Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus won't let me start in safe mode and won't let me download anti-virus


  • This topic is locked This topic is locked
24 replies to this topic

#1 Marnel

Marnel

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:13 PM

Posted 23 August 2014 - 10:48 AM

Please help this virus won't let me start in safe mode nor let me download anti-viruses. Won't even let me play Hello Hero in facebook. This laptop was working fine about 3 months ago but I don't know what my office mates did also I can't see my files in D: even if I check the show hidden folders in control panel.

Please help me..

 

EDIT

 

My DDS scan

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 6.0.2900.5512  BrowserJavaVersion: 10.55.2
Run by admin at 1:05:06 on 2014-08-24
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1789.788 [GMT 8:00]
.
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\admin\Templates\O75858Z\service.exe
C:\WINDOWS\M57151\smss.exe
C:\WINDOWS\M57151\EmangEloh.exe
C:\Documents and Settings\admin\Templates\O75858Z\winlogon.exe
C:\Documents and Settings\All Users\Application Data\wmimgmt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\gkpkd.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\winwfryur.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxps://www.mozilla.org/en-US/firefox/installer-help/?channel=release&installer_lang=en-US
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mWinlogon: Shell = explorer.exe, "c:\documents and settings\admin\templates\o75858z\TuxO75858Z.exe"
mWinlogon: Userinit = c:\windows\system32\userinit.exe , "c:\windows\m57151\Ja167042bLay.com"
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [T1571400TT4] c:\windows\system32\338508756184l.exe
mRun: [T58Z385] c:\windows\sa-76400.exe
mExplorerRun: [wmi32] c:\documents and settings\all users\application data\wmimgmt.exe
mExplorerRun: [28011] c:\docume~1\alluse~1\locals~1\temp\cculwau.bat
StartupFolder: c:\documents and settings\admin\start menu\programs\startup\kpcgrhynko..vbs
StartupFolder: c:\documents and settings\admin\start menu\programs\startup\sql.cmd
StartupFolder: c:\windows\system32\x72456go\Z338508cie.cmd
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: DisableRegistryTools = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{A5942F0D-40C2-432B-A509-84FF2E463798} : DHCPNameServer = 192.168.254.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.143\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: 360deepscan.exe - ntsd -d
IFEO: 360hotfix.exe - ntsd -d
IFEO: 360rp.exe - ntsd -d
IFEO: 360rpt.exe - ntsd -d
IFEO: 360Safe.exe - ntsd -d
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\ft4xboq3.default-1398210631046\
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\authorwa\np32asw.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-2-20 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-2-20 180248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-2-20 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-2-20 775952]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2014-2-20 67824]
R3 amsint32;amsint32;c:\windows\system32\drivers\ikqnhr.sys [2014-5-27 5157]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2014-2-14 148208]
S2 fudlvrt;Support Shell;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2014-2-14 1691480]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys --> c:\windows\system32\drivers\clwvd.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2014-3-15 100736]
S3 itbill;itbill;\??\c:\docume~1\admin\locals~1\temp\~itbill.txt --> c:\docume~1\admin\locals~1\temp\~itbill.txt [?]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys --> c:\windows\system32\drivers\klim5.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-16 235696]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-2-20 410784]
S4 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-2-20 50344]
S4 bijvycrkn;Helper System;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 brniujfr;Server Monitor;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 eflxtqcu;Config Update;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 jjtyme;Config Time;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 lyjok;Config Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 mfuzm;System Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 ntdfwsx;Network Shell;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 tofzmbw;Universal Manager;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 usvcgxe;System Monitor;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 ylhgu;Image Shell;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
.
=============== Created Last 30 ================
.
2014-08-23 16:03:32 4096 ----a-w- c:\windows\system32\09A.tmp
2014-08-23 16:01:15 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-23 16:00:11 -------- d-----w- C:\AdwCleaner
2014-08-23 15:58:15 -------- d-----w- c:\windows\ERUNT
2014-08-23 15:41:21 -------- d-----w- C:\FRST
2014-08-23 15:37:21 4096 ----a-w- c:\windows\system32\099.tmp
2014-08-23 14:05:50 4096 ----a-w- c:\windows\system32\098.tmp
2014-08-23 11:35:49 4096 ----a-w- c:\windows\system32\097.tmp
2014-08-22 23:58:53 4096 ----a-w- c:\windows\system32\096.tmp
2014-08-22 17:32:27 4096 ----a-w- c:\windows\system32\095.tmp
2014-08-22 15:52:55 4096 ----a-w- c:\windows\system32\094.tmp
2014-08-22 14:22:59 4096 ----a-w- c:\windows\system32\093.tmp
2014-08-22 04:45:14 4096 ----a-w- c:\windows\system32\092.tmp
2014-08-22 00:40:49 4096 ----a-w- c:\windows\system32\091.tmp
2014-08-21 12:46:18 -------- d-----w- c:\windows\system32\SYSMAN
2014-08-21 12:45:32 4096 ----a-w- c:\windows\system32\090.tmp
2014-08-21 11:00:57 4096 ----a-w- c:\windows\system32\08F.tmp
2014-08-21 10:25:42 4096 ----a-w- c:\windows\system32\08E.tmp
2014-08-21 06:38:30 4096 ----a-w- c:\windows\system32\08D.tmp
2014-08-20 15:42:23 4096 ----a-w- c:\windows\system32\08C.tmp
2014-08-20 14:14:32 4096 ----a-w- c:\windows\system32\08B.tmp
2014-08-20 08:54:44 4096 ----a-w- c:\windows\system32\08A.tmp
2014-08-20 04:48:38 4096 ----a-w- c:\windows\system32\089.tmp
2014-08-20 02:30:32 4096 ----a-w- c:\windows\system32\088.tmp
2014-08-19 16:42:22 4096 ----a-w- c:\windows\system32\087.tmp
2014-08-19 12:01:40 4096 ----a-w- c:\windows\system32\086.tmp
2014-08-19 10:41:57 4096 ----a-w- c:\windows\system32\085.tmp
2014-08-19 10:23:21 4096 ----a-w- c:\windows\system32\084.tmp
2014-08-19 10:18:19 4096 ----a-w- c:\windows\system32\083.tmp
2014-08-19 10:05:50 294912 ----a-w- c:\windows\system32\msh263.drv
2014-08-19 10:04:08 -------- d-----w- c:\windows\system32\appmgmt
2014-08-19 09:53:13 4096 ----a-w- c:\windows\system32\082.tmp
2014-08-19 09:45:29 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-19 09:45:26 -------- d-----w- c:\documents and settings\all users\application data\RogueKiller
2014-08-19 06:34:56 4096 ----a-w- c:\windows\system32\081.tmp
2014-08-19 05:18:56 -------- d-----w- c:\program files\pricechop
2014-08-19 05:18:39 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-08-19 05:18:39 -------- d-----w- c:\documents and settings\all users\application data\352fe28e05b001ca
2014-08-19 05:18:38 -------- d-----w- c:\documents and settings\admin\local settings\application data\Comodo
2014-08-19 03:11:27 4096 ----a-w- c:\windows\system32\080.tmp
2014-08-19 01:46:44 4096 ----a-w- c:\windows\system32\07F.tmp
2014-08-18 21:52:38 4096 ----a-w- c:\windows\system32\07E.tmp
2014-08-18 20:29:25 4096 ----a-w- c:\windows\system32\07D.tmp
2014-08-18 18:17:29 4096 ----a-w- c:\windows\system32\07C.tmp
2014-08-18 12:40:09 4096 ----a-w- c:\windows\system32\07B.tmp
2014-08-18 11:08:11 4096 ----a-w- c:\windows\system32\07A.tmp
2014-08-18 06:05:28 4096 ----a-w- c:\windows\system32\079.tmp
2014-08-17 20:45:01 4096 ----a-w- c:\windows\system32\078.tmp
2014-08-17 19:21:32 4096 ----a-w- c:\windows\system32\077.tmp
2014-08-17 11:56:31 4096 ----a-w- c:\windows\system32\076.tmp
2014-08-17 06:55:49 4096 ----a-w- c:\windows\system32\075.tmp
2014-08-17 05:40:37 4096 ----a-w- c:\windows\system32\074.tmp
2014-08-17 04:31:45 4096 ----a-w- c:\windows\system32\073.tmp
2014-08-17 03:19:41 4096 ----a-w- c:\windows\system32\072.tmp
2014-08-16 15:14:07 4096 ----a-w- c:\windows\system32\071.tmp
2014-08-16 10:52:27 4096 ----a-w- c:\windows\system32\070.tmp
2014-08-14 04:45:22 4096 ----a-w- c:\windows\system32\06F.tmp
2014-08-14 00:18:34 4096 ----a-w- c:\windows\system32\06E.tmp
2014-08-13 23:49:31 4096 ----a-w- c:\windows\system32\06D.tmp
2014-08-12 11:18:14 4096 ----a-w- c:\windows\system32\06C.tmp
2014-08-11 15:04:37 4096 ----a-w- c:\windows\system32\06B.tmp
2014-08-11 14:02:51 4096 ----a-w- c:\windows\system32\06A.tmp
2014-08-11 04:28:24 4096 ----a-w- c:\windows\system32\069.tmp
2014-08-11 03:02:10 4096 ----a-w- c:\windows\system32\068.tmp
2014-08-11 01:31:37 4096 ----a-w- c:\windows\system32\067.tmp
2014-08-10 20:45:13 4096 ----a-w- c:\windows\system32\066.tmp
2014-08-10 12:25:24 4096 ----a-w- c:\windows\system32\065.tmp
2014-08-10 08:41:46 4096 ----a-w- c:\windows\system32\064.tmp
2014-08-10 06:04:48 4096 ----a-w- c:\windows\system32\063.tmp
2014-08-10 03:26:04 4096 ----a-w- c:\windows\system32\062.tmp
2014-08-10 00:05:15 4096 ----a-w- c:\windows\system32\061.tmp
2014-08-09 19:53:04 4096 ----a-w- c:\windows\system32\060.tmp
2014-08-09 01:59:51 4096 ----a-w- c:\windows\system32\05F.tmp
2014-08-08 18:42:33 4096 ----a-w- c:\windows\system32\05E.tmp
2014-08-08 17:21:50 4096 ----a-w- c:\windows\system32\05D.tmp
2014-08-08 15:25:47 4096 ----a-w- c:\windows\system32\05C.tmp
2014-08-08 15:09:33 4096 ----a-w- c:\windows\system32\05B.tmp
2014-08-08 01:07:54 4096 ----a-w- c:\windows\system32\05A.tmp
2014-08-07 01:14:41 4096 ----a-w- c:\windows\system32\059.tmp
2014-08-06 00:33:56 4096 ----a-w- c:\windows\system32\058.tmp
2014-08-05 05:20:35 4096 ----a-w- c:\windows\system32\057.tmp
2014-08-03 23:55:41 4096 ----a-w- c:\windows\system32\056.tmp
2014-08-01 02:06:33 4096 ----a-w- c:\windows\system32\055.tmp
2014-07-31 06:26:44 215944 ------w- c:\documents and settings\all users\application data\wmimgmt.exe
2014-07-31 06:26:42 -------- d-----w- C:\MSI
2014-07-31 05:27:33 4096 ----a-w- c:\windows\system32\054.tmp
.
==================== Find3M  ====================
.
2014-08-23 16:03:43 5157 ----a-w- c:\windows\system32\drivers\ikqnhr.sys
2014-07-24 00:23:58 4096 ----a-w- c:\windows\system32\053.tmp
2014-07-23 05:08:29 4096 ----a-w- c:\windows\system32\052.tmp
2014-07-23 00:32:13 4096 ----a-w- c:\windows\system32\051.tmp
2014-07-22 05:25:57 4096 ----a-w- c:\windows\system32\050.tmp
2014-07-21 03:07:08 4096 ----a-w- c:\windows\system32\04F.tmp
2014-07-21 00:14:16 4096 ----a-w- c:\windows\system32\04E.tmp
2014-07-17 00:29:12 4096 ----a-w- c:\windows\system32\04D.tmp
2014-07-16 00:50:24 4096 ----a-w- c:\windows\system32\04C.tmp
2014-07-11 21:06:22 4096 ----a-w- c:\windows\system32\04B.tmp
2014-07-11 14:10:06 4096 ----a-w- c:\windows\system32\04A.tmp
2014-07-11 14:04:32 4096 ----a-w- c:\windows\system32\049.tmp
2014-06-30 20:41:42 4096 ----a-w- c:\windows\system32\048.tmp
2014-06-30 19:39:01 4096 ----a-w- c:\windows\system32\047.tmp
2014-06-30 18:30:43 4096 ----a-w- c:\windows\system32\046.tmp
2014-06-30 17:16:46 4096 ----a-w- c:\windows\system32\045.tmp
2014-06-30 16:04:30 4096 ----a-w- c:\windows\system32\044.tmp
2014-06-30 15:02:45 4096 ----a-w- c:\windows\system32\043.tmp
2014-06-30 13:46:03 4096 ----a-w- c:\windows\system32\042.tmp
2014-06-30 11:26:32 4096 ----a-w- c:\windows\system32\041.tmp
2014-06-30 10:36:34 4096 ----a-w- c:\windows\system32\040.tmp
2014-06-30 07:35:23 4096 ----a-w- c:\windows\system32\03F.tmp
2014-06-30 06:19:13 4096 ----a-w- c:\windows\system32\03E.tmp
2014-06-30 05:14:41 4096 ----a-w- c:\windows\system32\03D.tmp
2014-06-30 02:33:36 4096 ----a-w- c:\windows\system32\03C.tmp
2014-06-29 22:24:52 4096 ----a-w- c:\windows\system32\03B.tmp
2014-06-29 19:34:46 4096 ----a-w- c:\windows\system32\03A.tmp
2014-06-29 18:16:24 4096 ----a-w- c:\windows\system32\039.tmp
2014-06-29 17:00:17 4096 ----a-w- c:\windows\system32\038.tmp
2014-06-29 09:51:47 4096 ----a-w- c:\windows\system32\037.tmp
2014-06-29 08:10:15 4096 ----a-w- c:\windows\system32\036.tmp
2014-06-29 05:45:26 4096 ----a-w- c:\windows\system32\035.tmp
2014-06-29 04:01:02 4096 ----a-w- c:\windows\system32\034.tmp
2014-06-29 02:02:44 4096 ----a-w- c:\windows\system32\033.tmp
2014-06-28 23:48:14 4096 ----a-w- c:\windows\system32\032.tmp
2014-06-28 18:43:56 4096 ----a-w- c:\windows\system32\031.tmp
2014-06-28 16:10:50 4096 ----a-w- c:\windows\system32\030.tmp
2014-06-28 14:05:00 4096 ----a-w- c:\windows\system32\02F.tmp
2014-06-28 13:21:27 4096 ----a-w- c:\windows\system32\02E.tmp
2014-06-21 01:28:07 4096 ----a-w- c:\windows\system32\02D.tmp
2014-06-19 00:51:11 4096 ----a-w- c:\windows\system32\02C.tmp
2014-06-18 01:59:20 4096 ----a-w- c:\windows\system32\02B.tmp
2014-06-17 00:56:41 4096 ----a-w- c:\windows\system32\02A.tmp
2014-06-15 20:11:03 4096 ----a-w- c:\windows\system32\029.tmp
2014-06-15 17:46:50 4096 ----a-w- c:\windows\system32\028.tmp
2014-06-15 16:01:27 4096 ----a-w- c:\windows\system32\027.tmp
2014-06-15 13:52:45 4096 ----a-w- c:\windows\system32\026.tmp
2014-06-15 12:36:37 4096 ----a-w- c:\windows\system32\025.tmp
2014-06-15 10:31:31 4096 ----a-w- c:\windows\system32\024.tmp
2014-06-15 10:03:19 4096 ----a-w- c:\windows\system32\023.tmp
2014-06-15 03:18:58 4096 ----a-w- c:\windows\system32\022.tmp
2014-06-14 22:21:38 4096 ----a-w- c:\windows\system32\021.tmp
2014-06-14 20:58:37 4096 ----a-w- c:\windows\system32\020.tmp
2014-06-14 19:01:32 4096 ----a-w- c:\windows\system32\01F.tmp
2014-06-14 17:33:28 4096 ----a-w- c:\windows\system32\01E.tmp
2014-06-14 17:22:26 4096 ----a-w- c:\windows\system32\01D.tmp
2014-06-14 16:39:40 4096 ----a-w- c:\windows\system32\01C.tmp
2014-06-14 15:14:23 4096 ----a-w- c:\windows\system32\01B.tmp
2014-06-14 11:26:39 4096 ----a-w- c:\windows\system32\019.tmp
2014-06-14 11:13:54 4096 ----a-w- c:\windows\system32\01A.tmp
2014-06-14 00:32:59 4096 ----a-w- c:\windows\system32\018.tmp
2014-06-13 09:02:13 4096 ----a-w- c:\windows\system32\017.tmp
2014-06-13 08:02:59 4096 ----a-w- c:\windows\system32\016.tmp
2014-06-13 02:53:05 4096 ----a-w- c:\windows\system32\015.tmp
2014-06-11 05:00:28 4096 ----a-w- c:\windows\system32\014.tmp
2014-06-11 01:39:31 4096 ----a-w- c:\windows\system32\013.tmp
2014-06-10 01:42:13 4096 ----a-w- c:\windows\system32\012.tmp
2014-06-09 02:47:07 4096 ----a-w- c:\windows\system32\011.tmp
2014-06-09 02:10:03 4096 ----a-w- c:\windows\system32\010.tmp
2014-06-09 01:23:02 4096 ----a-w- c:\windows\system32\0F.tmp
2014-06-09 01:13:32 4096 ----a-w- c:\windows\system32\0E.tmp
2014-06-09 00:54:51 4096 ----a-w- c:\windows\system32\0D.tmp
2014-06-08 05:14:30 4096 ----a-w- c:\windows\system32\0C.tmp
2014-06-08 01:51:57 4096 ----a-w- c:\windows\system32\0B.tmp
2014-06-07 00:04:11 4096 ----a-w- c:\windows\system32\0A.tmp
2014-06-07 00:03:20 4096 ----a-w- c:\windows\system32\09.tmp
2014-06-05 23:27:23 4096 ----a-w- c:\windows\system32\08.tmp
2014-06-05 07:15:41 4096 ----a-w- c:\windows\system32\07.tmp
2014-06-05 01:59:38 4096 ----a-w- c:\windows\system32\06.tmp
2014-06-04 00:30:24 4096 ----a-w- c:\windows\system32\05.tmp
2014-06-03 06:22:19 4096 ----a-w- c:\windows\system32\04.tmp
2014-06-02 23:44:40 4096 ----a-w- c:\windows\system32\02.tmp
2014-05-31 02:37:12 4096 ----a-w- c:\windows\system32\01.tmp
2014-05-30 06:50:58 4096 ----a-w- c:\windows\system32\03.tmp
2014-05-30 06:13:38 4096 ----a-w- c:\windows\system32\06EB.tmp
2014-05-27 06:22:59 17152 ----a-w- c:\windows\system32\drivers\IsDrv118.sys
2013-02-07 12:22:00 132250 ----a-w- c:\program files\AntiDust.exe
2009-04-13 15:03:52 38400 --sh--w- c:\windows\sa-076400.exe
2009-04-13 15:03:52 115200 --sh--w- c:\windows\sa-76400.exe
2009-04-13 15:03:52 115200 --sh--w- c:\windows\Ti756184ta.exe
2009-04-13 15:03:52 115200 --sh--w- c:\windows\m57151\EmangEloh.exe
2009-04-13 15:03:52 115200 --sh--w- c:\windows\m57151\Ja167042bLay.com
2009-04-13 15:03:52 115200 --sha-w- c:\windows\m57151\smss.exe
2008-04-14 04:42:02 1384479 --sha-r- c:\windows\system\msvbvm60.dll
2009-04-13 15:03:52 115200 --sh--w- c:\windows\system32\338508756184l.exe
2008-04-14 04:42:02 1384479 --sh--r- c:\windows\system32\msvbvm60.dll
2013-02-18 01:06:06 2686976 --sha-r- c:\windows\system32\regsvr.exe
2013-02-18 01:06:06 2686976 --sha-r- c:\windows\system32\svchost .exe
.
============= FINISH:  1:05:33.53 ===============
 
Attached File  attach.txt   31.64KB   0 downloads

Edited by Marnel, 23 August 2014 - 12:06 PM.


BC AdBot (Login to Remove)

 


#2 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:13 PM

Posted 23 August 2014 - 11:46 AM

Bump..



#3 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:13 PM

Posted 23 August 2014 - 02:12 PM

bump



#4 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:13 PM

Posted 23 August 2014 - 05:15 PM

Bump



#5 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:13 PM

Posted 24 August 2014 - 12:58 AM

Bump



#6 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:13 PM

Posted 24 August 2014 - 04:41 AM

Bump



#7 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:13 PM

Posted 24 August 2014 - 11:22 AM

Bump



#8 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:13 PM

Posted 26 August 2014 - 02:26 AM

Bump



#9 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:13 PM

Posted 27 August 2014 - 10:02 AM

Bump somebody please help



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 AM

Posted 28 August 2014 - 08:06 AM

C:\Documents and Settings\admin\Templates\O75858Z\service.exe
C:\WINDOWS\M57151\smss.exe


You have been infected by a bad WORM.
Refer to this page.
http://lavasoft.com/mylavasoft/malware-descriptions/blog/wormwin32moonlightgen

Under the Removal Recommendations section you will find a link to the Ad-Aware free.


Run a full scan of your computer using the Antivirus program with the updated definition database (Download Ad-Aware Free).

Just Download and run the tool suggested.

Restart the computer normally.
===

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    Please download ComboFix from one of these locations:
    Link 1
    Link 2
    IMPORTANT !!! Save ComboFix.exe to your Desktop
    • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    RcAuto1.gif
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
    Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    p.s.
    Microsoft is no longer supporting the XP Operating system.

    I cannot give you any guarantie that we will be able to clean this computer completely.
    Do you have the XP installation disk?


#11 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:13 PM

Posted 31 August 2014 - 06:48 AM

After I the Combofix I tried to run ad-aware again and this time it worked..

 

--EDIT--

 

I can't run ad-aware I don't know why but here's a screenshot

 

OQe3Byg.png

 

Also I don't have the XP installation disk please help me.. (I can see my files in Drive D: now)

 

 

 

 

 

 

Combofix.txt:

 

ComboFix 14-08-31.01 - admin 09/06/2014  19:30:17.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1789.1179 [GMT 8:00]
Running from: c:\documents and settings\admin\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\admin\Application Data\kpcgrhynko..vbs
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\bmvioaapf@b-kvp.org
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\bmvioaapf@b-kvp.org\bootstrap.js
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\bmvioaapf@b-kvp.org\chrome.manifest
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\bmvioaapf@b-kvp.org\content\bg.js
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\bmvioaapf@b-kvp.org\install.rdf
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\esuocrfvzqpg@rorcu.co.uk
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\esuocrfvzqpg@rorcu.co.uk\bootstrap.js
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\esuocrfvzqpg@rorcu.co.uk\chrome.manifest
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\esuocrfvzqpg@rorcu.co.uk\content\bg.js
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\esuocrfvzqpg@rorcu.co.uk\install.rdf
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\la05anodobr@phf-oxsn.net
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\la05anodobr@phf-oxsn.net\bootstrap.js
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\la05anodobr@phf-oxsn.net\chrome.manifest
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\la05anodobr@phf-oxsn.net\content\bg.js
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\extensions\la05anodobr@phf-oxsn.net\install.rdf
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\Blink 182                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\Data DosenKu                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\Gallery                                                             .scr
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\Lagu - Server                                                             .scr
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\Love Song                                                             .scr
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\New mp3 BaraT !!                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\Norman virus Control 5.18                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\RaHasIA                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\THe Best Ungu                                                             .scr
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\TutoriaL HAcking                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\Windows Vista setup                                                             .scr
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mjdglmlbcfbcjncbngfeldhlneaiopac_0.localstorage
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mjdglmlbcfbcjncbngfeldhlneaiopac_0.localstorage-journal
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nmomjjakkembpcjkklhgfihpknhpimpj_0.localstorage
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nmomjjakkembpcjkklhgfihpknhpimpj_0.localstorage-journal
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pamidlfalnpbkhdhbbepaibgehibgmna_0.localstorage
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pamidlfalnpbkhdhbbepaibgehibgmna_0.localstorage-journal
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Blink 182                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\cdn1.static.youporn.phncdn.com\##C5399AB92134C7F7\00000001.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\effectivemeasure.net\EM_APP.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\fbstatic-a.akamaihd.net\rsrc.php\v1\yb\r\rK9ZlJJFr3q.swf\fb_video_player.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\macromedia.com\support\flashplayer\sys\#effectivemeasure.net\settings.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\macromedia.com\support\flashplayer\sys\#fbstatic-a.akamaihd.net\settings.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\macromedia.com\support\flashplayer\sys\#www-cdn.jtvnw.net\settings.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\macromedia.com\support\flashplayer\sys\#www.mp4upload.com\settings.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\macromedia.com\support\flashplayer\sys\settings.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\s.ytimg.com\soundData.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\www-cdn.jtvnw.net\jtv_pdata.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\www-cdn.jtvnw.net\sessions.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\www.mp4upload.com\com.jeroenwijering.sol
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D273DTT4\www.mp4upload.com\Gallery                                                             .scr
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Data DosenKu                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Gallery                                                             .scr
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Lagu - Server                                                             .scr
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Love Song                                                             .scr
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Norman virus Control 5.18                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\RaHasIA                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\TutoriaL HAcking                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Windows Vista setup                                                             .scr
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
c:\documents and settings\admin\Start Menu\Programs\Startup\sql.cmd
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Blink 182                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Data DosenKu                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Gallery                                                             .scr
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Lagu - Server                                                             .scr
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Love Song                                                             .scr
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\New mp3 BaraT !!                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Norman virus Control 5.18                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\RaHasIA                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\THe Best Ungu                                                             .scr
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\TutoriaL HAcking                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Windows Vista setup                                                             .scr
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\wmimgmt.exe
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\IUSR_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\IWAM_MARKETING-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\cknhpjfjoecgflhhliefdocfipofdand\3.9\mowc5SB.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\fofuK.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjhfclkjdccmophgnodncfhbebpfjikk\2.1\newtab.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\123\o3K9vZS.js
c:\program files\Common Files\Microsoft Shared\Blink 182                                                             .exe
c:\program files\Common Files\Microsoft Shared\Data DosenKu                                                             .exe
c:\program files\Common Files\Microsoft Shared\Gallery                                                             .scr
c:\program files\Common Files\Microsoft Shared\Lagu - Server                                                             .scr
c:\program files\Common Files\Microsoft Shared\Love Song                                                             .scr
c:\program files\Common Files\Microsoft Shared\New mp3 BaraT !!                                                             .exe
c:\program files\Common Files\Microsoft Shared\Norman virus Control 5.18                                                             .exe
c:\program files\Common Files\Microsoft Shared\RaHasIA                                                             .exe
c:\program files\Common Files\Microsoft Shared\THe Best Ungu                                                             .scr
c:\program files\Common Files\Microsoft Shared\Titip Folder Jangan DiHapus                                                             .exe
c:\program files\Common Files\Microsoft Shared\TutoriaL HAcking                                                             .exe
c:\program files\Common Files\Microsoft Shared\Windows Vista setup                                                             .scr
c:\program files\pricechop
c:\program files\pricechop\FczBFSyZvw.dat
c:\program files\pricechop\FczBFSyZvw.dll
c:\program files\pricechop\FczBFSyZvw.tlb
c:\windows\Downloaded Program Files\Blink 182                                                             .exe
c:\windows\Downloaded Program Files\Data DosenKu                                                             .exe
c:\windows\Downloaded Program Files\Gallery                                                             .scr
c:\windows\Downloaded Program Files\Lagu - Server                                                             .scr
c:\windows\Downloaded Program Files\Love Song                                                             .scr
c:\windows\Downloaded Program Files\New mp3 BaraT !!                                                             .exe
c:\windows\Downloaded Program Files\Norman virus Control 5.18                                                             .exe
c:\windows\Downloaded Program Files\RaHasIA                                                             .exe
c:\windows\Downloaded Program Files\THe Best Ungu                                                             .scr
c:\windows\Downloaded Program Files\Titip Folder Jangan DiHapus                                                             .exe
c:\windows\Downloaded Program Files\TutoriaL HAcking                                                             .exe
c:\windows\Downloaded Program Files\Windows Vista setup                                                             .scr
c:\windows\sa-76400.exe
c:\windows\system32\0BB.tmp
c:\windows\system32\28463
c:\windows\system32\338508756184l.exe
c:\windows\system32\Cache
c:\windows\system32\drivers\IsDrv118.sys
c:\windows\system32\oaierde.dll
c:\windows\system32\regsvr.exe
c:\windows\system32\svchost .exe
c:\windows\system32\X72456go\Z338508cie.cmd
c:\windows\Ti756184ta.exe
.
----- File Replicators -----
.
c:\documents and settings\admin\Application Data\Skype\shared_dynco\Blink 182                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_dynco\Data DosenKu                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_dynco\New mp3 BaraT !!                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_dynco\Norman virus Control 5.18                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_dynco\RaHasIA                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_dynco\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_dynco\TutoriaL HAcking                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_httpfe\Blink 182                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_httpfe\Data DosenKu                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_httpfe\New mp3 BaraT !!                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_httpfe\Norman virus Control 5.18                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_httpfe\RaHasIA                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_httpfe\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\admin\Application Data\Skype\shared_httpfe\TutoriaL HAcking                                                             .exe
c:\documents and settings\admin\Downloads\Blink 182                                                             .exe
c:\documents and settings\admin\Downloads\Data DosenKu                                                             .exe
c:\documents and settings\admin\Downloads\New mp3 BaraT !!                                                             .exe
c:\documents and settings\admin\Downloads\Norman virus Control 5.18                                                             .exe
c:\documents and settings\admin\Downloads\RaHasIA                                                             .exe
c:\documents and settings\admin\Downloads\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\admin\Downloads\TutoriaL HAcking                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\Blink 182                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\Data DosenKu                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\New mp3 BaraT !!                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\Norman virus Control 5.18                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\RaHasIA                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\Download\TutoriaL HAcking                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Blink 182                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Data DosenKu                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Norman virus Control 5.18                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\RaHasIA                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\TutoriaL HAcking                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Update \Download\Blink 182                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Update \Download\Data DosenKu                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Update \Download\New mp3 BaraT !!                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Update \Download\Norman virus Control 5.18                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Update \Download\RaHasIA                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Update \Download\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Update \Download\TutoriaL HAcking                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\MaxiGet Download Manager\Blink 182                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\MaxiGet Download Manager\Data DosenKu                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\MaxiGet Download Manager\New mp3 BaraT !!                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\MaxiGet Download Manager\Norman virus Control 5.18                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\MaxiGet Download Manager\RaHasIA                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\MaxiGet Download Manager\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\admin\Local Settings\Application Data\MaxiGet Download Manager\TutoriaL HAcking                                                             .exe
c:\documents and settings\admin\My Documents\Downloads\Blink 182                                                             .exe
c:\documents and settings\admin\My Documents\Downloads\Data DosenKu                                                             .exe
c:\documents and settings\admin\My Documents\Downloads\New mp3 BaraT !!                                                             .exe
c:\documents and settings\admin\My Documents\Downloads\Norman virus Control 5.18                                                             .exe
c:\documents and settings\admin\My Documents\Downloads\RaHasIA                                                             .exe
c:\documents and settings\admin\My Documents\Downloads\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\admin\My Documents\Downloads\TutoriaL HAcking                                                             .exe
c:\documents and settings\admin\Start Menu\Programs\MaxiGet Download Manager\Blink 182                                                             .exe
c:\documents and settings\admin\Start Menu\Programs\MaxiGet Download Manager\Data DosenKu                                                             .exe
c:\documents and settings\admin\Start Menu\Programs\MaxiGet Download Manager\New mp3 BaraT !!                                                             .exe
c:\documents and settings\admin\Start Menu\Programs\MaxiGet Download Manager\Norman virus Control 5.18                                                             .exe
c:\documents and settings\admin\Start Menu\Programs\MaxiGet Download Manager\RaHasIA                                                             .exe
c:\documents and settings\admin\Start Menu\Programs\MaxiGet Download Manager\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\admin\Start Menu\Programs\MaxiGet Download Manager\TutoriaL HAcking                                                             .exe
c:\documents and settings\admin\Templates\O75858Z\service.exe
c:\documents and settings\admin\Templates\O75858Z\TuxO75858Z.exe
c:\documents and settings\admin\Templates\O75858Z\winlogon.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Blink 182                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Data DosenKu                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\New mp3 BaraT !!                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Norman virus Control 5.18                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\RaHasIA                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Titip Folder Jangan DiHapus                                                             .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\TutoriaL HAcking                                                             .exe
c:\msocache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\Blink 182                                                             .exe
c:\msocache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\Data DosenKu                                                             .exe
c:\msocache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\New mp3 BaraT !!                                                             .exe
c:\msocache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\Norman virus Control 5.18                                                             .exe
c:\msocache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\RaHasIA                                                             .exe
c:\msocache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\Titip Folder Jangan DiHapus                                                             .exe
c:\msocache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\TutoriaL HAcking                                                             .exe
c:\program files\Common Files\INCA Shared\Blink 182                                                             .exe
c:\program files\Common Files\INCA Shared\Data DosenKu                                                             .exe
c:\program files\Common Files\INCA Shared\New mp3 BaraT !!                                                             .exe
c:\program files\Common Files\INCA Shared\Norman virus Control 5.18                                                             .exe
c:\program files\Common Files\INCA Shared\RaHasIA                                                             .exe
c:\program files\Common Files\INCA Shared\Titip Folder Jangan DiHapus                                                             .exe
c:\program files\Common Files\INCA Shared\TutoriaL HAcking                                                             .exe
c:\program files\Common Files\Microsoft Shared\Blink 182                                                             .exe
c:\program files\Common Files\Microsoft Shared\Data DosenKu                                                             .exe
c:\program files\Common Files\Microsoft Shared\New mp3 BaraT !!                                                             .exe
c:\program files\Common Files\Microsoft Shared\Norman virus Control 5.18                                                             .exe
c:\program files\Common Files\Microsoft Shared\RaHasIA                                                             .exe
c:\program files\Common Files\Microsoft Shared\Titip Folder Jangan DiHapus                                                             .exe
c:\program files\Common Files\Microsoft Shared\TutoriaL HAcking                                                             .exe
c:\program files\CyberLink\Shared files\Blink 182                                                             .exe
c:\program files\CyberLink\Shared files\Data DosenKu                                                             .exe
c:\program files\CyberLink\Shared files\New mp3 BaraT !!                                                             .exe
c:\program files\CyberLink\Shared files\Norman virus Control 5.18                                                             .exe
c:\program files\CyberLink\Shared files\RaHasIA                                                             .exe
c:\program files\CyberLink\Shared files\Titip Folder Jangan DiHapus                                                             .exe
c:\program files\CyberLink\Shared files\TutoriaL HAcking                                                             .exe
c:\program files\Google\Update \Download\Blink 182                                                             .exe
c:\program files\Google\Update \Download\Data DosenKu                                                             .exe
c:\program files\Google\Update \Download\New mp3 BaraT !!                                                             .exe
c:\program files\Google\Update \Download\Norman virus Control 5.18                                                             .exe
c:\program files\Google\Update \Download\RaHasIA                                                             .exe
c:\program files\Google\Update \Download\Titip Folder Jangan DiHapus                                                             .exe
c:\program files\Google\Update \Download\TutoriaL HAcking                                                             .exe
c:\program files\Movie Maker\Shared\Blink 182                                                             .exe
c:\program files\Movie Maker\Shared\Data DosenKu                                                             .exe
c:\program files\Movie Maker\Shared\New mp3 BaraT !!                                                             .exe
c:\program files\Movie Maker\Shared\Norman virus Control 5.18                                                             .exe
c:\program files\Movie Maker\Shared\RaHasIA                                                             .exe
c:\program files\Movie Maker\Shared\Titip Folder Jangan DiHapus                                                             .exe
c:\program files\Movie Maker\Shared\TutoriaL HAcking                                                             .exe
c:\windows\Downloaded Program Files\Blink 182                                                             .exe
c:\windows\Downloaded Program Files\Data DosenKu                                                             .exe
c:\windows\Downloaded Program Files\New mp3 BaraT !!                                                             .exe
c:\windows\Downloaded Program Files\Norman virus Control 5.18                                                             .exe
c:\windows\Downloaded Program Files\RaHasIA                                                             .exe
c:\windows\Downloaded Program Files\Titip Folder Jangan DiHapus                                                             .exe
c:\windows\Downloaded Program Files\TutoriaL HAcking                                                             .exe
c:\windows\ime\shared\Blink 182                                                             .exe
c:\windows\ime\shared\Data DosenKu                                                             .exe
c:\windows\ime\shared\New mp3 BaraT !!                                                             .exe
c:\windows\ime\shared\Norman virus Control 5.18                                                             .exe
c:\windows\ime\shared\RaHasIA                                                             .exe
c:\windows\ime\shared\Titip Folder Jangan DiHapus                                                             .exe
c:\windows\ime\shared\TutoriaL HAcking                                                             .exe
c:\windows\M57151\EmangEloh.exe
c:\windows\M57151\smss.exe
c:\windows\pchealth\UploadLB\Blink 182                                                             .exe
c:\windows\pchealth\UploadLB\Data DosenKu                                                             .exe
c:\windows\pchealth\UploadLB\New mp3 BaraT !!                                                             .exe
c:\windows\pchealth\UploadLB\Norman virus Control 5.18                                                             .exe
c:\windows\pchealth\UploadLB\RaHasIA                                                             .exe
c:\windows\pchealth\UploadLB\Titip Folder Jangan DiHapus                                                             .exe
c:\windows\pchealth\UploadLB\TutoriaL HAcking                                                             .exe
c:\windows\sa-76400.exe
c:\windows\SoftwareDistribution\Download\Blink 182                                                             .exe
c:\windows\SoftwareDistribution\Download\Data DosenKu                                                             .exe
c:\windows\SoftwareDistribution\Download\New mp3 BaraT !!                                                             .exe
c:\windows\SoftwareDistribution\Download\Norman virus Control 5.18                                                             .exe
c:\windows\SoftwareDistribution\Download\RaHasIA                                                             .exe
c:\windows\SoftwareDistribution\Download\Titip Folder Jangan DiHapus                                                             .exe
c:\windows\SoftwareDistribution\Download\TutoriaL HAcking                                                             .exe
c:\windows\system32\338508756184l.exe
c:\windows\Ti756184ta.exe
.
Infected copy of c:\windows\system32\notepad.exe was found and disinfected 
Restored copy from - c:\windows\NOTEPAD.EXE 
.
c:\windows\system32\rundll32.exe . . . is infected!!
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Legacy_BIJVYCRKN
-------\Legacy_BRNIUJFR
-------\Legacy_EFLXTQCU
-------\Legacy_FUDLVRT
-------\Legacy_LYJOK
-------\Legacy_MFUZM
-------\Legacy_NTDFWSX
-------\Legacy_NVMINI
-------\Legacy_USVCGXE
-------\Legacy_YLHGU
-------\Service_amsint32
-------\Service_bijvycrkn
-------\Service_brniujfr
-------\Service_eflxtqcu
-------\Service_fudlvrt
-------\Service_IsDrv118
-------\Service_jjtyme
-------\Service_lyjok
-------\Service_mfuzm
-------\Service_ntdfwsx
-------\Service_nvmini
-------\Service_tofzmbw
-------\Service_usvcgxe
-------\Service_ylhgu
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-06 to 2014-09-06  )))))))))))))))))))))))))))))))
.
.
2014-09-06 11:25 . 2014-09-06 11:25 4096 ----a-w- c:\windows\system32\03.tmp
2014-09-06 11:19 . 2014-09-06 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2014-08-23 16:01 . 2010-08-30 00:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-23 16:00 . 2014-08-23 16:02 -------- d-----w- C:\AdwCleaner
2014-08-23 15:58 . 2014-08-23 15:58 -------- d-----w- c:\windows\ERUNT
2014-08-23 15:41 . 2014-08-23 15:42 -------- d-----w- C:\FRST
2014-08-21 12:46 . 2014-08-21 12:46 -------- d-----w- c:\windows\system32\SYSMAN
2014-08-19 10:05 . 2008-04-13 21:42 294912 ----a-w- c:\windows\system32\msh263.drv
2014-08-19 09:45 . 2014-08-19 10:10 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-19 09:45 . 2014-08-19 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2014-08-19 05:18 . 2014-08-19 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\352fe28e05b001ca
2014-08-19 05:18 . 2014-08-19 05:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\SUPPORT_388945a0
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\IWAM_MARKETING-PC
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\IUSR_MARKETING-PC
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\HelpAssistant
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\Guest
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\ASPNET
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\Administrator
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Comodo
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-06 11:37 . 2014-05-26 06:00 17152 ----a-w- c:\windows\system32\drivers\nvmini.sys
2014-09-06 11:25 . 2014-05-26 23:49 5157 ----a-w- c:\windows\system32\drivers\ikqnhr.sys
2013-02-07 12:22 . 2013-02-07 12:22 132250 ----a-w- c:\program files\AntiDust.exe
2009-04-13 15:03 38400 --sh--w- c:\windows\sa-076400.exe
2009-04-13 15:03 115200 --sh--w- c:\windows\M57151\Ja167042bLay.com
2008-04-14 04:42 1384479 --sha-r- c:\windows\system\msvbvm60.dll
2008-04-14 04:42 1384479 --sh--r- c:\windows\system32\msvbvm60.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-20 01:13 259464 ------w- c:\program files\AVAST Software\Avast\ashShell.dll
.
c:\documents and settings\admin\Start Menu\Programs\Startup\
kpcgrhynko..vbs [2013-8-17 167773]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^Startup^miqqgrtv.exe]
path=c:\documents and settings\admin\Start Menu\Programs\Startup\miqqgrtv.exe
backup=c:\windows\pss\miqqgrtv.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2014-04-04 00:16 4892520 ----a-w- c:\program files\AVAST Software\Avast\avastui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2014-04-12 14:05 215920 ------w- c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2014-04-30 14:50 844976 ----a-w- c:\windows\system32\Macromed\Flash\FlashUtil32_13_0_0_206_Plugin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kpcgrhynko]
2008-04-14 04:42 155648 ----a-w- c:\windows\system32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2013-01-10 14:35 25709128 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2010-10-26 11:04 53248 ----a-w- c:\windows\system32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 01:16 328064 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Facebook\\Update\\FacebookUpdate.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"d:\\mpdxn.exe"=
"c:\\WINDOWS\\system32\\wscript.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\system32\\at.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Documents and Settings\\admin\\Desktop\\CCE\\KillSwitch.exe"=
"c:\\WINDOWS\\system32\\IPCONFIG.exe"=
"c:\\DOCUME~1\\admin\\LOCALS~1\\Temp\\pelh.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7779:TCP"= 7779:TCP:wfailpvs
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2/20/2014 9:14 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2/20/2014 9:14 AM 180248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/20/2014 9:13 AM 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/20/2014 9:14 AM 775952]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2/20/2014 9:14 AM 67824]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/14/2014 2:21 PM 148208]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/14/2014 2:23 PM 1691480]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys --> c:\windows\system32\DRIVERS\clwvd.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [3/15/2014 7:37 AM 100736]
S3 itbill;itbill;\??\c:\docume~1\admin\LOCALS~1\Temp\~itbill.txt --> c:\docume~1\admin\LOCALS~1\Temp\~itbill.txt [?]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [1/16/2014 8:39 AM 235696]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 qqjfe;qqjfe;\??\c:\windows\system32\09F.tmp --> c:\windows\system32\09F.tmp [?]
S4 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/20/2014 9:14 AM 410784]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AMSINT32
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 11:05 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-19 14:50]
.
2014-06-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-20 01:13]
.
2014-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57989841-1085031214-1417001333-1003Core.job
- c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-04-12 14:05]
.
2014-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57989841-1085031214-1417001333-1003UA.job
- c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-04-12 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-T1571400TT4 - c:\windows\system32\338508756184l.exe
HKLM-Run-T58Z385 - c:\windows\sa-76400.exe
HKLM-Explorer_Run-wmi32 - c:\documents and settings\All Users\Application Data\wmimgmt.exe
HKLM-Explorer_Run-28011 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\cculwau.bat
MSConfigStartUp-BisonMnt - c:\windows\BisonC07\BisonM07.exe
MSConfigStartUp-Google Update - c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-iLivid - c:\documents and settings\admin\Local Settings\Application Data\iLivid\iLivid.exe
MSConfigStartUp-Msn Messsenger - c:\windows\system32\regsvr.exe
MSConfigStartUp-T1571400TT4 - c:\windows\system32\338508756184l.exe
MSConfigStartUp-T58Z385 - c:\windows\sa-76400.exe
MSConfigStartUp-YouCam Service - c:\program files\CyberLink\YouCam\YouCamService.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-06 19:38
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\documents and settings\admin\Start Menu\Programs\Startup\miqqgrtv.exe 107008 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\itbill]
"ImagePath"="\??\c:\docume~1\admin\LOCALS~1\Temp\~itbill.txt"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qqjfe]
"ImagePath"="\??\c:\windows\system32\09F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-57989841-1085031214-1417001333-1003\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{54739D49-AC03-4C57-9264-C5195596B3A1}"=hex:51,66,7a,6c,4c,1d,38,12,27,9e,60,
   50,31,e2,39,09,ed,72,86,59,50,c8,f7,b5
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\docume~1\admin\LOCALS~1\Temp\pelh.exe
c:\docume~1\admin\LOCALS~1\Temp\windonr.exe
c:\windows\system32\rundll32.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2014-09-06  19:42:12 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-06 11:42
.
Pre-Run: 91,126,304,768 bytes free
Post-Run: 91,037,880,320 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 04EDCC0AAB2678E35DF1932A3F5AF837
8F558EB6672622401DA993E1E865C861

Edited by Marnel, 31 August 2014 - 07:04 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 AM

Posted 31 August 2014 - 08:59 AM

StartupFolder: c:\windows\system32\x72456go\Z338508cie.cmd

Open notepad and copy/paste the text in the quote box below into it:
 
File::
c:\documents and settings\admin\Start Menu\Programs\Startup\kpcgrhynko..vbs
c:\windows\pss\miqqgrtv.exeStartup
c:\windows\system32\03.tmp
c:\docume~1\admin\LOCALS~1\Temp\pelh.exe
c:\docume~1\admin\LOCALS~1\Temp\windonr.exe
c:\documents and settings\admin\Start Menu\Programs\Startup\miqqgrtv.exe
c:\windows\system32\drivers\ikqnhr.sys
c:\windows\sa-076400.exe
c:\program files\AntiDust.exe
C:\Documents and Settings\All Users\Application Data\wmimgmt.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\gkpkd.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\winwfryur.exe
c:\windows\system32\drivers\nvmini.sys
c:\windows\system32\drivers\ikqnhr.sys

Folder::
C:\Documents and Settings\admin\Templates\O75858Z
C:\WINDOWS\M57151
c:\windows\system32\x72456go

Driver::
itbill
qqjfe
amsint32
fudlvrt
bijvycrkn
brniujfr
eflxtqcu
jjtyme
lyjok
mfuzm
ntdfwsx
tofzmbw
usvcgxe
ylhgu

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kpcgrhynko]
[-HKLM\~\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^Startup^miqqgrtv.exe]

ClearJavaCache::

Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Continue before posting the log.
 

c:\windows\system32\rundll32.exe . . . is infected!!



Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    rundll32.exe
    *.vbs
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
    ===

    p.s.
    This worm may regenerate. I strongly suggest you Save your Important Documents.
    Do no save any .exe, .pdf, .av files as they may be corrupted.


Edited by nasdaq, 31 August 2014 - 09:01 AM.


#13 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:13 PM

Posted 31 August 2014 - 10:39 AM

Attached File  ComboFix.txt   15.41KB   1 downloadsAttached File  SystemLook.txt   17.69KB   1 downloads

ComboFix 14-08-31.01 - admin 09/06/2014 23:15:27.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.849 [GMT 8:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\docume~1\admin\LOCALS~1\Temp\gkpkd.exe"
"c:\docume~1\admin\LOCALS~1\Temp\pelh.exe"
"c:\docume~1\admin\LOCALS~1\Temp\windonr.exe"
"c:\docume~1\admin\LOCALS~1\Temp\winwfryur.exe"
"c:\documents and settings\admin\Start Menu\Programs\Startup\kpcgrhynko..vbs"
"c:\documents and settings\admin\Start Menu\Programs\Startup\miqqgrtv.exe"
"c:\documents and settings\All Users\Application Data\wmimgmt.exe"
"c:\program files\AntiDust.exe"
"c:\windows\pss\miqqgrtv.exeStartup"
"c:\windows\sa-076400.exe"
"c:\windows\system32\03.tmp"
"c:\windows\system32\drivers\ikqnhr.sys"
"c:\windows\system32\drivers\nvmini.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\docume~1\admin\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\search-metadata.json
c:\documents and settings\admin\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\documents and settings\admin\Start Menu\Programs\Startup\miqqgrtv.exe
c:\documents and settings\admin\Templates\O75858Z
c:\program files\AntiDust.exe
c:\program files\Internet Explorer\dmlconf.dat
c:\windows\[TheMoonlight].txt
c:\windows\Explorermgr.exe
c:\windows\M57151
c:\windows\M57151\Ja167042bLay.com
c:\windows\pss\miqqgrtv.exeStartup
c:\windows\regsvr.exe
c:\windows\sa-076400.exe
c:\windows\ST6UNST.000
c:\windows\system\msvbvm60.dll
c:\windows\system32\03.tmp
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\drivers\nvmini.sys
c:\windows\system32\oledb32.dll
c:\windows\system32\setting.ini
c:\windows\system32\setup.ini
D:\Autorun.inf
.
c:\windows\system32\rundll32.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Legacy_ITBILL
-------\Legacy_NVMINI
-------\Service_itbill
-------\Service_nvmini
-------\Service_qqjfe
.
.
((((((((((((((((((((((((( Files Created from 2014-08-06 to 2014-09-06 )))))))))))))))))))))))))))))))
.
.
2014-09-06 12:05 . 2014-09-06 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2014-09-06 11:58 . 2008-04-14 04:42 78848 ----a-w- c:\windows\system32\msiexec.exe
2014-09-06 11:58 . 2008-04-14 04:42 2843136 ----a-w- c:\windows\system32\msi.dll
2014-09-06 11:58 . 2008-04-14 04:42 271360 ----a-w- c:\windows\system32\msihnd.dll
2014-09-06 11:58 . 2008-04-14 04:42 15360 ----a-w- c:\windows\system32\msisip.dll
2014-09-06 11:58 . 2008-04-13 20:09 884736 ----a-w- c:\windows\system32\msimsg.dll
2014-09-06 11:19 . 2014-09-06 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2014-08-23 16:01 . 2010-08-30 00:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-23 16:00 . 2014-08-23 16:02 -------- d-----w- C:\AdwCleaner
2014-08-23 15:58 . 2014-08-23 15:58 -------- d-----w- c:\windows\ERUNT
2014-08-23 15:41 . 2014-08-23 15:42 -------- d-----w- C:\FRST
2014-08-21 12:46 . 2014-08-21 12:46 -------- d-----w- c:\windows\system32\SYSMAN
2014-08-19 10:05 . 2008-04-13 21:42 294912 ----a-w- c:\windows\system32\msh263.drv
2014-08-19 09:45 . 2014-08-19 10:10 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-19 09:45 . 2014-08-19 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2014-08-19 05:18 . 2014-08-19 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\352fe28e05b001ca
2014-08-19 05:18 . 2014-08-19 05:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\SUPPORT_388945a0
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\IWAM_MARKETING-PC
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\IUSR_MARKETING-PC
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\HelpAssistant
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\Guest
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\ASPNET
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\Administrator
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Comodo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-06 12:11 . 2014-02-14 06:26 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-06 12:11 . 2014-02-14 06:26 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2008-04-14 04:42 1384479 --sh--r- c:\windows\system32\msvbvm60.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-20 01:13 259464 ------w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-15 751184]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-04 161584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"wmi32"="c:\documents and settings\All Users\Application Data\wmimgmt.exe" [BU]
"28011"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\cculwau.bat" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2014-09-06 12:35 138096 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2013-01-10 14:35 25709128 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2010-10-26 11:04 53248 ----a-w- c:\windows\system32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-09-06 12:35 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Facebook\\Update\\FacebookUpdate.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"d:\\mpdxn.exe"=
"c:\\WINDOWS\\system32\\wscript.exe"=
"c:\\WINDOWS\\system32\\at.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Documents and Settings\\admin\\Desktop\\CCE\\KillSwitch.exe"=
"c:\\WINDOWS\\system32\\IPCONFIG.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7779:TCP"= 7779:TCP:wfailpvs
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2/20/2014 9:14 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2/20/2014 9:14 AM 180248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/20/2014 9:13 AM 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/20/2014 9:14 AM 775952]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [9/6/2014 8:28 PM 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/6/2014 8:28 PM 430160]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2/20/2014 9:14 AM 67824]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [8/4/2014 2:20 PM 149296]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/14/2014 2:21 PM 148208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/14/2014 2:23 PM 1691480]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys --> c:\windows\system32\DRIVERS\clwvd.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [3/15/2014 7:37 AM 100736]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [1/16/2014 8:39 AM 235696]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/20/2014 9:14 AM 410784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-06 13:06 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-19 12:11]
.
2014-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57989841-1085031214-1417001333-1003Core.job
- c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-04-12 12:35]
.
2014-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57989841-1085031214-1417001333-1003UA.job
- c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-04-12 12:35]
.
2014-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-06 13:02]
.
2014-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-06 13:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = https://www.mozilla.org/en-US/firefox/installer-help/?channel=release&installer_lang=en-US
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AvastUI - c:\program files\AVAST Software\Avast\AvastUI.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_13_0_0_206_Plugin.exe
AddRemove-Avast - c:\program files\AVAST Software\Avast\Setup\Instup.exe
AddRemove-UnityWebPlayer - c:\documents and settings\admin\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-06 23:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-57989841-1085031214-1417001333-1003\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{54739D49-AC03-4C57-9264-C5195596B3A1}"=hex:51,66,7a,6c,4c,1d,38,12,27,9e,60,
50,31,e2,39,09,ed,72,86,59,50,c8,f7,b5
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\McAfee Security Scan\3.8.141\McUicnt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
c:\program files\avira\antivir desktop\avscan.exe
.
**************************************************************************
.
Completion time: 2014-09-06 23:30:02 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-06 15:29
ComboFix2.txt 2014-09-06 11:42
.
Pre-Run: 88,018,411,520 bytes free
Post-Run: 89,586,847,744 bytes free
.
- - End Of File - - 0BA1334EBA750311C8F57D822850A84F
8F558EB6672622401DA993E1E865C861

Edited by nasdaq, 31 August 2014 - 06:08 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 AM

Posted 31 August 2014 - 06:10 PM




Open notepad and copy/paste the text in the quote box below into it:

FCOPY::
C:\WINDOWS\system32\dllcache\rundll32.exe | C:\WINDOWS\system32\rundll32.exe

Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe

Restart the computer normally.

Then post the resultant log.
===

Post the log and let me know what problem persists

#15 Marnel

Marnel
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:05:13 PM

Posted 01 September 2014 - 02:28 AM

Combofix.txt

 

ComboFix 14-08-31.01 - admin 09/07/2014  15:15:29.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1789.1209 [GMT 8:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\admin\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\documents and settings\admin\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\rundll32.exe --> c:\windows\system32\rundll32.exe
.
(((((((((((((((((((((((((   Files Created from 2014-08-07 to 2014-09-07  )))))))))))))))))))))))))))))))
.
.
2014-09-07 06:12 . 2014-09-07 06:12 -------- d-----w- c:\program files\McAfee Security Scan
2014-09-07 01:20 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2014-09-07 00:47 . 2014-09-07 00:47 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\PCHealth
2014-09-06 21:01 . 2014-09-06 21:01 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\WMTools Downloaded Files
2014-09-06 20:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2014-09-06 20:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2014-09-06 20:00 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-09-06 20:00 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-09-06 19:59 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2014-09-06 17:03 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2014-09-06 17:03 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2014-09-06 17:03 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2014-09-06 17:03 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2014-09-06 16:48 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2014-09-06 16:48 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2014-09-06 16:10 . 2014-09-07 01:29 -------- d--h--w- c:\windows\$hf_mig$
2014-09-06 12:39 . 2014-09-06 13:58 -------- d-----w- c:\windows\system32\NtmsData
2014-09-06 12:37 . 2014-09-06 12:37 -------- d-----w- c:\documents and settings\admin\Application Data\Avira
2014-09-06 12:36 . 2014-09-06 12:36 -------- d-----w- C:\Audition PH
2014-09-06 12:30 . 2014-09-06 12:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira
2014-09-06 12:28 . 2014-08-15 02:30 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-09-06 12:28 . 2014-08-15 02:30 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-09-06 12:28 . 2014-08-15 02:30 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-09-06 12:25 . 2014-09-06 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Garena
2014-09-06 12:25 . 2014-09-06 12:25 -------- d-----w- c:\documents and settings\admin\Application Data\Garena
2014-09-06 12:24 . 2014-09-06 12:25 -------- d-----w- c:\program files\Garena Plus
2014-09-06 12:05 . 2014-09-06 14:31 -------- d-----w- c:\program files\Avira
2014-09-06 12:05 . 2014-09-06 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2014-09-06 11:58 . 2008-04-14 04:42 78848 ----a-w- c:\windows\system32\msiexec.exe
2014-09-06 11:58 . 2008-04-14 04:42 2843136 ----a-w- c:\windows\system32\msi.dll
2014-09-06 11:58 . 2008-04-14 04:42 271360 ----a-w- c:\windows\system32\msihnd.dll
2014-09-06 11:58 . 2008-04-14 04:42 15360 ----a-w- c:\windows\system32\msisip.dll
2014-09-06 11:58 . 2008-04-13 20:09 884736 ----a-w- c:\windows\system32\msimsg.dll
2014-09-06 11:57 . 2013-07-04 03:03 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2014-09-06 11:57 . 2013-07-04 02:59 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2014-09-06 11:57 . 2013-07-04 02:08 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2014-09-06 11:54 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2014-09-06 11:54 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2014-09-06 11:54 . 2013-11-06 01:03 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2014-09-06 11:19 . 2014-09-06 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2014-08-23 16:01 . 2010-08-30 00:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-23 16:00 . 2014-08-23 16:02 -------- d-----w- C:\AdwCleaner
2014-08-23 15:58 . 2014-08-23 15:58 -------- d-----w- c:\windows\ERUNT
2014-08-23 15:41 . 2014-08-23 15:42 -------- d-----w- C:\FRST
2014-08-21 12:46 . 2014-08-21 12:46 -------- d-----w- c:\windows\system32\SYSMAN
2014-08-19 10:05 . 2008-04-13 21:42 294912 ----a-w- c:\windows\system32\msh263.drv
2014-08-19 09:45 . 2014-08-19 10:10 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-19 09:45 . 2014-08-19 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2014-08-19 05:18 . 2014-08-19 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\352fe28e05b001ca
2014-08-19 05:18 . 2014-08-19 05:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\SUPPORT_388945a0
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\IWAM_MARKETING-PC
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\IUSR_MARKETING-PC
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\HelpAssistant
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\Guest
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\ASPNET
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\Administrator
2014-08-19 05:18 . 2014-08-19 05:18 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Comodo
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-06 12:11 . 2014-02-14 06:26 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-06 12:11 . 2014-02-14 06:26 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2008-04-14 04:42 1384479 --sh--r- c:\windows\system32\msvbvm60.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-20 01:13 259464 ------w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-15 751184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"wmi32"="c:\documents and settings\All Users\Application Data\wmimgmt.exe" [BU]
"28011"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\cculwau.bat" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2014-08-15 02:30 751184 ------w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira Systray]
2014-08-04 06:20 161584 ------w- c:\program files\Avira\My Avira\Avira.OE.Systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2014-09-06 12:35 138096 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2013-01-10 14:35 25709128 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2010-10-26 11:04 53248 ----a-w- c:\windows\system32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-09-06 12:35 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Facebook\\Update\\FacebookUpdate.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"d:\\mpdxn.exe"=
"c:\\WINDOWS\\system32\\wscript.exe"=
"c:\\WINDOWS\\system32\\at.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Documents and Settings\\admin\\Desktop\\CCE\\KillSwitch.exe"=
"c:\\WINDOWS\\system32\\IPCONFIG.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7779:TCP"= 7779:TCP:wfailpvs
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2/20/2014 9:14 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2/20/2014 9:14 AM 180248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/20/2014 9:13 AM 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/20/2014 9:14 AM 775952]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [9/6/2014 8:28 PM 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/6/2014 8:28 PM 430160]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2/20/2014 9:14 AM 67824]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [8/4/2014 2:20 PM 149296]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/14/2014 2:21 PM 148208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/14/2014 2:23 PM 1691480]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys --> c:\windows\system32\DRIVERS\clwvd.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [3/15/2014 7:37 AM 100736]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [4/9/2014 9:12 PM 235696]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/20/2014 9:14 AM 410784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-06 13:06 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-19 12:11]
.
2014-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57989841-1085031214-1417001333-1003Core.job
- c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-04-12 12:35]
.
2014-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57989841-1085031214-1417001333-1003UA.job
- c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-04-12 12:35]
.
2014-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-06 13:02]
.
2014-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-06 13:02]
.
2014-09-07 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-09-06 01:59]
.
2014-09-07 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-09-06 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ft4xboq3.default-1398210631046\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-07 15:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-57989841-1085031214-1417001333-1003\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{54739D49-AC03-4C57-9264-C5195596B3A1}"=hex:51,66,7a,6c,4c,1d,38,12,27,9e,60,
   50,31,e2,39,09,ed,72,86,59,50,c8,f7,b5
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2014-09-07  15:25:54 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-07 07:25
ComboFix2.txt  2014-09-06 11:42
.
Pre-Run: 88,097,280,000 bytes free
Post-Run: 88,184,299,520 bytes free
.
- - End Of File - - 6457B8387ABCD76216CFF447A5471C55
8F558EB6672622401DA993E1E865C861
 
----------------------------------------------------------------------------------------
 
It takes a while before I can click the "Start" Menu





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users