Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus help?


  • This topic is locked This topic is locked
27 replies to this topic

#1 Virth

Virth

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 08 July 2009 - 06:26 PM

Ok so I got this...I guess it's a virus, last night, and I've been searching for it or how to get rid of it since. I have avast! running all the time, but it didn't catch this virus (if it even is a virus), and I ran a full scan with Ad-Aware, which didn't catch it either. The virus, or whatever it is, stops me from loading sites on any browser. It's not every site, just some random sites. The loading bar in the bottom right of the window goes to the halfway mark, and then stops. I leave it up for a long time, but it still never loads. Also, for sites that do load, every time I load a page, I get random pop-ups from Internet Explorer about virus protection and such, even though I'm using Mozilla Firefox. I tried reinstalling Mozilla Firefox, rebooting my router and computer many times, and gave up and started searching on Google for help. I found a forum that had many people with the same problem (though the posts were back from 2007, and I don't have the link), and I tried all of the solutions that they gave. Only one seemed to work, and it's only a temporary fix. What I did was open my Task Manager, go to Processes, and end the explorer.exe process (it's what runs your desktop and taskbar, and you can re-open it by going to Applications, clicking New Task... and typing in explorer.exe). With the desktop and taskbar gone, I looked at my mozilla, and tried to open the site that wouldn't load (in this case, it's www.pogo.com), and guess what, it worked. I had no problems connecting, so I tried it with another few sites that wouldn't work, including some youtube videos that wouldn't load, and they worked also. So, I turned explorer.exe on, and restarted my firefox, and when I tried to access those sites, they wouldn't work again. I figured there was something wrong with my explorer.exe file, or something related to the Windows Explorer. I updated windows, still there, I searched my Windows folder for any suspicious files, but nothing stood out of place. I went back to google, and on another forum I found said they found the problem through HiJackThis. I downloaded HJT, and opened a log, deleted a few useless files that I knew I didn't need, but I couldn't find out if any of them was the virus. I have the log of what's left, and I don't know if any of these are strange, so help as to if something isn't supposed to be here, or how to get rid of this "Virus", or whatever it is.

Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:51 PM, on 7/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.7.0\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trinity-ro.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.7.0\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.7.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [A00F1939C862.exe] C:\DOCUME~1\Will2\LOCALS~1\Temp\_A00F1939C862.exe
O4 - HKCU\..\Run: [A00F4D10C2.exe] C:\DOCUME~1\Will2\LOCALS~1\Temp\_A00F4D10C2.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\ciodm32.dll
O20 - Winlogon Notify: f45bf206638 - C:\WINDOWS\System32\ciodm32.dll
O20 - Winlogon Notify: UpdateNf - C:\WINDOWS\SYSTEM32\updatenf.dll
O20 - Winlogon Notify: __c0024179 - C:\WINDOWS\system32\__c0024179.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 8002 bytes


Thanks for any help you can give me.

BC AdBot (Login to Remove)

 


#2 Virth

Virth
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 08 July 2009 - 07:07 PM

I just tried updating Java, as someone told me to do, and that didn't work either...so yea, I'm just using Mozilla while explorer.exe is off for now until I can figure out how to fix this...

Edited by Virth, 08 July 2009 - 07:16 PM.


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 09 July 2009 - 02:05 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 Virth

Virth
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 09 July 2009 - 05:30 AM

Ok so I did the scan and got the log, and the problem seems to be gone, but here's the log. Sorry, it's kind of long, but thank you so much for helping me. :thumbup2:

ComboFix 09-07-08.06 - Will2 07/09/2009 6:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1390 [GMT -4:00]
Running from: c:\documents and settings\Will2\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1229 [VPS 081130-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chinxy\Application Data\ShoppingReport
c:\documents and settings\Chinxy\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Chinxy\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Chinxy\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Chinxy\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Chinxy\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Chinxy\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Chinxy\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Will2\Application Data\020000001dbede42638C.manifest
c:\documents and settings\Will2\Application Data\020000001dbede42638O.manifest
c:\documents and settings\Will2\Application Data\020000001dbede42638P.manifest
c:\documents and settings\Will2\Application Data\020000001dbede42638S.manifest
c:\documents and settings\Will2\Application Data\ShoppingReport
c:\documents and settings\Will2\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Will2\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Will2\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Will2\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Will2\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Will2\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Will2\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Will2\Favorites\Online Security Test.url
c:\documents and settings\Will2\Local Settings\Application Data\psnrwe.dat
c:\documents and settings\Will2\Local Settings\Application Data\psnrwe_nav.dat
c:\documents and settings\Will2\Local Settings\Application Data\psnrwe_navps.dat
c:\documents and settings\Will2\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\Will2\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
C:\install.exe
c:\windows\100959203.exe
c:\windows\101149484.exe
c:\windows\101169671.exe
c:\windows\102163015.exe
c:\windows\102352609.exe
c:\windows\102371593.exe
c:\windows\103363734.exe
c:\windows\103561953.exe
c:\windows\103573296.exe
c:\windows\104564406.exe
c:\windows\104764453.exe
c:\windows\104774390.exe
c:\windows\105765078.exe
c:\windows\105967265.exe
c:\windows\105976187.exe
c:\windows\106968609.exe
c:\windows\107168343.exe
c:\windows\107177687.exe
c:\windows\108173015.exe
c:\windows\108370156.exe
c:\windows\108378671.exe
c:\windows\10879421.exe
c:\windows\10931312.exe
c:\windows\109375625.exe
c:\windows\109572265.exe
c:\windows\109584390.exe
c:\windows\110579953.exe
c:\windows\110776468.exe
c:\windows\110785296.exe
c:\windows\111780734.exe
c:\windows\111983109.exe
c:\windows\111994843.exe
c:\windows\112985765.exe
c:\windows\113184375.exe
c:\windows\113196625.exe
c:\windows\114187171.exe
c:\windows\114387109.exe
c:\windows\114402796.exe
c:\windows\115387828.exe
c:\windows\115590828.exe
c:\windows\115605484.exe
c:\windows\116588546.exe
c:\windows\116794375.exe
c:\windows\116809390.exe
c:\windows\117792656.exe
c:\windows\117996531.exe
c:\windows\118011703.exe
c:\windows\118997968.exe
c:\windows\119205343.exe
c:\windows\119213703.exe
c:\windows\120198890.exe
c:\windows\120407578.exe
c:\windows\120417421.exe
c:\windows\12081406.exe
c:\windows\12139531.exe
c:\windows\121399625.exe
c:\windows\121610593.exe
c:\windows\121621015.exe
c:\windows\122600312.exe
c:\windows\122812265.exe
c:\windows\122827765.exe
c:\windows\123801000.exe
c:\windows\124018312.exe
c:\windows\124028734.exe
c:\windows\125001671.exe
c:\windows\125224140.exe
c:\windows\125234875.exe
c:\windows\1259859.exe
c:\windows\126202343.exe
c:\windows\126432265.exe
c:\windows\126435671.exe
c:\windows\127403031.exe
c:\windows\127634562.exe
c:\windows\127636968.exe
c:\windows\128603687.exe
c:\windows\128839187.exe
c:\windows\128840484.exe
c:\windows\129804921.exe
c:\windows\130040687.exe
c:\windows\130042781.exe
c:\windows\1301718.exe
c:\windows\131005640.exe
c:\windows\131242890.exe
c:\windows\131247500.exe
c:\windows\132206375.exe
c:\windows\132449093.exe
c:\windows\132449312.exe
c:\windows\13293796.exe
c:\windows\133407062.exe
c:\windows\13342562.exe
c:\windows\133651328.exe
c:\windows\133651484.exe
c:\windows\134607796.exe
c:\windows\134853328.exe
c:\windows\134854312.exe
c:\windows\136056531.exe
c:\windows\136059734.exe
c:\windows\137259953.exe
c:\windows\137263234.exe
c:\windows\138461437.exe
c:\windows\138477203.exe
c:\windows\139664750.exe
c:\windows\139679718.exe
c:\windows\140866234.exe
c:\windows\140882812.exe
c:\windows\142069562.exe
c:\windows\142085031.exe
c:\windows\143273250.exe
c:\windows\143294078.exe
c:\windows\144474078.exe
c:\windows\144498984.exe
c:\windows\14499609.exe
c:\windows\14550796.exe
c:\windows\145675062.exe
c:\windows\145701906.exe
c:\windows\146877062.exe
c:\windows\146910031.exe
c:\windows\148111234.exe
c:\windows\149315859.exe
c:\windows\15703781.exe
c:\windows\15751625.exe
c:\windows\16908734.exe
c:\windows\16953421.exe
c:\windows\18111953.exe
c:\windows\18160312.exe
c:\windows\19327546.exe
c:\windows\19363125.exe
c:\windows\20529296.exe
c:\windows\20571968.exe
c:\windows\21776781.exe
c:\windows\22949046.exe
c:\windows\22979093.exe
c:\windows\24152765.exe
c:\windows\24186656.exe
c:\windows\2462687.exe
c:\windows\2502921.exe
c:\windows\25355750.exe
c:\windows\25398421.exe
c:\windows\26561421.exe
c:\windows\26603734.exe
c:\windows\272724671.exe
c:\windows\273929609.exe
c:\windows\275130968.exe
c:\windows\27766062.exe
c:\windows\27805234.exe
c:\windows\28971515.exe
c:\windows\29010171.exe
c:\windows\30172812.exe
c:\windows\30211640.exe
c:\windows\313470921.exe
c:\windows\31377031.exe
c:\windows\31416671.exe
c:\windows\314676437.exe
c:\windows\315877390.exe
c:\windows\317078062.exe
c:\windows\318278734.exe
c:\windows\319479390.exe
c:\windows\320680046.exe
c:\windows\321880703.exe
c:\windows\323081406.exe
c:\windows\324282078.exe
c:\windows\325482765.exe
c:\windows\32580234.exe
c:\windows\32629734.exe
c:\windows\326683421.exe
c:\windows\327884078.exe
c:\windows\329084734.exe
c:\windows\330285390.exe
c:\windows\331486031.exe
c:\windows\332686703.exe
c:\windows\33782656.exe
c:\windows\33830828.exe
c:\windows\34985265.exe
c:\windows\35032125.exe
c:\windows\36188062.exe
c:\windows\36234531.exe
c:\windows\3663500.exe
c:\windows\3711453.exe
c:\windows\37393375.exe
c:\windows\37438140.exe
c:\windows\38595578.exe
c:\windows\38644468.exe
c:\windows\39797171.exe
c:\windows\39849593.exe
c:\windows\40999562.exe
c:\windows\41051375.exe
c:\windows\42205000.exe
c:\windows\42252468.exe
c:\windows\43406187.exe
c:\windows\43454593.exe
c:\windows\44608703.exe
c:\windows\44657093.exe
c:\windows\45821578.exe
c:\windows\45858093.exe
c:\windows\47022765.exe
c:\windows\47063609.exe
c:\windows\48223968.exe
c:\windows\48266125.exe
c:\windows\4865578.exe
c:\windows\4912593.exe
c:\windows\49428375.exe
c:\windows\49468125.exe
c:\windows\50477656.exe
c:\windows\50631937.exe
c:\windows\50671453.exe
c:\windows\51678562.exe
c:\windows\51833765.exe
c:\windows\51873140.exe
c:\windows\52879218.exe
c:\windows\53042640.exe
c:\windows\53078453.exe
c:\windows\54079890.exe
c:\windows\54245937.exe
c:\windows\54282171.exe
c:\windows\55280578.exe
c:\windows\55446937.exe
c:\windows\55483359.exe
c:\windows\56481234.exe
c:\windows\56484.exe
c:\windows\56648828.exe
c:\windows\56685000.exe
c:\windows\57855781.exe
c:\windows\57886984.exe
c:\windows\59056468.exe
c:\windows\59087968.exe
c:\windows\60257468.exe
c:\windows\60290281.exe
c:\windows\6072156.exe
c:\windows\6118390.exe
c:\windows\61458156.exe
c:\windows\61492171.exe
c:\windows\62661765.exe
c:\windows\62697796.exe
c:\windows\63736515.exe
c:\windows\63863875.exe
c:\windows\63898687.exe
c:\windows\64937390.exe
c:\windows\65065062.exe
c:\windows\65110468.exe
c:\windows\66137984.exe
c:\windows\66267781.exe
c:\windows\67338593.exe
c:\windows\67476312.exe
c:\windows\68539171.exe
c:\windows\68685765.exe
c:\windows\69739781.exe
c:\windows\69892703.exe
c:\windows\70940390.exe
c:\windows\71097515.exe
c:\windows\72140984.exe
c:\windows\72299312.exe
c:\windows\7273718.exe
c:\windows\7319500.exe
c:\windows\73341578.exe
c:\windows\73501046.exe
c:\windows\74542171.exe
c:\windows\74703421.exe
c:\windows\75742765.exe
c:\windows\75907437.exe
c:\windows\76943859.exe
c:\windows\77112953.exe
c:\windows\78144531.exe
c:\windows\78316765.exe
c:\windows\79345140.exe
c:\windows\79479343.exe
c:\windows\79517703.exe
c:\windows\80545750.exe
c:\windows\80683968.exe
c:\windows\80723296.exe
c:\windows\81746359.exe
c:\windows\81886171.exe
c:\windows\81930890.exe
c:\windows\82946953.exe
c:\windows\83090562.exe
c:\windows\83134406.exe
c:\windows\84147562.exe
c:\windows\84292734.exe
c:\windows\84336281.exe
c:\windows\8476531.exe
c:\windows\8521812.exe
c:\windows\85348187.exe
c:\windows\85496828.exe
c:\windows\85538437.exe
c:\windows\86548843.exe
c:\windows\86706578.exe
c:\windows\86739421.exe
c:\windows\87749453.exe
c:\windows\87912093.exe
c:\windows\87941828.exe
c:\windows\88950093.exe
c:\windows\89121250.exe
c:\windows\89149593.exe
c:\windows\90150781.exe
c:\windows\90324140.exe
c:\windows\90352265.exe
c:\windows\91351484.exe
c:\windows\91525125.exe
c:\windows\91553656.exe
c:\windows\91750.exe
c:\windows\92552156.exe
c:\windows\92726031.exe
c:\windows\92754406.exe
c:\windows\93753046.exe
c:\windows\93927937.exe
c:\windows\93955953.exe
c:\windows\94954546.exe
c:\windows\95130031.exe
c:\windows\95159890.exe
c:\windows\96155171.exe
c:\windows\96331406.exe
c:\windows\96362375.exe
c:\windows\9678437.exe
c:\windows\9729421.exe
c:\windows\97355796.exe
c:\windows\97535046.exe
c:\windows\97566093.exe
c:\windows\98556421.exe
c:\windows\98741062.exe
c:\windows\98767093.exe
c:\windows\99757093.exe
c:\windows\99945890.exe
c:\windows\99968890.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\bdir
c:\windows\bdir\ffmiu\Privacy Defender v7.0.2.Patch.LaZzy.tPORt.rar.zip
c:\windows\bdir\ffmiu\ProCAD.2D.Designer.v2007.0.Incl.Keymaker-EMBRACE.rar.zip
c:\windows\bdir\ffmiu\Process Master 1.1 - iNDUCT.rar.zip
c:\windows\bdir\ffmiu\ProgeCAD.2006.Professional.v6.1.9.SP1.WinALL.Cracked-ViRiLiTY.zip
c:\windows\bdir\ffmiu\Program.Protector.2.2.TeaM.iNFLUENCE-cracked.exe.zip
c:\windows\bdir\ffmiu\Projectexplorer v2.3 - DVT.rar.zip
c:\windows\bdir\ffmiu\Promosoft.v1.56.TeaM.iNFLUENCE.zip
c:\windows\bdir\ffmiu\ProofMaster Dalmatian.v2.11 Cracked - SSG.rar.zip
c:\windows\bdir\ffmiu\proposter.2.01.08.serial-rev.zip
c:\windows\bdir\ffmiu\prosecurity.1.20.crack-rev.zip
c:\windows\bdir\ffmiu\Prospection.builder.4.07.SILENT.UPDATE CRK-FFF.zip
c:\windows\bdir\ffmiu\Protect VBA v1.Patch.BadWolf.tPORt.rar.zip
c:\windows\bdir\ffmiu\Protect.Folder.98.v3.0.cracked.exe-TeaM.iNFLUENCE.zip
c:\windows\bdir\ffmiu\ProtectVBA.1.4.Patch-TeaM.iNFLUENCE.zip
c:\windows\bdir\ffmiu\proxy.finder.1.9.fixed.cracked.exe-rev.zip
c:\windows\bdir\ffmiu\proxy.finder.enterprise.1.95.full.incl.cracked-rev.zip
c:\windows\bdir\ffmiu\Proxy.Switcher.Pro.v3.7.2.Build.3913.WinAll.Regged-CRD.rar.zip
c:\windows\bdir\ffmiu\PS.File.Renamer.v.2.57.TeaM.iNFLUENCE.-Keygen.zip
c:\windows\bdir\ffmiu\PS.FileRenamer.v2.60.Team.iNFLUENCE - KeyGen.rar.zip
c:\windows\bdir\ffmiu\pte.3.1.7.serial-rev.zip
c:\windows\bdir\ffmiu\PTLens.8.0.Standalone.Version CRK-FFF.zip
c:\windows\bdir\ffmiu\PTLens.8.xx.Plug-In.&.StandAlone.GENERIC CRK-FFF.zip
c:\windows\bdir\ffmiu\Public PC Desktop v3.3 - BRD.rar.zip
c:\windows\bdir\ffmiu\public.pc.desktop.3.3.keygen-rev.zip
c:\windows\bdir\ffmiu\Qimage Pro v2006.278 - DiG-21932d83d.rar.zip
c:\windows\bdir\ffmiu\Qimage Pro v2006.278 - DiG-2ffb0a308.rar.zip
c:\windows\bdir\ffmiu\Qimage Pro v2006.278 - DiG.rar.zip
c:\windows\bdir\ffmiu\Qimage v2007.104 - DiG.rar.zip
c:\windows\bdir\ffmiu\Qimage v2007.118 - DiG.rar.zip
c:\windows\bdir\ffmiu\Qimage v2007.136.rar.zip
c:\windows\bdir\ffmiu\Qimage v2007.141.rar.zip
c:\windows\bdir\ffmiu\Qualcomm Eudora v7.1.0.9 - CORE.rar.zip
c:\windows\bdir\ffmiu\Quartet.X2.Music.Studio.Platinum.Edition.v3.0.Cracked-F4CG.rar.zip
c:\windows\bdir\ffmiu\Quest.Knowledge.Xpert.for.Oracle.Admin.v9.0.Incl.Keymaker-ZWT.zip
c:\windows\bdir\ffmiu\Quest.Spotlight.on.Sybase.ASE.v1.5.0.444.WinALL.Incl.Keymaker-CORE.zip
c:\windows\bdir\ffmiu\Quest.SQL.Navigator.Xpert.v5.1.0.655.Incl.Keymaker-ZWT.zip
c:\windows\bdir\ffmiu\Quest.Toad.for.SQL.Server.Suite.v2.0.2.Incl.Keymaker-ZWT.rar.zip
c:\windows\bdir\ffmiu\Quick.Memory.Editor.v2.0.(build.2.00.00)-patch.TeaM.iNFLUENCE.zip
c:\windows\bdir\ffmiu\Quick.Memory.Editor.v2.20.WinALL.Cracked-ViRiLiTY.zip
c:\windows\bdir\ffmiu\Quicktime.Pro.7.1.x CRK-FFF.zip
c:\windows\bdir\ffmiu\R-Drive Image Patch newborn tPORt.rar.zip
c:\windows\bdir\ffmiu\R-Drive Image V3.0 Build 3051 Patch - ArChiVeS Team.rar.zip
c:\windows\bdir\ffmiu\Radiotracker.Platinum.Edition.v2.0.1.42-TE.zip
c:\windows\bdir\ffmiu\Radiotracker.Platinum.Edition.v3.0.0.16-TE.rar.zip
c:\windows\bdir\ffmiu\Radiotracker.Platinum.Edition.v3.0.0.28-TE-20d3c12d8.rar.zip
c:\windows\bdir\ffmiu\Radiotracker.Platinum.Edition.v3.0.0.28-TE.rar.zip
c:\windows\bdir\ffmiu\RadioTracker.Premium.v1.4.0.16.MULTILINGUAL.WinALL.Incl.Keymaker-CORE-2547ee125.zip
c:\windows\bdir\ffmiu\RadioTracker.Premium.v1.4.0.16.MULTILINGUAL.WinALL.Incl.Keymaker-CORE-2af32b608.rar.zip
c:\windows\bdir\ffmiu\RadioTracker.Premium.v1.4.0.16.MULTILINGUAL.WinALL.Incl.Keymaker-CORE.rar.zip
c:\windows\bdir\ffmiu\RadioTracker.Premium.v1.4.0.16.MULTILINGUAL.WinALL.Incl.Keymaker-CORE.zip
c:\windows\bdir\ffmiu\ram.booster.expert.1.20.cracked-icu.zip
c:\windows\bdir\ffmiu\ram.booster.pro.5.0.1.serial-rev.zip
c:\windows\bdir\ffmiu\RAM.Booster.Pro.v5.0.1.TeaM.iNFLUENCE.zip
c:\windows\bdir\ffmiu\RAM.Defrag.v2.55.(build.2.5.5.20)-patch.TeaM.iNFLUENCE.zip
c:\windows\bdir\ffmiu\RamCal.v2.02.english SN-FFF.zip
c:\windows\bdir\ffmiu\RamCal.v2.02.french SN-FFF.zip
c:\windows\bdir\ffmiu\RamSmash v1.58.2006 Cracked - ARN.rar.zip
c:\windows\bdir\ffmiu\rapticomm.1.2.keygen-rev.zip
c:\windows\bdir\ffmiu\rarlab winrar multilingual v3.xx universalpatch-GEAR.zip
c:\windows\bdir\ffmiu\Rarlab.WinRAR.v3.60.Incl.DOSRAR.Cracked-F4CG.rar.zip
c:\windows\bdir\ffmiu\Rarlab.WinRAR.v3.61.Incl.DOSRAR.Cracked-F4CG.rar.zip
c:\windows\bdir\ffmiu\raspberry.software.true.connect.1.1.read.nfo.keyfile-tsrh-256981c5c.zip
c:\windows\bdir\ffmiu\raspberry.software.true.connect.1.1.read.nfo.keyfile-tsrh.zip
c:\windows\bdir\ffmiu\RC Localize v5.0 - CORE.rar.zip
c:\windows\bdir\ffmiu\real.mailer.1.00.build.20060918.crack-rev.zip
c:\windows\bdir\ffmiu\Real.Spy.Monitor.v2.39.Incl.Keygen-HERETiC-21e7c976d.rar.zip
c:\windows\bdir\ffmiu\Real.Spy.Monitor.v2.39.Incl.Keygen-HERETiC-2caf36228.zip
c:\windows\bdir\ffmiu\Real.Spy.Monitor.v2.39.Incl.Keygen-HERETiC.rar.zip
c:\windows\bdir\ffmiu\Real.Spy.Monitor.v2.39.Incl.Keygen-HERETiC.zip
c:\windows\bdir\ffmiu\realms.of.magic.1.0.1.1686.crack-tsrh.zip
c:\windows\bdir\ffmiu\RealNetworks.Helix.Proxy.v11.1.0.719-ZWT.rar.zip
c:\windows\bdir\ffmiu\RealNetworks.Helix.Server.Unlimited.v11.1.0.719-ZWT.rar.zip
c:\windows\bdir\ffmiu\RealplayerStudio.1.5.0 CRK-FFF-2dcad3e2d.rar.zip
c:\windows\bdir\ffmiu\RealplayerStudio.1.5.0 CRK-FFF.rar.zip
c:\windows\bdir\ffmiu\RealTimeQuery.v2.02 CRKEXE-FFF.zip
c:\windows\bdir\ffmiu\RealVNC Enterprise v4.2.2 Keygen.rar.zip
c:\windows\bdir\ffmiu\reaper..1.18.patch-icu.zip
c:\windows\bdir\ffmiu\Reciprocal Links Trek Pro v1.0 Cracked - ARN.rar.zip
c:\windows\bdir\ffmiu\Recordpad sound recorder v1.08.Keygen.tPORt.rar.zip
c:\windows\bdir\ffmiu\RecordPad.Sound.Recorder.v2.01.patch.TeaM iNFLUENCE.zip
c:\windows\bdir\ffmiu\Recover.My.Photos.v3.7x.TeaM.iNFLUENCE.-.loader.zip
c:\windows\bdir\ffmiu\red-handed!.1.2.1.regfile-rev.zip
c:\windows\bdir\ffmiu\Reflex Vision v3.0 Cracked.rar.zip
c:\windows\bdir\ffmiu\Reflexive Fish Tycoon v1.09 - TWK.rar.zip
c:\windows\bdir\ffmiu\Reflexive Keygen All Games.rar.zip
c:\windows\bdir\ffmiu\Reflexive.Arcade.Animal.Empire.v2.1.Cracked-NGEN.rar.zip
c:\windows\bdir\ffmiu\Reflexive.Arcade.Runic.v1.2.Incl.Keymaker-ZWT.rar.zip
c:\windows\bdir\ffmiu\Reflexive.Star.Defender.3.v1.12.WinAll.Cracked-CRD.rar.zip
c:\windows\bdir\ffmiu\reg.organizer.4.0.rc1.keygen-rev.zip
c:\windows\bdir\ffmiu\reg.zip
c:\windows\bdir\ffmiu\reggadget.1.00.serial-rev.zip
c:\windows\bdir\ffmiu\RegisterClip.2.4.2.3.TeaM.iNFLUENCE-Ptach.zip
c:\windows\bdir\ffmiu\Registry Fix 5.5 serial number.zip
c:\windows\bdir\ffmiu\Registry.Easy.v1.5.Team.iNFLUENCE.rar.zip
c:\windows\bdir\ffmiu\Registry.Help.Pro.v1.20.WinALL.Incl.Keygen-BRD-2fab224f5.zip
c:\windows\bdir\ffmiu\Registry.Help.Pro.v1.20.WinALL.Incl.Keygen-BRD.rar.zip
c:\windows\bdir\ffmiu\Registry.Help.Pro.v1.20.WinALL.Incl.Keygen-BRD.zip
c:\windows\bdir\ffmiu\Registry.Help.Pro.v1.30.WORKING-TE.rar.zip
c:\windows\bdir\ffmiu\Registry.Help.Pro.v1.31-TE.rar.zip
c:\windows\bdir\ffmiu\Registry.Mechanic.v6.00.750.Cracked-EXPLOSiON.rar.zip
c:\windows\bdir\ffmiu\registry.repair.1.6.serial-icu.zip
c:\windows\bdir\ffmiu\registry.speedup.1.00.crack-rev.zip
c:\windows\bdir\ffmiu\Registry.Speedup.v1.0-patch.TeaM.iNFLUENCE.zip
c:\windows\bdir\ffmiu\Registry[1].Smoker.v1.1.Patch-SEC8.zip
c:\windows\bdir\ffmiu\RegVac v4.02.21.rar.zip
c:\windows\bdir\ffmiu\Remember.v4.05 SERIAL-FFF.zip
c:\windows\bdir\ffmiu\RemotelyAnywhere Network Console v7.10.151 - Lz0.rar.zip
c:\windows\bdir\ffmiu\RemotelyAnywhere Server and Workstation v7.10.552 - Lz0.rar.zip
c:\windows\bdir\ffmiu\RemotelyAnywhere.Server.and.Workstation.Edition.v7.10.552.Incl.Keygen-Lz0.rar.zip
c:\windows\bdir\ffmiu\RemotelyAnywhere.v7.01.541.Server.and.Workstation.Edition-Lz0.zip
c:\windows\bdir\ffmiu\remy.pialat ramcal v2.02 serial-GEAR.zip
c:\windows\bdir\ffmiu\remy.pialat ramville v1.41c serial-GEAR.zip
c:\windows\bdir\ffmiu\Rename.Fich.v2.1.0 SERIAL-FFF.zip
c:\windows\bdir\ffmiu\Replay Converter v1.01 - TE.rar.zip
c:\windows\bdir\ffmiu\Replay Converter v1.10 - TE.rar.zip
c:\windows\bdir\ffmiu\Replay.Converter.2.2 CRK-FFF.rar.zip
c:\windows\bdir\ffmiu\replay.converter.2.30.cracked.exe-rev.zip
c:\windows\bdir\ffmiu\Replay.Music.v2.50-TE.rar.zip
c:\windows\bdir\ffmiu\Replay.Music.v2.51-TE.rar.zip
c:\windows\bdir\ffmiu\Repro Software REPRO Pro v2.3 - BLiZZARD.rar.zip
c:\windows\bdir\ffmiu\Repro.Pro.2.3 CRKEXE-FFF.zip
c:\windows\bdir\ffmiu\rescuecd.zip
c:\windows\bdir\ffmiu\resizeit!.1.1.serial-rev.zip
c:\windows\bdir\ffmiu\response.analizer.8.0.cracked-tsrh.zip
c:\windows\bdir\ffmiu\RhinoSoft Zensura v3.00 - DVT.rar.zip
c:\windows\bdir\ffmiu\Right.Web.Monitor.2.0 CRKEXE-FFF.rar.zip
c:\windows\bdir\ffmiu\Right.Web.Monitor.Pro.2.1 CRKEXE-FFF.rar.zip
c:\windows\bdir\ffmiu\RimArts.Becky.Internet.Mail.v2.23.00.Incl.Keymaker-ZWT-2a3306351.zip
c:\windows\bdir\ffmiu\RimArts.Becky.Internet.Mail.v2.23.00.Incl.Keymaker-ZWT-2af74a379.rar.zip
c:\windows\bdir\ffmiu\RimArts.Becky.Internet.Mail.v2.23.00.Incl.Keymaker-ZWT.rar.zip
c:\windows\bdir\ffmiu\RimArts.Becky.Internet.Mail.v2.23.00.Incl.Keymaker-ZWT.zip
c:\windows\bdir\ffmiu\River Past Audio Capture v6.12 Cracked - TBE.rar.zip
c:\windows\bdir\ffmiu\River Past Audio CD Ripper v5.12 Cracked - TBE.rar.zip
c:\windows\bdir\ffmiu\River Past Audio Converter Pro v6.12 Cracked - TBE.rar.zip
c:\windows\bdir\ffmiu\River Past PlayDV v4.12 Cracked - TBE.rar.zip
c:\windows\bdir\ffmiu\River Past Screen Recorder Pro v6.12 Cracked - TBE.rar.zip
c:\windows\bdir\ffmiu\River Past Talkative v4.12 Cracked - TBE.rar.zip
c:\windows\bdir\ffmiu\River Past Video Cleaner Pro v6.12 Cracked - TBE.rar.zip
c:\windows\bdir\ffmiu\River Past Video Perspective v6.12 Cracked - TBE.rar.zip
c:\windows\bdir\ffmiu\River Past Video Slice v4.12 Cracked - TBE.rar.zip
c:\windows\bdir\ffmiu\RM.to.VCD.SVCD.DVD.Converter.TeaM.iNFLUENCE-keygen.zip
c:\windows\bdir\ffmiu\Road.Rush.Max.v1.70.WinALL.CRACKED-iNDUCT.rar.zip
c:\windows\bdir\ffmiu\Robotask.2.42 CRKEXE-FFF.rar.zip
c:\windows\bdir\ffmiu\RockXP3.rar.zip
c:\windows\bdir\ffmiu\RomanWare AdBot v5.74 - CRUDE.rar.zip
c:\windows\bdir\ffmiu\RomanWare MrFriendly v2.25 - CRUDE.rar.zip
c:\windows\bdir\ffmiu\RomanWare STB v10.21 - CRUDE.rar.zip
c:\windows\bdir\ffmiu\RomanWare YTracker v2.47 - CRUDE.rar.zip
c:\windows\bdir\ffmiu\Romi v5.7 Keygen - HS.rar.zip
c:\windows\bdir\ffmiu\RS Green Computing Shutdown Scheduler v1.0 - iNFECTED.rar.zip
c:\windows\bdir\ffmiu\rss-magnet[1].reader.2.0.build.2.0.0913.crack-rev.zip
c:\windows\bdir\ffmiu\rss.submit.2.27.regfile-rev.zip
c:\windows\bdir\ffmiu\Runiter Company AG Grapher v5.1 - BLiZZARD.rar.zip
c:\windows\bdir\ffmiu\Runtime.DiskExplorer.for.FAT.v3.03.Cracked-ARN.rar.zip
c:\windows\bdir\ffmiu\Runtime.DiskExplorer.for.NTFS.v3.03.Cracked-ARN.rar.zip
c:\windows\bdir\ffmiu\Runtime.RAID.Reconstructor.v3.03.Cracked-ARN.rar.zip
c:\windows\bdir\ffmiu\RunViewer.v1.2-serial.TeaM.iNFLUENCE.zip
c:\windows\bdir\ffmiu\ryb.screen.hunter.2.2.3.5.serial-icu.zip
c:\windows\bdir\ffmiu\Safety-Lab.Shadow.IM.Sniffer.v4.03.Cracked-ARN.rar.zip
c:\windows\bdir\ffmiu\Safety-Lab.Shadow.IM.Sniffer.v4.04.Cracked-ARN.rar.zip
c:\windows\bdir\ffmiu\Safety-Lab.Shadow.Security.Scanner.v7.85.178.Cracked-ARN.rar.zip
c:\windows\bdir\ffmiu\saga.cd.ripper.1.03.keygen-icu.zip
c:\windows\bdir\ffmiu\Saint Paint Studio v10.19-DIGERATI.zip
c:\windows\bdir\ffmiu\Saint Paint Studio v11.00.rar.zip
c:\windows\bdir\ffmiu\Salon.Iris.v6.0.1.WinALL.Incl.Keygen-BRD.zip
c:\windows\bdir\ffmiu\SAM.Broadcaster.v3.4.3.Incl.Keymaker-AGAiN.zip
c:\windows\bdir\ffmiu\SAMInside.2.5.7.1 CRK-FFF.rar.zip
c:\windows\bdir\ffmiu\sandboxie.2.62.keygen-rev.zip
c:\windows\bdir\ffmiu\Save.Flash.v3.0.0067.WinALL.Cracked-ViRiLiTY.rar.zip
c:\windows\bdir\ffmiu\Say.the.Time.2006.8.0 CRKEXE-FFF.zip
c:\windows\bdir\ffmiu\scenaid.1.7.07.serial-icu.zip
c:\windows\bdir\ffmiu\ScenalyzerLive v4.0.0.20050927-TMG.rar.zip
c:\windows\bdir\ffmiu\screen.protractor.3.4.serial-icu.zip
c:\windows\bdir\ffmiu\SD MakeVM 1.1 - iNDUCT.rar.zip
c:\windows\bdir\ffmiu\SD WinHider v1.16 - iNDUCT.rar.zip
c:\windows\bdir\ffmiu\search.builder.pro.2.41.keygen-rev.zip
c:\windows\bdir\ffmiu\search.engine.builder.standard.2.69.keygen-rev.zip
c:\windows\bdir\ffmiu\Secure Password Manager v2.21 Cracked - ARN.rar.zip
c:\windows\bdir\ffmiu\security.administrator.10.5.keygen-rev.zip
c:\windows\bdir\ffmiu\Security.Explorer.v5.10.Incl.Keyfilemaker-EMBRACE.zip
c:\windows\bdir\ffmiu\Secway.SimpPro.v2.2.0.Incl.Keygen-SSG.zip
c:\windows\bdir\ffmiu\selteco.alligator.flash.designer.6.0.0.8.keygen-rev.zip
c:\windows\bdir\ffmiu\Selteco.Alligator.Flash.Designer.6.v6.0.0.2.TeaM.iNFLUENCE.zip
c:\windows\bdir\ffmiu\Selteco.Alligator.Flash.Designer.v6.0.0.5.Incl.Keygen.and.Patch-VTX.rar.zip
c:\windows\bdir\ffmiu\Selteco.Alligator.Flash.Designer.v6.0.0.6.Incl.Keygen.and.Patch-VTX.rar.zip
c:\windows\bdir\ffmiu\Selteco.Alligator.Flash.Designer.v6.0.0.7.Incl.Keygen.and.Patch-VTX.rar.zip
c:\windows\bdir\ffmiu\Selteco.Alligator.Flash.Designer.v6.0.0.9.Incl.Keygen.and.Patch-VTX.rar.zip
c:\windows\bdir\ffmiu\Selteco.Alligator.Flash.Designer.v6.0.Incl.Keygen.and.Patch-VTX.rar.zip
c:\windows\bdir\ffmiu\selteco.bannershop.gif.animator.5.0.9.keygen-rev.zip
c:\windows\bdir\ffmiu\Selteco.Bannershop.GIF.Animator.v5.0.6.3.WinALL.Keygen.Only-ViRiLiTY-221ec734e.zip
c:\windows\bdir\ffmiu\Selteco.Bannershop.GIF.Animator.v5.0.6.3.WinALL.Keygen.Only-ViRiLiTY.rar.zip
c:\windows\bdir\ffmiu\Selteco.Bannershop.GIF.Animator.v5.0.6.3.WinALL.Keygen.Only-ViRiLiTY.zip
c:\windows\bdir\ffmiu\Selteco.Bannershop.GIF.Animator.v5.0.7.1.Incl.Keygen.and.Patch-VTX.zip
c:\windows\bdir\ffmiu\Selteco.Bannershop.GIF.Animator.v5.0.8.Incl.Keygen-VTX.rar.zip
c:\windows\bdir\ffmiu\Selteco.Bannershop.GIF.Animator.v5.0.9.Incl.Keygen.and.Patch-VTX.rar.zip
c:\windows\bdir\ffmiu\Selteco.Flash.Designer.v5.0.24.Incl.Keygen-SSG.zip
c:\windows\bdir\ffmiu\selteco.menu.maker.4.1.4.1.keygen-rev.zip
c:\windows\bdir\ffmiu\Selteco.Menu.Maker.v4.1.4.WinALL.Incl.Keygen-ARN.zip
c:\windows\bdir\ffmiu\selteco.newsletter.sender.2.0.1.keygen-rev.zip
c:\windows\bdir\ffmiu\selteco.photo.lab.2.2.5.keygen-rev.zip
c:\windows\bdir\sdflkj3.exe
c:\windows\bdir\sdflkj4.exe
c:\windows\Downloaded Program Files\PurpleBean.exe
c:\windows\GnuHashes.ini
c:\windows\shdef.exe
c:\windows\system32\__c001922A.dat
c:\windows\system32\__c001F05D.dat
c:\windows\system32\__c002111C.dat
c:\windows\system32\__c0024179.dat
c:\windows\system32\__c003B4CE.dat
c:\windows\system32\__c0046E19.dat
c:\windows\system32\__c004ED98.dat
c:\windows\system32\__c0069FB0.dat
c:\windows\system32\__c00CFDC4.dat
c:\windows\system32\__c00F8A83.dat
c:\windows\system32\2g849ikJmt2VG.vbs
c:\windows\system32\api.dat
c:\windows\system32\api32.dll
c:\windows\System32\ciodm32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\nvs2.inf
c:\windows\system32\updatenf.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NEW_DRV
-------\Legacy_OREANS32


((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 00:09 . 2009-07-09 00:09 152576 ----a-w- c:\documents and settings\Will2\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-08 21:49 . 2009-07-08 21:49 -------- d-----w- c:\program files\Trend Micro
2009-07-08 05:13 . 2009-07-08 05:13 -------- d-----w- c:\documents and settings\Will2\Application Data\BitTorrent
2009-07-07 23:20 . 2009-07-07 23:21 -------- d-----w- c:\program files\BitTorrent
2009-07-07 22:02 . 2009-07-07 22:02 -------- d-sh--w- c:\windows\system32\SystemX86
2009-07-07 21:58 . 2009-07-09 05:53 399894 ----a-w- c:\windows\system32\raidmg.dll
2009-07-07 21:58 . 2009-07-07 21:58 95232 ----a-w- c:\windows\system32\avwav3.dll
2009-07-07 21:18 . 2009-07-08 06:07 5 ----a-w- c:\windows\sbacknt.bin
2009-07-07 21:17 . 2009-07-08 05:44 152904 ----a-w- c:\windows\system32\vghd.scr
2009-07-06 19:00 . 2004-08-04 06:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-07-04 20:53 . 2009-07-04 20:53 -------- d-----w- c:\documents and settings\Will2\Local Settings\Application Data\Graboid_Inc
2009-07-04 20:53 . 2009-07-04 20:56 -------- d-----w- c:\documents and settings\Will2\Local Settings\Application Data\Graboid
2009-07-04 20:53 . 2009-07-04 20:53 -------- d-----w- c:\documents and settings\Will2\Application Data\MozillaControl
2009-07-04 20:46 . 2009-07-04 20:47 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-07-04 20:46 . 2009-07-04 20:47 -------- d-----w- c:\program files\Graboid
2009-06-20 06:30 . 2009-06-20 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Macro Mania
2009-06-20 04:04 . 2009-06-20 04:04 109440 ----a-w- c:\windows\system32\drivers\KbdCap.sys
2009-06-13 20:22 . 2009-06-13 20:31 -------- d-----w- c:\program files\Dofus
2009-06-11 03:18 . 2009-06-11 03:19 -------- d-----w- c:\documents and settings\Will2\Application Data\vlc
2009-06-11 03:16 . 2009-06-11 03:16 -------- d-----w- c:\program files\VideoLAN
2009-06-09 22:26 . 2009-06-09 22:28 127877 ----a-w- c:\documents and settings\Will2\Application Data\Move Networks\uninstall.exe
2009-06-09 22:26 . 2009-06-09 22:29 -------- d-----w- c:\documents and settings\Will2\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 10:19 . 2009-05-16 15:48 -------- d-----w- c:\program files\DNA
2009-07-09 10:19 . 2009-05-16 15:48 -------- d-----w- c:\documents and settings\Will2\Application Data\DNA
2009-07-09 00:10 . 2006-10-04 20:44 -------- d-----w- c:\program files\Java
2009-07-08 06:27 . 2006-10-03 02:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-08 05:46 . 2007-01-24 01:45 -------- d-----w- c:\documents and settings\Will2\Application Data\LimeWire
2009-07-07 22:02 . 2009-07-07 22:02 374272 --sha-w- c:\windows\system32\9B5.tmp
2009-07-06 19:00 . 2009-07-06 19:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-06 19:00 . 2009-07-06 19:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-09 22:28 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Will2\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-06-05 02:58 . 2009-06-05 02:58 10134 ----a-r- c:\documents and settings\Will2\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-05 02:58 . 2009-06-05 02:58 -------- d-----w- c:\program files\Microsoft WSE
2009-06-05 02:36 . 2009-06-05 02:36 -------- d-----w- c:\program files\Electronic Arts
2009-06-02 01:48 . 2007-02-04 19:58 -------- d-----w- c:\documents and settings\Will2\Application Data\BYOND
2009-06-01 00:13 . 2009-06-01 00:13 -------- d-----w- c:\program files\iTunes
2009-06-01 00:13 . 2009-06-01 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-01 00:13 . 2009-06-01 00:13 -------- d-----w- c:\program files\iPod
2009-06-01 00:13 . 2007-07-26 16:40 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 00:10 . 2007-05-13 18:06 -------- d-----w- c:\program files\QuickTime
2009-06-01 00:06 . 2009-06-01 00:06 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-25 04:51 . 2009-05-25 04:51 45056 ----a-r- c:\documents and settings\Will2\Application Data\Microsoft\Installer\{48E16DC7-79EC-45F1-847A-F8D3C620515E}\MapleStory.exe1_801DA03C4E824858A615529E6AFB9A78.exe
2009-05-25 04:51 . 2009-05-25 04:51 45056 ----a-r- c:\documents and settings\Will2\Application Data\Microsoft\Installer\{48E16DC7-79EC-45F1-847A-F8D3C620515E}\MapleStory.exe_801DA03C4E824858A615529E6AFB9A78.exe
2009-05-25 04:51 . 2009-05-25 04:51 10134 ----a-r- c:\documents and settings\Will2\Application Data\Microsoft\Installer\{48E16DC7-79EC-45F1-847A-F8D3C620515E}\ARPPRODUCTICON.exe
2009-05-25 04:49 . 2009-05-25 04:49 -------- d-----w- c:\program files\Nexon
2009-05-25 04:31 . 2009-05-25 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-05-25 04:30 . 2009-02-28 16:02 -------- d-----w- c:\program files\AeriaGames
2009-05-19 05:36 . 2009-06-19 16:10 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-06-19 16:10 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-06-19 16:10 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-06-19 16:10 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-06-19 16:10 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 05:36 . 2009-06-19 16:10 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 05:36 . 2009-06-19 16:10 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 05:36 . 2009-06-19 16:10 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-09 05:14 . 2009-05-09 05:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 05:14 . 2009-05-09 05:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:44 . 2003-07-16 16:26 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Will2\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-29 04:52 . 2006-06-23 15:33 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-27 00:23 . 2007-04-17 04:19 20184 ----a-w- c:\documents and settings\Will3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 09:58 . 2003-07-16 16:45 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 21:19 . 2009-04-16 21:10 152576 ----a-w- c:\documents and settings\Will2\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-15 15:11 . 2004-03-06 02:16 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2008-10-02 04:56 . 2008-10-02 04:47 924485248 ----a-w- c:\program files\ao_setup_1515.exe
2008-12-18 20:09 . 2008-12-18 20:09 208384 ----a-w- c:\program files\mozilla firefox\plugins\uc_rohan_launching.dll
2007-09-02 02:54 . 2007-08-16 07:44 88 --sh--r- c:\windows\system32\58CF5599E8.sys
2007-09-02 02:55 . 2007-08-16 07:44 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2007-03-01 43008]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-16 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-04 185784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre1.7.0\bin\jusched.exe" [2008-12-17 140672]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-10 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

c:\documents and settings\Will2\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - c:\program files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe [2007-5-19 446464]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"Game.exe"= Game.exe:GostSoul
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24188:TCP"= 24188:TCP:BitComet 24188 TCP
"24188:UDP"= 24188:UDP:BitComet 24188 UDP
"10287:TCP"= 10287:TCP:BitComet 10287 TCP
"10287:UDP"= 10287:UDP:BitComet 10287 UDP
"58037:TCP"= 58037:TCP:Pando Media Booster
"58037:UDP"= 58037:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/31/2008 7:07 PM 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2008 7:07 PM 20560]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [10/2/2006 10:57 PM 28672]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [6/20/2009 12:04 AM 109440]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [10/2/2006 10:57 PM 6942]
S3 cheetah1;cheetah1;\??\c:\games\FlyFFbypass\cheetahengine\cheetah.sys --> c:\games\FlyFFbypass\cheetahengine\cheetah.sys [?]
S3 g0wkudr1ver;g0wkudr1ver;\??\c:\games\UCE1\SS\g0wku.sys --> c:\games\UCE1\SS\g0wku.sys [?]
S3 gokudr1ver;gokudr1ver;\??\c:\games\UCE3\goku.sys --> c:\games\UCE3\goku.sys [?]
S3 kaspersky1;kaspersky1;\??\c:\program files\Kaspersky Engine (GunZ Version)\kaspersky.sys --> c:\program files\Kaspersky Engine (GunZ Version)\kaspersky.sys [?]
S3 MzBot;MzBot;\??\c:\mzbot.sys --> c:\MzBot.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SoRa01;SoRa01;\??\c:\games\MapleStoryHaxorz\SoRa Remak Engine 2.6\SoRa.sys --> c:\games\MapleStoryHaxorz\SoRa Remak Engine 2.6\SoRa.sys [?]
S3 XDva007;XDva007;\??\c:\windows\system32\XDva007.sys --> c:\windows\system32\XDva007.sys [?]
S3 XDva059;XDva059;\??\c:\windows\system32\XDva059.sys --> c:\windows\system32\XDva059.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/27/2007 9:55 AM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-11 02:18]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AIM - c:\program files\AIM\aim.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.trinity-ro.com/
uInternet Settings,ProxyOverride = *.local
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Will2\Application Data\Mozilla\Firefox\Profiles\zbx2lund.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2240107&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Attack-At-Will Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ijji.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2240107&SearchSource=2&q=
FF - component: c:\documents and settings\Will2\Application Data\Mozilla\Firefox\Profiles\zbx2lund.default\extensions\{c070924b-d7f8-43c5-bcfb-152fdf70de9e}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Will2\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\GoodBYOND\bin\npbyond.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjpi170.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 06:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-329068152-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A7B0BC0F-5635-A7AD-3BD6-71E3597059BB}*]
"haigkdlhdnfabfgg"=hex:6a,61,68,6b,65,6c,66,6e,65,68,6d,70,6b,6c,64,6f,6a,63,
66,6b,00,00
"iakfaecjobcegfbmli"=hex:6a,61,68,6b,65,6c,66,6e,65,68,6d,70,6b,6c,64,6f,6a,63,
66,6b,00,00
"abgeakfomopibdigmglpnbeobcoolebhih"=hex:67,61,61,61,69,70,67,65,68,69,65,6b,
67,6c,00,e2
"majebkbmmnhommbhdpleikpdec"=hex:67,61,61,67,68,68,62,6d,68,6a,65,61,6a,6d,00,
e2

[HKEY_USERS\S-1-5-21-1659004503-329068152-1801674531-1006\Software\SecuROM\License information*]
"datasecu"=hex:cd,2a,75,6b,e8,26,98,3a,7a,0d,91,90,c7,a9,5a,40,89,d2,e0,98,8d,
87,13,8a,44,a1,90,4b,62,72,17,47,79,9b,25,b8,71,a4,48,1f,2c,b0,23,7f,ac,be,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2812)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PSIService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-09 6:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 10:25

Pre-Run: 149,590,810,624 bytes free
Post-Run: 151,715,307,520 bytes free

840 --- E O F --- 2009-07-06 19:00

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 09 July 2009 - 05:44 AM

Answer me truthfully.. Did you use any game hack or bypass driver?

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\raidmg.dll
c:\windows\system32\avwav3.dll
c:\windows\system32\9B5.tmp

RegNull::
[HKEY_USERS\S-1-5-21-1659004503-329068152-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A7B0BC0F-5635-A7AD-3BD6-71E3597059BB}*]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 Virth

Virth
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 09 July 2009 - 04:18 PM

Not that I know of, I haven't.

Combo-Fix log is in the attachments

HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:51 PM, on 7/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.7.0\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trinity-ro.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.7.0\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.7.0\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 6992 bytes

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 09 July 2009 - 10:36 PM

can you tell me what's inside this folder? c:\games

And what's inside its each sub-folder?..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 Virth

Virth
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 09 July 2009 - 10:53 PM

It's mostly music, A LOT of music (for my ipod, the folders have music the name); the rest is BYOND (Build Your Own Network Dream; a game site), Unreal Tournament (An old game from 1999 that I used to play a lot), a folder named UT Cache Cleaner which would clean out all the cache files I would get from playing on Unreal Tournament servers and save them in the right spots, and Maple Story (Only the setup is in there; it's a game but I uninstalled it a while ago) and that's it. Folder list: BYOND, Byondfiles, Music!!!, gamemusic, Incomplete, Musicstuff, Music, mawsik, Moosik!, Moremusic, ThreeDaysGrace!, UnrealTournament, UTCacheCleaner, REO2S, SumMoozik, lulzmuzik, CarMusic, Maple Story.

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 09 July 2009 - 11:18 PM

Do you know anything about this folder(s)

c:\games\UCE1

it could be UCE2, UCE3 and so on..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Virth

Virth
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 09 July 2009 - 11:21 PM

I don't see those folders anywhere and when I type them in it gives me an error saying the path doesn't exist, and I don't think I've seen the folders before.

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 09 July 2009 - 11:35 PM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
g0wkudr1ver
gokudr1ver

Folder::
c:\games\UCE3
c:\games\UCE1

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 Virth

Virth
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 10 July 2009 - 03:55 AM

ok I have NO idea what I just did... I guess I copy/pasted wrong, or hit a button, I don't know... but when ComboFix started the scan, I walked away to go watch TV, I came back an hour later to find that it was deleting stuff in my c:\program files and I KNOW it wasn't supposed to do that...so I closed the window and restarted my computer. When the computer came on, half my files were gone, so I tried to go to the restore point that ComboFix made, but I can't find it anywhere... I searched the whole Qoobox folder, but nowhere in there is a restore point or backup file.... so I tried the windows system restore, and there is no system checkpoint for yesterday, so I chose the one from the day before, but it didn't work. I go back and try the day before that, didn't work, the day before THAT, didn't work. It keeps telling me the system can't restore to that point... what do I do now?

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 10 July 2009 - 04:28 AM

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    :dir
    C:\qoobox /s
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 Virth

Virth
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 10 July 2009 - 04:55 AM

It's too big (seeing as it is my program files in the quarantine folder...) and I can't post it or attach it...

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 10 July 2009 - 04:58 AM

It's too big (seeing as it is my program files in the quarantine folder...) and I can't post it or attach it...


That's good.. It could be means your program files is in the quarantine folder..

upload the log at link below:
http://www.2shared.com/

Then, after you successfully upload it, please copy/paste the link given under Here is your download link: tab..

I need to pick my family at bus station :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users