files\Orbitdownloader\language
C:\Program Files\Orbitdownloader\libeay32.dll
C:\Program Files\Orbitdownloader\magic.mgc
C:\Program Files\Orbitdownloader\orbitcth.dll
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitmxt.dll
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Orbitdownloader\saction.dll
C:\Program Files\Orbitdownloader\siteinfo.ini
C:\Program Files\Orbitdownloader\ssleay32.dll
C:\Program Files\Orbitdownloader\unins000.dat
C:\Program Files\Orbitdownloader\unins000.exe
C:\Program Files\Orbitdownloader\update
C:\Program Files\Orbitdownloader\winfile.dll
C:\DOCUME~1\Mihkel\Cookies\mihkel@adultfriendfinder[1].txt
C:\DOCUME~1\Mihkel\Cookies\mihkel@advertising[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 22:07:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 23

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Mihkel\Application Data\uTorrent\Camtasia_Studio_v5.1.0_Incl.Crack_[LaMara8].rar.torrent
C:\DOCUME~1\Mihkel\Application Data\uTorrent\Sony Vegas Pro 8 + DVD Architect 4.5 Keygen and a patch for those whom prefer that.zip.torrent
C:\DOCUME~1\Mihkel\Application Data\uTorrent\VSO ConvertXtoDVD 3.2.3.81+keygen.torrent
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\LFSKeyGen V.exe
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_1_34_A.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_1_34_B.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_1_34_C.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_Ati Radeon.col
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_bl1_MacES381.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_bl1_MacES416.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_bl1_Senna399-1.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_bl1_Senna399.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_Espana.col
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_Espanol.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_Francia.col
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_Guiri.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_Guiri_2.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_LFS Oficial.col
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_Mala 2.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_mALA.col
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_Mala.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_RC 1.col
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_RC 9.col
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_RC.col
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_sensei.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_TkT.col
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_^1Copia^3 Buena.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XF GTI_^1Copia^3Tierra.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XR GT TURBO_4P LFS.col
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XR GT TURBO_BD.net-BWS-1.0.set
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Puesta a Punto [Varios Coches]\XR GT_4P LFS.col
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\dvdave_renault-pack.zip
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\LFSf1skinpack.zip
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\MRTfervinc2.zip
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\RenaultMRT.zip
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\scpdsc.rar
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\XF-Ferrari04.zip
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\XF222.zip
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\XRGTIPolo.zip
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\XRGTIsaxo.zip
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\FXR_BDPROMO.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\FZ5_BULLITDR.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\FZ5_BULLITSUN.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\FZR_FIREPOWER.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\FZR_FIREPOWER2.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\FZR_FIREPOWERKW.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\FZR_LAYLOWGR.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\FZR_LAYLOWOR.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_B_STRIPE.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_DE.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_DEFAULT.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_HE_TDUK.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_PLAIN.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_RSC.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_TAKAI_BLACK.JPG
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_TAKAI_BLUE.JPG
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_TAKAI_RSC.JPG
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_VOLANTE_BLU.JPG
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_VOLANTE_RED.JPG
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_VOLANTE_SPORT_1.JPG
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_VOLANTE_SPORT_2.JPG
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_VOLANTE_SPORT_3.JPG
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_VOLANTE_SPORT_4.JPG
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_VOLANTE_SPORT_5.JPG
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_VOLANTE_YEL.JPG
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\HEL_W_STRIPE.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XFG_4P_lfs.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XFG_DEFAULT.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XFG_DestDerb#33.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XFG_hola.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XFG_ocr99.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XFG_RC_01.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XFG_RC_09.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XFG_RC_test.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XFG_Richi.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XFG_TkT01.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XRG_4P_lfs.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XRG_DEFAULT.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XRG_ocr99.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XRR_BUZZERBL.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XRR_BUZZERDR.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XRR_BUZZERLB.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XRR_BUZZERWH.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XRT_4P_lfs.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XRT_BULLITDR.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XRT_DEFAULT.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XRT_ocr99.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Games\Live for speed\Live For Speed S2 [CD Oficial]\Crack + Utiles\Skins\Skins JsTen\XRT_SUPERSTAR.jpg
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Stuff\SonyVegas\Keygen.exe
C:\DOCUME~1\Mihkel\Desktop\Virus - The God Dam Cyrus\Stuff\SonyVegas08\Sony.Vegas.Pro.8+DVD.Architect.4.5.NO.KEYGEN
C:\DOCUME~1\Mihkel\My Documents\Downloads\Hitman Blood Money\Crack
C:\DOCUME~1\Mihkel\My Documents\Downloads\Hitman Blood Money\keygen.exe
C:\DOCUME~1\Mihkel\My Documents\Downloads\Hitman Blood Money\Crack\AlkiSecuROM.dll
C:\DOCUME~1\Mihkel\My Documents\Downloads\Hitman Blood Money\Crack\AlkiSecuROM.exe
C:\DOCUME~1\Mihkel\My Documents\Downloads\Hitman Blood Money\Crack\HitmanBloodMoneyv1.2MiniBackupImageEng.zip
C:\DOCUME~1\Mihkel\My Documents\Downloads\Hitman Blood Money\Crack\HitmanBM.mdf
C:\DOCUME~1\Mihkel\My Documents\Downloads\Hitman Blood Money\Crack\HitmanBM.mds
C:\DOCUME~1\Mihkel\My Documents\Downloads\Hitman Blood Money\Crack\Readme.txt
C:\DOCUME~1\Mihkel\Recent\Hitman Codename 47 CloneCD+patch+cracks+extras.rar.lnk


[F:1357][D:91]-> C:\DOCUME~1\Mihkel\LOCALS~1\Temp
[F:120][D:0]-> C:\DOCUME~1\Mihkel\Cookies
[F:1301][D:25]-> C:\DOCUME~1\Mihkel\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - K 03.12.2008|22:10 - Option : [1]

--------------------\\ Scan completed at 22:10:06


How do keygens and cracks mess my computer up? How how how? Ive seen some of your posts and you always say:" don't download cracks and keygens etc" I don't really get it. Sorry for asking such a lame questions, sorry lol, im a newb, (comparing to other people, im not, but comparing with you guys i am lol) at computer protection and that kind of stuff.

Edited by freeeeestyle, 03 December 2008 - 03:47 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users