View Full Version : I can't run Spybot, Ewido, or Registry First Aid
chris125
2009-02-10, 07:43
There is something about this virus that has deleted all my system restore points, and I can't run any antivirus. I was about to get a HJT log though, hopefully someone can help me out with this.
It also opens a multitude of sites to online555casino when I run Internet Explorer.
Thanks for any help,
Chris
(here's the hjt log)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:37 PM, on 2/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\UNDNAME.EXE
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRAM FILES\JAVA\JRE6\BIN\JUSCHED.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRAM FILES\DNA\BTDNA.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Chris\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Chris\odrntno.exe \s,C:\WINDOWS\system32\undname.exe,C:\WINDOWS\system32\c++.exe,C:\WINDOWS\system32\actcontroller.exe,C:\WINDOWS\system32\idaw64.exe,
O2 - BHO: (no name) - {1C508C55-B3C0-46C0-85A7-222E1ADC9652} - C:\WINDOWS\system32\fcccywtS.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\yayyWmLF.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Chris\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [0c0694d4] rundll32.exe "C:\WINDOWS\system32\yqqdsovj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\PROGRAM FILES\DNA\BTDNA.EXE"
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Chris\LOCALS~1\Temp\csrssc.exe
O4 - HKUS\S-1-5-18\..\Run: [bnaoblfb.exe] C:\WINDOWS\bnaoblfb.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [lfzgwkep.exe] C:\WINDOWS\lfzgwkep.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dbxkaknz.exe] C:\WINDOWS\dbxkaknz.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [bnaoblfb.exe] C:\WINDOWS\bnaoblfb.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137127858093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O20 - AppInit_DLLs: polybf.dll nccmat.dll
O20 - Winlogon Notify: yayyWmLF - C:\WINDOWS\SYSTEM32\yayyWmLF.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
--
End of file - 10482 bytes
chris125
2009-02-10, 07:45
I've also been getting BSOD quite regularly, even in safe mode.
Hi Chris,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
DNA Bittorrent
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Delete these folders afterwards:
C:\PROGRAM FILES\DNA
Empty Recycle Bin.
After that:
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)
chris125
2009-02-14, 12:13
Logfile of random's system information tool 1.05 (written by random/random)
Run by Chris at 2009-02-14 02:10:31
Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (12%) free of 194 GB
Total RAM: 2047 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:39 AM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
C:\PROGRAM FILES\SNAPSTREAM MEDIA\BEYOND TV\BTVLIBRARYSERVICE.EXE
C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
C:\PROGRAM FILES\SNAPSTREAM MEDIA\BEYOND TV\BTVNETWORKSERVICE.EXE
C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
G:\RSIT.exe
C:\Documents and Settings\Chris\Desktop\Chris.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Chris\rsd.exe \s
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\yayyWmLF.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Chris\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMP38.tmp
O4 - HKLM\..\Run: [0c0694d4] rundll32.exe "C:\WINDOWS\system32\hbtpduyv.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Chris\LOCALS~1\Temp\csrssc.exe
O4 - HKUS\S-1-5-18\..\Run: [bnaoblfb.exe] C:\WINDOWS\bnaoblfb.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [lfzgwkep.exe] C:\WINDOWS\lfzgwkep.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dbxkaknz.exe] C:\WINDOWS\dbxkaknz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bopfciju.exe] C:\WINDOWS\bopfciju.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [bnaoblfb.exe] C:\WINDOWS\bnaoblfb.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137127858093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O20 - AppInit_DLLs: polybf.dll nccmat.dll xhdyph.dll
O20 - Winlogon Notify: yayyWmLF - C:\WINDOWS\SYSTEM32\yayyWmLF.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
--
End of file - 10580 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\sltzinrn.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\yayyWmLF.dll [2009-02-09 37376]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2005-12-04 461584]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2005-12-04 437008]
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe [2005-09-28 917566]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 98304]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 151552]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-04 136600]
"Firefly"=C:\Program Files\SnapStream Media\Firefly\Firefly.exe [2006-06-05 200704]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 110592]
"pdfFactory Pro Dispatcher v2"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [2006-01-12 516096]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 434176]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]
"jsf8uiw3jnjgffght"=C:\DOCUME~1\Chris\LOCALS~1\Temp\winlognn.exe [2009-02-09 15000]
"PromoReg"=C:\WINDOWS\TEMP\TMP38.tmp [2009-02-09 387584]
"0c0694d4"=C:\WINDOWS\system32\hbtpduyv.dll [2009-02-11 73216]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 32256]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 221696]
"AdobeBridge"= []
"tezrtsjhfr84iusjfo84f"=C:\DOCUME~1\Chris\LOCALS~1\Temp\csrssc.exe [2009-02-09 176129]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BDARemote.lnk - C:\Program Files\USB TV\Uninstall\EM28XX\BDARemote.exe
Beyond TV.lnk - C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="polybf.dll nccmat.dll xhdyph.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-04 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyWmLF]
C:\WINDOWS\system32\yayyWmLF.dll [2009-02-09 37376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido anti-malware\shellhook.dll [2004-09-30 39488]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\yayyWmLF.dll [2009-02-09 37376]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\urqNHBsq
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\inxtcivv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\inxtcivv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:*:Enabled:TV Registration Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:*:Enabled:TV Library Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:*:Enabled:TV Network Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:*:Enabled:TV Notifier Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:*:Enabled:TV Recording Engine"
"C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:*:Enabled:TV Guide Data Loader"
"C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:*:Enabled:TV Settings Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:*:Enabled:TV Task Manager Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:*:Enabled:TV ViewScape"
"C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe"="C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:*:Enabled:TV Setup Wizard"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 1 months======
2009-02-14 02:10:31 ----D---- C:\rsit
2009-02-11 22:31:11 ----ASH---- C:\WINDOWS\system32\vyudptbh.ini
2009-02-11 22:31:10 ----A---- C:\WINDOWS\system32\hbtpduyv.dll
2009-02-11 22:30:43 ----A---- C:\WINDOWS\system32\32.tmp
2009-02-11 22:30:43 ----A---- C:\WINDOWS\system32\31.tmp
2009-02-11 22:30:42 ----A---- C:\WINDOWS\system32\30.tmp
2009-02-11 22:28:48 ----A---- C:\WINDOWS\system32\_xhdyph.dll
2009-02-11 22:28:45 ----A---- C:\WINDOWS\system32\ognvrqsl.dll
2009-02-11 22:28:10 ----ASH---- C:\WINDOWS\system32\qsBHNqru.ini2
2009-02-11 22:28:06 ----A---- C:\WINDOWS\services.exe
2009-02-11 22:28:05 ----ASH---- C:\WINDOWS\system32\qsBHNqru.ini
2009-02-11 22:27:56 ----A---- C:\WINDOWS\system32\_urqNHBsq.dll
2009-02-11 22:27:36 ----A---- C:\WINDOWS\system32\15.tmp
2009-02-11 22:27:33 ----A---- C:\WINDOWS\system32\14.tmp
2009-02-11 22:27:19 ----A---- C:\WINDOWS\system32\13.tmp
2009-02-09 22:53:10 ----A---- C:\WINDOWS\system32\ndetect.exe
2009-02-09 22:53:09 ----A---- C:\WINDOWS\system32\3A.tmp
2009-02-09 22:53:09 ----A---- C:\WINDOWS\bopfciju.exe
2009-02-09 22:53:07 ----A---- C:\WINDOWS\system32\39.tmp
2009-02-09 22:50:27 ----A---- C:\WINDOWS\system32\37.tmp
2009-02-09 22:50:27 ----A---- C:\WINDOWS\system32\36.tmp
2009-02-09 22:50:26 ----A---- C:\WINDOWS\system32\35.tmp
2009-02-09 20:27:44 ----ASH---- C:\WINDOWS\system32\jvosdqqy.ini
2009-02-09 20:25:18 ----A---- C:\WINDOWS\system32\_nccmat.dll
2009-02-09 20:25:16 ----A---- C:\WINDOWS\system32\kibvpcif.dll
2009-02-09 20:25:07 ----A---- C:\WINDOWS\system32\27.tmp
2009-02-09 20:25:04 ----A---- C:\WINDOWS\system32\26.tmp
2009-02-09 20:25:02 ----A---- C:\WINDOWS\system32\24.tmp
2009-02-09 20:25:01 ----A---- C:\WINDOWS\system32\23.tmp
2009-02-09 20:24:59 ----A---- C:\WINDOWS\system32\22.tmp
2009-02-09 20:24:43 ----ASH---- C:\WINDOWS\system32\Stwycccf.ini2
2009-02-09 20:24:42 ----ASH---- C:\WINDOWS\system32\Stwycccf.ini
2009-02-09 20:24:34 ----A---- C:\WINDOWS\system32\_fcccywtS.dll
2009-02-09 20:15:54 ----A---- C:\WINDOWS\system32\efcDvTLd.dll
2009-02-09 20:10:42 ----A---- C:\WINDOWS\system32\actcontroller.exe
2009-02-09 20:10:42 ----A---- C:\WINDOWS\system32\20.tmp
2009-02-09 20:10:41 ----A---- C:\WINDOWS\system32\1F.tmp
2009-02-09 20:08:01 ----A---- C:\WINDOWS\system32\12.tmp
2009-02-09 20:08:00 ----A---- C:\WINDOWS\system32\11.tmp
2009-02-09 20:07:59 ----A---- C:\WINDOWS\system32\10.tmp
2009-02-09 20:05:28 ----A---- C:\WINDOWS\system32\c++.exe
2009-02-09 20:05:28 ----A---- C:\WINDOWS\system32\1C.tmp
2009-02-09 20:05:28 ----A---- C:\WINDOWS\dbxkaknz.exe
2009-02-09 20:05:27 ----A---- C:\WINDOWS\system32\1B.tmp
2009-02-09 20:02:48 ----A---- C:\WINDOWS\system32\F.tmp
2009-02-09 20:02:46 ----A---- C:\WINDOWS\system32\D.tmp
2009-02-09 20:02:42 ----A---- C:\WINDOWS\system32\2.tmp
2009-02-09 15:33:39 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-09 15:30:57 ----A---- C:\WINDOWS\system32\undname.exe
2009-02-09 15:30:56 ----A---- C:\WINDOWS\system32\3B.tmp
2009-02-09 15:30:55 ----A---- C:\WINDOWS\system32\38.tmp
2009-02-09 15:30:55 ----A---- C:\WINDOWS\lfzgwkep.exe
2009-02-09 15:27:48 ----A---- C:\WINDOWS\system32\E.tmp
2009-02-09 15:27:47 ----A---- C:\WINDOWS\system32\C.tmp
2009-02-09 15:27:45 ----A---- C:\WINDOWS\system32\B.tmp
2009-02-09 12:06:45 ----A---- C:\WINDOWS\system32\A.tmp
2009-02-09 12:06:39 ----A---- C:\WINDOWS\system32\9.tmp
2009-02-09 12:06:34 ----A---- C:\WINDOWS\system32\8.tmp
2009-02-09 11:39:38 ----A---- C:\WINDOWS\system32\idaw64.exe
2009-02-09 11:39:37 ----A---- C:\WINDOWS\system32\4C.tmp
2009-02-09 11:39:23 ----A---- C:\WINDOWS\system32\4A.tmp
2009-02-09 11:39:22 ----A---- C:\WINDOWS\system32\49.tmp
2009-02-09 11:39:21 ----A---- C:\WINDOWS\system32\48.tmp
2009-02-09 11:38:15 ----A---- C:\WINDOWS\system32\_polybf.dll
2009-02-09 11:38:13 ----A---- C:\WINDOWS\system32\ctlapotj.dll
2009-02-09 11:35:56 ----A---- C:\WINDOWS\system32\7z.exe
2009-02-09 11:35:55 ----A---- C:\WINDOWS\bnaoblfb.exe
2009-02-09 11:35:54 ----A---- C:\WINDOWS\system32\2D.tmp
2009-02-09 11:35:29 ----ASH---- C:\WINDOWS\system32\wxxtuabf.ini
2009-02-09 11:35:09 ----A---- C:\WINDOWS\system32\072550aa-.txt
2009-02-09 11:32:10 ----ASH---- C:\WINDOWS\system32\QAIkUtwa.ini2
2009-02-09 11:32:04 ----ASH---- C:\WINDOWS\system32\QAIkUtwa.ini
2009-02-09 11:31:55 ----A---- C:\WINDOWS\system32\_awtUkIAQ.dll
2009-02-09 11:28:12 ----A---- C:\WINDOWS\system32\7.tmp
2009-02-09 11:28:10 ----A---- C:\WINDOWS\system32\6.tmp
2009-02-09 11:28:10 ----A---- C:\WINDOWS\system32\4.tmp
2009-02-09 00:25:52 ----A---- C:\WINDOWS\system32\5.tmp
2009-02-09 00:25:46 ----A---- C:\WINDOWS\system32\3.tmp
2009-02-09 00:25:09 ----A---- C:\WINDOWS\system32\vtUomJYq.dll
2009-02-09 00:22:54 ----A---- C:\WINDOWS\xccdf32_090131a.dll
2009-02-09 00:22:54 ----A---- C:\WINDOWS\xccdf16_090131a.dll
2009-02-09 00:22:53 ----A---- C:\oxrdoksm.exe
2009-02-09 00:22:48 ----D---- C:\WINDOWS\system32\inf
2009-02-09 00:22:48 ----A---- C:\WINDOWS\xccwinsys.ini
2009-02-09 00:22:38 ----A---- C:\WINDOWS\system32\_hsfd83jfdg.dll
2009-02-09 00:22:37 ----A---- C:\jortnq.exe
2009-02-09 00:22:32 ----A---- C:\WINDOWS\system32\yayyWmLF.dll
2009-01-28 22:36:32 ----D---- C:\gnuplot
======List of files/folders modified in the last 1 months======
2009-02-14 02:09:55 ----HD---- C:\WINDOWS\inf
2009-02-14 02:09:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-14 02:09:32 ----RD---- C:\Program Files
2009-02-14 02:07:59 ----D---- C:\Documents and Settings\Chris\Application Data\BitTorrent
2009-02-14 02:05:23 ----AD---- C:\WINDOWS\temp
2009-02-13 10:15:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-13 10:01:06 ----D---- C:\WINDOWS\system32
2009-02-11 22:30:52 ----D---- C:\WINDOWS
2009-02-11 22:27:22 ----D---- C:\WINDOWS\system32\drivers
2009-02-09 22:42:59 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-02-09 20:45:13 ----D---- C:\Program Files\Mozilla Firefox
2009-02-09 11:57:45 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-09 11:39:40 ----D---- C:\WINDOWS\Prefetch
2009-02-09 11:36:20 ----D---- C:\WINDOWS\Minidump
2009-02-09 00:25:14 ----SD---- C:\WINDOWS\Tasks
2009-02-09 00:22:51 ----D---- C:\WINDOWS\system
2009-02-07 12:38:16 ----SHD---- C:\WINDOWS\Installer
2009-02-04 14:09:06 ----D---- C:\Program Files\Soulseek
2009-02-03 23:20:15 ----A---- C:\WINDOWS\matlab.ini
2009-01-22 23:12:29 ----D---- C:\WINDOWS\system32\config
2009-01-22 23:11:54 ----D---- C:\WINDOWS\system32\wbem
2009-01-22 23:11:53 ----D---- C:\WINDOWS\Registration
2009-01-22 22:56:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-22 22:56:16 ----A---- C:\WINDOWS\system32\svchost.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 amdtools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\amdtools.sys [2005-01-19 21120]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 ewido security suite driver;ewido security suite driver; \??\C:\Program Files\ewido anti-malware\guard.sys []
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2005-09-12 68608]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 RTWTKRNL;Real-Time Windows Target; \??\C:\WINDOWS\system32\drivers\RTWTKRNL.sys []
R2 tm_cfw;Common Firewall Driver; C:\WINDOWS\System32\Drivers\tm_cfw.sys [2005-09-12 1939328]
R2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-05-02 205328]
R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-05-02 36368]
R2 Vsapint;Vsapint; C:\WINDOWS\system32\drivers\VsapiNT.sys [2008-05-02 1169240]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-04 2782208]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2007-11-06 169856]
R3 ATIAVPCI;ATI Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavrr.sys [2006-11-16 375424]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-07-26 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-07-26 415360]
R3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys [2009-02-11 53248]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 X10UIF;%DESCRIPTION%; C:\WINDOWS\System32\Drivers\x10uif.sys [2004-01-22 10761]
S1 ethsgahb;ethsgahb; C:\WINDOWS\system32\drivers\ethsgahb.sys [2009-02-09 137408]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-03 105984]
S3 atirage;atirage; C:\WINDOWS\system32\DRIVERS\atiragem.sys [2001-08-17 70528]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2007-06-05 69905]
S3 MPCSYS;MPCSYS; C:\WINDOWS\system32\drivers\MPCSYS.sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-03 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WINIO;WINIO; \??\C:\WINDOWS\system32\winio.sys []
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-09-19 241280]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\ZDPNDIS5.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-04 516096]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 30784]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-04 152984]
R2 matlabserver;MATLAB Server; C:\MATLAB701\webserver\bin\win32\matlabserver.exe [2004-08-16 557056]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2005-09-28 970831]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 102400]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-09-28 360517]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-09-12 651325]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-09-12 307268]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 930304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-05 614400]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-16 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 57344]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 94208]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 761856]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 SandraDataSrv;Sandra Data Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe [2006-08-03 119800]
S3 SandraTheSrv;Sandra Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe [2006-08-03 1156096]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 283136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-01-22 31232]
S3 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe [2003-12-21 40960]
S4 ewido security suite guard;ewido security suite guard; C:\Program Files\ewido anti-malware\ewidoguard.exe [2005-12-18 172096]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 143360]
-----------------EOF-----------------
chris125
2009-02-14, 12:15
info.txt logfile of random's system information tool 1.05 2009-02-14 02:10:42
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ableton Live v5.0.2-->C:\PROGRA~1\Ableton\LIVE50~1.2\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE50~1.2\INSTALL.LOG
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4 Library-->C:\Program Files\Common Files\Adobe\Installers\1f3d5fcc5fe78dc374b6ccbd2d399ba\Setup.exe --uninstall=1
Adobe Encore CS4 Library-->MsiExec.exe /I{B095B0A4-50A5-46D7-9988-D038FEB040C0}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4 Exporter-->C:\Program Files\Common Files\Adobe\Installers\5eba9bbdf1514a06b1a4c79a2920188\Setup.exe --uninstall=1
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->C:\Program Files\Common Files\Adobe\Installers\7774cb1e022c49962995a9014500066\Setup.exe --uninstall=1
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4 Third Party Content-->C:\Program Files\Common Files\Adobe\Installers\6e02d32c7e5a9d9fc86bc91618cafda\Setup.exe --uninstall=1
Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
Adobe Premiere Pro CS4-->C:\Program Files\Common Files\Adobe\Installers\26b63376f4efc354dae41af6b5e3343\Setup.exe --uninstall=1
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Premiere Pro CS4-->MsiExec.exe /I{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Setup-->MsiExec.exe /I{566BB41D-F006-4956-A5D3-94D8DFFA7F51}
Adobe Setup-->MsiExec.exe /I{819E24AA-DB15-4BA8-8D76-92BDF710610B}
Adobe Setup-->MsiExec.exe /I{9F8FDE1A-FA91-43F2-887B-CF080156D57E}
Adobe Setup-->MsiExec.exe /I{B21BDC7C-49A1-4155-9425-2F9DED3CD5ED}
Adobe Setup-->MsiExec.exe /I{EC68232E-C74E-4F1A-B296-DFD2E1944E10}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AMD Power Monitor-->MsiExec.exe /X{EA960DA1-121B-413D-A50D-FB6D3857F790}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AsusUpdate-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Beyond TV DVD Burning Foundation-->MsiExec.exe /I{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}
Beyond TV DVD Burning Foundation-->MsiExec.exe /I{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CoreAAC Audio Decoder (remove only)-->"C:\WINDOWS\system32\CoreAAC-uninstall.exe"
Creative DVD Audio Plugin for Audigy Series-->"C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
DBSE 2-->MsiExec.exe /I{6AFF395E-E365-4770-A392-CF0B17CD3B64}
DVDFab Decrypter 3.0.7.0-->"C:\Program Files\DVDFab Decrypter 3\unins000.exe"
ewido anti-malware-->C:\Program Files\ewido anti-malware\Uninstall.exe
FreshUI-->"C:\Program Files\FreshDevices\FreshUI\unins000.exe"
GEAR 32bit Driver Installer-->MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Documents and Settings\Chris\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iConcertCal-->MsiExec.exe /I{FF011FFA-FC8A-4866-B1BA-BCE65AFEEADA}
InterVideo WinDVD 5-->"C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Joost (tm) Beta 1.0-->C:\Program Files\Joost\uninst.exe
MATLAB Family of Products Release 14-->C:\MATLAB701\uninstall\uninstall.exe C:\MATLAB701\
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
MixMeister Fusion + Video 7.3.2-->"C:\Program Files\MixMeister Fusion + Video\unins000.exe"
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Ultra Edition-->MsiExec.exe /X{98EFD8F0-08DE-48DB-B922-A2EBAB711033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC Probe II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9
PCMark04-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4718EA71-CED3-498D-8FA9-34CB830AF2D8}\Setup.exe" -l0x9
pdfFactory Pro-->C:\WINDOWS\system32\spool\drivers\w32x86\3\fppinst2.exe /uninstall
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QSuite Ver2.1-->"C:\Program Files\QSuite\unins000.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Real-Time Windows Target-->%windir%\rtwintgt -uninstall
Reason 3.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
ReCycle v2.1-->C:\PROGRA~1\Recycle\UNWISE.EXE C:\PROGRA~1\Recycle\INSTALL.LOG
Registry First Aid-->"C:\Program Files\RFA\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
SiSoftware Sandra Lite 2007.SP1 (Win64/32/CE)-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\unins000.exe"
SnapStream Beyond TV 4.8.1-->"C:\Program Files\SnapStream Media\Beyond TV\uninstall-btv.exe"
Snapstream Firefly 1.2.1.916-->"C:\Program Files\SnapStream Media\Firefly\uninstall-ff.exe"
SnapStream Firefly Mini 1.0.2-->"C:\Program Files\SnapStream Media\Firefly Mini\Uninstall.exe"
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam(TM)-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Tag&Rename 3.0-->"C:\Program Files\TagRename\unins000.exe"
Trend Micro PC-cillin Internet Security 2006-->MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VanDyke Software SecureCRT 4.1-->C:\PROGRA~1\SECURE~1\UNINSTAL.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG
Videora iPod Converter 2.19-->C:\Program Files\videora\uninstaller.exe
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Visual Studio 2005 Redist Package-->MsiExec.exe /I{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodei Multimedia Processor 2.00-->C:\Program Files\Joost\uninst.exe
VP6 VFW Codec-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A23866A0-738B-4091-9924-0B0DE3988A15}\Setup.exe" -l0x9
WinAce Archiver-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
X-Win32 7.1-->MsiExec.exe /I{7D32F6CD-EC1E-48E5-95E9-DB47A6E2D1C3}
======Hosts File======
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
======Security center information======
AV: Trend Micro PC-cillin Internet Security 2006 (outdated)
FW: Trend Micro PC-cillin Internet Security (Firewall)
System event log
Computer Name: CHRISAMD
Event Code: 26
Message: Application popup: Explorer.EXE - Bad Image : The application or DLL C:\WINDOWS\system32\ShimEng.dll is not a valid Windows image. Please check this against your installation diskette.
Record Number: 5
Source Name: Application Popup
Time Written: 20090209152703.000000-480
Event Type: information
User:
Computer Name: CHRISAMD
Event Code: 6005
Message: The Event log service was started.
Record Number: 4
Source Name: EventLog
Time Written: 20090209152643.000000-480
Event Type: information
User:
Computer Name: CHRISAMD
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.
Record Number: 3
Source Name: EventLog
Time Written: 20090209152643.000000-480
Event Type: information
User:
Computer Name: CHRISAMD
Event Code: 6005
Message: The Event log service was started.
Record Number: 2
Source Name: EventLog
Time Written: 20090209152420.000000-480
Event Type: information
User:
Computer Name: CHRISAMD
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20090209152420.000000-480
Event Type: information
User:
Application event log
Computer Name: CHRISAMD
Event Code: 0
Message:
Record Number: 5
Source Name: NMIndexingService
Time Written: 20090209113133.000000-480
Event Type: information
User:
Computer Name: CHRISAMD
Event Code: 0
Message:
Record Number: 4
Source Name: matlabserver
Time Written: 20090209112809.000000-480
Event Type: information
User:
Computer Name: CHRISAMD
Event Code: 105
Message: The service was started.
Record Number: 3
Source Name: PLFlash DeviceIoControl Service
Time Written: 20090209112646.000000-480
Event Type: information
User:
Computer Name: CHRISAMD
Event Code: 1
Message:
Record Number: 2
Source Name: Bonjour Service
Time Written: 20090209112641.000000-480
Event Type: information
User:
Computer Name: CHRISAMD
Event Code: 105
Message: The service was started.
Record Number: 1
Source Name: ATI Smart
Time Written: 20090209112638.000000-480
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ATI\support\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\CCC\Core-Static;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\SecureCRT\;C:\MATLAB701\bin\win32;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"DEVMGR_SHOW_DETAILS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Hi,
Uninstall these vulnerable Java versions:
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Also, SoulSeek Client must be uninstalled. After that delete c:\Program Files\Soulseek -folder.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
chris125
2009-02-14, 21:40
Hi,
I can't run combo fix. Whenever I click on it, nothing happens. It's the same things as when I try to run spybot. I am also having trouble installing Windows Recovery. I can't do it manually from the disk, and whenever I try to run the update from the Windows website I BSOD.
chris125
2009-02-14, 21:48
here's a fresh HJT log in any case
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:42 AM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Chris\reader_s.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
C:\PROGRAM FILES\SNAPSTREAM MEDIA\BEYOND TV\BTVLIBRARYSERVICE.EXE
C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\SNAPSTREAM MEDIA\BEYOND TV\BTVNETWORKSERVICE.EXE
C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Documents and Settings\Chris\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Chris\rsd.exe \s
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\yayyWmLF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Chris\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMP38.tmp
O4 - HKLM\..\Run: [0c0694d4] rundll32.exe "C:\WINDOWS\system32\hbtpduyv.dll",b
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Chris\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Chris\reader_s.exe
O4 - HKUS\S-1-5-18\..\Run: [bnaoblfb.exe] C:\WINDOWS\bnaoblfb.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [lfzgwkep.exe] C:\WINDOWS\lfzgwkep.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dbxkaknz.exe] C:\WINDOWS\dbxkaknz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bopfciju.exe] C:\WINDOWS\bopfciju.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [vxslijtq.exe] C:\WINDOWS\vxslijtq.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Chris\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [bnaoblfb.exe] C:\WINDOWS\bnaoblfb.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137127858093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O20 - AppInit_DLLs: polybf.dll nccmat.dll xhdyph.dll
O20 - Winlogon Notify: yayyWmLF - C:\WINDOWS\SYSTEM32\yayyWmLF.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
--
End of file - 11485 bytes
Hi,
Rename ComboFix.exe -> CombFxx.exe and try running again.
chris125
2009-02-15, 22:44
Yea that worked right away, thanks!
Here are the new logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40, on 2009-02-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\CF6162.exe
C:\Documents and Settings\Chris\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137127858093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
--
End of file - 9070 bytes
and the combofix log
ComboFix 09-02-12.03 - Chris 2009-02-15 11:51:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1479 [GMT -8:00]
Running from: c:\documents and settings\Chris\Desktop\CombFxx.exe
AV: Trend Micro PC-cillin Internet Security 2006 *On-access scanning enabled* (Outdated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Chris\LOCALS~1\Temp\mousehook.dll
c:\docume~1\Chris\LOCALS~1\Temp\ntdll64.dll
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090107233729585.log
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Chris\My Documents\My Documents.url
c:\documents and settings\Chris\My Documents\My Music\My Music.url
c:\documents and settings\Chris\My Documents\My Pictures\My Pictures.url
c:\documents and settings\Chris\My Documents\My Videos\My Video.url
c:\documents and settings\Chris\reader_s.exe
c:\windows\services.exe
c:\windows\system32\_awtUkIAQ.dll
c:\windows\system32\_fcccywtS.dll
c:\windows\system32\_hsfd83jfdg.dll
c:\windows\system32\_nccmat.dll
c:\windows\system32\_polybf.dll
c:\windows\system32\_urqNHBsq.dll
c:\windows\system32\_xhdyph.dll
c:\windows\system32\5.tmp
c:\windows\system32\6.tmp
c:\windows\system32\7.tmp
c:\windows\system32\9.tmp
c:\windows\system32\actcontroller.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\C.tmp
c:\windows\system32\c++.exe
c:\windows\system32\ctlapotj.dll
c:\windows\system32\D.tmp
c:\windows\system32\dejivibi(2).dll
c:\windows\system32\drivers\ati8ubxx.sys
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\drivers\protect.sys
c:\windows\system32\drivers\UACwsldtnbp.sys
c:\windows\system32\E.tmp
c:\windows\system32\efcDvTLd.dll
c:\windows\system32\F.tmp
c:\windows\system32\hbtpduyv.dll
c:\windows\system32\idaw64.exe
c:\windows\system32\inf\rundll33.exe
c:\windows\system32\inf\xccdfb16_090131.dll
c:\windows\system32\inf\xccefb090131.scr
c:\windows\system32\kibvpcif.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\mdm.exe
c:\windows\system32\ndetect.exe
c:\windows\system32\ognvrqsl.dll
c:\windows\system32\QAIkUtwa.ini
c:\windows\system32\QAIkUtwa.ini2
c:\windows\system32\qsBHNqru.ini
c:\windows\system32\qsBHNqru.ini2
c:\windows\system32\reader_s.exe
c:\windows\system32\ssprs.dll
c:\windows\system32\Stwycccf.ini
c:\windows\system32\Stwycccf.ini2
c:\windows\system32\test.ttt
c:\windows\system32\UACbfpuoerx.dll
c:\windows\system32\UACexteywpr.log
c:\windows\system32\UACfjtibldv.dll
c:\windows\system32\UACgbqhdyyu.log
c:\windows\system32\UAChqjcpjre.dll
c:\windows\system32\UACmakdqwbw.log
c:\windows\system32\UACpxtimivk.dat
c:\windows\system32\UACtnnwlqip.dll
c:\windows\system32\uniq.tll
c:\windows\system32\vtUomJYq.dll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\yayyWmLF.dll
c:\windows\Tasks\sltzinrn.job
c:\windows\xccdf16_090131a.dll
c:\windows\xccdf32_090131a.dll
c:\windows\xccwinsys.ini
----- BITS: Possible infected sites -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_PROTECT
-------\Service_Passthru
-------\Service_protect
-------\Service_restore
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.
2009-02-15 11:05 . 2009-02-15 11:05 <DIR> d-------- C:\32788R22FWJFW
2009-02-14 10:51 . 2009-02-14 10:51 0 --a------ c:\windows\system32\3F.tmp
2009-02-14 10:51 . 2009-02-14 10:51 0 --a------ c:\windows\system32\3E.tmp
2009-02-14 10:50 . 2009-02-14 10:50 132 --a------ c:\windows\system32\3C.tmp
2009-02-14 10:50 . 2009-02-14 10:50 0 --a------ c:\windows\system32\3D.tmp
2009-02-14 10:45 . 2009-02-14 10:45 162,916 --a------ c:\windows\system32\19.tmp
2009-02-14 10:45 . 2009-02-14 10:45 132 --a------ c:\windows\system32\18.tmp
2009-02-14 10:34 . 2009-02-14 10:34 182,656 --a--c--- c:\windows\system32\dllcache\ndis.sys
2009-02-14 10:31 . 2009-02-14 10:34 162,916 --a------ c:\windows\system32\17.tmp
2009-02-14 10:31 . 2009-02-14 10:31 132 --a------ c:\windows\system32\16.tmp
2009-02-14 02:10 . 2009-02-14 02:10 <DIR> d-------- C:\rsit
2009-02-11 22:31 . 2009-02-11 22:31 1,600,140 --ahs---- c:\windows\system32\vyudptbh.ini
2009-02-11 22:30 . 2009-02-11 22:30 162,756 --a------ c:\windows\system32\31.tmp
2009-02-11 22:30 . 2009-02-11 22:30 31,744 --ah----- c:\documents and settings\Chris\rsd.exe
2009-02-11 22:30 . 2009-02-11 22:30 24,577 --a------ c:\windows\system32\32.tmp
2009-02-11 22:30 . 2009-02-11 22:30 128 --a------ c:\windows\system32\30.tmp
2009-02-11 22:28 . 2009-02-11 22:28 31,744 --ah----- c:\documents and settings\Chris\inqk.exe
2009-02-11 22:27 . 2009-02-11 22:27 162,756 --a------ c:\windows\system32\14.tmp
2009-02-11 22:27 . 2009-02-11 22:27 24,577 --a------ c:\windows\system32\15.tmp
2009-02-11 22:27 . 2009-02-11 22:27 128 --a------ c:\windows\system32\13.tmp
2009-02-09 22:53 . 2009-02-09 22:53 67,585 --a------ c:\windows\system32\39.tmp
2009-02-09 22:53 . 2009-02-09 22:53 0 --a------ c:\windows\system32\3A.tmp
2009-02-09 22:50 . 2009-02-09 22:53 162,756 --a------ c:\windows\system32\37.tmp
2009-02-09 22:50 . 2009-02-09 22:50 29,184 --a------ c:\windows\system32\36.tmp
2009-02-09 22:50 . 2009-02-09 22:50 172 --a------ c:\windows\system32\35.tmp
2009-02-09 20:27 . 2009-02-11 22:27 1,600,140 --ahs---- c:\windows\system32\jvosdqqy.ini
2009-02-09 20:25 . 2009-02-09 20:25 162,980 --a------ c:\windows\system32\24.tmp
2009-02-09 20:25 . 2009-02-09 20:25 67,585 --a------ c:\windows\system32\26.tmp
2009-02-09 20:25 . 2009-02-09 20:25 29,184 --a------ c:\windows\system32\23.tmp
2009-02-09 20:25 . 2009-02-09 20:25 0 --a------ c:\windows\system32\27.tmp
2009-02-09 20:24 . 2009-02-09 20:25 172 --a------ c:\windows\system32\22.tmp
2009-02-09 20:10 . 2009-02-09 20:10 67,585 --a------ c:\windows\system32\1F.tmp
2009-02-09 20:10 . 2009-02-09 20:10 0 --a------ c:\windows\system32\20.tmp
2009-02-09 20:08 . 2009-02-09 20:10 162,980 --a------ c:\windows\system32\12.tmp
2009-02-09 20:08 . 2009-02-09 20:08 29,184 --a------ c:\windows\system32\11.tmp
2009-02-09 20:07 . 2009-02-09 20:08 172 --a------ c:\windows\system32\10.tmp
2009-02-09 20:05 . 2009-02-09 20:05 67,585 --a------ c:\windows\system32\1B.tmp
2009-02-09 20:05 . 2009-02-09 20:05 0 --a------ c:\windows\system32\1C.tmp
2009-02-09 20:02 . 2009-02-09 20:02 172 --a------ c:\windows\system32\2.tmp
2009-02-09 15:30 . 2009-02-09 15:30 67,585 --a------ c:\windows\system32\38.tmp
2009-02-09 15:30 . 2009-02-09 15:30 64,512 --a------ c:\windows\system32\undname.exe
2009-02-09 15:30 . 2009-02-09 15:30 0 --a------ c:\windows\system32\3B.tmp
2009-02-09 15:27 . 2009-02-09 15:27 172 --a------ c:\windows\system32\B.tmp
2009-02-09 12:06 . 2009-02-09 12:06 172 --a------ c:\windows\system32\8.tmp
2009-02-09 12:06 . 2009-02-09 12:06 0 --a------ c:\windows\system32\A.tmp
2009-02-09 11:39 . 2009-02-09 11:39 164,708 --a------ c:\windows\system32\4A.tmp
2009-02-09 11:39 . 2009-02-09 11:39 67,585 --a------ c:\windows\system32\4C.tmp
2009-02-09 11:39 . 2009-02-09 11:39 32,256 --ah----- c:\documents and settings\Chris\odrntno.exe
2009-02-09 11:39 . 2009-02-09 11:39 29,184 --a------ c:\windows\system32\49.tmp
2009-02-09 11:39 . 2009-02-09 11:39 172 --a------ c:\windows\system32\48.tmp
2009-02-09 11:36 . 2009-02-14 10:34 137,568 --a------ c:\windows\system32\drivers\ethsgahb.sys
2009-02-09 11:36 . 2009-02-11 22:30 67,072 ---h----- c:\windows\system32\secupdat.dat
2009-02-09 11:36 . 2009-02-11 22:30 53,248 --a------ c:\windows\system32\drivers\ndisio.sys
2009-02-09 11:36 . 2009-02-09 11:36 32,256 --ah----- c:\documents and settings\Chris\fybfxsh.exe
2009-02-09 11:35 . 2009-02-09 11:35 1,589,544 --ahs---- c:\windows\system32\wxxtuabf.ini
2009-02-09 11:35 . 2009-02-09 11:35 67,585 --a------ c:\windows\system32\2D.tmp
2009-02-09 11:35 . 2009-02-09 11:35 64,000 --a------ c:\windows\system32\7z.exe
2009-02-09 11:28 . 2009-02-09 11:28 172 --a------ c:\windows\system32\4.tmp
2009-02-09 00:25 . 2009-02-09 00:25 27,209 ---h----- c:\documents and settings\Chris\.exe
2009-02-09 00:25 . 2009-02-14 01:58 5,186 --a------ c:\windows\system32\uacinit.dll
2009-02-09 00:25 . 2009-02-09 00:25 208 --a------ c:\windows\system32\3.tmp
2009-02-09 00:22 . 2009-02-15 11:54 <DIR> d-------- c:\windows\system32\inf
2009-02-09 00:22 . 2009-02-09 00:22 130,619 --a------ c:\windows\system\xccef090131.exe
2009-02-09 00:22 . 2009-02-09 00:22 108,336 --a------ c:\windows\mswinsck.ocx
2009-02-09 00:22 . 2009-02-09 00:22 64,000 --a------ C:\jortnq.exe
2009-02-09 00:22 . 2009-02-09 00:22 39,936 --a------ C:\oxrdoksm.exe
2009-02-09 00:22 . 2009-02-09 00:22 2 --a------ C:\201757819
2009-01-28 22:36 . 2009-01-28 22:36 <DIR> d-------- C:\gnuplot
2009-01-24 15:17 . 2009-01-24 15:17 244 --ah----- C:\sqmnoopt12.sqm
2009-01-24 15:17 . 2009-01-24 15:17 232 --ah----- C:\sqmdata12.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 18:48 --------- d-----w c:\program files\Java
2009-02-14 18:34 182,656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-02-14 10:07 --------- d-----w c:\documents and settings\Chris\Application Data\BitTorrent
2009-01-14 20:58 --------- d-----w c:\program files\MixMeister Fusion + Video
2009-01-11 05:32 --------- d-----w c:\documents and settings\Chris\Application Data\MixMeister Technology
2008-12-31 01:37 --------- d-----w c:\documents and settings\All Users\Application Data\Minnetonka Audio Software
2008-12-28 23:25 --------- d-----w c:\documents and settings\Chris\Application Data\Apple Computer
2008-12-17 06:40 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-17 06:27 --------- d-----w c:\program files\Common Files\Adobe
2008-12-17 06:24 --------- d-----w c:\program files\Adobe Media Player
2008-12-17 06:21 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-17 06:13 --------- d-----w c:\program files\Common Files\Macrovision Shared
2004-09-10 21:40 92,160 ----a-w c:\program files\DECCHECK.exe
2004-09-10 21:40 5,970 ----a-w c:\program files\eula.txt
2008-10-06 16:57 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-10-06 16:57 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-10-06 16:57 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-10-06 16:57 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-10-06 16:57 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
2004-08-04 04:00 31232 67569ebfaf170f559143d4434e2056ee c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 16:12 31744 e7062f33567f821d9e7ef6ff75e12694 c:\windows\ServicePackFiles\i386\svchost.exe
2009-01-22 22:56 31232 eb015b8f368f08ea457000a19175bee4 c:\windows\system32\svchost.exe
2009-01-22 22:56 31232 c7a2f067e4455df518241a532a56c16d c:\windows\system32\dllcache\svchost.exe
2004-08-04 04:00 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2009-02-14 10:34 212608 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2009-02-14 10:34 212608 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
2008-04-13 16:12 1050624 a70fd46df39fc22b3db23e55b4fb520c c:\windows\explorer.exe
2007-06-13 03:26 1050112 62088503ce726540fd2b65eef9261b23 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 02:23 1050112 575ab078a76fc433e6b1f79269b09190 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-04 04:00 1049088 c6affd4a895a674719ddd3fb2bc40da7 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-13 16:12 1050624 8c08a5235fc41026da77fa8bc60d2907 c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-04 04:00 32256 b9d5ef452ce5b5ca09fdaa782c2ad5bc c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 16:12 32256 11cde4a9c00d81d9390caeafe0193f89 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 16:12 32256 ba567d2aad8ed2aae7183702d96650b6 c:\windows\system32\ctfmon.exe
2005-06-10 16:17 74752 bb33ba137547b468c1f6e253b8cff829 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 15:53 74752 346c592ebdb24f1dfe45987c110b20f3 c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 04:00 74752 aead5cc82bacdd5af8838dcdaea7811c c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 16:12 74752 53b1c475dbb1dfd3157355607cfd42e6 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 16:12 74752 05c5ed1c4f67a4df9fbac916bea9f26c c:\windows\system32\spoolsv.exe
2004-08-04 04:00 41472 712f66b287319fb3d0f9dc76cc5a793c c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 16:12 43008 7da09362dc61d725ed47002994d9a291 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 16:12 43008 9834e0cdeb23ae248fd546c8ac4782e7 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 32256]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 221696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 437008]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 2006\pccguide.exe" [2005-09-28 917566]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 151552]
"Firefly"="c:\program files\SnapStream Media\Firefly\Firefly.exe" [2006-06-05 200704]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-01-12 516096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 434176]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 46592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=polybf.dll nccmat.dll xhdyph.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNotifierService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\SetupWizard.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\drivers\amdacpi.sys [2006-01-13 13824]
R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [2006-01-13 21120]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
R2 RTWTKRNL;Real-Time Windows Target;c:\windows\system32\drivers\RTWTKRNL.sys [2008-02-11 27200]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-09-26 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-09-28 360517]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-09-12 651325]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-09-26 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-09-12 307268]
S1 ethsgahb;ethsgahb;c:\windows\system32\drivers\ethsgahb.sys [2009-02-09 137568]
S3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [2006-01-12 70528]
S3 MPCSYS;MPCSYS; [x]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2006-01-12 278016]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{V2FR455T-5K8M-BRW1-NFF4-I3DY73S22YA5}]
"c:\program files\Internet Explorer\iexplore.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\yayyWmLF.dll
HKCU-Run-reader_s - c:\documents and settings\Chris\reader_s.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
HKLM-Run-reader_s - c:\windows\System32\reader_s.exe
HKU-Default-Run-bnaoblfb.exe - c:\windows\bnaoblfb.exe
HKU-Default-Run-lfzgwkep.exe - c:\windows\lfzgwkep.exe
HKU-Default-Run-dbxkaknz.exe - c:\windows\dbxkaknz.exe
HKU-Default-Run-bopfciju.exe - c:\windows\bopfciju.exe
HKU-Default-Run-vxslijtq.exe - c:\windows\vxslijtq.exe
HKU-Default-Run-reader_s - c:\documents and settings\Chris\reader_s.exe
SharedTaskScheduler-{C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\yayyWmLF.dll
SafeBoot-inxtcivv.sys
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uStart Page = hxxp://www.google.com/ig
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\z2fqqhdr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 12:23:09
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:83,70,db,6f,f3,01,18,bc,8a,2c,26,51,2d,77,68,01,45,df,69,a2,32,
04,4f,4d,2e,7b,c9,65,6b,2f,a9,6c,42,48,23,e3,82,6e,4e,c2,89,10,ea,8f,ec,03,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:83,70,db,6f,f3,01,18,bc,8a,2c,26,51,2d,77,68,01,45,df,69,a2,32,
04,4f,4d,2e,7b,c9,65,6b,2f,a9,6c,42,48,23,e3,82,6e,4e,c2,89,10,ea,8f,ec,03,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\matlab701\webserver\bin\win32\matlabserver.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\matlab701\bin\win32\MATLAB.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-15 12:27:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 20:27:46
Pre-Run: 25,365,647,360 bytes free
Post-Run: 30,610,296,832 bytes free
Current=1 Default=1 Failed=2 LastKnownGood=3 Sets=1,2,3,4
361 --- E O F --- 2009-01-14 11:02:59
Hi,
Is your TrendMicro PC-cillin license subscription still valid?
Start hjt, do a system scan, check (if found):
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
Close browsers and fix checked.
Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader!
Open notepad and copy/paste the text in the quotebox below into it:
Driver::
ethsgahb
File::
c:\windows\system32\3F.tmp
c:\windows\system32\3E.tmp
c:\windows\system32\3C.tmp
c:\windows\system32\3D.tmp
c:\windows\system32\19.tmp
c:\windows\system32\18.tmp
c:\windows\system32\17.tmp
c:\windows\system32\16.tmp
c:\windows\system32\vyudptbh.ini
c:\windows\system32\31.tmp
c:\documents and settings\Chris\rsd.exe
c:\windows\system32\32.tmp
c:\windows\system32\30.tmp
c:\documents and settings\Chris\inqk.exe
c:\windows\system32\14.tmp
c:\windows\system32\15.tmp
c:\windows\system32\13.tmp
c:\windows\system32\39.tmp
c:\windows\system32\3A.tmp
c:\windows\system32\37.tmp
c:\windows\system32\36.tmp
c:\windows\system32\35.tmp
c:\windows\system32\jvosdqqy.ini
c:\windows\system32\24.tmp
c:\windows\system32\26.tmp
c:\windows\system32\23.tmp
c:\windows\system32\27.tmp
c:\windows\system32\22.tmp
c:\windows\system32\1F.tmp
c:\windows\system32\20.tmp
c:\windows\system32\12.tmp
c:\windows\system32\11.tmp
c:\windows\system32\10.tmp
c:\windows\system32\1B.tmp
c:\windows\system32\1C.tmp
c:\windows\system32\2.tmp
c:\windows\system32\38.tmp
c:\windows\system32\undname.exe
c:\windows\system32\3B.tmp
c:\windows\system32\B.tmp
c:\windows\system32\8.tmp
c:\windows\system32\A.tmp
c:\windows\system32\4A.tmp
c:\windows\system32\4C.tmp
c:\documents and settings\Chris\odrntno.exe
c:\windows\system32\49.tmp
c:\windows\system32\48.tmp
c:\windows\system32\drivers\ethsgahb.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\drivers\ndisio.sys
c:\documents and settings\Chris\fybfxsh.exe
c:\windows\system32\wxxtuabf.ini
c:\windows\system32\2D.tmp
c:\windows\system32\7z.exe
c:\windows\system32\4.tmp
c:\documents and settings\Chris\.exe
c:\windows\system32\uacinit.dll
c:\windows\system32\3.tmp
c:\windows\system\xccef090131.exe
c:\windows\mswinsck.ocx
C:\jortnq.exe
C:\oxrdoksm.exe
C:\201757819
Folder::
c:\documents and settings\Chris\Application Data\BitTorrent
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif). If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.
Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.
chris125
2009-02-16, 21:19
I'm aware that my Trend Micro protection has run out, and I'm going to install a new antivirus, or update my subscription after I clean out this machine.
I couldn't run the online scan because I can't access my network at the moment. I was able to do everything else though.
chris125
2009-02-16, 21:22
ComboFix 09-02-12.03 - Chris 2009-02-16 10:32:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1340 [GMT -8:00]
Running from: c:\documents and settings\Chris\Desktop\CombFxx.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFscript.txt
AV: Trend Micro PC-cillin Internet Security 2006 *On-access scanning disabled* (Outdated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\201757819
c:\documents and settings\Chris\.exe
c:\documents and settings\Chris\fybfxsh.exe
c:\documents and settings\Chris\inqk.exe
c:\documents and settings\Chris\odrntno.exe
c:\documents and settings\Chris\rsd.exe
C:\jortnq.exe
C:\oxrdoksm.exe
c:\windows\mswinsck.ocx
c:\windows\system\xccef090131.exe
c:\windows\system32\10.tmp
c:\windows\system32\11.tmp
c:\windows\system32\12.tmp
c:\windows\system32\13.tmp
c:\windows\system32\14.tmp
c:\windows\system32\15.tmp
c:\windows\system32\16.tmp
c:\windows\system32\17.tmp
c:\windows\system32\18.tmp
c:\windows\system32\19.tmp
c:\windows\system32\1B.tmp
c:\windows\system32\1C.tmp
c:\windows\system32\1F.tmp
c:\windows\system32\2.tmp
c:\windows\system32\20.tmp
c:\windows\system32\22.tmp
c:\windows\system32\23.tmp
c:\windows\system32\24.tmp
c:\windows\system32\26.tmp
c:\windows\system32\27.tmp
c:\windows\system32\2D.tmp
c:\windows\system32\3.tmp
c:\windows\system32\30.tmp
c:\windows\system32\31.tmp
c:\windows\system32\32.tmp
c:\windows\system32\35.tmp
c:\windows\system32\36.tmp
c:\windows\system32\37.tmp
c:\windows\system32\38.tmp
c:\windows\system32\39.tmp
c:\windows\system32\3A.tmp
c:\windows\system32\3B.tmp
c:\windows\system32\3C.tmp
c:\windows\system32\3D.tmp
c:\windows\system32\3E.tmp
c:\windows\system32\3F.tmp
c:\windows\system32\4.tmp
c:\windows\system32\48.tmp
c:\windows\system32\49.tmp
c:\windows\system32\4A.tmp
c:\windows\system32\4C.tmp
c:\windows\system32\7z.exe
c:\windows\system32\8.tmp
c:\windows\system32\A.tmp
c:\windows\system32\B.tmp
c:\windows\system32\drivers\ethsgahb.sys
c:\windows\system32\drivers\ndisio.sys
c:\windows\system32\jvosdqqy.ini
c:\windows\system32\secupdat.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\undname.exe
c:\windows\system32\vyudptbh.ini
c:\windows\system32\wxxtuabf.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\201757819
c:\documents and settings\Chris\.exe
c:\documents and settings\Chris\Application Data\BitTorrent
c:\documents and settings\Chris\Application Data\BitTorrent\24.Redemption.1408kbps.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\24.S07E03.640kbps.10AM.11AM.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\24.S07E04.640kbps.11AM.12PM.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\30.Rock.S02E03.[iPodTVNova.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\30.Rock.S02E04.[iPodTVNova.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\30.Rock.S03E01.PreAir.640kbps.Do.Over.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\30.Rock.S03E02.1408kbps.Believe.In.The.Stars.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\30.Rock.S03E03.1408kbps.The.One.With.The.Cast.Of.Night.Court.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\30.Rock.S03E04.640kbps.Gavin.Volure.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\30.Rock.S03E05.640kbps.Reunion.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\30.Rock.S03E07.1024kbps.Senor.Macho.Solo.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\30.Rock.S03E08.1024kbps.Flu.Shot.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\30.Rock.S03E09.1024kbps.Retreat.To.Move.Forward.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\8.Mile.WS.DvDRip.2003.HQ.Optimized.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\808s & Heartbreak.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Acoustic EP.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Adobe Photoshop CS4 Cracked Amblib File.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Adobe Photoshop CS4 Extended.1.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Adobe Photoshop CS4 Extended.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Adobe Premiere Pro CS4 ISO.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Air France - No Way Down EP.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Air France - On Trade Winds.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Air Traffic - Fractured Life.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\American.Teen.DVDRip.768kbps.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Antony & The Johnsons - The crying light [mp3-320-2009].torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Audacity.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Beautiful Minds - A Voyage Into The Brain.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Beijing.Olympics.2008.Day.Eleven.Gymnastics.Highlights.19.08.08.WS.PDTV.XviD-COUNCiL.avi.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Beijing.Olympics.2008.Day.Nine.Highlights.17.08.08.WS.PDTV.XviD-COUNCiL.avi.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Beijing.Olympics.2008.Day.Ten.Gymnastics.Highlights.18.08.08.WS.PDTV.XviD-COUNCiL.avi.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\Chris\Application Data\BitTorrent\bittorrent.log
c:\documents and settings\Chris\Application Data\BitTorrent\bittorrent.log.1
c:\documents and settings\Chris\Application Data\BitTorrent\Black Kids - Partie Traumatic (with covers) a DHZ.Inc Release.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Body.Of.Lies.2008.DVDSCR.1023Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Bootleg.Sessions.2008.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\breakcore_dvd_vol.2.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\BRICKS DANCE CHRISTMAS COLLECTION.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Build Your Own PC Recording Studio.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Buraka Som Sistema - Black Diamond (2008).torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Burn.After.Reading.2008.R5.908Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Burn.After.Reading.2008.Telesync.1024Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Cadillac.Records.DVDScr.XviD-NoSCR.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Cd.Hot.Party.Winter.2009.2CD.2008.DeLuXe.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Chaka Demus and Pliers - Tease Me (Osium Release).torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Charlie.Bartlett.2007.WORKPRINT.TV.Optimized.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\charlie_bartlett_XviD_DvDrip.avi.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Choke.2008.DVDSCR.908Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Cirque.Du.Soleil.Quidam.DVDRip.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Clipse Presents Re-Up Gang.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Cloverfield.2008.BLURAY.Rip.WS.HQ.Optimized.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Coldest Winter.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Constantines.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Control.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Crystal Castles - Crystal Castles.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Crystal Castles + HEARTSREVOLUTION Split.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Curb.Your.Enthusiasm.S06E08.The.N.Word.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Cycle Maintenance by Richard Hallet ( fixed as requested ).torrent
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\009a76a93da3a3291f09c1688286d5889206262b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\013d176d2bb1ace589259e212bbe57c26b99475d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0143bdc84a929c84f7dda2e44593dc116645e297
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\015f67c2002b2fe69536e9681cce847ef20cafaa
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\01ccb453033832fe77cd6b728029df4a379b9eed
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\020cf86683905280bd854d70240ddb5d50353de0
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\02342a41b4928b70e85396e88dc113efb276165d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\02742fc73863f88d5c3719f5f1777af05058dc5d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\02bd7b68232fdcf34490a3ab986cd69146ac6139
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\03069cd2fd2018491ffd8d444c063b4cceb3314a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0347267b030694c9b6bd54441509fb5a36c6d1fc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\045c46ea175fc84db4f5fcc3c556afefb6c33d07
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\04b3152c4faee5133150b3b98c2351c139f5382e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\04d264d098f60851809cc6d5f765c8c1c2b09674
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\050674323949bca555804ee2f66ad482eba24bb6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\05271bb3a8d61e7f1d028f0dc18d979a50f11895
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0529333f835718db0f9bfac2fd211581b48aa4ad
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0544746560d4e29f4237c3f7748bac47ca269aa2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\054c5fb2e036edc5b6e1f54685968ffb53f46e19
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0592b9b0eb49ac91cb0854385d90d30cb67f5147
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\05c8cc93747ed02b3f163296595764c3fffeed99
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\05dc3233d990e1ad5d4f0e0585d9b768e4bb3c08
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\061201f5dc049230bd15c617adf6fbe39bdd9569
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\066097725b2a5dfe85bb48ccd2af41e757655eb8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\06c5679789779d75004f2c77cf4aa33aa71d129c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\07460908e60ca3bb937bbdac2232c239ba85e84e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\07c975f9aa87265d314352ff2495288064e92a5b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\07f0217efa9931d83383c961b2532cb51e5b6b37
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\082c6f1e6eb62e58c5c0f55cbe47b0c275772e5d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0898638edc794dbd0750a67893b3bf3648510b50
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\08cc5a36135a96a5c443e1cf3161f7941242e0c8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\09d535178799d4657e0c64b54ee423488a69d462
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\09deed60797cfb2788fc19049438d2babe396f4e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0a33796625c1f3ead8cbd9a87bed89bccd4668a7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0ae36717120568558e9febb809208c75fa73902e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0af4e9d450f1110cf7c9b51a9d70bc84286442c2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0b392ad960cbd9643ce94be4c87c42a77dd267dc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0c32f1b9095507c020532e497ede7b4ae0033ad8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0c6f8e1d220abe88abef8a6013dfc55375e91e59
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0c76ce7f1a535cbd3a5df6c8eff9c53c9bd9f880
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0d74836c5c046c92f266d8aaa66c4cf490e4e789
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0dcdc44d322464589f67e1fb86b6634e00c54b6e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0e40c8e43b29941608d362f7bc7953088c888c43
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0eab6272301d5488c761fa3ef8dc340f426371d8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0eb291d0f0917cb3541e9c409f8978751627b1cb
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0ecde65bfacec9aa01da89bc125b4484457d7db0
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0f1c33ceee2b4d08aae2fa51f801f1dc1c1a9634
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0fbce58d5601f77a38e193fad918a6795bf6df6c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\0ff375986cd28a0d7fb6626966f1ff69429c56bd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\100793f2a35d68cf04e8caa6d717d453baf0a92f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\105757173460b589237bfc64d80b3a974aafe14a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1079231d2cc446601349cad635f87b9ef3b07399
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\109e26dd4ae7bdaf483e3dee920c11501f02ab70
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\10cb289f4b778a9ecadbffe74e0a46abd1dd3406
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\11156f0e6a4803546a43d273bffa29d40a8d41cd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\11b62cd88ff83c2fd14c638e9afd1504cc450967
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1215586013874a676f9a465dd698d943e569fecd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1264e55cfd68bfee7f4ad14690732e1183298555
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\134ec55582611cc55805fd1c86491daceeb654a8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\13d8067b32908ed58e4f02b0b6a48d1fd4dcb8ef
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\145f7cec9e0899b12ebc18637a03458e07f19159
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\14844719520a02dc5c37516abff9da8629e7a28a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\14c11487be81825ce2ea5f4d0f2085a59897ebb0
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\153b8cc4485847e0751012bad067ac0d86860389
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\15c88ad2eecf97bb98a6c87a6cd7a5dffa10f004
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\15cefafd597eae7040eb1f803cb43388507bc7da
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\17053ed9c7e566a18f3c2e1de434d9b5019f7ae9
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\176d93f36bda42af83268f12bbaae7fc85eb8059
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\18446c3de1938c9278d9758198e1fe2a2cf44745
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1ab83c10fcb1a83756ece70fe20ab641d614d29b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1b07400449b3e3cfd3bc3ea7c3fe380bd1aa2227
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1b169269944103e0badc2f0eaa7c788dcd39d72c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1b1f448a45f7be1451f17819f221d4425c251982
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1b30419fd0d4c7f6dd27a66fdf24f3324c85f641
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1c1d8296668925e7d01e04616da16b8fbc0ce766
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1c1f9c7d57b5ccd30d10b1ac1005d7e2232118e6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1c346621adaf2907089f1a4e4d976f9834d7ff5c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1c7c61f12aeb99536c8c89b3301e2cd6119d11a6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1d1d31d06e5531910d8e4267e93cc1e7e0654495
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1d24e3504e804a22ec101638cdccdd7f33fa4559
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1d2ebfbb75cbfdf8a5090ad6a0f821a56f646385
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1d3f8a32f74e24951f83aa57a06d5d93bc7c530e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1db89c4857d3a46b8f00de953c974e0785b6a998
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1dd90ab51ad363f3c38a954a6e56ab691036ed94
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1e4cb5ad541d25cd12f5a2c35fabf87bce94f13d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1f4fe0780406699133acde1914c48b691ee15bad
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\1fd8ffe6582b2890b30b6b348f5ab06592498b17
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\20cf1deac46bb9fea445ced9a859bf936a44b37f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\20de7cc9c9ba0390c9c0ea130c43467688cc0ba5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2155ac9b9dfb1aeb0f29e00ca5516d4bf79489a1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2221e2f23d4c044fd9331d8ee89a71fe4431d5d8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\222280abc493535f5d08fe2c3924e4a921e3440e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\22aa03cfbabe408e08d19aaef1bb5cf26f7d2bec
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\235c9eaf05e2b050e0c6bb7fecf903af02e6cb08
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\243fb6d4ce735ebd4b2f601e92dcb4bd398d9a0a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\244b59c59659f9ce476f2be8d7872051e2d0d37e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\24536eb3224ac88e59e2f3aafdde8b1f4aa832fc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\24595ea6385d6f305609ba17167fdc03188637b7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\247fdcbf812c09608ac7f4f9f5eeae3e8d6909c3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2580e44f8d4af1b32dee1b5a485ee3ed0a23c440
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\25a61fc14ae0175fb98656e52032d92a386703b2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2605831a8de8189fb38c1a9a01eeef6f9c279752
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\26372c5a6793c41f0edb1ad0b6f38f3e19c016f8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\26566913f289c71b48a2366895afe202ecae0741
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2659b8a86ba3f1747409ac4e554f7b7e2c8b71c6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\26be020f004fe624c684dbf681d24015ab2ad2cd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\26ebaf855bbdbe209f94567a440f6475f91f9ddb
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\271b61dfa44ddf3eac98103e3beb99f85b3b8c5e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2732d86dadfbd687b65dca0871261a8ffd43aecf
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\28285a4487fb0d62a417990d83870a278b060c9d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\289be05e1a6dded911048566a1dd73eea061febe
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\28c67364890195f65655c1a60bd20d0ede6bd281
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\296e2f4d6e12009fee4a7bfaef2f94af764b0e0b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\29aa4ac4f3b1acd9f028d5c826c4cd2e4f23333d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\29d2fe7ff775a24c64f1efb489f81e7dd1742d10
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2a1a2813e744f8ee645c34e2ed29a828573f2b7f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2a2d4039e62a65798742aefdc18d5ed3bf3d5445
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2a4cfde04ad60f00109c0238f8fd3fee628afdf4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2a5a909a20efdb0ba0623a3a2aeeb8a4c16b6807
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2a6e4d57a8d48a5732a2d082f1dde0097dec39a7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2a93c0e8a0df419c251f2c7bdc89ed2e2be0e41a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2adcbc87fd7586199a15d263d44b0fb04add34fc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2bb85d1ca0f12017aa5ee12c2a3ee8702ed71d79
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2c2d0a2993f0508d999bfb280a8932fceba949c7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2c3b8557c9ee10aa4f12c352faac4cc7447510db
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2c8254546f836159a48e922c48ed140d6b16f672
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2cb1072c973c06820aa3796a072eca8408010010
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2cef9b64778e8590c147178d6e38d220f76eb34f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2cfae7066e75cf3ddc7823a2759217d7156474f3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2d5ca91ce3c9ed67aa5e3970de4958913c796740
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2d7fff2c85208dc761f30fc6ae8cf3a7a7214fdd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2d9b58a444566e5916035b1ac19ac77df1aa97b0
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2e5bd5dd3efd166174daac96e2b4709b9b76ad67
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2edd8b1e1cf4d4040d5df73b3b31aa56d7a32652
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\2f2580eec926d1d3f4dde7bc2f237e0f5ae22c32
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\30ca1e3fcc43124ed586c093be82548d91b870ff
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\31005844980b287ecf539927733d89ff42f81c45
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3123eb39e745f9d965fafef0632346604c1d8102
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\31486df22756ee3f41a86ec678a1c67f9af89e8a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\31cadc2b035d3ffaa1ddde564db738d1f3e969d3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\322c79e49ad2ff7d7051a28772780cd9f0459f24
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\324093a657406d6ecdc7f947fb15b3c1f82476e7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\328e879a7781e96fce2352aa891faaef91611e13
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\32968747bacf34cff82048e17f2976f501d7229d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\32b306a50adff06fe1f8a3a316109f990fda2d28
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\33127bcf30db2e947adf550aad20f87cfea0cb36
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\333ff05b97553e685d9063019f5a2893199d2eb2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\33d4fe55906120358aecb216c2c93e35752a49f7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3429b2ba8d1673d6a991934a1c6cd7854b21115b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\357800a504f11e028a98db83721bea112cfcdcac
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\35b65566fdec565b22be0cedc7857ca84398f137
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\36a7002dfa79097132cba563e0c03f2c921467eb
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\38209d25b3a86e377e4ebeb0d5a1f19f70d10204
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\387580936f8f7f6b063a5e22c73e930334d286f6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3a43687c474aee4fcf2ecfd26e1f2ec220609ddb
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3a6818725a9321683e7a1644594935b6e94eeb94
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3a7b1ea97e71020e0c760eb154914791c2d32529
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3c10a48b8e944cc17860ac71c7069f8a0ffa7b32
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3c9ad14597ce07a518b2b649e06909428e3a39ee
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3d1d3853ac4805c972dc11a00df75f29243cc3d4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3ddf289e7ddd4d422d009d1d36fe2d15cf56c0a6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3df4c275a7af003e9ab7e66907da177f9d0ec242
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3e2263fe8af2f16f10e89e39c7fed6cc73391045
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3e3ced57eb87a36a1f4e411f011e1b58d3918832
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3f7a8a3dd9c5dae19633497ed525aedf51b558e9
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3fb5fa6be1ad2e93879bd80f68255857505e4c3f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3fb94d7e7ca77bce013ff3a2984c5c0437b4dd71
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3fe75894f3cb642e0606344bf844f685290380e3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\3fe7857a8c3b3c72ca7ffd98653e659e556cef04
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4106352697034dae0e34992684aa1cf986ce9c65
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\410635c7065972552f7e8a0a64cb1064f0de465f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\421d6faf4eabaa9ccb5cba6015139d40f8e5e6d2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\422e9337023ce0baf3a85f0afb30bb7dafec56a5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\42bafbd6e26c86c200700239037ca21e45b442ad
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\42e6c5010109427d76d76f45b5b3e7d72d53b3d9
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\432891db7352100f7b06f633911e959ea0b78d5f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\43cbecf9e8a626b51aac005bcfb42cccdc983638
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\43e702b6a298d524def65622e3a51003e9977914
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4484e8d3bfbbc7a42015ef0a12a79efc2788e6f3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\44a3bdb73d17f5646074cd3931ef72fa3a51096d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\458b07aca7552818a327607a249be3a6bfc84e1b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\459ccc802885ab06fdb510a82f3065b18ade68d1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\46127ac3ce3bd70b99d00c743999668aaf8a6bb0
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\464ed3958fdc7788a17c572c2916268001798cc1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\46d1caccc311d6b3b7982fc46df464246d89f2bc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\46ee9fa831b61c81a3bc130629b627f0ecbb0d5e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\46fe443ed4990bf81575fd646ecb23eaba45b21e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\47503d7c857d8a3da543e0a4a7a666ab1d53d007
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4780b61c552d02caede29130075e405a171e53e6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\47e517e45722b7be955fdcbaad798d0f0a55b7ba
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\481b724db1d295664ef9e6cc6f2cff7330c176b4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\48bfc852eb5bda9918658d3aa62c3b2193fd0477
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\48c9e3e8751cd6a01f67f4ed17e2227a5ca1b5a8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4925605b388701526d6557c4e44dabec9b48d2b6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\49263abb6447beee50b40654d1bf01a0c060a3e1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\49315dc1fac7a692f6cd60154a98affa87adde8f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4946a29f000d02cb68089fa4ee57cd91cf41b14d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4988056ee8827c03026de442b3b8632b77de833f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4a1037f9a45e010d88d8117c04504433aecc9e55
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4a910e5f417ff665f677ae5f89a681f8c36739fd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4af15615477421529cd98c8b8bdec4ad69473bca
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4b766817741bed90c64703d6f17be4131793cf35
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4be42448c8f89cac6e258cafebb848f8888726f9
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4c43c838e5d44d3b3f5f1f9e4bb0da8ef29faf93
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4c641b6ce3ebe234b4cfe8f02f691660775fe2ce
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4c955de4bc7b1f87a73966012d17717bcc479d0b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4d5ab7d9c047f812602dd89ba4ac7e53a908a63c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4de6c2985277fe87351ede6bff3af816e7d7a53f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4e2fa75bf351d19ecef312e12abbe452a26cdad8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4e4a98185f7c0c6966a8eaedd1925fcb0f0905f7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4e57c44410bd162dde155efddacbb43ab0b7a9b9
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4ee460e30b9d7d93283ead349d63c63aa49afea2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4f21399fe4b42ca522f02edb072103256d9730a6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4f62c844a0011855f0981464c9ef8b001964cd15
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\4f85b613848606123f98de9c66e3abaf911986c3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5003742f010d767fe68f8eaf32fdb166f8746ab5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\50fc5b0bd28c5f2bc993480bfbb3dd804852dc7c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\51946fae0892a4db5dcb6ad2f04e81383e2576df
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\53bbd41634b8d1c86d793a846e155e16e1cf77cd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\549547b0ffa181cdb3ce006dd8ff8044a0ce58ed
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\54a8544380c83d339dd4d8bcd6df45036048b1b4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5659a286bb041edfc037604a47f52afc16c620ee
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\571ee4f9ff1954e9673c17e759d283f54a53fde4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\573c45610bdfa9b7e4d552e809d43493e94ab4f7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\57f498d39a6b9906d13c4a6c962e4fc97a03e2fb
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\57f755e4b838204cb2077c6ef16503bd343407db
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5822d953096925053b4a9dcbe7cc19407f953b34
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\595d6e5df7dd45a14e09f5b47bf0a66036712df6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\59ca13009f326f36f7cc5340c953c6aa07add195
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\59e2535fb015fda92d21e47c112ebeb0fd784840
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\59f583601d9f27a87da561fb225baaf48ce7b9d4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\59fbb3fc5ebd875d017fa648252072aa044a68a3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5a4dbe7da5ea964940f662c691d2b5ab5c8e243e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5afc30a03a0538657edad5431b990da26a032eb2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5b38eed5163f602aac6ee6430ff439a4a7fe628b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5b4a1e6eb40b459586b126069f9e73cea12de1fd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5b69b2c082de43ecf07aac21be7f82dc25577ee8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5bd600da79b48ad9a2f0bf15a17088bf9779912a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5d00eca765781f5fdd25c935c22ccd58ed357a12
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5d04f8784eec82926ceaffd25c8b8c4e1beed01c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5d0a00418fb69e2139493e4a9bee696eb0ada7c7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5d3d95e263e77baba42f26786f2c4d7cf589c344
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5d776acb59fb1dd8c4203a7583a1d0ef502da5dd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5dae4433162882b0db9de7b21d276eb664adeb8a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5e506e214c8c6a34cfce4e143391d469888062c5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\5e56d57edac53ed901f3a161b418f49e4a50828d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\601e3e742444678c1a6ebcd151a24bc3969151c2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\60a643a8d63e490c0001ca13bfc568acbe90eff4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\61bb8d71d4d907a615bba4ff97222f2efdb60660
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\61bd8a940afd6c8466b7cda620b82626cd5bfe60
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\61d737f28c0ad89ab3743d012a5cf125fbb19bbb
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\621e7e56a03367c6aa9fb5cd3111ff376423d7d4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\624454d666bf46ea3a9e46ea6d9bff282f88fde1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\63536fb1739d2a1cde446bca65d8dc312cfc86c3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\63609511e80532b5fdb6724ed7b3d6f78ebe6b5b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6385e8e574b5fecfa6b671e7cd9ab9613efa0028
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\63ae6052baee962323b0e22a3d0696553d4c69cc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\64225136bc7da37be66265ebcb993fad9f5f72ec
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6449ef466e5a819ef9b00748c7b545c59f2e3b23
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\64a7d92cd8ae09ead7256a3207f55e7dc5e31051
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\64ca0e0d173b7e70483f19a013c7974033716ca6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\650d540bd44473740a7e3b2eee986d22c3abc1d5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\658af0215c1d20acc1b146f59077da28b9102283
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\659092b13115a75a2ed4352818a764091e87ffa6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\65e598097d29e49adbb8aa8a8022bd5cdfacd9d5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\65fd171c618e467093683d65b20d60433b93161a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\669ee8cd7679b7b232246c3bef71a755538e89bd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\66cbde6daf56e2c772fd287227675ceaaf84c95b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\674437dde5169d5451073880a6bde7ed6475f366
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6812bf4f6caf8a732229194a2ba2685d56b7e68d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\68204f59615bac4655d562912d86633d03bcc491
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\684f35f2268009efa8eeb4bc59fae959e8013a06
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\68af6a4f0a628e4aac4ceb939392271d322afa86
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\68f1257b0a2f2dac4e1e8d777d7f1e4e4c9065d9
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\693f65c94e0cf5bbd0c1a3fa666de1714b6f48b4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6ac5c757644fc9d8ae37c4dd194885e76dbc665b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6adc720dca13bc1dbc172d569791f69040eebed7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6b9bc047172d524a53e79c1cdc22d3a1949973f0
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6bc00e065e2a0c2ce763d86e3f2ad316b5abee2b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6c436ac8cb51c1ceaa217e92284586757c96c494
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6c8096fb0919077fabff76f4e8a7e5260a065e97
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6cb5991942c05660607ab00f0849f0b5e0014155
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6d066ad39c8bedae23beaf55827f9c098290826f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6d323f8be3f21774436be46d396a1f1fc5a3b023
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6d4d785e966edb142a97068db7a44540f5444e63
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6d7e4c7354e152c714768ef6a7a49688b8fc6580
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6e16587aa8aa1bd634b7cc5d1379a91a7b952c63
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6ee43f57faaf65db1eec5cad4334c91649fb66d5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6ef4f2d75efae8a4cd5af6c05f6a9bc8865b51cf
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6f240e9610230ae60969b1b9e2d0468b9ce7b945
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\6fab7300d538b3acf80645761d4c5172d643badd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\706704583b6f8e4c7cae0491903ac7ba6cfaa761
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\708917e62936f9257525f88d26c3e899feec31af
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\71d406a3dca992b926124e49495a52e025349a62
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\728852cc767822278f05ebb1246fa11c2de0bb48
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\729a847ab0e33704d79f22ced4ca863281bef474
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\738c95c2c87caf2dac2debe807fcfe9b42d20768
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\73aaf8b612f1bfe8c912c525490cdaebc7195b97
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\73cd01cb85bcd379861fcc3b3482b532efd098d9
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\73e674c7deb301668c8688d072229e9451553333
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7500ebeeed7051762982b2c01c344f5c5175c984
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\752a83234fff2df8a2ef44d6646a21cb89516eaa
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\759190121fb9a97190a56a0b9bbe1abb8ff55580
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\76f0f42e07a4c50b08ca4259d0d928b089584e27
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\77fe62377f6d565020ec4883942386fa7e4a73b6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\78340c95ed882d728808868e58b8e9360a5ce8ec
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\78939277536319f621aa30446e4c626f64f56f9a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7895760f186ddfd4b9a70c389f28338e13e86763
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\79ac3b2e5033f7a5786f0c49d4b2eb573bb264ee
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7a9949aa33fc189d4ec26f810427b031f1ba7777
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7abe52064f5d0747a0f26604693b4c205ce49467
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7ae96e75b2938004e4296b647ecda894c71495d6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7b080375eec41905fc63b4025eb09854bed8529e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7b22aa35f87cb01d974bbb26df607cdf7bf3ad60
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7c3bc996f8ce2b2d392e1f80247597d34a12c342
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7d6574f5d7eee0982760c3d0ca1e4bba69220cac
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7e0020bfc5d12464f7389bb52694d7695cfc386a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7e2c25b849845f086dbf1893b8bbbd4ec59d3ad6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7e51d19ae759a8aada88b4fc20256af4769ff6e6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7e69f976e5ae2b4574e83ec6919cc28332a45634
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7e7204571c65084f339333ddcd2c6771b25cc783
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7f4e2c2bd035d0baa8ca096b9bbfb7dd38ebd656
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\7fd1c51c5646e0710200a10949bfd5489dbe906b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\80c0c87835b5fc7127cff220d4724b2eeacd35fc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\819b6b2749cd8fc8cef2bf1ea9dd7ae4277f28d8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\81c8f5cac8d507aa85d87e88a57a388d457ec393
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\831e881cdf51dd699478fc5646053f3f6bc71a36
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8344004ce6f8cc7ba192500578e5cb7c5046f589
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\83d65b02a2be6d5a6dae506ee4fd22380f79234b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\83e0521422426f925f164a16845f08ebd5ca9715
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8444f4f7086f538bbcabda140f5105e2d45292a2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\844928ba8780103d0a35df7e3c75e2a48d565d21
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\85a52b90a2ba67c0b3323a43bb41433892dbb2ea
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\863886cf4271f6a51c0eafbb9d1b88bcbc72a3e3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\86a137cbbea46a1d2bd85b51a095f97a4a3806ee
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\86cefdec6b98c5f879199b54370659a4dcaa47f4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\86d368d1629cf5aeb4e25cca5577958fa09d025e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\875979a6312d7437cfc2918c9815f145409b75fb
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\88467098d95b1aa7f2a653023c49cf08dbdcb55e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\884c913a747b345a3ecce650ab40b012b8b937ec
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8986d7ade5bb4665757f870a36b0a6344249d1cc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\89e20fec820f8f443e776ad8b9d587898b6f577a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8a11b514bb5a13e3ea891f3793aa3f23413c152c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8a28bf50f22ba302e5cb4dd369f21eb1d93123a0
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8a32c3f58af96e120b47c056cfd7957ef298c5e6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8a397e73fd85c5601d50c81058c9544beb159ca8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8a8cd7c622bde35a66cffa1bdab1a4cf4d921c3a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8bd48980e61df800937e1834d197d68ae4578ca8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8bdccdad5c19d2841004728ec00550d59ff1284a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8be58d5e2b24b6ba85125cfdc28ce14de933a328
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8bf4d4477311347c4df1afd4586ba31403c31225
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8c50969b4ca71babfec2f3c153cc4e6be695c44c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8c53a2c638f91243a96e7d3ee540f4538987d87b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8ce2e2a920ce43af346be222052940c5deb9d14b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8d2c3990741bfdceada4a5a791419cfa8efabfe4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8e17ae73a75f3661a70c56c8468489dfa251c065
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8e2724e430291ad38bc2b6fda4bb90a644175cdc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8eb0613ed2594bd1a1b88b279d55a44022578cdc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8efc283c3a2e10215094baa4eba6097ebfdc39a5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8f03e0664bafea80eae0406f17e5e95ae919af34
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8f5e3aabab6185873b6450195bc5e973a0ac873d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\8fadae7a82c035155a3f4fddd7baab90d33cd5e3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\909f8bea2fc884d17f46bb75caa2b04b715559ed
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\90c8747ced8455a13a8b1a67c9e74714fdb88830
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\91ed231c849501e3a6be7b91fb2744eb93ed3612
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\922cb7a76c7362d7908a429e4303d34fed5e739e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\92b3d6cc209f198b4be30b4a1f69724de64f9407
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9441cb675d1f8bbc6ed2eafcac29dc928e1dc6c9
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\946ec5cee25609bbc8409c3678162ecf05f9dc7f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\956d90a3b18d21b99931a990a4efa7d14c3d7cfa
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\95fad212cfa29f2055ab5d8cb260ccad590cd128
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9620a9745210aec08e290661b10284cb7936d3e0
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\968eb81c3481ad7557e971ced8fc24b0bf5f3506
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\96e38db1322fc8953c9b7b716ce1d813c5aad7f5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\979617aa9f1527aeca6e0af98bb90b17f0b469f5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\97fbb82746a39bc4c727de998865123e3177b3d3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\98016e0b38fd02cda324b8b08ab7f9aa86761374
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9822db19a1ca1e73c63a4956e111bf28f085ba9b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\98537f3b2292d406a5d3c5b867f2c1fd810f37f5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\986ebc66dc1a766d6e6356a72eddd34f2e45f2df
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\989784fb77f065ddc5cc7c853291c24ca10010e1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\98a743bda9bf2f23e478b738c3f508c205089ab7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\993d2d0c796896b9f140d8d827a84c6ee7ee4740
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9949a45d3cb078d04c687f9e4803e07009f5fd43
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\997587b9a7e60ef4fdf57d03af58d1afb5a2367e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\998d691bcd6a4d966a677d0601c25a4f3b019a23
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\999e309636b0502a4b4b5ffd0608f4bca98641af
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9a2d8c1e146f258c01970f5986179f383481e314
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9af65581ddea56f58c553a1bfadf4af6df8d282c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9b6a2fd236f23e62b73617f474e41ac03950ab99
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9bad9aef45853fc5403a10006e96c28bd7c058f4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9bb024c1a4540c53c019d4c6aa3db9782ec3b99f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9c0cd0ddf35fa628a3040b21a35094f1a20fc76f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9c5479fa7c5a6397059a935916849319542652ae
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9cb91d88b48d213f5e2ed36e716d782079cf61a0
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9d3fc66905cbfa03ee9b41802b035379c5842fa7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9d6b3b5f53704339636548bd2d3e117bf36ed5e7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9d91e73832d7e6f1504f59bc0870f47d75b96644
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\9e2236e851757e887a3814f1df3feafcd57455e9
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a08584febd5c6c15e0f2d75ade256368d83bb717
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a0c4e93c05a44e54cb4b87712602f73ce534943a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a0e09478286a3feba83d585c4ec5eec51bc9556e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a0f369ea18053aba540fe746e60f29caf237341e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a0fa447d68882b0deae31cbdff47cd64b83efab3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a1b4da1d5c3b6ed48c6db1239578116dd53de1c8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a2a71e9e2a5b8c455ab82cb63fcaa1cf62c67447
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a2c5d9d6b9cbab7baf75898843e88cd6dcd3b7ad
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a313bd5e8bbf86157c3fb73752985cca63e4a8a3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a324be8d1ba67a38769fb70955231bdccd7828aa
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a3f9f89ab8df054f336f41007e4a507e4ba2381f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a459ccdcbe7e219ceb49fd6f1a00451de090389d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a461a7377a5dbc84a0ac595201c581c056ab1fda
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a5343bd4b11acf77306e7f40e5b03411bdc91659
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a584e6566ee34f9894315f0b2ab42fe4fa956442
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a620046eca602f2ec23f2511f52e9d81220f2d4c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a683e370749cb52e546755a03c04000cb776b9d7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a73f071f3fb7a29d7e47b23206d0b7cc60f6d922
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a776fddb43393bcd67aa7e15cb37b0e1050a7368
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a7ca0bc08ef2d96c30b7086f3fabd8addad5d5ae
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a7cea7eff4c62f671362426f41ee115ea3be0051
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a81ab8ee54894be7fd6e9282dd0f4a0eb7de3aae
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a8592f0ac8e662ef1219774e1761d0f27ac1bf88
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a8ec9bd8c34a89df5548de433860a49464a7e258
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\a999a475da24e98e17f8f7cba1c7206921baa387
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\aa332bbb25663d0818796118e93050d5d361d643
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\aaab3b174dc72933865917ff5ba47d43ff6ee5e3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ab107f485b90fd32beb93fdbf3de0e84654c802d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ab25ad19509a4182d1220834a1be8f281e5f6ae1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ac71a6e788902a9165be6dea6485581653157be1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\acb731e38c603f0d50011eabf6a9b31bafb8e769
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\acf05538dca6bbf1e303c6d1ceae4889e82cc138
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ad50bc3ee057fc01498fc750b5bc60725ef995b7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ad5a994dbc393d15e3c9cc857487db661c07a34d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\adc4b7ae949178bc65f68da582e0624f7985eb2c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ae45166e568775adaed11eb813d02304040b7bc2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ae8045d20e2cd5c72908b633f89e3a84d885d0c9
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\aef93127dcaa0cf7d1af436547990c9079f7c473
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\af021cc62e447e26a7661be5868cde4ad10bd1e4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\af40dd208caa7e0fac787e5455b50d4e00bea903
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\af5891a51cbf35e76667cf9e03e2770920a6e745
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\aff51a4294d406a774a8257b10d26f9b16a2f8cb
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b04a51dab0ce27333b98fd9cda4404782d068cc7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b05fbd2b85aee1f98c21ad03514d881bdc789691
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b0b1e16d67d551ac6adabe31691cf1222255c04a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b11672871ebe87f389d0ba2c244680c1e6ccb1cc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b18d65d8580c339837fdbb2eaab3b2a67bd04de2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b26300fa005d0898e2b6de19a0f16b86f65694c7
...
chris125
2009-02-16, 21:26
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b35f8f3e836041db665be3582f456c88a9e1526f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b3a435f6a51ab29570e7dfb2731117abd05d157a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b469738b20b562f5e1d2610af0d59a08739f6eee
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b46e6116387348c8c3bceba52c2decc7728b64f5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b516f950c6df25be904880519a6f19cc13988263
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b59a2daded961474d93f39f5ee6c3c64b9682aaf
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b5a847a533c32ab2bf470645aec85c54014f80c4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b64001221ea68f02df981f270e0d0f7ef706c176
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b6e7d2393df5b8f772e854690cfc288c353ea323
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b7a67e6dfa2bd421c02dbf20d3e39c85fcad10f6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b7c41a062caf9ebd2f3dc56ea39e192e4b7954d2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b870f02c6f01303a8a50626adc4bcc832b358016
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b8ead2ea2bcc972db14cd4485bf70e52ea966a96
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b937565c2cbb436f70c9d3a5fae342b9df5957bf
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b9486c071b924017ecf650a96198a83ba3fd2e8c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b94dda4790d359690c2a3e921712d19373a5397c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b96952d1ca93f1d9eed7642d52a45a0015796e83
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\b9a5550e3005c8b6ef99f162d149a9a6fdcf2333
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ba7359236aee71cb68a14172b8e6ec95b13a416a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ba8e2547d20b9c87fec6cb6153d011f679ba4d71
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\baa56a78cc292fe588064e0250508646689109db
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bae77f02b9d3da7df7e887bf52d1de20858f47f3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bb08de5e293a8ab07938de782b8132b933a75375
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bb162aa58fb130243b0bedbf0cc374dcf238b4b9
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bb2ad3732c4fc6bf49146393502a077ba37d20cb
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bb64e87daf7cf77ad65e5e39f20156d2a557e5b6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bb7e0e158d278237bf795594c51635503f87134f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bb827eacdaa3f952ffa1f2a8a7307c2d47ad9fe1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bbb8c36c1579c0876a9503b410c468b1a8d8ad61
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bbc6a626f65b3d1c30e6e92d50e9f6b794e1d928
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bbc7089b9e59c578402f927694ac07743e8061bb
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bbe36a57ba90b095f50b03b758ddad856606837b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bc17b46ebacae2d55f97274b44e55d2c1572709f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bd23c61b1c4bc337653a2e0c54d2715d32fc1f78
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bd64200b7b9bb3dc663a4326e9660fe8a6c846fe
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bd7235da82b813b23fd58c7f7d53eb5d76a50631
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bd9deed23d81849aa9709c5b4f9747454984a9de
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bec6e3ae564d2327c16beb9a0fd3723d81c46643
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bede932bf356229eb0b89ad7d8aea2d2428ec0b1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bf50c34ef3d52fdda034c510aa26163e5b4ada43
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bf78ae14fcba8c55224f1e82082c102047d3848a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bf90781147c22b576d601a6930120fe0aba5d226
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\bfa5694a498a64e88b5cb49dae346513f9c67859
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c026d71bb358d56f150a21fccb4c73a1df92a8a2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c040dcbc1a38cbc27c697a87b8cf6cf5588e274d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c1fa48170cb9f0f49042799eaacdfe685eef4792
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c20645618f252eef3e34540d0251c37d54cf9289
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c244e1055fe67ea26d404cd59184aaf78389e7fa
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c26c37165af782b8cb71d8dea022e8f8fb7107d8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c302e58158bc53857bc4d9210aee5eff8b973800
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c3981463f1a7efc05c57a1a54871c628fd03e8e6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c4f60912844e8fd53a685391b8a3635ea46398fd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c5962368cfefceaf4ea6933c1d88c0ccc72faef8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c7737b0b2f25c1a1352d24aea88fd73329cfec80
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c8428bb52b3a3269874f3be60a467b5c8a745160
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c8715fd26f9ca94693e2a09aaf1971b212be4599
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c938f898d154577fef58b2a292b854695ba2c16f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\c991d47e09fae5bd5a147e8cd87987c0b56416d6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ca18c089c12583eb761e5c99b852332601d481d8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ca33a7128a746bb1a33aabf86f866c2d2303f1c0
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ca5d75870e7fe5d1f390f4e85e8a008777cba3bc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ca657159493146fdcf390a3302fbd884393759b5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\cb91a48860029e6af3fac44bf748c1bed8fa0b01
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\cbcea31423f59c6f67907245af68b7a2a97c5598
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\cbd3652381369e7d6ad0e164b90060ffb33053ea
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\cbee8d0b769f1082ce615537904a4095a0a9347b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ccd5457e38ee76f4a7f2c5585781afaa086cff8f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ccef5176df706f22d330de85f9445ed7f5be666f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\cd8ab76eeccec8535fbb6877701af9a507cb76f6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ce25d63ceef75bfd26e8d3a265de16bba78e142b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\cea640e43698344cb52b70f14891251afc8a63c8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\cf308f70e6b70e357a79e8684d9397a199da9822
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d019b4901b8afcc32c8cecfc07b6e9886a3d0c01
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d026a1dc73d6cbe7a22767e61bc34bb07a279ee3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d0dcdd7f45b4971908abd299c7b88da4eec7c234
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d14f76f4887eb4143de0aef21ed25dcfa26d1fdd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d1fd622d533fb2a3c4123d8e0b5fd4236d7ae223
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d2b9e2a4da5e2127c52e98b540b466e0d8db2827
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d2cbda08424a3b66038810817129e3a5fb53ef7f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d3b446e8528bf87e50268fbde717a7fcf6b565e2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d3d728d0cc207d05456c0b37ac155902fe25dd54
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d44492b42ca412605e82d65c0ac836ed997d78dc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d4569293f83babdce7094521cf972ea54e3ce99d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d4828a4452aa7cc97d0a285a1129529734a3f50b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d490975242c12fd10da11a62892eec12202b107f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d4b3ddada842e9b23c7ac4bde47674bd39b94e2c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d4d5acd480c334756172966ccd086bf62fddbe32
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d51c45aa2019a872a59a9bf011bdeda7f9cbe6b8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d59cc75ecb5c2fb204a16d2d2915427fff3e5e53
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d63cd03952970b38a9cd9a614389659ec94952a8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d7f8b0beb464aa47aba843da3bc6adac6bbd7356
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d864453e624d9d1b9b5eab4fd89340b0008360d1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d875757cded0f186495cfccc03e332c47d9bc5b5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\d877062129737d387bf8badcb4568a25f45e4fea
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dab34804787781e472c960868359414d15b9a196
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dac3cb5882b1a78bf792bfb8a74cceb8e62c7c14
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dac56b9fe060d102dab5a4c3544348ba1bbd111b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\db15f84475b5407603be3b5aa740740b5842d469
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\db329eeedc8ef3b8c6828175882be49b379fc5e5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\db42854b2b0ff8218164502b0e2cb068b765cdca
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\db5c25174d74c0f1dd3a2e7a7bbfb5793b1ef0f8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dba7e538e5548639ff8c8c9168a4ef6d3120a8ad
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dbf965adacc8a721e1d0c94fb25bf796102b5241
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dc014dd71db8c40c5c2b025e0d9665f9da9bdec6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dc5eda7cf050cb6bb670d03350589d66dfd6636f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dc82e49cd3484a74870bc1820a7640b2e3caff9b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dd088e1ae8ccea00d7122902b75eb3166041bca2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dd7c73a2cffb4ba697c77139555bb4e12a3b109d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dd889a5136ad387bfaf33849be49e41623749fec
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ddbd0c97926c30f319f20a37671153c18106792b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ddeb294235fd07657ebde3852b06e7cceb427b90
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\de951fc37d64693d450a3ef1238b6e95b49face8
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\deb87d38b2e7ad9cebe828b03a8ccc70c4182b4d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dec2204d3ea43456c84b471212d6d9f877660b22
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dec8fe572d58b19c89556f805eeb5558f6acf01f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\df29e82f8175fce991c4b6d6f2bdf76fbc7bff60
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\df7ecf13592d82d0de8b5137917d551f77120d67
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dfc9b98988774e7309d7d74360f260ee34ed289f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\dfd182cd557a06ce70750e8db1b67b1d10ffd07a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e00c33d5ec6278c665217afcf26bb1fbd7242d69
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e05e6d9875ee5cd5bfb21163917ffd2c5aafa4ec
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e070409735233f888398a361e9c21a8376d596ab
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e08aabe6335725fd5a1b1d76e70e85ad5687087e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e0a655492d4232a4dade9022157bd7e2a93d9635
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e0e978ac0168e0c39b610289e22c99e2924a62ca
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e13262a0c285cd4878c44e59af905a9314f9a311
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e199b84ced60bfd44686e504a5bf8888505b0583
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e1cbfb286d3ab4bfca92b86ae503749949beccd4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e1d88d7d625b4ad133cca6a837fefdb175c89635
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e1e37399e492b17a734b501d102e287226c8279c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e21b43d5cf9aad24060242fa9d84eb5e7d7adf38
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e22b990ec06791444d8f27a4c663a5a1f7dd3c67
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e255fe54bda5cdce53eb4186c3721293689b60ac
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e2848ec68c25cc4a32b8e8c2703344d60bb618ba
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e2a65d18de17b2d7ef2b18d7cb907bafb8211ef4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e30a70d1342aef53fbae2be9a62a8cadd9ac87b7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e3936980b8b454721fa7d8b6a8a3ee5f316aebfd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e3cf9a2700c80a5b8b3a9c4fa576231406a45b72
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e40cf2906c5f424fcdc6c3e7c494239c30a86f45
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e45ddb73b9af76d8131512a545dc0c61d5b41941
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e4e75432311a500fda2d00c8b98bdd909671c4dd
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e51113d0fc66663b8302cb457ab2fd86026f766f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e59d4ba27c5b08d55ab2f4ed014d9f6e4df085bc
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e5c22ace978fcaa4b28b4e11b58a93cea9e89aad
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e65cd2a40c1c0068dc27527948658e7d809633e7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e684233e7e6b7869f8b63dd6e2e41f0cb88edac0
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e6da593eac4effeac7f80de1e467a4c79c3175e4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e6ef696f30104a69842799a8d4487054a6272205
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e6f23e755779773ed62e6de21f3ae00208e96977
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e802478e6ef314797f60af3986dcedff86e6ae15
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e811d5f379ff20049ba7b1aeb5e34fd928a7e3d9
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e8be7407c564dff03d7f0ae4e686850b96bae11e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\e9ccfb5ebaacc412a8b6777f5cbb8e81d6bc55ec
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ea219b0449ea79f40ce78008e784eaab491142af
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ea7c7972e0a5aa7771473d4cc86fbc97206fe669
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\eb14c115f815f9bf5dbe9a4ee7005853e7ba11aa
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\eb3c0734b376aada35348574aff288e051e0369e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\eb435c32e58586c595682340336f1bef1c2f6864
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ebb99fc4f36f135085238db7186cfb8c1d74a995
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ebcd7c44b355c1a6c03dbc56d78f9443301b40a2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ec3bfc449e9685e46dfabe84e1c8ea3a9c333da1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ec754e44a8c69192662e01353f5ae35339cbb431
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ed17d71b99e9513425d688e8ad497238f287d849
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ed85bb96b17aaffa91ccf93e10b820988a184568
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ede275db6b4dc497645dd71fae3eef117e821f15
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ee5325dd539bb402e728fb4bba2d8407c679e55a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ee7ee5d388faf371ed49253e65fee0dd6ab2d4b1
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ef1c4940c2c660fe952123891c190e203f85563c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ef4a4abc0715f2769b8ff43b6edd25fda528e0d6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ef6a5c76db529cbb4631a9257978d34171dc371a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\efa5446e585b9b7fa5e91550144e1f0394d2eee5
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\efc13860d363070d0509d0a0959fbaee18356748
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\eff489e63a8e43322d0cb68c6eca599ef12da859
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f096c6a38779548ffd1502fe0a80e71023b1d717
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f0d90ab33b93be3c4222206c03c8b5c2d8682ab6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f14a0006a34098993b64ded2eef1573e95a81da3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f1bd03c6bf70716834a0f78fc7f2cb557cc2026f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f207fa2d443afa7dee6f7fc09addc9d2d04b5a60
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f23176f1781e8fd03fbc791c26fb9b24698b0610
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f25dab18e6dae984c2694d70f2adb807727ce031
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f290919f11ce25043b38e9a488c0534cae128874
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f2b98e1c8752727b3cba87a63216a56d4d6453e2
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f303228a8cd41610709b0f858c9d02d8da87df46
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f30d01b26595b0df51928bf078ce33c355f2cbe3
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f313e373b007b8cbd103f62b65bc43d8dd28a713
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f3440dbeb677245bac2a77bd08b0b895cdd856f7
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f3c74d20c40400a84efe85f8923ac2499995cf44
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f3ca4574df8856620a85ae78ee5ed79da5709e8c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f44876226725ed19c00444daa86c6bf22e3f0500
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f53e6c9f6195b7af641eedaf3f787be07bcfb61f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f5710038505d74c1b8464aee448176ab4c1f9fac
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f5f74d1d4d689bfcf18587e5633844e08bbc7107
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f610457f21ed51eb2dcf74bc8d3b16381e49287d
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f648450c0d142b423085fabdf6c22567ed295a71
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f677dc582e29687ad7d3510e9ceca175fa42b266
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f77276b62d5e343daabe513f7a44a6da3ae56e83
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f78100a27d1dbab8fe5740e8258f88934622c61a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f7b6d88ed5d8338a80d2baad41f90368c4083ad6
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f809b986fe18a6c781cdc11dbc038051294a28f0
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f8966f6fc1800d9eccda3e1557c1a4bf22ca7b86
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f8b296a62819fe049880175742cda1e83a17b6ae
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f90ffce0a75eba802bcb2a25f4a23e7b0385b713
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\f9acfc843ceda9378b00441a01a1ccc5fe004073
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\faf5692cf9412974f136d7809890fc603acc8f73
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\fb05ef0b38a1e8c901c8ea91618813c1baa1b707
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\fbf5337e3c268b725a184bc016ed261ef0d3689c
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\fc0c7a29173be9e7e39df3bd73520a8cfaf8a74a
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\fc2403417d4b1b6cb9d5de55ae722745a7d0d059
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\fd2f5aa05b53f3be3bebae856a67ad262ed97073
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\fd7230a3a5d1d4b4f430265d06b77ca014e359d4
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\fd7b12070255262f9312433c0833a48bac3ad508
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\feda959e25b44c7fa78b49f431920d545f05c68b
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ff1d7bfba22833ca8ea797a6dba43c2795ebf38f
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ffde53b9aff57684b3fea3e045875be40cfde91e
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\ffe8edb6a8fe598643b02cec82e1c149b1b84d72
c:\documents and settings\Chris\Application Data\BitTorrent\data\metainfo\fff87ca5fbe901dc43fdcf5b8595680da1e785ea
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\0143bdc84a929c84f7dda2e44593dc116645e297
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\015f67c2002b2fe69536e9681cce847ef20cafaa
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\02742fc73863f88d5c3719f5f1777af05058dc5d
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\061201f5dc049230bd15c617adf6fbe39bdd9569
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\06c5679789779d75004f2c77cf4aa33aa71d129c
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\0c6f8e1d220abe88abef8a6013dfc55375e91e59
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\1215586013874a676f9a465dd698d943e569fecd
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\153b8cc4485847e0751012bad067ac0d86860389
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\1c346621adaf2907089f1a4e4d976f9834d7ff5c
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\1d1d31d06e5531910d8e4267e93cc1e7e0654495
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\1d3f8a32f74e24951f83aa57a06d5d93bc7c530e
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\1fd8ffe6582b2890b30b6b348f5ab06592498b17
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\20cf1deac46bb9fea445ced9a859bf936a44b37f
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\24595ea6385d6f305609ba17167fdc03188637b7
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\2a1a2813e744f8ee645c34e2ed29a828573f2b7f
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\2bb85d1ca0f12017aa5ee12c2a3ee8702ed71d79
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\2cef9b64778e8590c147178d6e38d220f76eb34f
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\2d7fff2c85208dc761f30fc6ae8cf3a7a7214fdd
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\328e879a7781e96fce2352aa891faaef91611e13
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\333ff05b97553e685d9063019f5a2893199d2eb2
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\3429b2ba8d1673d6a991934a1c6cd7854b21115b
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\3c9ad14597ce07a518b2b649e06909428e3a39ee
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\3e2263fe8af2f16f10e89e39c7fed6cc73391045
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\47e517e45722b7be955fdcbaad798d0f0a55b7ba
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\48bfc852eb5bda9918658d3aa62c3b2193fd0477
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\48c9e3e8751cd6a01f67f4ed17e2227a5ca1b5a8
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\5d04f8784eec82926ceaffd25c8b8c4e1beed01c
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\624454d666bf46ea3a9e46ea6d9bff282f88fde1
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\6449ef466e5a819ef9b00748c7b545c59f2e3b23
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\684f35f2268009efa8eeb4bc59fae959e8013a06
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\6d7e4c7354e152c714768ef6a7a49688b8fc6580
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\729a847ab0e33704d79f22ced4ca863281bef474
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\73e674c7deb301668c8688d072229e9451553333
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\78340c95ed882d728808868e58b8e9360a5ce8ec
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\79ac3b2e5033f7a5786f0c49d4b2eb573bb264ee
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\7ae96e75b2938004e4296b647ecda894c71495d6
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\83e0521422426f925f164a16845f08ebd5ca9715
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\844928ba8780103d0a35df7e3c75e2a48d565d21
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\86a137cbbea46a1d2bd85b51a095f97a4a3806ee
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\8eb0613ed2594bd1a1b88b279d55a44022578cdc
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\8fadae7a82c035155a3f4fddd7baab90d33cd5e3
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\91ed231c849501e3a6be7b91fb2744eb93ed3612
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\997587b9a7e60ef4fdf57d03af58d1afb5a2367e
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\9d91e73832d7e6f1504f59bc0870f47d75b96644
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\a0f369ea18053aba540fe746e60f29caf237341e
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\a73f071f3fb7a29d7e47b23206d0b7cc60f6d922
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\a8ec9bd8c34a89df5548de433860a49464a7e258
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\b469738b20b562f5e1d2610af0d59a08739f6eee
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\bd7235da82b813b23fd58c7f7d53eb5d76a50631
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\bede932bf356229eb0b89ad7d8aea2d2428ec0b1
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\c040dcbc1a38cbc27c697a87b8cf6cf5588e274d
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\c3981463f1a7efc05c57a1a54871c628fd03e8e6
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\cbcea31423f59c6f67907245af68b7a2a97c5598
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\ccd5457e38ee76f4a7f2c5585781afaa086cff8f
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\d4828a4452aa7cc97d0a285a1129529734a3f50b
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\df29e82f8175fce991c4b6d6f2bdf76fbc7bff60
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\e0e978ac0168e0c39b610289e22c99e2924a62ca
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\e30a70d1342aef53fbae2be9a62a8cadd9ac87b7
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\e51113d0fc66663b8302cb457ab2fd86026f766f
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\ea7c7972e0a5aa7771473d4cc86fbc97206fe669
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\ebcd7c44b355c1a6c03dbc56d78f9443301b40a2
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\efa5446e585b9b7fa5e91550144e1f0394d2eee5
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\f1bd03c6bf70716834a0f78fc7f2cb557cc2026f
c:\documents and settings\Chris\Application Data\BitTorrent\data\resume\f5f74d1d4d689bfcf18587e5633844e08bbc7107
c:\documents and settings\Chris\Application Data\BitTorrent\data\routing_table
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrent_config
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\0143bdc84a929c84f7dda2e44593dc116645e297
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\015f67c2002b2fe69536e9681cce847ef20cafaa
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\061201f5dc049230bd15c617adf6fbe39bdd9569
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\06c5679789779d75004f2c77cf4aa33aa71d129c
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\1215586013874a676f9a465dd698d943e569fecd
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\153b8cc4485847e0751012bad067ac0d86860389
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\1c346621adaf2907089f1a4e4d976f9834d7ff5c
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\1d1d31d06e5531910d8e4267e93cc1e7e0654495
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\1d3f8a32f74e24951f83aa57a06d5d93bc7c530e
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\1fd8ffe6582b2890b30b6b348f5ab06592498b17
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\20cf1deac46bb9fea445ced9a859bf936a44b37f
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\24595ea6385d6f305609ba17167fdc03188637b7
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\2a1a2813e744f8ee645c34e2ed29a828573f2b7f
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\2bb85d1ca0f12017aa5ee12c2a3ee8702ed71d79
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\2cef9b64778e8590c147178d6e38d220f76eb34f
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\2d7fff2c85208dc761f30fc6ae8cf3a7a7214fdd
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\328e879a7781e96fce2352aa891faaef91611e13
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\333ff05b97553e685d9063019f5a2893199d2eb2
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\3429b2ba8d1673d6a991934a1c6cd7854b21115b
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\3c9ad14597ce07a518b2b649e06909428e3a39ee
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\3e2263fe8af2f16f10e89e39c7fed6cc73391045
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\47e517e45722b7be955fdcbaad798d0f0a55b7ba
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\48bfc852eb5bda9918658d3aa62c3b2193fd0477
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\48c9e3e8751cd6a01f67f4ed17e2227a5ca1b5a8
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\5d04f8784eec82926ceaffd25c8b8c4e1beed01c
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\624454d666bf46ea3a9e46ea6d9bff282f88fde1
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\6449ef466e5a819ef9b00748c7b545c59f2e3b23
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\684f35f2268009efa8eeb4bc59fae959e8013a06
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\6d7e4c7354e152c714768ef6a7a49688b8fc6580
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\729a847ab0e33704d79f22ced4ca863281bef474
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\73e674c7deb301668c8688d072229e9451553333
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\78340c95ed882d728808868e58b8e9360a5ce8ec
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\79ac3b2e5033f7a5786f0c49d4b2eb573bb264ee
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\7ae96e75b2938004e4296b647ecda894c71495d6
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\83e0521422426f925f164a16845f08ebd5ca9715
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\844928ba8780103d0a35df7e3c75e2a48d565d21
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\86a137cbbea46a1d2bd85b51a095f97a4a3806ee
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\8eb0613ed2594bd1a1b88b279d55a44022578cdc
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\91ed231c849501e3a6be7b91fb2744eb93ed3612
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\997587b9a7e60ef4fdf57d03af58d1afb5a2367e
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\9d91e73832d7e6f1504f59bc0870f47d75b96644
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\a0f369ea18053aba540fe746e60f29caf237341e
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\a73f071f3fb7a29d7e47b23206d0b7cc60f6d922
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\a8ec9bd8c34a89df5548de433860a49464a7e258
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\b469738b20b562f5e1d2610af0d59a08739f6eee
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\bede932bf356229eb0b89ad7d8aea2d2428ec0b1
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\c040dcbc1a38cbc27c697a87b8cf6cf5588e274d
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\c3981463f1a7efc05c57a1a54871c628fd03e8e6
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\cbcea31423f59c6f67907245af68b7a2a97c5598
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\ccd5457e38ee76f4a7f2c5585781afaa086cff8f
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\d4828a4452aa7cc97d0a285a1129529734a3f50b
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\df29e82f8175fce991c4b6d6f2bdf76fbc7bff60
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\e0e978ac0168e0c39b610289e22c99e2924a62ca
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\e30a70d1342aef53fbae2be9a62a8cadd9ac87b7
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\e51113d0fc66663b8302cb457ab2fd86026f766f
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\ea7c7972e0a5aa7771473d4cc86fbc97206fe669
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\ebcd7c44b355c1a6c03dbc56d78f9443301b40a2
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\efa5446e585b9b7fa5e91550144e1f0394d2eee5
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\f5f74d1d4d689bfcf18587e5633844e08bbc7107
c:\documents and settings\Chris\Application Data\BitTorrent\data\torrents\f90ffce0a75eba802bcb2a25f4a23e7b0385b713
c:\documents and settings\Chris\Application Data\BitTorrent\data\ui_config
c:\documents and settings\Chris\Application Data\BitTorrent\data\ui_state
c:\documents and settings\Chris\Application Data\BitTorrent\David Byrne & Brian Eno [2008] Everything That Happens Will Happen Today.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Defiance.2009.DVDSCR.905Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\dht.dat
c:\documents and settings\Chris\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Chris\Application Data\BitTorrent\DJ ,rupture - 2008 - Uproot.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\DJing For Dummies eBook.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Do the Right Thing 720p x264 DD2.0-V.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Ed Rec Vol.3.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Electric - The Very Best of Electronic, New Wave & Synth.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Elia.Kazan-Splendor.In.The.Grass.1961_DVDRiP.XviD_esp.pt-br.rum.scc.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\elpepo.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Emergency At The Everyday.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Entourage.S05E07.Gotta.Look.Up.To.Get.Down.HQTV.Optimized.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Entourage.S05E08.First.Class.Jerk.HQTV.Optimized.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Entourage.S05E09.Pie.HQTV.Optimized.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Entourage.S05E10.1408Kbps.Seth.Green.Day.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Entourage.S05E11.Play'n.With.Fire.HQTV.Optimized.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Entourage.S05E12.Return.To.Queens.Blvd.HQTV.Optimized.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Explosions In The Sky - All Of A Sudden I Miss Everyone[2007.POST ROCK].LokoTorrents.com.By KELOLO.zip.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Felt - A tribute to Christina Ricci.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Fleet Foxes - Sun Giant EP.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Fleet Foxes Collection.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Fleet Foxes.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Flight.of.the.Conchords.S02E03.1024kbps.The.Tough.Brets.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Flobots_Fight With Tools.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\FOTCS2E1.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\FOTCs2e2.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Four Tet.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Freaks.and.Geeks.896kbps.Complete.Series.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Frost.Nixon.DVDScreener.2008.1200kbps.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Funny Games.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Futurama.Benders.Game.2008.DVDRip.768Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Good Shoes - (2007) - Think Before You Speak.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Gossip.Girl.S01E06.[iPodTVNova.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Gran.Torino.2008.DVDSCR.1427Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Gymnastics Gala.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Hamlet.2.DVDRip.2008.1400kbps.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Hardrock.2007.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Heavy Metal 1981 DVD Rip.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Hedwig and the Angry Inch - Movie Soundtrack.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Hedwig And The Angry Inch.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Henry Poole IS Here 2008 DVD Screener.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Hot_Chip-Made_in_the_Dark-Japanese_Edition-2008-JUST.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How to be a DJ by DJ Chuck Fresh.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S03E15.The.Chain.Of.Screaming.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S03E16.Sandcastles.In.The.Sand.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S03E19.Everything.Must.Go.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S03E20.Miracles.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E01.Do.I.Know.You.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E02.Worlds.Greatest.Burger.640kbps.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E03.I.Love.NY.640kbps.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E04.640kbps.Intervention.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E05.640kbps.Shelter.Island.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E06.640kbps.Happily.Ever.After.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E07.640kbps.Not.A.Fathers.Day.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E08.640kbps.Woooo.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E10.640kbps.The.Fight.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E11.640kbps.Little.Minnesota.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E12.640kbps.Benefits.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E13.640kbps.Three.Days.Of.Snow.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.I.Met.Your.Mother.S04E14.640Kbps.The.Possimpible.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\How.To.Lose.Friends.And.Alienate.People.2008.R5.774Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Ian.Fleming.Where.Bond.Began.640kbps.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Il.y.a.longtemps.que.je t'aime.2008.907kbps.[videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\In.Bruges.DVDRip.XviD-DiAMOND.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Incredibad.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Indiana Jones Boxset.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Intimacy.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Jeff.Dunhams.Very.Special.Christmas.Special.2008..blue.R.Ri.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Jenny Lewis.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\jens.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Jim_Jones-A_Dipset_Xmas-(RapGodFathers.com).torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Jonathan Richman And The Modern Lovers - 23 Great Recordings.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Joni Mitchell.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Junior Boys - The Dead Horse EP.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\K7 Tapes.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Kano - 140 Grime ST [Explicit Retail] with Covers 2008 (Rap).torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Lady Gaga - The Fame.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Leon..The.Professional.1994.blueRip.1400Kbps.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Let the right one in.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Lie.To.Me.S01E03.A.Perfect.Score.iPod.Optimized.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\LIGHTS.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Lil Wayne- The Drought Is Over 6 (The Reincarnation).torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Lil Wayne - The Carter Connect.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Love Actually 2003 DMT DVDRiP KvCD Jamgood(TUS Release).1.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Love Actually 2003 DMT DVDRiP KvCD Jamgood(TUS Release).2.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Love Actually 2003 DMT DVDRiP KvCD Jamgood(TUS Release).torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Love Tara.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Lower.Learning.2008.DVDSCR.745Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\M83 - Dead Cities, Red Seas & Lost Ghosts.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Man on wire.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Manchester Orchestra.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Max.Payne.2008.R5.Line.898Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\maybe this christmas too - various.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Milk.2008.DVDSCR.899Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Mirrors.2008.DVDRip.777Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Mitch Hedberg.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\MixMeister.Fusion.And.Video.v7.3.2.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\More ABC 12'' Mixes.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Mount Sims.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\MSTRKRFT.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Munich.640kbps.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Murs & 9th Wonder - Sweet Lord [Billy4202].torrent
c:\documents and settings\Chris\Application Data\BitTorrent\murs.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\My.Best.Friends.Girl.TS.2008.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\My.Winnipeg.2007.DVDRiP.XViD-DOCUMENT.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Neil Young (1992) Harvest Moon (@256).torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Neil Young.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\New Order - Brotherhood Remastered 2CD 2008.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\New Order - Movement Remastered 2008.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\New Order - Technique - Remastered 2CD 2008.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\New.Jack.City.640kbps.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Nick.And.Norah's.Infinite.Playlist.XViD.ENGLiSH.(2008).Mp3-HDDVDRIP-aXXo.avi.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Nick.And.Norahs.Infinite.Playlist.2008.DVDRip.911Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\No Age - Nouns.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\No.Country.For.Old.Men.2007.DvDRip.TV.Optimized.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\P90X.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\PCU.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Pedal.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Pet Shop Boys It Doesn't Often Snow.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Peter, Bjorn & John(Ft.Victoria Bergsman) - Young Folks.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Pineapple.Express.2008.DVDSCR.768Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Pitchfork top 100 of the 70's pack 1.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Pokemon complete 4th generation.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Postal 2007 DVD Rip.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Promo Only Mainstream Radio.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Quantum.Of.Solace.TS.640kbps.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Quarantine.2008.TS.1024Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Radiohead - House of Cards.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Radiohead.Live.At.Victoria.Park.London.06.25.2008.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Religulous.2008.DVDSCR.765Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\resume.dat
c:\documents and settings\Chris\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Chris\Application Data\BitTorrent\Revolutionary.Road.2008.DVDSCR.982Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Ricky.Gervais.Animals.2003.TV.Optimized.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\RocknRolla.2008.DvDRip.771Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Rocky.IV.1985.WS.DVDRip.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Role Models iPod.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Romeo.And.Juliet.1996.DVDRip.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Royksopp - What Else Is There (Breaks Mix) [Bootleg 2007] [Breaks].torrent
c:\documents and settings\Chris\Application Data\BitTorrent\rss.dat
c:\documents and settings\Chris\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Chris\Application Data\BitTorrent\SaG's Indie Electro Rock Playlist August 2008.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Santogold + Remixes [2008].torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Saturday.Night.Live.S33E08.Jonah.Hill.[iPodTVNova.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Saturday.Night.Live.S34E01.Michael.Phelps.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Saturday.Night.Live.S34E02.James.Franco.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Saturday.Night.Live.S34E12.640kbps.Neil.Partick.Harris.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Scrubs.S08E01.My.Jerks.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Scrubs.S08E02.My.Last.Words.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\settings.dat
c:\documents and settings\Chris\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Chris\Application Data\BitTorrent\Seven.Pounds.2008.DVDSCR1024Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Sisterhood.of.the.Traveling.Pants.2.blue.R.Rip.2008.1400Kbp.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Slumdog Millionaire OST.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Slumdog.Millionaire.2008.DVDSCR.772Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Son.of.Rambow.2007.DVDRip.906Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\South.Park.S12E09.Breast.Cancer.Show.Ever.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\South.Park.S12E10.640kbps.Pandemic.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\South.Park.S12E11.640kbps.Pandemic.2.The.Startling.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\South.Park.S12E13.640kbps.Elementary.School.Musical.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Splendor in the Grass [1961].avi.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Struttin.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Super.Bad.2007.900Kbp.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Taken.2009.DVDRip.1426Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\TEARS FOR FEARS - Songs From The Big Chair [1999 Remastered].torrent
c:\documents and settings\Chris\Application Data\BitTorrent\TEARS FOR FEARS - The Hurting [1999 Remastered And Expanded].torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Art of Mixing, A Visual Guide to Recording by David Gibson.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Day The Earth Stood Still (1951).mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Envy Corps - Dwell [2008].torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Game LAX(Explicit) 2008.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Killers - A Great Big Sled.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Killers_Christmas Single 2008.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The King of Kong.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The L Word - Season 2.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Mixtape Volume Three.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Postal Service Discography.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The rumble strips - girls and weather.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Streets - 4 Disk Collection.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Streets - discography (4 studio albums + 1 EP).torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Streets BBC Electric Proms 08.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Tragically Hip.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Very Best.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The Vogue Years.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.Curious.Case.Of.Benjamin.Button.2008.DVDSCR.1011Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.Day.The.Earth.Stood.Still.2008.Telesync.770Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.L.Word.S06E01.640kbps.Long.Nights.Journey.Into.Day.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.L.Word.S06E02.640kbps.Least.Likely.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.L.Word.S06E02.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.L.Word.S06E03.640kbps.LMFAO.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.Office.S05E08.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.Office.S05E10.iPod-Opt.[Videoseed.com].1.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.Office.S05E10.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.Office.S05E11.640kbps.Duel.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.Office.S05E12.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.Office.UK.Series.1.2001.TV.Optimized.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.Office.UK.Series.2.TV.Optimized.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.Reader.2008.DVDSCR.1037Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.Women.TV-Opt.[Videoseed.com].torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The.Wrestler.2008.DVDSCR.1403Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\The_Empire_and_Lil_Wayne-The_Drought_is_Over_Pt._6_(the_Reincarnation)-WEB-2008.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\the_virgins-the_virgins-2008-no.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Thrash Thrash Thrash.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Top 100 albums 80-89 Pitchforkmedia pack 2.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Top 40 singles Uk 26 10 2008 DHZ Inc Release.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Top.Gear.S12E05.iPod-Opt.[Videoseed.com].torrent
chris125
2009-02-16, 21:27
c:\documents and settings\Chris\Application Data\BitTorrent\Top.Gear.S12E07.iPod-Opt.[Videoseed.com].torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Transporter.3.2008.Telesync.1025Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Tropic.Thunder.2008.DVDSCR.905Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Urban Club October 2008.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Urban Radio September 2008.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\VA-Promo Only Mainstream Radio September 2008 (Aphrodite333).torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Various Artists - Indie Rock Playlist October 2008.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Various Artists - Indie Rock Playlist September 2008.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Vicky.Christina.Barcelona.2008.DVDSCR.777Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Wall.E.2008.DVDRip.774Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Waltz.With.Bashir.2008.DVDRip.900kbps.[videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\We Got The Remix.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\WEDOITRIGHT_ Cool Kids - Collected & Compiled.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Wendy.And.Lucy.2008.DVDSCR.1036Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Wilco - Fleet Foxes - I Shall Be Released.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Wild.Child.2008.mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Wiley-Grime_Wave-WEB-2008-BAT.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Wolf_Parade-At_Mount_Zoomer-2008-RTB.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\X.Files.I.Want.To.Believe.2008.DVDRip.769Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Youth Novel.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\Zack.And.Miri.Make.A.Porno.2008.R5.Line.907Kbps.[Videoseed.com].mp4.torrent
c:\documents and settings\Chris\Application Data\BitTorrent\ZeitgeistMovie.com.iPod.mp4.torrent
c:\documents and settings\Chris\fybfxsh.exe
c:\documents and settings\Chris\inqk.exe
c:\documents and settings\Chris\odrntno.exe
c:\documents and settings\Chris\rsd.exe
C:\jortnq.exe
C:\oxrdoksm.exe
c:\windows\mswinsck.ocx
c:\windows\system\xccef090131.exe
c:\windows\system32\10.tmp
c:\windows\system32\11.tmp
c:\windows\system32\12.tmp
c:\windows\system32\13.tmp
c:\windows\system32\14.tmp
c:\windows\system32\15.tmp
c:\windows\system32\16.tmp
c:\windows\system32\17.tmp
c:\windows\system32\18.tmp
c:\windows\system32\19.tmp
c:\windows\system32\1B.tmp
c:\windows\system32\1C.tmp
c:\windows\system32\1F.tmp
c:\windows\system32\2.tmp
c:\windows\system32\20.tmp
c:\windows\system32\22.tmp
c:\windows\system32\23.tmp
c:\windows\system32\24.tmp
c:\windows\system32\26.tmp
c:\windows\system32\27.tmp
c:\windows\system32\2D.tmp
c:\windows\system32\3.tmp
c:\windows\system32\30.tmp
c:\windows\system32\31.tmp
c:\windows\system32\32.tmp
c:\windows\system32\35.tmp
c:\windows\system32\36.tmp
c:\windows\system32\37.tmp
c:\windows\system32\38.tmp
c:\windows\system32\39.tmp
c:\windows\system32\3A.tmp
c:\windows\system32\3B.tmp
c:\windows\system32\3C.tmp
c:\windows\system32\3D.tmp
c:\windows\system32\3E.tmp
c:\windows\system32\3F.tmp
c:\windows\system32\4.tmp
c:\windows\system32\48.tmp
c:\windows\system32\49.tmp
c:\windows\system32\4A.tmp
c:\windows\system32\4C.tmp
c:\windows\system32\7z.exe
c:\windows\system32\8.tmp
c:\windows\system32\A.tmp
c:\windows\system32\B.tmp
c:\windows\system32\drivers\ethsgahb.sys
c:\windows\system32\drivers\ndisio.sys
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\fctrcrsj.ini
c:\windows\system32\hbvpkjgd.ini
c:\windows\system32\jvosdqqy.ini
c:\windows\system32\secupdat.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\undname.exe
c:\windows\system32\vyudptbh.ini
c:\windows\system32\wxxtuabf.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ethsgahb
((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.
2009-02-14 10:34 . 2009-02-14 10:34 182,656 --a--c--- c:\windows\system32\dllcache\ndis.sys
2009-02-14 02:10 . 2009-02-14 02:10 <DIR> d-------- C:\rsit
2009-02-09 00:22 . 2009-02-15 11:54 <DIR> d-------- c:\windows\system32\inf
2009-01-28 22:36 . 2009-01-28 22:36 <DIR> d-------- C:\gnuplot
2009-01-24 15:17 . 2009-01-24 15:17 244 --ah----- C:\sqmnoopt12.sqm
2009-01-24 15:17 . 2009-01-24 15:17 232 --ah----- C:\sqmdata12.sqm
...
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 18:29 --------- d-----w c:\program files\Common Files\Adobe
2009-02-15 20:19 --------- d-----w c:\program files\QSuite
2009-02-14 18:48 --------- d-----w c:\program files\Java
2009-02-14 18:34 182,656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-01-14 20:58 --------- d-----w c:\program files\MixMeister Fusion + Video
2009-01-11 05:32 --------- d-----w c:\documents and settings\Chris\Application Data\MixMeister Technology
2008-12-31 01:37 --------- d-----w c:\documents and settings\All Users\Application Data\Minnetonka Audio Software
2008-12-28 23:25 --------- d-----w c:\documents and settings\Chris\Application Data\Apple Computer
2008-12-17 06:40 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-17 06:24 --------- d-----w c:\program files\Adobe Media Player
2008-12-17 06:21 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-17 06:13 --------- d-----w c:\program files\Common Files\Macrovision Shared
2004-09-10 21:40 92,160 ----a-w c:\program files\DECCHECK.exe
2004-09-10 21:40 5,970 ----a-w c:\program files\eula.txt
2008-10-06 16:57 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-10-06 16:57 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-10-06 16:57 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-10-06 16:57 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-10-06 16:57 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
2004-08-04 04:00 31232 67569ebfaf170f559143d4434e2056ee c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 16:12 31744 e7062f33567f821d9e7ef6ff75e12694 c:\windows\ServicePackFiles\i386\svchost.exe
2009-01-22 22:56 31232 eb015b8f368f08ea457000a19175bee4 c:\windows\system32\svchost.exe
2009-01-22 22:56 31232 c7a2f067e4455df518241a532a56c16d c:\windows\system32\dllcache\svchost.exe
2004-08-04 04:00 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2009-02-14 10:34 212608 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2009-02-14 10:34 212608 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
2008-04-13 16:12 1050624 a70fd46df39fc22b3db23e55b4fb520c c:\windows\explorer.exe
2007-06-13 03:26 1050112 62088503ce726540fd2b65eef9261b23 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 02:23 1050112 575ab078a76fc433e6b1f79269b09190 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-04 04:00 1049088 c6affd4a895a674719ddd3fb2bc40da7 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-13 16:12 1050624 8c08a5235fc41026da77fa8bc60d2907 c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-04 04:00 32256 b9d5ef452ce5b5ca09fdaa782c2ad5bc c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 16:12 32256 11cde4a9c00d81d9390caeafe0193f89 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 16:12 32256 ba567d2aad8ed2aae7183702d96650b6 c:\windows\system32\ctfmon.exe
2005-06-10 16:17 74752 bb33ba137547b468c1f6e253b8cff829 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 15:53 74752 346c592ebdb24f1dfe45987c110b20f3 c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 04:00 74752 aead5cc82bacdd5af8838dcdaea7811c c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 16:12 74752 53b1c475dbb1dfd3157355607cfd42e6 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 16:12 74752 05c5ed1c4f67a4df9fbac916bea9f26c c:\windows\system32\spoolsv.exe
2004-08-04 04:00 41472 712f66b287319fb3d0f9dc76cc5a793c c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 16:12 43008 7da09362dc61d725ed47002994d9a291 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 16:12 43008 9834e0cdeb23ae248fd546c8ac4782e7 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-15_12.27.06.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 23:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2009-02-15 20:08:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-16 18:44:36 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-15 20:08:58 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-16 18:44:36 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-15 20:08:58 49,152 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 18:44:36 49,152 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 18:44:41 16,384 ----atw c:\windows\temp\Perflib_Perfdata_530.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 32256]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 221696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 437008]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 2006\pccguide.exe" [2005-09-28 917566]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 151552]
"Firefly"="c:\program files\SnapStream Media\Firefly\Firefly.exe" [2006-06-05 200704]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-01-12 516096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 434176]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNotifierService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\SetupWizard.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\drivers\amdacpi.sys [2006-01-13 13824]
R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [2006-01-13 21120]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
R2 RTWTKRNL;Real-Time Windows Target;c:\windows\system32\drivers\RTWTKRNL.sys [2008-02-11 27200]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-09-26 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-09-28 360517]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-09-12 651325]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-09-26 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-09-12 307268]
S3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [2006-01-12 70528]
S3 MPCSYS;MPCSYS; [x]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2006-01-12 278016]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{V2FR455T-5K8M-BRW1-NFF4-I3DY73S22YA5}]
"c:\program files\Internet Explorer\iexplore.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\z2fqqhdr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 10:45:27
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:83,70,db,6f,f3,01,18,bc,8a,2c,26,51,2d,77,68,01,45,df,69,a2,32,
04,4f,4d,2e,7b,c9,65,6b,2f,a9,6c,42,48,23,e3,82,6e,4e,c2,89,10,ea,8f,ec,03,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:83,70,db,6f,f3,01,18,bc,8a,2c,26,51,2d,77,68,01,45,df,69,a2,32,
04,4f,4d,2e,7b,c9,65,6b,2f,a9,6c,42,48,23,e3,82,6e,4e,c2,89,10,ea,8f,ec,03,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(400)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\matlab701\webserver\bin\win32\matlabserver.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\IoctlSvc.exe
c:\matlab701\bin\win32\MATLAB.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\SnapStream Media\Beyond TV\BTVAgent2.exe
c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
c:\program files\SnapStream Media\Beyond TV\BTVSettingsService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
c:\program files\SnapStream Media\Beyond TV\BTVLibraryService.exe
c:\program files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
c:\program files\SnapStream Media\Beyond TV\BTVNetworkService.exe
c:\program files\SnapStream Media\Beyond TV\BTVNotifierService.exe
c:\program files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
c:\program files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
c:\progra~1\TRENDM~1\INTERN~1\PCClient.exe
.
**************************************************************************
.
Completion time: 2009-02-16 10:51:51 - machine was rebooted [Chris]
ComboFix-quarantined-files.txt 2009-02-16 18:51:48
ComboFix2.txt 2009-02-15 20:27:49
Pre-Run: 30,371,082,240 bytes free
Post-Run: 30,372,614,144 bytes free
Current=1 Default=1 Failed=2 LastKnownGood=3 Sets=1,2,3,4
1428 --- E O F --- 2009-01-14 11:02:59
chris125
2009-02-16, 21:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:38 AM, on 2/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
C:\PROGRAM FILES\SNAPSTREAM MEDIA\BEYOND TV\BTVLIBRARYSERVICE.EXE
C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
C:\PROGRAM FILES\SNAPSTREAM MEDIA\BEYOND TV\BTVNETWORKSERVICE.EXE
C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Documents and Settings\Chris\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137127858093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
--
End of file - 9537 bytes
I couldn't run the online scan because I can't access my network at the moment.
Hi,
Do you mean that infection prevents you from accessing or is there some other reason? I'll need to see a report before we can go on with the cleaning process.
chris125
2009-02-17, 07:35
I don't think it's the infection, because at its worst I could still get online. I'm not seeing any symptoms right now. Perhaps one of the anti malware programs did something to my network connection?
I'm getting an error message saying
"windows could not finish repairing the problem because the following could not be completed:
Failed to query TCP/IP settings of the connection. Cannot proceed"
I don't really know what to do for this.
Hi,
Have you tried reboot the system? If network has still problems after reboot then download and run Winsockxpfix (http://www.snapfiles.com/get/winsockxpfix.html).
chris125
2009-02-17, 20:46
Now that I am back online, I keep getting logged off my system in a few minutes. It'll shut down all my programs and restart, and I don't have time to do the online scan.
Hi,
Could you describe what triggers restarting or does it happen randomly? Is there any kind of message shown?
Let's change the recovery settings to disable automatic rebooting to see if some critical error occurs before the restart:
1.Right-click My Computer, and then click Properties.
2.Click the Advanced tab.
3.Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.
4.Clear the Automatically restart check box, and click OK the necessary number of times.
5.Restart your computer for the settings to take effect.
chris125
2009-02-18, 00:47
It seemed somewhat random, but now that I think of it, it usually happens when Internet Explorer is open. There is no message shown, it is as if I had clicked the "turn off computer" button. It goes to the "saving system settings screen" and all that. I checked my Start Up and Recovery Options and I didn't have Automatic Restart box checked to begin with.
I was able to install the Windows Recovery Console now that I have an internet connection again.
Hi again,
Let's try a few more tools here.
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.
Download GMER (http://www.gmer.net/gmer.zip) and save it your desktop:
Extract it to your desktop and double-click GMER.exe
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
chris125
2009-02-19, 09:35
Hi,
I had some problems with my computer hanging and/or BSOD with these scans. The mbam scan went ok, but when it rebooted to take finish the cleanup, I got a BSOD with the error "bad_pool_caller".
Also the gmer scan was never able to go through, it hung, or BSOD the 6 or so times I tried it. I will post the intial scan it does on start up of the program.
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3
2/18/2009 2:15:19 PM
mbam-log-2009-02-18 (14-15-19).txt
Scan type: Full Scan (C:\|D:\|H:\|)
Objects scanned: 308130
Time elapsed: 1 hour(s), 16 minute(s), 55 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 15
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 51
Memory Processes Infected:
C:\WINDOWS\services.exe (Backdoor.ProRat) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lfzgxnve.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tjyzbell.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlmazccf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hdlhfpln.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lfzmillz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zzgvvcxr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\services (Backdoor.ProRat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\services (Backdoor.ProRat) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Backdoor.ProRat) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\services (Backdoor.ProRat) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Chris\reader_s.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\services.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\reader_s.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\lfzgxnve.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\tjyzbell.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\xlmazccf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\hdlhfpln.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\lfzmillz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\zzgvvcxr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\1B.tmp.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\1F.tmp.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\26.tmp.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\2D.tmp.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\38.tmp.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\39.tmp.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\4C.tmp.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ctlapotj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dejivibi(2).dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\efcDvTLd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kibvpcif.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbfpuoerx.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfjtibldv.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChqjcpjre.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUomJYq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\_awtUkIAQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\_fcccywtS.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\_hsfd83jfdg.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\_nccmat.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\_polybf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ati8ubxx.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\protect.sys.vir (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inf\xccefb090131.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xccdf16_090131a.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\xccdf32_090131a.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system\xccef090131.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inf\xccdfb16_090131.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-18 23:26:41
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code 8A693480 pIofCallDriver
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs uoeiupgf.sys
Device \FileSystem\Fastfat \Fat uoeiupgf.sys
Device \Driver\NDIS \Device\Ndis [8A66D984] NDIS.sys[.reloc]
---- Processes - GMER 1.0.14 ----
Process C:\Documents and Settings\Chris\kfurfg.exe (*** hidden *** ) 876
---- EOF - GMER 1.0.14 ----
Hi,
Please run ComboFix again and post back its report & a fresh hjt log.
chris125
2009-02-19, 22:57
Here are the logs
ComboFix 09-02-15.01 - Chris 2009-02-19 12:32:44.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1758 [GMT -8:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: Trend Micro PC-cillin Internet Security 2006 *On-access scanning disabled* (Outdated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\Install.txt
c:\windows\system32\config\systemprofile\reader_s.exe
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\inf\rundll33.exe
c:\windows\system32\Install.txt
c:\windows\system32\w.exe
c:\windows\system32\xcchit32.ini
c:\windows\xccwinsys.ini
c:\windows\system32\userinit.exe . . . is infected!!
c:\windows\system32\svchost.exe . . . is infected!!
c:\windows\system32\spoolsv.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFISICX
-------\Legacy_DEFAULTLIB
-------\Legacy_MABIDWE
-------\Legacy_NOYTCYR
-------\Legacy_ROYTCTM
-------\Legacy_SOXPECA
-------\Legacy_TDYDOWKC
-------\Legacy_WSLDOEKD
-------\Service_defaultlib
-------\Service_Passthru
((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.
2009-02-18 12:56 . 2009-02-18 12:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-18 12:56 . 2009-02-18 12:56 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-02-18 12:56 . 2009-02-18 12:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-18 12:56 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-18 12:56 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-18 12:55 . 2009-02-18 12:55 163,268 --a------ c:\windows\system32\19.tmp
2009-02-18 12:55 . 2009-02-18 12:55 2,048 --a------ c:\windows\system32\16.tmp
2009-02-18 12:55 . 2009-02-18 12:55 168 --a------ c:\windows\system32\10.tmp
2009-02-18 12:43 . 2009-02-18 12:45 163,268 --a------ c:\windows\system32\17.tmp
2009-02-18 12:43 . 2009-02-18 12:43 2,048 --a------ c:\windows\system32\14.tmp
2009-02-17 14:31 . 2009-02-17 14:38 <DIR> d-------- C:\CombFxx
2009-02-17 14:29 . 2009-02-17 14:31 159,613 --a------ c:\windows\system32\13.tmp
2009-02-17 14:29 . 2009-02-17 14:29 31,744 --ah----- c:\documents and settings\Chris\kfurfg.exe
2009-02-17 14:16 . 2009-02-17 14:16 244 --ah----- C:\sqmnoopt19.sqm
2009-02-17 14:16 . 2009-02-17 14:16 232 --ah----- C:\sqmdata19.sqm
2009-02-17 14:14 . 2009-02-17 14:14 25,601 --a------ c:\windows\system32\12.tmp
2009-02-17 14:06 . 2009-02-17 14:06 244 --ah----- C:\sqmnoopt18.sqm
2009-02-17 14:06 . 2009-02-17 14:06 232 --ah----- C:\sqmdata18.sqm
2009-02-17 14:05 . 2009-02-17 14:05 244 --ah----- C:\sqmnoopt17.sqm
2009-02-17 14:05 . 2009-02-17 14:05 232 --ah----- C:\sqmdata17.sqm
2009-02-17 14:04 . 2009-02-17 14:04 31,744 --ah----- c:\documents and settings\Chris\hbxha.exe
2009-02-17 12:17 . 2009-02-17 12:17 206 --a------ c:\windows\system32\MRT.INI
2009-02-17 10:41 . 2009-02-17 10:41 24,577 --a------ c:\windows\system32\86.tmp
2009-02-17 10:41 . 2009-02-17 10:41 244 --ah----- C:\sqmnoopt16.sqm
2009-02-17 10:41 . 2009-02-17 10:41 232 --ah----- C:\sqmdata16.sqm
2009-02-17 10:40 . 2009-02-17 10:40 244 --ah----- C:\sqmnoopt15.sqm
2009-02-17 10:40 . 2009-02-17 10:40 244 --ah----- C:\sqmnoopt14.sqm
2009-02-17 10:40 . 2009-02-17 10:40 232 --ah----- C:\sqmdata15.sqm
2009-02-17 10:40 . 2009-02-17 10:40 232 --ah----- C:\sqmdata14.sqm
2009-02-17 10:39 . 2009-02-17 10:39 244 --ah----- C:\sqmnoopt13.sqm
2009-02-17 10:39 . 2009-02-17 10:39 232 --ah----- C:\sqmdata13.sqm
2009-02-17 10:38 . 2009-02-17 10:41 163,748 --a------ c:\windows\system32\11.tmp
2009-02-17 10:38 . 2009-02-17 10:38 77,824 --a------ c:\windows\system32\u101795332.dll
2009-02-17 10:38 . 2009-02-17 10:38 31,744 --ah----- c:\documents and settings\Chris\tka.exe
2009-02-17 01:44 . 2009-02-17 10:34 130 --a------ c:\windows\adobe.bat
2009-02-17 01:44 . 2009-02-17 01:44 6 --a------ c:\windows\_id.dat
2009-02-17 01:41 . 2009-02-17 01:41 31,744 --ah----- c:\documents and settings\Chris\ccumuu.exe
2009-02-16 23:04 . 2009-02-16 23:04 33,920 --a------ c:\windows\system32\drivers\uoeiupgf.sys
2009-02-16 22:56 . 2009-02-18 12:45 137,408 --a------ c:\windows\system32\drivers\ethpllbq.sys
2009-02-16 22:55 . 2009-02-16 22:55 <DIR> d-------- c:\windows\$ntunistalls
2009-02-16 22:55 . 2009-02-16 22:55 52 --a------ c:\windows\system32\xcchit32.ini.ssyq
2009-02-16 22:54 . 2002-02-15 14:02 676,352 --a------ c:\windows\system32\rtl60.bpl
2009-02-16 22:54 . 2009-02-16 22:54 62,464 --a------ c:\windows\Eyexipadaxu.dll
2009-02-16 22:54 . 2009-02-16 22:54 44,032 --a------ c:\windows\system32\grcrt2.exe
2009-02-16 22:53 . 2009-02-17 14:29 67,072 ---h----- c:\windows\system32\secupdat.dat
2009-02-16 22:53 . 2009-02-17 14:29 53,248 --a------ c:\windows\system32\drivers\ndisio.sys
2009-02-16 22:53 . 2009-02-16 22:53 31,744 --ah----- c:\documents and settings\Chris\nldhj.exe
2009-02-14 10:34 . 2009-02-14 10:34 182,656 --a--c--- c:\windows\system32\dllcache\ndis.sys
2009-02-14 02:10 . 2009-02-14 02:10 <DIR> d-------- C:\rsit
2009-02-09 00:22 . 2009-02-19 12:34 <DIR> d-------- c:\windows\system32\inf
2009-01-28 22:36 . 2009-01-28 22:36 <DIR> d-------- C:\gnuplot
2009-01-24 15:17 . 2009-01-24 15:17 244 --ah----- C:\sqmnoopt12.sqm
2009-01-24 15:17 . 2009-01-24 15:17 232 --ah----- C:\sqmdata12.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 22:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-17 22:13 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-16 19:53 --------- d-----w c:\program files\SnapStream Media
2009-02-16 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\SnapStream
2009-02-16 18:29 --------- d-----w c:\program files\Common Files\Adobe
2009-02-15 20:19 --------- d-----w c:\program files\QSuite
2009-02-14 18:48 --------- d-----w c:\program files\Java
2009-02-14 18:34 182,656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-01-14 20:58 --------- d-----w c:\program files\MixMeister Fusion + Video
2009-01-11 05:32 --------- d-----w c:\documents and settings\Chris\Application Data\MixMeister Technology
2008-12-31 01:37 --------- d-----w c:\documents and settings\All Users\Application Data\Minnetonka Audio Software
2008-12-28 23:25 --------- d-----w c:\documents and settings\Chris\Application Data\Apple Computer
2004-09-10 21:40 92,160 ----a-w c:\program files\DECCHECK.exe
2004-09-10 21:40 5,970 ----a-w c:\program files\eula.txt
2008-10-06 16:57 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-10-06 16:57 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-10-06 16:57 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-10-06 16:57 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-10-06 16:57 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
2004-08-04 04:00 31232 67569ebfaf170f559143d4434e2056ee c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 16:12 31744 e7062f33567f821d9e7ef6ff75e12694 c:\windows\ServicePackFiles\i386\svchost.exe
2009-01-22 22:56 31232 eb015b8f368f08ea457000a19175bee4 c:\windows\system32\svchost.exe
2009-01-22 22:56 31232 c7a2f067e4455df518241a532a56c16d c:\windows\system32\dllcache\svchost.exe
2004-08-04 04:00 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2009-02-14 10:34 212608 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2009-02-14 10:34 212608 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
2008-04-13 16:12 1050624 a70fd46df39fc22b3db23e55b4fb520c c:\windows\explorer.exe
2007-06-13 03:26 1050112 62088503ce726540fd2b65eef9261b23 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 02:23 1050112 575ab078a76fc433e6b1f79269b09190 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-04 04:00 1049088 c6affd4a895a674719ddd3fb2bc40da7 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-13 16:12 1050624 8c08a5235fc41026da77fa8bc60d2907 c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-04 04:00 32256 b9d5ef452ce5b5ca09fdaa782c2ad5bc c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 16:12 32256 11cde4a9c00d81d9390caeafe0193f89 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 16:12 32256 ba567d2aad8ed2aae7183702d96650b6 c:\windows\system32\ctfmon.exe
2005-06-10 16:17 74752 bb33ba137547b468c1f6e253b8cff829 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 15:53 74752 346c592ebdb24f1dfe45987c110b20f3 c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 04:00 74752 aead5cc82bacdd5af8838dcdaea7811c c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 16:12 74752 53b1c475dbb1dfd3157355607cfd42e6 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 16:12 74752 05c5ed1c4f67a4df9fbac916bea9f26c c:\windows\system32\spoolsv.exe
2004-08-04 04:00 41472 712f66b287319fb3d0f9dc76cc5a793c c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 16:12 43008 7da09362dc61d725ed47002994d9a291 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 16:12 43008 9834e0cdeb23ae248fd546c8ac4782e7 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-15_12.27.06.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-05-10 23:51:10 75,776 ----a-w c:\windows\$hf_mig$\KB896428\SP2QFE\telnet.exe
+ 2005-05-10 23:51:10 92,672 ----a-w c:\windows\$hf_mig$\KB896428\SP2QFE\telnet.exe
- 2007-12-06 08:34:45 625,664 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
+ 2007-12-06 08:34:45 643,072 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
- 2008-10-16 12:46:08 70,656 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
+ 2008-10-16 12:46:08 87,552 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
- 2004-08-04 12:00:00 19,968 -c----w c:\windows\$NtServicePackUninstall$\ssbezier.scr
+ 2004-08-04 12:00:00 36,864 -c----w c:\windows\$NtServicePackUninstall$\ssbezier.scr
- 2004-08-04 12:00:00 214,528 -c----w c:\windows\$NtServicePackUninstall$\wordpad.exe
+ 2004-08-04 12:00:00 231,936 -c----w c:\windows\$NtServicePackUninstall$\wordpad.exe
- 2007-06-05 19:41:16 573,503 ----a-w c:\windows\gmer.dll
+ 2009-02-19 05:18:14 884,736 ----a-w c:\windows\gmer.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-25 08:38:00 30,720 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2007-12-12 23:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2008-04-14 00:12:12 14,336 ------w c:\windows\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 00:12:12 31,232 ------w c:\windows\ServicePackFiles\i386\auditusr.exe
- 2008-04-14 00:12:15 39,936 ------w c:\windows\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 00:12:15 56,832 ------w c:\windows\ServicePackFiles\i386\cmmon32.exe
- 2008-04-13 18:43:32 9,728 ------w c:\windows\ServicePackFiles\i386\comsdupd.exe
+ 2008-04-13 18:43:32 26,624 ------w c:\windows\ServicePackFiles\i386\comsdupd.exe
- 2008-04-14 00:12:34 18,944 ------w c:\windows\ServicePackFiles\i386\secedit.exe
+ 2008-04-14 00:12:34 35,840 ------w c:\windows\ServicePackFiles\i386\secedit.exe
- 2008-04-14 00:12:40 196,608 ------w c:\windows\ServicePackFiles\i386\wmiadap.exe
+ 2008-04-14 00:12:40 214,016 ------w c:\windows\ServicePackFiles\i386\wmiadap.exe
- 2000-08-31 16:00:00 179,200 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 16:00:00 179,712 ----a-w c:\windows\SWREG.exe
- 2008-04-14 00:12:14 56,832 ----a-w c:\windows\system32\cipher.exe
+ 2008-04-14 00:12:14 73,728 ----a-w c:\windows\system32\cipher.exe
+ 2009-02-18 20:54:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
- 2009-02-15 20:08:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-19 20:45:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-15 20:08:58 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-19 20:45:58 98,304 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-19 05:38:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009021820090219\index.dat
- 2009-02-15 20:08:58 49,152 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-19 20:45:58 278,528 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-04 12:00:00 262,200 -c--a-w c:\windows\system32\dllcache\imjputy.exe
+ 2004-08-04 12:00:00 282,680 -c--a-w c:\windows\system32\dllcache\imjputy.exe
- 2004-09-23 02:45:46 991,232 -c--a-w c:\windows\system32\dllcache\migrate.exe
+ 2004-09-23 02:45:46 1,011,712 -c--a-w c:\windows\system32\dllcache\migrate.exe
- 2004-08-04 12:00:00 35,328 -c--a-w c:\windows\system32\dllcache\notiflag.exe
+ 2004-08-04 12:00:00 52,224 -c--a-w c:\windows\system32\dllcache\notiflag.exe
- 2007-06-05 19:41:16 69,905 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2009-02-19 05:18:14 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2008-04-14 00:12:24 59,392 ----a-w c:\windows\system32\logman.exe
+ 2008-04-14 00:12:24 76,288 ----a-w c:\windows\system32\logman.exe
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe
- 2008-11-14 09:40:23 71,512 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-17 05:17:37 71,512 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-14 09:40:23 441,954 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-17 05:17:37 441,954 ----a-w c:\windows\system32\perfh009.dat
+ 2004-01-23 00:31:54 10,761 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\x10uif.sys
- 2007-11-30 12:39:22 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 32256]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 221696]
"FireflyMini"="c:\program files\SnapStream Media\Firefly Mini\FireflyMini.exe" [2007-01-12 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 437008]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 2006\pccguide.exe" [2005-09-28 917566]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 151552]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-01-12 516096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 434176]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"FireflyMini"="c:\program files\SnapStream Media\Firefly Mini\FireflyMini.exe" [2007-01-12 155648]
"Firefly"="c:\program files\SnapStream Media\Firefly\Firefly.exe" [2006-06-05 200704]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"reader_s"="c:\documents and settings\Chris\reader_s.exe" [BU]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\matrix31290.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~tmpa.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~tmpb.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~tmpc.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uoeiupgf.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNotifierService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\SetupWizard.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\drivers\amdacpi.sys [2006-01-13 13824]
R0 uoeiupgf;uoeiupgf;c:\windows\system32\drivers\uoeiupgf.sys [2009-02-16 33920]
R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [2006-01-13 21120]
S0 scybpr;scybpr;c:\windows\system32\drivers\trbg.sys --> c:\windows\system32\drivers\trbg.sys [?]
S1 ethpllbq;ethpllbq;c:\windows\system32\drivers\ethpllbq.sys [2009-02-16 137408]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
S2 acnkm;acnkm;\??\c:\windows\system32\drivers\dcqkplt.sys --> c:\windows\system32\drivers\dcqkplt.sys [?]
S2 RTWTKRNL;Real-Time Windows Target;c:\windows\system32\drivers\RTWTKRNL.sys [2008-02-11 27200]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-09-26 205328]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-09-28 360517]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-09-12 651325]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-09-26 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-09-12 307268]
S3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [2006-01-12 70528]
S3 MPCSYS;MPCSYS; [x]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2006-01-12 278016]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{V2FR455T-5K8M-BRW1-NFF4-I3DY73S22YA5}]
"c:\program files\Internet Explorer\iexplore.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-DeskTopSrv - c:\windows\system32\grcrt.exe
HKU-Default-Run-cogad - c:\documents and settings\Chris\Application Data\cogad\cogad.exe
HKLM-Explorer_Run-xccinit - c:\windows\system32\inf\rundll33.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\z2fqqhdr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 12:46:49
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:83,70,db,6f,f3,01,18,bc,8a,2c,26,51,2d,77,68,01,45,df,69,a2,32,
04,4f,4d,2e,7b,c9,65,6b,2f,a9,6c,42,48,23,e3,82,6e,4e,c2,89,10,ea,8f,ec,03,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:83,70,db,6f,f3,01,18,bc,8a,2c,26,51,2d,77,68,01,45,df,69,a2,32,
04,4f,4d,2e,7b,c9,65,6b,2f,a9,6c,42,48,23,e3,82,6e,4e,c2,89,10,ea,8f,ec,03,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-19 12:52:33 - machine was rebooted [Chris]
ComboFix-quarantined-files.txt 2009-02-19 20:52:31
ComboFix2.txt 2009-02-16 18:51:52
ComboFix3.txt 2009-02-15 20:27:49
Pre-Run: 32,262,320,128 bytes free
Post-Run: 32,266,375,168 bytes free
Current=1 Default=1 Failed=2 LastKnownGood=3 Sets=1,2,3,4
334 --- E O F --- 2009-02-17 20:17:16
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:34 PM, on 2/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Chris\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FireflyMini] "C:\Program Files\SnapStream Media\Firefly Mini\FireflyMini.exe"
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [FireflyMini] "C:\Program Files\SnapStream Media\Firefly Mini\FireflyMini.exe"
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Chris\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Chris\reader_s.exe (User 'Default user')
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137127858093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
--
End of file - 7951 bytes
Hi,
Upload following files to http://www.virustotal.com and post back the results:
c:\windows\system32\userinit.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
chris125
2009-02-20, 12:23
File userinit.exe received on 02.20.2009 11:20:01 (CET)Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.20 -
AhnLab-V3 2009.2.20.1 2009.02.20 Win32/Virut.F
AntiVir 7.9.0.85 2009.02.20 W32/Virut.Gen
Authentium 5.1.0.4 2009.02.20 W32/Virut.AI!Generic
Avast 4.8.1335.0 2009.02.19 Win32:Vitro
AVG 8.0.0.237 2009.02.19 Win32/Virut
BitDefender 7.2 2009.02.20 -
CAT-QuickHeal 10.00 2009.02.20 W32.Virut.G
ClamAV 0.94.1 2009.02.20 -
Comodo 983 2009.02.19 -
DrWeb 4.44.0.09170 2009.02.20 Win32.Virut.56
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6367 2009.02.20 Win32/Virut.17408
F-Prot 4.4.4.56 2009.02.19 W32/Patched.E.gen!Eldorado
F-Secure 8.0.14470.0 2009.02.20 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.02.20 -
GData 19 2009.02.20 Win32:Vitro
Ikarus T3.1.1.45.0 2009.02.20 -
K7AntiVirus 7.10.637 2009.02.19 -
Kaspersky 7.0.0.125 2009.02.20 Virus.Win32.Virut.ce
McAfee 5530 2009.02.19 W32/Virut.n.gen
McAfee+Artemis 5530 2009.02.19 W32/Virut.n.gen
Microsoft 1.4306 2009.02.20 Virus:Win32/Virut.BM
NOD32 3871 2009.02.20 Win32/Virut.NBK
Norman 6.00.06 2009.02.19 -
nProtect 2009.1.8.0 2009.02.20 -
Panda 10.0.0.10 2009.02.20 W32/Sality.AO
PCTools 4.4.2.0 2009.02.19 -
Rising 21.17.42.00 2009.02.20 Win32.Virut.bm
SecureWeb-Gateway 6.7.6 2009.02.20 Win32.Virut.Gen
Sophos 4.38.0 2009.02.20 W32/Scribble-A
Sunbelt 3.2.1855.2 2009.02.17 Win32.Virut.cf (v)
Symantec 10 2009.02.20 W32.Virut.CF
TheHacker 6.3.2.3.261 2009.02.20 -
TrendMicro 8.700.0.1004 2009.02.20 PE_VIRUX.A-3
VBA32 3.12.10.0 2009.02.20 Virus.Win32.Virut.X5
ViRobot 2009.2.20.1616 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.19 -
Additional information
File size: 43008 bytes
MD5...: 9834e0cdeb23ae248fd546c8ac4782e7
SHA1..: 634d61caafe8f5d10d48e5f6ce8a48c898453b31
SHA256: ea0e15b78b35c67b3df3c97725f79624a92b351cac40e14d6be339e8a51e8ebb
SHA512: b57e4a7a6ba72650e6a9c6519831f0fba2063e2474f1f6603132a8a362d1ef8a<BR>65c34ff4f9cc6bb1d8d20626bd3d83e78b3baa3e50bf40648f68d398aeeda715
ssdeep: 768:+RMJi8jDLIDSAaQFxfftjaLacmkLGKOqkL6/vy9f2kdqaREF4AM204o:+RMJ<BR>bDMDSA7FxffJaLaSLG9qg42XqKEi<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1008c99<BR>timedatestamp.....: 0x480251a8 (Sun Apr 13 18:32:08 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x520e 0x5400 5.95 099b53205ad3f1c3b853a5310d08a9b1<BR>.data 0x7000 0x14c 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf<BR>.rsrc 0x8000 0x5c00 0x4e00 7.63 8fdd2730c2290c4cd2b2cce70ef5e476<BR><BR>( 9 imports ) <BR>> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW<BR>> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA<BR>> CRYPT32.dll: CryptProtectData<BR>> WINSPOOL.DRV: SpoolerInit<BR>> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken<BR>> NETAPI32.dll: DsGetDcNameW, NetApiBufferFree<BR>> WLDAP32.dll: -, -, -, -, -, -<BR>> msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit<BR>> KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW<BR><BR>( 0 exports ) <BR>
<table border="1"><tr><td colspan="4">File userinit.exe received on 02.20.2009 11:20:01 (CET)</td></tr><tr><td>Antivirus</td><td>Version</td><td>Last Update</td><td>Result</td</tr><tr><td>a-squared</td><td>4.0.0.93</td><td>2009.02.20</td><td>-</td</tr><tr><td>AhnLab-V3</td><td>2009.2.20.1</td><td>2009.02.20</td><td style="color: red;">Win32/Virut.F</td</tr><tr><td>AntiVir</td><td>7.9.0.85</td><td>2009.02.20</td><td style="color: red;">W32/Virut.Gen</td</tr><tr><td>Authentium</td><td>5.1.0.4</td><td>2009.02.20</td><td style="color: red;">W32/Virut.AI!Generic</td</tr><tr><td>Avast</td><td>4.8.1335.0</td><td>2009.02.19</td><td style="color: red;">Win32:Vitro</td</tr><tr><td>AVG</td><td>8.0.0.237</td><td>2009.02.19</td><td style="color: red;">Win32/Virut</td</tr><tr><td>BitDefender</td><td>7.2</td><td>2009.02.20</td><td>-</td</tr><tr><td>CAT-QuickHeal</td><td>10.00</td><td>2009.02.20</td><td style="color: red;">W32.Virut.G</td</tr><tr><td>ClamAV</td><td>0.94.1</td><td>2009.02.20</td><td>-</td</tr><tr><td>Comodo</td><td>983</td><td>2009.02.19</td><td>-</td</tr><tr><td>DrWeb</td><td>4.44.0.09170</td><td>2009.02.20</td><td style="color: red;">Win32.Virut.56</td</tr><tr><td>eSafe</td><td>7.0.17.0</td><td>2009.02.19</td><td>-</td</tr><tr><td>eTrust-Vet</td><td>31.6.6367</td><td>2009.02.20</td><td style="color: red;">Win32/Virut.17408</td</tr><tr><td>F-Prot</td><td>4.4.4.56</td><td>2009.02.19</td><td style="color: red;">W32/Patched.E.gen!Eldorado</td</tr><tr><td>F-Secure</td><td>8.0.14470.0</td><td>2009.02.20</td><td style="color: red;">Virus.Win32.Virut.ce</td</tr><tr><td>Fortinet</td><td>3.117.0.0</td><td>2009.02.20</td><td>-</td</tr><tr><td>GData</td><td>19</td><td>2009.02.20</td><td style="color: red;">Win32:Vitro</td</tr><tr><td>Ikarus</td><td>T3.1.1.45.0</td><td>2009.02.20</td><td>-</td</tr><tr><td>K7AntiVirus</td><td>7.10.637</td><td>2009.02.19</td><td>-</td</tr><tr><td>Kaspersky</td><td>7.0.0.125</td><td>2009.02.20</td><td style="color: red;">Virus.Win32.Virut.ce</td</tr><tr><td>McAfee</td><td>5530</td><td>2009.02.19</td><td style="color: red;">W32/Virut.n.gen</td</tr><tr><td>McAfee+Artemis</td><td>5530</td><td>2009.02.19</td><td style="color: red;">W32/Virut.n.gen</td</tr><tr><td>Microsoft</td><td>1.4306</td><td>2009.02.20</td><td style="color: red;">Virus:Win32/Virut.BM</td</tr><tr><td>NOD32</td><td>3871</td><td>2009.02.20</td><td style="color: red;">Win32/Virut.NBK</td</tr><tr><td>Norman</td><td>6.00.06</td><td>2009.02.19</td><td>-</td</tr><tr><td>nProtect</td><td>2009.1.8.0</td><td>2009.02.20</td><td>-</td</tr><tr><td>Panda</td><td>10.0.0.10</td><td>2009.02.20</td><td style="color: red;">W32/Sality.AO</td</tr><tr><td>PCTools</td><td>4.4.2.0</td><td>2009.02.19</td><td>-</td</tr><tr><td>Rising</td><td>21.17.42.00</td><td>2009.02.20</td><td style="color: red;">Win32.Virut.bm</td</tr><tr><td>SecureWeb-Gateway</td><td>6.7.6</td><td>2009.02.20</td><td style="color: red;">Win32.Virut.Gen</td</tr><tr><td>Sophos</td><td>4.38.0</td><td>2009.02.20</td><td style="color: red;">W32/Scribble-A</td</tr><tr><td>Sunbelt</td><td>3.2.1855.2</td><td>2009.02.17</td><td style="color: red;">Win32.Virut.cf (v)</td</tr><tr><td>Symantec</td><td>10</td><td>2009.02.20</td><td style="color: red;">W32.Virut.CF</td</tr><tr><td>TheHacker</td><td>6.3.2.3.261</td><td>2009.02.20</td><td>-</td</tr><tr><td>TrendMicro</td><td>8.700.0.1004</td><td>2009.02.20</td><td style="color: red;">PE_VIRUX.A-3</td</tr><tr><td>VBA32</td><td>3.12.10.0</td><td>2009.02.20</td><td style="color: red;">Virus.Win32.Virut.X5</td</tr><tr><td>ViRobot</td><td>2009.2.20.1616</td><td>2009.02.20</td><td>-</td</tr><tr><td>VirusBuster</td><td>4.5.11.0</td><td>2009.02.19</td><td>-</td</tr><tr><td colspan="4"> </td></tr><tr><td colspan="4">Additional information</td></tr><tr><td colspan="4">File size: 43008 bytes</td></tr><tr><td colspan="4">MD5...: 9834e0cdeb23ae248fd546c8ac4782e7</td></tr><tr><td colspan="4">SHA1..: 634d61caafe8f5d10d48e5f6ce8a48c898453b31</td></tr><tr><td colspan="4">SHA256: ea0e15b78b35c67b3df3c97725f79624a92b351cac40e14d6be339e8a51e8ebb</td></tr><tr><td colspan="4">SHA512: b57e4a7a6ba72650e6a9c6519831f0fba2063e2474f1f6603132a8a362d1ef8a<BR>65c34ff4f9cc6bb1d8d20626bd3d83e78b3baa3e50bf40648f68d398aeeda715</td></tr><tr><td colspan="4">ssdeep: 768:+RMJi8jDLIDSAaQFxfftjaLacmkLGKOqkL6/vy9f2kdqaREF4AM204o:+RMJ<BR>bDMDSA7FxffJaLaSLG9qg42XqKEi<BR></td></tr><tr><td colspan="4">PEiD..: -</td></tr><tr><td colspan="4">TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)</td></tr><tr><td colspan="4">PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1008c99<BR>timedatestamp.....: 0x480251a8 (Sun Apr 13 18:32:08 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x520e 0x5400 5.95 099b53205ad3f1c3b853a5310d08a9b1<BR>.data 0x7000 0x14c 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf<BR>.rsrc 0x8000 0x5c00 0x4e00 7.63 8fdd2730c2290c4cd2b2cce70ef5e476<BR><BR>( 9 imports ) <BR>> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW<BR>> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA<BR>> CRYPT32.dll: CryptProtectData<BR>> WINSPOOL.DRV: SpoolerInit<BR>> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken<BR>> NETAPI32.dll: DsGetDcNameW, NetApiBufferFree<BR>> WLDAP32.dll: -, -, -, -, -, -<BR>> msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit<BR>> KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW<BR><BR>( 0 exports ) <BR></td></tr></table>
Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.20 -
AhnLab-V3 2009.2.20.1 2009.02.20 Win32/Virut.F
AntiVir 7.9.0.85 2009.02.20 W32/Virut.Gen
Authentium 5.1.0.4 2009.02.20 W32/Virut.AI!Generic
Avast 4.8.1335.0 2009.02.19 Win32:Vitro
AVG 8.0.0.237 2009.02.19 Win32/Virut
BitDefender 7.2 2009.02.20 -
CAT-QuickHeal 10.00 2009.02.20 W32.Virut.G
ClamAV 0.94.1 2009.02.20 -
Comodo 983 2009.02.19 -
DrWeb 4.44.0.09170 2009.02.20 Win32.Virut.56
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6367 2009.02.20 Win32/Virut.17408
F-Prot 4.4.4.56 2009.02.19 W32/Patched.E.gen!Eldorado
F-Secure 8.0.14470.0 2009.02.20 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.02.20 -
GData 19 2009.02.20 Win32:Vitro
Ikarus T3.1.1.45.0 2009.02.20 -
K7AntiVirus 7.10.637 2009.02.19 -
Kaspersky 7.0.0.125 2009.02.20 Virus.Win32.Virut.ce
McAfee 5530 2009.02.19 W32/Virut.n.gen
McAfee+Artemis 5530 2009.02.19 W32/Virut.n.gen
Microsoft 1.4306 2009.02.20 Virus:Win32/Virut.BM
NOD32 3871 2009.02.20 Win32/Virut.NBK
Norman 6.00.06 2009.02.19 -
nProtect 2009.1.8.0 2009.02.20 -
Panda 10.0.0.10 2009.02.20 W32/Sality.AO
PCTools 4.4.2.0 2009.02.19 -
Rising 21.17.42.00 2009.02.20 Win32.Virut.bm
SecureWeb-Gateway 6.7.6 2009.02.20 Win32.Virut.Gen
Sophos 4.38.0 2009.02.20 W32/Scribble-A
Sunbelt 3.2.1855.2 2009.02.17 Win32.Virut.cf (v)
Symantec 10 2009.02.20 W32.Virut.CF
TheHacker 6.3.2.3.261 2009.02.20 -
TrendMicro 8.700.0.1004 2009.02.20 PE_VIRUX.A-3
VBA32 3.12.10.0 2009.02.20 Virus.Win32.Virut.X5
ViRobot 2009.2.20.1616 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.19 -
Additional information
File size: 43008 bytes
MD5...: 9834e0cdeb23ae248fd546c8ac4782e7
SHA1..: 634d61caafe8f5d10d48e5f6ce8a48c898453b31
SHA256: ea0e15b78b35c67b3df3c97725f79624a92b351cac40e14d6be339e8a51e8ebb
SHA512: b57e4a7a6ba72650e6a9c6519831f0fba2063e2474f1f6603132a8a362d1ef8a<BR>65c34ff4f9cc6bb1d8d20626bd3d83e78b3baa3e50bf40648f68d398aeeda715
ssdeep: 768:+RMJi8jDLIDSAaQFxfftjaLacmkLGKOqkL6/vy9f2kdqaREF4AM204o:+RMJ<BR>bDMDSA7FxffJaLaSLG9qg42XqKEi<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1008c99<BR>timedatestamp.....: 0x480251a8 (Sun Apr 13 18:32:08 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x520e 0x5400 5.95 099b53205ad3f1c3b853a5310d08a9b1<BR>.data 0x7000 0x14c 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf<BR>.rsrc 0x8000 0x5c00 0x4e00 7.63 8fdd2730c2290c4cd2b2cce70ef5e476<BR><BR>( 9 imports ) <BR>> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW<BR>> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA<BR>> CRYPT32.dll: CryptProtectData<BR>> WINSPOOL.DRV: SpoolerInit<BR>> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken<BR>> NETAPI32.dll: DsGetDcNameW, NetApiBufferFree<BR>> WLDAP32.dll: -, -, -, -, -, -<BR>> msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit<BR>> KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW<BR><BR>( 0 exports ) <BR>
chris125
2009-02-20, 12:30
File svchost.exe received on 02.20.2009 11:26:29 (CET)Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.20 -
AhnLab-V3 2009.2.20.1 2009.02.20 Win32/Virut.F
AntiVir 7.9.0.85 2009.02.20 W32/Virut.Gen
Authentium 5.1.0.4 2009.02.20 W32/Virut.AI!Generic
Avast 4.8.1335.0 2009.02.19 Win32:Vitro
AVG 8.0.0.237 2009.02.19 Win32/Virut
BitDefender 7.2 2009.02.20 -
CAT-QuickHeal 10.00 2009.02.20 W32.Virut.G
ClamAV 0.94.1 2009.02.20 -
Comodo 983 2009.02.19 -
DrWeb 4.44.0.09170 2009.02.20 Win32.Virut.56
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6367 2009.02.20 Win32/Virut.17408
F-Prot 4.4.4.56 2009.02.19 W32/Patched.E.gen!Eldorado
F-Secure 8.0.14470.0 2009.02.20 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.02.20 -
GData 19 2009.02.20 Win32:Vitro
Ikarus T3.1.1.45.0 2009.02.20 -
K7AntiVirus 7.10.637 2009.02.19 -
Kaspersky 7.0.0.125 2009.02.20 Virus.Win32.Virut.ce
McAfee 5530 2009.02.19 W32/Virut.n.gen
McAfee+Artemis 5530 2009.02.19 W32/Virut.n.gen
Microsoft 1.4306 2009.02.20 Virus:Win32/Virut.BM
NOD32 3871 2009.02.20 Win32/Virut.NBK
Norman 6.00.06 2009.02.19 -
nProtect 2009.1.8.0 2009.02.20 -
Panda 10.0.0.10 2009.02.20 W32/Sality.AO
PCTools 4.4.2.0 2009.02.19 -
Prevx1 V2 2009.02.20 -
Rising 21.17.42.00 2009.02.20 Win32.Virut.bm
SecureWeb-Gateway 6.7.6 2009.02.20 Win32.Virut.Gen
Sophos 4.38.0 2009.02.20 W32/Scribble-A
Sunbelt 3.2.1855.2 2009.02.17 Win32.Virut.cf (v)
TheHacker 6.3.2.3.261 2009.02.20 -
TrendMicro 8.700.0.1004 2009.02.20 PE_VIRUX.A-3
ViRobot 2009.2.20.1616 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.19 -
Additional information
File size: 31232 bytes
MD5...: eb015b8f368f08ea457000a19175bee4
SHA1..: b375fce032c5c51736f2f9b52e61dacf9cccec70
SHA256: ceb8ab898772606390fbf58d4131b0c03e6eae0e0fe62e588e4d311a5cd3b84f
SHA512: a30b4b86f4dd6035b1ab725907cbc53baa3eeae2cbe2aa79dc8736d2b7d16df5<BR>f7e9ed8a30bebe9da032182380b88d5578d63c9582c8b684fa52a5b8ef329adf
ssdeep: 768:0NcG6xlCRaJKGOA7SHJMfKI79QAM43aeaai7+:WcG6yPzKSHJMfKI7f3aeaa<BR>i7+<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x100574c<BR>timedatestamp.....: 0x48025bc0 (Sun Apr 13 19:15:12 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2c00 0x2c00 6.29 f6589e1ed3da6afefb0b4294d9ff7f2e<BR>.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2<BR>.rsrc 0x5000 0x5600 0x4800 7.78 d9a9e58087e5c8e5355fea79c9e1280f<BR><BR>( 4 imports ) <BR>> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW<BR>> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook<BR>> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid<BR>> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening<BR><BR>( 0 exports ) <BR>
chris125
2009-02-20, 12:47
File explorer.exe received on 02.20.2009 11:46:39 (CET)Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.20 -
AhnLab-V3 2009.2.20.1 2009.02.20 Win32/Virut.F
AntiVir 7.9.0.85 2009.02.20 W32/Virut.Gen
Authentium 5.1.0.4 2009.02.20 W32/Virut.AI!Generic
Avast 4.8.1335.0 2009.02.19 Win32:Vitro
AVG 8.0.0.237 2009.02.19 Win32/Virut
BitDefender 7.2 2009.02.20 -
CAT-QuickHeal 10.00 2009.02.20 W32.Virut.G
ClamAV 0.94.1 2009.02.20 -
Comodo 983 2009.02.19 -
DrWeb 4.44.0.09170 2009.02.20 Win32.Virut.56
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6367 2009.02.20 Win32/Virut.17408
F-Prot 4.4.4.56 2009.02.19 W32/Patched.E.gen!Eldorado
F-Secure 8.0.14470.0 2009.02.20 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.02.20 -
GData 19 2009.02.20 Win32:Vitro
Ikarus T3.1.1.45.0 2009.02.20 -
K7AntiVirus 7.10.637 2009.02.19 -
Kaspersky 7.0.0.125 2009.02.20 Virus.Win32.Virut.ce
McAfee 5530 2009.02.19 W32/Virut.n.gen
McAfee+Artemis 5530 2009.02.19 W32/Virut.n.gen
Microsoft 1.4306 2009.02.20 Virus:Win32/Virut.BM
NOD32 3871 2009.02.20 Win32/Virut.NBK
Norman 6.00.06 2009.02.19 -
nProtect 2009.1.8.0 2009.02.20 -
Panda 10.0.0.10 2009.02.20 W32/Sality.AO
PCTools 4.4.2.0 2009.02.19 -
Prevx1 V2 2009.02.20 -
Rising 21.17.42.00 2009.02.20 Win32.Virut.bm
SecureWeb-Gateway 6.7.6 2009.02.20 Win32.Virut.Gen
Sophos 4.38.0 2009.02.20 W32/Scribble-A
Sunbelt 3.2.1855.2 2009.02.17 Win32.Virut.cf (v)
Symantec 10 2009.02.20 W32.Virut.CF
TheHacker 6.3.2.3.261 2009.02.20 -
TrendMicro 8.700.0.1004 2009.02.20 PE_VIRUX.A-3
VBA32 3.12.10.0 2009.02.20 Virus.Win32.Virut.X5
ViRobot 2009.2.20.1616 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.19 -
Additional information
File size: 1050624 bytes
MD5...: a70fd46df39fc22b3db23e55b4fb520c
SHA1..: ccdd04f0256eb35123dc472affc9354f150834b7
SHA256: fb4170e8399d8df98983afc70a1019e33112776b3e7bb88df5ac6f2169080e08
SHA512: 0dfcf79638c232108cee1a45b580ddb98b1dc0f5cf40ea1e99ba0e83903256a7<BR>dd53493f1156be8d103899db1683fdf119b7c984913ae4eb9db04ba023a96cd7
ssdeep: 12288:zHmcoCUyZtwAvAs4wTCyrPTloHWYUrkf8w0Vnzac1/g/J/vMS:rmfty/wA<BR>vN7lrvbkf8w0VnH1/g/J/k<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1102731<BR>timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44c09 0x44e00 6.38 fd89c9ce334764ffdbb62637ad9b5809<BR>.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359<BR>.rsrc 0x48000 0xb2268 0xb2400 6.63 95339c37646fa93e3695e06572a21889<BR>.reloc 0xfb000 0x8800 0x7a00 7.65 b670d40ac7c77a807212bc99f89d076b<BR><BR>( 13 imports ) <BR>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>> BROWSEUI.dll: -, -, -, -<BR>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject<BR>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>> OLEAUT32.dll: -, -<BR>> SHDOCVW.dll: -, -, -<BR>> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -<BR>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR>
chris125
2009-02-20, 12:55
File spoolsv.exe received on 02.20.2009 11:52:29 (CET)Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.20 Virus.Win32.Patched.B!IK
AhnLab-V3 2009.2.20.1 2009.02.20 Win32/Virut.F
AntiVir 7.9.0.85 2009.02.20 W32/Virut.Gen
Authentium 5.1.0.4 2009.02.20 W32/Virut.AI!Generic
Avast 4.8.1335.0 2009.02.19 Win32:Vitro
AVG 8.0.0.237 2009.02.19 Win32/Virut
BitDefender 7.2 2009.02.20 -
CAT-QuickHeal 10.00 2009.02.20 W32.Virut.G
ClamAV 0.94.1 2009.02.20 -
Comodo 983 2009.02.19 -
DrWeb 4.44.0.09170 2009.02.20 Win32.Virut.56
eSafe 7.0.17.0 2009.02.19 Suspicious File
eTrust-Vet 31.6.6367 2009.02.20 Win32/Virut.17408
F-Prot 4.4.4.56 2009.02.19 W32/Patched.E.gen!Eldorado
F-Secure 8.0.14470.0 2009.02.20 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.02.20 -
GData 19 2009.02.20 Win32:Vitro
Ikarus T3.1.1.45.0 2009.02.20 Virus.Win32.Patched.B
K7AntiVirus 7.10.637 2009.02.19 -
Kaspersky 7.0.0.125 2009.02.20 Virus.Win32.Virut.ce
McAfee 5530 2009.02.19 W32/Virut.n.gen
McAfee+Artemis 5530 2009.02.19 W32/Virut.n.gen
Microsoft 1.4306 2009.02.20 Virus:Win32/Virut.BM
NOD32 3871 2009.02.20 Win32/Virut.NBK
Norman 6.00.06 None.. -
nProtect 2009.1.8.0 2009.02.20 -
Panda 10.0.0.10 2009.02.20 W32/Sality.AO
PCTools 4.4.2.0 2009.02.19 -
Prevx1 V2 2009.02.20 -
Rising 21.17.42.00 2009.02.20 Win32.Virut.bm
SecureWeb-Gateway 6.7.6 2009.02.20 Win32.Virut.Gen
Sophos 4.38.0 2009.02.20 W32/Scribble-A
Sunbelt 3.2.1855.2 2009.02.17 Win32.Virut.cf (v)
Symantec 10 2009.02.20 W32.Virut.CF
TheHacker 6.3.2.3.261 2009.02.20 -
TrendMicro 8.700.0.1004 2009.02.20 PE_VIRUX.A-3
VBA32 3.12.10.0 2009.02.20 Virus.Win32.Virut.X5
ViRobot 2009.2.20.1616 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.19 -
Additional information
File size: 74752 bytes
MD5...: 05c5ed1c4f67a4df9fbac916bea9f26c
SHA1..: d407abb869ee082816713153eb6f3d0403e6905c
SHA256: ed6b4a635987f86191ec0d23e17412b51c8b02b1fae89c0ab8e96fd26a67b6f1
SHA512: 3f366919be5e073a3a4b95efaee10316642c779031d8cee8031c83ff70ffcfc0<BR>e3570c4370ca3ce996a7ff1189c4eeebd87f691a067d39b52626f809380af02e
ssdeep: 768:2E4EVpgSavGlAMm1yMvsCeq+H8O+j8f1b1mDV3D+JMG/dXplJigoCgSPJX6a<BR>IyEM:7gSHlAMmxUC/OUVIrOgoCgSPJHI92V3<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1013c2d<BR>timedatestamp.....: 0x48025ce1 (Sun Apr 13 19:20:01 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xba70 0xbc00 5.96 d9b4f450aa98b3936118e3a3c42ed657<BR>.data 0xd000 0x13b4 0x1400 2.24 887444c39cada5bd753c428783e0009b<BR>.rsrc 0xf000 0x5e00 0x5000 7.79 5108dfb325120646cd470bc7767c8e7d<BR><BR>( 6 imports ) <BR>> ADVAPI32.dll: SetServiceStatus, RegQueryValueExW, AllocateAndInitializeSid, FreeSid, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetLengthSid, InitializeAcl, AddAccessAllowedAce, AddAccessDeniedAce, GetAce, SetSecurityDescriptorDacl, GetSecurityDescriptorLength, MakeSelfRelativeSD, RegDisablePredefinedCache, RegOpenKeyExW, RegCloseKey, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW<BR>> GDI32.dll: bMakePathNameW, GdiInitSpool, GdiGetSpoolMessage<BR>> KERNEL32.dll: GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, GetCurrentProcessId, SetUnhandledExceptionFilter, GetModuleHandleA, GetCurrentThreadId, GetTickCount, UnhandledExceptionFilter, QueryPerformanceCounter, FreeLibrary, InterlockedExchange, GetModuleHandleW, GetLastError, ExitThread, CloseHandle, WaitForSingleObject, CreateEventW, CreateThread, ExitProcess, Sleep, OpenEventW, LoadLibraryA, InitializeCriticalSection, LocalFree, LocalAlloc, SetEvent, LeaveCriticalSection, EnterCriticalSection, SetLastError, OpenProcess, InterlockedIncrement, RaiseException, InterlockedDecrement, GetProcAddress, GetSystemDirectoryW<BR>> msvcrt.dll: __initenv, _exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _XcptFilter, wcsrchr, wcslen, _c_exit, _stricmp, _wcsnicmp, _except_handler3<BR>> ntdll.dll: RtlValidRelativeSecurityDescriptor<BR>> RPCRT4.dll: RpcServerRegisterIf2, I_RpcBindingIsClientLocal, I_RpcSessionStrictContextHandle, RpcRaiseException, RpcImpersonateClient, RpcRevertToSelf, NdrServerCall2, RpcServerUseProtseqEpA, I_RpcSsDontSerializeContext, RpcMgmtSetServerStackSize, RpcServerListen<BR><BR>( 12 exports ) <BR>YDriverUnloadComplete, YEndDocPrinter, YFlushPrinter, YGetPrinter, YGetPrinterDriver2, YGetPrinterDriverDirectory, YReadPrinter, YSeekPrinter, YSetJob, YSetPort, YSplReadPrinter, YWritePrinter<BR>
Hi
I suspected this might be the case. Your system is infected by Virut file infector virus and that leaves no other choice than reformat the system :sad: Virut infects all .exe and .scr files and also all web site related file types like .htm and .asp. All archive files with any of these listed file types are infected as well.
chris125
2009-02-20, 21:55
so reformat means I have to reinstall the OS?
Do I have to wipe all of my C:/ drive? What about my other drives?
so reformat means I have to reinstall the OS?
Do I have to wipe all of my C:/ drive?
Yes to both.
What about my other drives?
Those too, unfortunately. These file infectors are nasty ones.
chris125
2009-02-20, 22:50
So what is my best course of action in perserving my data?
chris125
2009-02-20, 23:03
Also do I need to be worried about other computers on my network, and if I had been using a usb drive to transfer documents back and forth between computers?
Hi,
You may use external usb drive for backuping after you've first made sure it doesn't carry Virut.
1. Download Flash_Disinfector (http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe) and save it to your Desktop of your clean system.
2. After downloading, double-click on Flash_Disinfector to run it.
3. Just follow the prompts and continue until it begin scanning.
4. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
5. It will scan removable drives, wait for the scan to finish. Done.
After that run Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/us/languages/english/check.html?n=1225554235248) on clean machine to check your USB drive.
If Kaspersky doesn't find anything bad on USB drive then you can use it to backup stuff from infected system keeping in mind that these filetypes are not allowed:
-.exe
-.scr
-all web page files (.htm, .html, .asp, .aspx etc.)
-archive files (.zip & .rar) with any of above mentioned file types
Also do I need to be worried about other computers on my network, and if I had been using a usb drive to transfer documents back and forth between computers?
I recommend you run flash_disinfector + Kaspersky online scanner check for each (hopefully) clean system in your network.
chris125
2009-02-21, 06:24
ok, so I'll work on that stuff tomorrow.
Thanks for all you help though this.
chris125
2009-02-23, 18:46
Hi,
Both my secondary drive d:/ and my external USB drive had traces of the virut virus. I wiped the USB drive clean. Is it possible to transfer files to this drive now without getting an infection. Also, the d:/ drive didn't seem badly infected, only one file in the system volume information folder. Is there a way to clean this?
Thanks
Hi
It should be ok to use usb drive now (just remember to not include any of those filetypes listed). In theory, you could reset system restore for d: drive. However, there's a risk the infection spreads to other files of those filetypes I mentioned on d: drive.
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.