View Full Version : Virtumonde fun
Drakstern
2009-03-29, 13:33
I got hammered with virtumonde earlier, and I seem to have gotten most of it... but now whenever my computer comes on I get an error message that it's can't find 'wafasika.dll'. Virtumonde continues to show up in Spybot as well. However, the browser hijacking seems to have stopped. I figured I should probably check on this to try and get the last traces fixed, however.
My Hijack This log follows.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:46 AM, on 3/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Luke Letourneau\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66016
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dominic-deegan.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66016
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66016
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {82e39733-bddd-4121-9a07-e1056f52c29d} - C:\WINDOWS\system32\diheweru.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [kuyovezuze] Rundll32.exe "C:\WINDOWS\system32\wafasika.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Luke Letourneau\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKUS\S-1-5-19\..\Run: [kuyovezuze] Rundll32.exe "C:\WINDOWS\system32\wafasika.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kuyovezuze] Rundll32.exe "C:\WINDOWS\system32\wafasika.dll",s (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221593371750
O20 - AppInit_DLLs: C:\WINDOWS\system32\tuhemasa.dll c:\windows\system32\wulibuli.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wulibuli.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wulibuli.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8173 bytes
Sorry, it's not missing wafasika, it's missing wulibuli.dll
Well, I was just going to edit it... apparently I was a bit tired last night and misread... it *is* wafasika.dll that I get the 'file is missing' error on that appears to have caused it to stop hijacking, but not to stop being there.
Hi Drakstern
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
Drakstern
2009-03-31, 00:08
Thank you for your attention.
I ran combofix, the log is attached, and the HijackThis logfile is pasted into the post.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:51 PM, on 3/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Luke Letourneau\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dominic-deegan.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Luke Letourneau\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221593371750
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7407 bytes
Please don't attach any logs but copy/paste them to your reply :)
Drakstern
2009-03-31, 08:04
Ah, sorry. Pasting.
ComboFix 09-03-29.04 - Luke Letourneau 2009-03-30 16:57:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.630 [GMT -4:00]
Running from: c:\documents and settings\Luke Letourneau\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090330-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\anuwibon.ini
c:\windows\system32\diheweru.dll
c:\windows\system32\nhser43uhjnefr.dll
c:\windows\system32\tuhemasa.dll
c:\windows\Temp\2481868890.exe
c:\windows\Temp\2505931390.exe
c:\windows\Temp\2520306390.exe
c:\windows\Temp\2743743890.exe
----- BITS: Possible infected sites -----
hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.
2009-03-29 14:02 . 2009-03-29 14:02 45,056 --a------ C:\dmsiacq.exe
2009-03-29 06:28 . 2009-03-29 06:29 <DIR> d-------- c:\program files\ERUNT
2009-03-29 06:23 . 2009-03-29 06:23 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 02:02 . 2009-03-29 02:02 2,098 ---hs---- c:\windows\system32\serulise.exe
2009-03-06 21:02 . 2009-03-06 21:06 <DIR> d-------- c:\program files\GamerLog
2009-03-05 20:07 . 2009-03-05 20:07 <DIR> d-------- c:\documents and settings\Luke Letourneau\Application Data\SanDisk
2009-03-05 14:14 . 2009-03-05 14:33 <DIR> d-------- c:\program files\Common Files\Real
2009-03-05 14:10 . 2009-03-05 14:10 <DIR> d-------- c:\program files\Real
2009-03-05 14:09 . 2009-03-10 10:25 <DIR> d-------- c:\program files\Rhapsody
2009-02-25 22:01 . 2009-03-04 21:31 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-25 21:31 . 2009-03-04 21:31 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-25 21:30 . 2009-02-25 21:30 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-08 23:09 . 2006-02-13 04:43 94,208 --a------ c:\windows\system32\zmbv.dll
2009-02-08 23:09 . 2004-03-29 17:23 90,112 --a------ c:\windows\unvise32.exe
2009-02-08 23:08 . 2009-02-08 23:09 <DIR> d-------- c:\program files\XCOM-Total Pack
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 06:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 06:39 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-29 03:35 --------- d-----w c:\program files\Trillian
2009-03-19 20:17 --------- d-----w c:\documents and settings\Luke Letourneau\Application Data\uTorrent
2009-02-26 01:30 --------- d-----w c:\program files\Lavasoft
2009-02-26 01:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-08 22:50 --------- d-----w c:\program files\Tsukihime
2004-09-06 16:06 787,456 ----a-w c:\documents and settings\Luke Letourneau\D3dHook.dll
2004-09-06 16:06 756,224 ----a-w c:\documents and settings\Luke Letourneau\D3DWindower.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SansaDispatch"="c:\documents and settings\Luke Letourneau\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-03-05 79872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-04 515416]
"CTHelper"="CTHELPER.EXE" [2005-12-08 c:\windows\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
c:\documents and settings\Luke Letourneau\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-08-17 557568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.ZMBV"= zmbv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli cpxtus.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\Luke Letourneau\\Desktop\\utorrent.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\HydraIRC\\HydraIRC.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Dungeon Helper\\DH_Server.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\th105\\th105.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"=
"c:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"10800:TCP"= 10800:TCP:*:Disabled:SWR
"10800:UDP"= 10800:UDP:*:Disabled:SWR2
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-25 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-13 20560]
R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [2007-12-13 439656]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2007-03-09 23400]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
.
Contents of the 'Scheduled Tasks' folder
2009-03-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-04 21:31]
.
- - - - ORPHANS REMOVED - - - -
BHO-{82e39733-bddd-4121-9a07-e1056f52c29d} - c:\windows\system32\diheweru.dll
BHO-{C2BA40A2-74F3-42BD-F434-2604812C8954} - c:\windows\system32\nhser43uhjnefr.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-kuyovezuze - c:\windows\system32\wafasika.dll
SharedTaskScheduler-{C2BA40A2-74F3-42BD-F434-2604812C8954} - c:\windows\system32\nhser43uhjnefr.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dominic-deegan.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Luke Letourneau\Application Data\Mozilla\Firefox\Profiles\vhobyknq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.4chan.org/
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 17:01:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(768)
c:\windows\cpxtus.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-30 17:04:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-30 21:04:28
Pre-Run: 32,113,524,736 bytes free
Post-Run: 31,999,827,968 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
192 --- E O F --- 2009-03-15 06:10:27
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
Drakstern
2009-03-31, 16:17
東方緋想天 Ver1.06
東方風神録 ver 1.00a
5 Clicks
Acer Monitor
Ad-Aware
Ad-Aware
Adobe Flash Player Plugin
Apple Mobile Device Support
Apple Software Update
AutoREALM Version 2.2
avast! Antivirus
Badongo
Bonjour
Broadcom Gigabit Integrated Controller
Call of Duty
Call of Duty - United Offensive
CDBurnerXP
Combined Community Codec Pack 2007-02-22
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Creative Audio Console
Critical Update for Windows Media Player 11 (KB959772)
Dawn of War - Dark Crusade
dBpoweramp m4a Codec
Diablo II
Discordi
DisplayLink Core Software
DivX
DivX Player
DivX Web Player
Dungeon Helper
Dungeon Keeper Gold
ERUNT 1.1j
ExcelModules
Express Burn Uninstall
FEAR
Free Fire Screensaver
Free Mp3 Wma Converter V 1.6.1
Galactic Civilizations II
Half-Life(R) 2
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HydraIRC
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_02
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Last.fm 1.1.3.0
Magic ISO Maker v5.4 (build 0247)
MagicDisc 2.5.77
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft AppLocale
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Application Compatibility Database
mIRC
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
neroxml
NVIDIA Drivers
OpenOffice.org Installer 1.0
PCFriendly
Portal
QuickTime
Real Lives 2004
Real Lives 2007
Rhapsody Player Engine
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Serious Sam: The First Encounter
Serious Sam: The Second Encounter
Sid Meier's Planetary Pack
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Starcraft
StatTools 1.1 for Excel
Steam
TeamSpeak 2 RC2
Titan Quest Demo
Trillian
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
VideoLAN VLC media player 0.8.6a
VisiPics V1.25
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warhammer 40,000: Dawn Of War - Gold Edition
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XCOM-Total Pack
Zip Motion Block Video codec (Remove Only)
Open notepad and copy/paste the text in the codebox below into it:
File::
C:\dmsiacq.exe
c:\windows\system32\serulise.exe
Folder::
c:\documents and settings\Luke Letourneau\Application Data\uTorrent
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
I'd like you to check a file for malware.
Go to VirusTotal (http://www.virustotal.com) or Jotti's (http://virusscan.jotti.org/)
c:\windows\cpxtus.dll
Copy/Paste the first file on the list into the white Upload a file box.
Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
After a while, a window will open, with details of what the scans found.
Save the complete results in a Notepad/Word document on your desktop.
Post back results, please.
Post:
- a fresh hijackthis log
- combofix log
- jotti/virustotal results
Drakstern
2009-04-01, 01:33
First, the combofix log.
ComboFix 09-03-31.01 - Luke Letourneau 2009-03-31 18:20:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.646 [GMT -4:00]
Running from: c:\documents and settings\Luke Letourneau\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Luke Letourneau\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090331-0] *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
C:\dmsiacq.exe
c:\windows\system32\serulise.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Luke Letourneau\Application Data\uTorrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\-[mininova.org]- [solaris-svu] Inumimi Volume 1.cbr.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\-[mininova.org]- [sudo]_Darker_Than_Black_16_[BA388FE9].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\-_Demonoid.com_-The_Killers_Discography_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\((Demonoid.com))-Muse_H_A_A_R_P_Live_from_Wembley_(320kbps)_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 21 [1280x720][x264][175E18B5].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 22 [1280x720][h264][6039D9AF].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 23 [1280x720 x264][4007292D].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 24 [1280x720][x264][22417E95].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 25 [1280x720][h264][AF8F38F9].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 26 [1280x720][h264][3CF3E927].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 27 [1280x720][h264][E9C00A68].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[GFX-BETA](C74) (_____) [________] _____ (mdf+mds+rr3).rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[KSN-AEN]Blade_of_the_Immortal_-_01_HD[11B946A5].mp4.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[nih0ngaku] abingdon boys school - abingdon boys school.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[nih0ngaku] MAXIMUM THE HORMONE - Kusoban.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[Tadashi x wyvern] Slayers Revolution - 01 (704x400 H.264 AAC).mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[Zero-Raws] Blade of the Immortal - 02 RAW (AT-X 1024x576 DivX683 120f[ED60f]).avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[#aznmp3] UVERworld - BUGRIGHT [2007.02.21.] [320kbps x cover scan].zip.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[#aznmp3] UVERworld - Timeless [320kbps x cover scan][2006.2.15].rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[[Demonoid.com]]-KMFDM_Discography_(Albums_EPs_and_Miscellaneous)_5490026.0988.1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[[Demonoid.com]]-KMFDM_Discography_(Albums_EPs_and_Miscellaneous)_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[051021][Liar]Born Freaks!.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AnimeU]_SHUFFLE!_01-24_complete_series-1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AnimeU]_SHUFFLE!_01-24_complete_series.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AnimeU]_SHUFFLE!_01_[EF91727B].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AnimeU]_SHUFFLE!_02_[7B9F43B0].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AnimeU]_SHUFFLE!_03_[551B3CDB].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AniRena][BSS-Anon] Tengen Toppa Gurren-Lagann - 20 [1280x720][x264][8D4C98C5].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[anon] Tengen Toppa Gurren-Lagann - 13 (704 x 396).mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[anon] Tengen Toppa Gurren-Lagann - 14 (704 x 396).mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Audio-4U] Ookami to koushinryou (spice and wolf) OP-ED-OST-DoramaCD-DS (with scans) [mp3 320 CBR].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AY]_Darker_Than_Black_-_OST.rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Ayu]_Murder_Princess_-_01_[82B59432].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[BSS-Anon] Tengen Toppa Gurren-Lagann - 18 [1280x720][x264][88B19F53].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[BSS-Anon] Tengen Toppa Gurren-Lagann - 19 [1280x720][x264][418C08FC].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_01_[H264][AAC][AD3CCF5B].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_02_[H264][AAC][BE192BF6].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_03_[H264][AAC][A3AEC12C].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_04_[H264][AAC][A0D36271].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_05_[H264][AAC][9FD0570F].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_06_[H264][AAC][078C54B7].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_07_[H264][AAC][CD3379CD].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[CrystalNova]Murder_Princess_OVA_-_Vol_1_(H264_Vorbis)[HQ][7C2F7480].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[CrystalNova]Murder_Princess_OVA_-_Vol_2_(H264_Vorbis)[HQ][DD03AE72].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[CrystalNova]Murder_Princess_OVA_-_Vol_3_(H264_Vorbis)[HQ][618FFE75].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Demonoid.com]-Hunter_The_vigil_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[DGz]Magical Girl Lyrical Nanoha.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[DPG]Shining_Tears_-_Visual_Collection_[2DF6A70B].zip.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Claymore - 01 (XviD) [EAB5EFF5].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Claymore - 02 (XviD) [3B883489].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Claymore - 03 (XviD) [846EE465].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Claymore - 04 (XviD) [84DEB594].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Claymore - 05 (XviD) [ABACAC9E].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 01 (XviD) [CE062934].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 02 (XviD) [FF455508].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 03 (XviD) [11DF8C37].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 04 (XviD) [D0A7FC40].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 05 (XviD) [6E91741B].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 07 (XviD) [8C79EEF1].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 08 (XviD) [D157A5C6].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 09 (XviD) [D04133AE].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 10 (XviD) [7A3A8694].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 11 (XviD) [B210B8CB].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 12 (XviD) [382433A6].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 13 (XviD) [C4290631].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Huzzah-Doremi]_Bamboo_Blade_24_[7C771BB1].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] 1436109-Xchange 3.rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] 4bb26e96e29bec4d9b83c1a8bf6d94be5d47a129.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] download-1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] download.1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] download.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] Dungeon_Keeper_2.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] Linkin.Park-Minutes.To.Midnight.2007.zip.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kamina] Tengen Toppa Gurren Lagann - 01 - [H.264] [Vorbis] [1280x720] [BD4395D2].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_05[XviD][3196008B].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_06[XviD][1780DD10].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_10[XviD][365BB80F].avi-1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_10[XviD][365BB80F].avi-2.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_10[XviD][365BB80F].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_14[XviD][879257CE].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_15[XviD][C5766225].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_16[XviD][FD52DDE8].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_17[XviD][02724B07].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_18_&_19-1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[LonE]_Kakihara_Tetsuya,_Konishi_Katsuyuki,_Inoue_Marina,_Tatsh_-_GURREN_LAGANN_CHARACTER_SONG_(FLAC).rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[LonE]_UVERworld_-_Timeless_(WV).rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[m.3.3.w]School_Days_08_-_School_Festival.avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[m.3.3.w]School_Days_09_-_After_Evening_Festival.avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[m.3.3.w]School_Days_10_-_Heart_and_Body_[EE7ED012].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[m.3.3.w]School_Days_11_-_Everyone's_Makoto_[4E3178C1].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[m.3.3.w]School_Days_12_-_[Final]_[2EFB0EF8].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[mahou]_Fate_stay_night_-_06_[36F0ED66].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[mahou]_Fate_stay_night_-_10_[36C51183].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[nih0ngaku] MAXIMUM THE HORMONE - Mimi Kajiru.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nipponsei] Death Note OP2 ED2 Single - What's up, people! [Maximum The Hormone].zip.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nipponsei] Rebuild of Evangelion Theme Single - Beautiful World .zip.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nipponsei] Tengen Toppa Gurren Lagann ED Single - UNDERGROUND [HIGH VOLTAGE].zip.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[NyaaTorrents.org] [TAMUSIC] Touhou Violin 6.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 02.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 03 HQ.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 03.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 04_v2.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 05 HQ.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 06.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 07.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 08 (704x396_XviD).avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 08 HQ.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 08 SQ.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 09 (704x396_XviD) v2.avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 09.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 1 v2.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 10.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 11.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 12.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 13.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[QMF]_Gurren_Lagann_01_(640x360DivX511-29.97eng-sub).avi.da.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Shinsen-Radio]_abingdon_boys_school_-_Nephilim_V2.rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Shinsen-Subs]_Romeo_x_Juliet_-_01_[H264][62CA93FC].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[SS-anon] Tengen Toppa Gurren-Lagann 15 (720p x264 AAC).mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[SS-BSS] Tengen Toppa Gurren-Lagann 16 (720p x264 AAC).mkv -[mininova.org]-.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo] Darker Than Black 17 [A12DB774] mkv [www.Fulldls.com].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo] Darker than Black 26 [945E1285].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_01_[ABDDD1DD].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_02_[86C09AD0].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_03_[9A9DAAF8].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_04_[307A96FF].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_05_[1F8A1474].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_06_[9F283151].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_07_[29154075].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_08_[9C680479].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_09_[6A5B33E1].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_10_[4A187F26].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_11_[EF0B9DF4].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_12_[08C14207].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_13_[28C5D807].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_14_[646CD48C].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_15_[64B50743].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_18_[E4CCB11C].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_19_[150DB5E0].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_20_[9D59CADD].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_21_[D367949C].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_22_[6F17C44F].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_23_[AB95EFB1].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_24_[1C11D176].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_25_[97393190].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Triad]_Magical_Girl_Lyrical_Nanoha_-_01-13.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\_-Demonoid.com-_Queen_All_Time_Greatest_Hits_3_CD_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\+-Demonoid.com-+_Dungeon_Keeper_2_Silver_Skirmish_Maps__5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\++Demonoid.com++-Nightwish_Dark_Passion_Play_(FULL_includes_TPATP_Demo_version)_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\76289.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\AMV Hell 3 - The Motion Picture.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Bla [-www.meganova.org-].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Cage_of_desire.4424447.TPB.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Captain_Dan_The_Scurvy_Crew_Rimes_of_the_Hip_Hop_Mariners_x-Demonoid.com-x_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Dan_Le_Sac_Vs_Scroobius_Pip-Angles2008-V0-FLAWL3SS_RG.4232055.TPB.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\dht.dat
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Disgaea2 OST b-mininova.org-d .torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\DND_WOTC_3_5_Complete_OEF_collection_D_D_Dungeons_Dragons-[Demonoid.com]_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\DragonForce_Discography[4CDs]_ghatway-[]Demonoid.com[]_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\E+Nomine+-+Megapack+by+Dragonheart.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Extratorrent com SS-BSS Tengen Toppa Gurren Lagann 17 (720p x264 AAC) mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Final_Fantasy_VII_-_Voices_of_the_Lifestream.1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Final_Fantasy_VII_-_Voices_of_the_Lifestream.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Gakuen Series HCG.1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Gakuen Series HCG.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\HCGA Week 02.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\HIGH and MIGHTY COLOR - Discography.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\HIGH and MIGHTY COLOR - Guo on PROGRESSIVE [320 kbps] [2006.04.05] [+Scans].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\HIGH and MIGHTY COLOR.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Imperishable Night.rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\IT_Crowd_Season_1_2_Comedy_x-Demonoid.com-x_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Jimmy_Eat_World_Discography-[[Demonoid.com]]_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Linkin_Park_-_Minutes_to_Midnight.3739028.TPB.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Linkin_Park_Minutes_To_Midnight_(Original_CD_Rip)-((Demonoid.com))_656388.1444 ^mininova.org^.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Makai Senki Disgaea 2 Soundtracks.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Moe_MP3_C73_TAMUSIC_-_Touhou_Violin_7.rar[www.btmon.com].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Muse_Discography_MP3_V0-(Demonoid.com)_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\O-Demonoid.com-O_Captain_Dan_and_the_Scurvy_Crew_Authentic_Pirate_Hip_Hop_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\o-Demonoid.com-o_Eisbrecher_Sunde_(2008)_[Promo]_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Red_Hot_Chili_Peppers_Discography_[_complete_]-((Demonoid.com))_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\resume.dat
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\settings.dat
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Touhou 10 Fuujinroku ~ Mountain of Faith (bin+cue).rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\tsukihimegbmusc.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\X-Change [www.Fulldls.com].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\X-Change_HENTAI[www.btmon.com].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\x-Demonoid.com-x_Grimm_Fairy_Tales_complete_as_of_12_28_08_5490026.0988.torrent
c:\windows\system32\serulise.exe
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.
2009-03-31 01:02 . 2009-03-31 01:01 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-29 06:28 . 2009-03-29 06:29 <DIR> d-------- c:\program files\ERUNT
2009-03-29 06:23 . 2009-03-29 06:23 <DIR> d-------- c:\program files\Trend Micro
2009-03-06 21:02 . 2009-03-06 21:06 <DIR> d-------- c:\program files\GamerLog
2009-03-05 20:07 . 2009-03-05 20:07 <DIR> d-------- c:\documents and settings\Luke Letourneau\Application Data\SanDisk
2009-03-05 14:14 . 2009-03-05 14:33 <DIR> d-------- c:\program files\Common Files\Real
2009-03-05 14:10 . 2009-03-05 14:10 <DIR> d-------- c:\program files\Real
2009-03-05 14:09 . 2009-03-10 10:25 <DIR> d-------- c:\program files\Rhapsody
2009-02-25 22:01 . 2009-03-04 21:31 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-25 21:31 . 2009-03-04 21:31 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-25 21:30 . 2009-02-25 21:30 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-08 23:09 . 2006-02-13 04:43 94,208 --a------ c:\windows\system32\zmbv.dll
2009-02-08 23:09 . 2004-03-29 17:23 90,112 --a------ c:\windows\unvise32.exe
2009-02-08 23:08 . 2009-02-08 23:09 <DIR> d-------- c:\program files\XCOM-Total Pack
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 05:01 --------- d-----w c:\program files\Java
2009-03-29 06:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 06:39 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-29 03:35 --------- d-----w c:\program files\Trillian
2009-02-26 01:30 --------- d-----w c:\program files\Lavasoft
2009-02-26 01:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-08 22:50 --------- d-----w c:\program files\Tsukihime
2004-09-06 16:06 787,456 ----a-w c:\documents and settings\Luke Letourneau\D3dHook.dll
2004-09-06 16:06 756,224 ----a-w c:\documents and settings\Luke Letourneau\D3DWindower.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-30_17.03.29.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 16:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2009-03-31\ERDNT.EXE
+ 2009-03-31 22:24:45 9,293,824 ----a-w c:\windows\ERDNT\AutoBackup\2009-03-31\Users\[u]00000001\ntuser.dat
+ 2009-03-31 22:24:45 200,704 ----a-w c:\windows\ERDNT\AutoBackup\2009-03-31\Users\00000002\UsrClass.dat
+ 2005-10-20 16:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\3-31-2009\ERDNT.EXE
+ 2009-03-31 04:43:02 9,285,632 ----a-w c:\windows\ERDNT\AutoBackup\3-31-2009\Users\00000001\ntuser.dat
+ 2009-03-31 04:43:02 196,608 ----a-w c:\windows\ERDNT\AutoBackup\3-31-2009\Users\00000002\UsrClass.dat
+ 2008-04-14 00:12:08 155,136 ----a-w c:\windows\ezozexow.dll
- 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-03-31 05:01:53 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-31 05:01:53 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-31 05:01:53 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-31 22:24:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_144.dat
+ 2009-03-31 22:23:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_634.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SansaDispatch"="c:\documents and settings\Luke Letourneau\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-03-05 79872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-31 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-04 515416]
"Rbezugiyelovaw"="c:\windows\ezozexow.dll" [2008-04-13 155136]
"CTHelper"="CTHELPER.EXE" [2005-12-08 c:\windows\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
c:\documents and settings\Luke Letourneau\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-08-17 557568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.ZMBV"= zmbv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli cpxtus.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\Luke Letourneau\\Desktop\\utorrent.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\HydraIRC\\HydraIRC.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Dungeon Helper\\DH_Server.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\th105\\th105.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"=
"c:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"10800:TCP"= 10800:TCP:*:Disabled:SWR
"10800:UDP"= 10800:UDP:*:Disabled:SWR2
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-25 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-13 20560]
R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [2007-12-13 439656]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2007-03-09 23400]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
.
Contents of the 'Scheduled Tasks' folder
2009-03-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-04 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dominic-deegan.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Luke Letourneau\Application Data\Mozilla\Firefox\Profiles\vhobyknq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.4chan.org/
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 18:25:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(768)
c:\windows\cpxtus.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-31 18:27:52 - machine was rebooted [Luke Letourneau]
ComboFix-quarantined-files.txt 2009-03-31 22:27:48
ComboFix2.txt 2009-03-30 21:04:37
Pre-Run: 31,893,430,272 bytes free
Post-Run: 31,831,744,512 bytes free
382 --- E O F --- 2009-03-15 06:10:27
Drakstern
2009-04-01, 01:34
First, the combofix log, part 1
ComboFix 09-03-31.01 - Luke Letourneau 2009-03-31 18:20:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.646 [GMT -4:00]
Running from: c:\documents and settings\Luke Letourneau\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Luke Letourneau\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090331-0] *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
C:\dmsiacq.exe
c:\windows\system32\serulise.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Luke Letourneau\Application Data\uTorrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\-[mininova.org]- [solaris-svu] Inumimi Volume 1.cbr.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\-[mininova.org]- [sudo]_Darker_Than_Black_16_[BA388FE9].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\-_Demonoid.com_-The_Killers_Discography_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\((Demonoid.com))-Muse_H_A_A_R_P_Live_from_Wembley_(320kbps)_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 21 [1280x720][x264][175E18B5].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 22 [1280x720][h264][6039D9AF].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 23 [1280x720 x264][4007292D].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 24 [1280x720][x264][22417E95].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 25 [1280x720][h264][AF8F38F9].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 26 [1280x720][h264][3CF3E927].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 27 [1280x720][h264][E9C00A68].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[GFX-BETA](C74) (_____) [________] _____ (mdf+mds+rr3).rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[KSN-AEN]Blade_of_the_Immortal_-_01_HD[11B946A5].mp4.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[nih0ngaku] abingdon boys school - abingdon boys school.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[nih0ngaku] MAXIMUM THE HORMONE - Kusoban.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[Tadashi x wyvern] Slayers Revolution - 01 (704x400 H.264 AAC).mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\(AniRena)[Zero-Raws] Blade of the Immortal - 02 RAW (AT-X 1024x576 DivX683 120f[ED60f]).avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[#aznmp3] UVERworld - BUGRIGHT [2007.02.21.] [320kbps x cover scan].zip.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[#aznmp3] UVERworld - Timeless [320kbps x cover scan][2006.2.15].rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[[Demonoid.com]]-KMFDM_Discography_(Albums_EPs_and_Miscellaneous)_5490026.0988.1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[[Demonoid.com]]-KMFDM_Discography_(Albums_EPs_and_Miscellaneous)_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[051021][Liar]Born Freaks!.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AnimeU]_SHUFFLE!_01-24_complete_series-1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AnimeU]_SHUFFLE!_01-24_complete_series.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AnimeU]_SHUFFLE!_01_[EF91727B].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AnimeU]_SHUFFLE!_02_[7B9F43B0].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AnimeU]_SHUFFLE!_03_[551B3CDB].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AniRena][BSS-Anon] Tengen Toppa Gurren-Lagann - 20 [1280x720][x264][8D4C98C5].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[anon] Tengen Toppa Gurren-Lagann - 13 (704 x 396).mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[anon] Tengen Toppa Gurren-Lagann - 14 (704 x 396).mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Audio-4U] Ookami to koushinryou (spice and wolf) OP-ED-OST-DoramaCD-DS (with scans) [mp3 320 CBR].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[AY]_Darker_Than_Black_-_OST.rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Ayu]_Murder_Princess_-_01_[82B59432].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[BSS-Anon] Tengen Toppa Gurren-Lagann - 18 [1280x720][x264][88B19F53].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[BSS-Anon] Tengen Toppa Gurren-Lagann - 19 [1280x720][x264][418C08FC].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_01_[H264][AAC][AD3CCF5B].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_02_[H264][AAC][BE192BF6].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_03_[H264][AAC][A3AEC12C].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_04_[H264][AAC][A0D36271].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_05_[H264][AAC][9FD0570F].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_06_[H264][AAC][078C54B7].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Conclave]_School_Days_-_07_[H264][AAC][CD3379CD].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[CrystalNova]Murder_Princess_OVA_-_Vol_1_(H264_Vorbis)[HQ][7C2F7480].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[CrystalNova]Murder_Princess_OVA_-_Vol_2_(H264_Vorbis)[HQ][DD03AE72].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[CrystalNova]Murder_Princess_OVA_-_Vol_3_(H264_Vorbis)[HQ][618FFE75].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Demonoid.com]-Hunter_The_vigil_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[DGz]Magical Girl Lyrical Nanoha.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[DPG]Shining_Tears_-_Visual_Collection_[2DF6A70B].zip.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Claymore - 01 (XviD) [EAB5EFF5].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Claymore - 02 (XviD) [3B883489].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Claymore - 03 (XviD) [846EE465].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Claymore - 04 (XviD) [84DEB594].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Claymore - 05 (XviD) [ABACAC9E].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 01 (XviD) [CE062934].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 02 (XviD) [FF455508].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 03 (XviD) [11DF8C37].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 04 (XviD) [D0A7FC40].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 05 (XviD) [6E91741B].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 07 (XviD) [8C79EEF1].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 08 (XviD) [D157A5C6].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 09 (XviD) [D04133AE].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 10 (XviD) [7A3A8694].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 11 (XviD) [B210B8CB].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 12 (XviD) [382433A6].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Eclipse] Fate-stay night - 13 (XviD) [C4290631].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Huzzah-Doremi]_Bamboo_Blade_24_[7C771BB1].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] 1436109-Xchange 3.rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] 4bb26e96e29bec4d9b83c1a8bf6d94be5d47a129.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] download-1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] download.1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] download.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] Dungeon_Keeper_2.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[isoHunt] Linkin.Park-Minutes.To.Midnight.2007.zip.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kamina] Tengen Toppa Gurren Lagann - 01 - [H.264] [Vorbis] [1280x720] [BD4395D2].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_05[XviD][3196008B].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_06[XviD][1780DD10].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_10[XviD][365BB80F].avi-1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_10[XviD][365BB80F].avi-2.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_10[XviD][365BB80F].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_14[XviD][879257CE].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_15[XviD][C5766225].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_16[XviD][FD52DDE8].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_17[XviD][02724B07].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Kuroneko]Fate_Stay_Night_-_18_&_19-1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[LonE]_Kakihara_Tetsuya,_Konishi_Katsuyuki,_Inoue_Marina,_Tatsh_-_GURREN_LAGANN_CHARACTER_SONG_(FLAC).rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[LonE]_UVERworld_-_Timeless_(WV).rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[m.3.3.w]School_Days_08_-_School_Festival.avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[m.3.3.w]School_Days_09_-_After_Evening_Festival.avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[m.3.3.w]School_Days_10_-_Heart_and_Body_[EE7ED012].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[m.3.3.w]School_Days_11_-_Everyone's_Makoto_[4E3178C1].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[m.3.3.w]School_Days_12_-_[Final]_[2EFB0EF8].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[mahou]_Fate_stay_night_-_06_[36F0ED66].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[mahou]_Fate_stay_night_-_10_[36C51183].avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[nih0ngaku] MAXIMUM THE HORMONE - Mimi Kajiru.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nipponsei] Death Note OP2 ED2 Single - What's up, people! [Maximum The Hormone].zip.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nipponsei] Rebuild of Evangelion Theme Single - Beautiful World [Utada Hikaru].zip.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nipponsei] Tengen Toppa Gurren Lagann ED Single - UNDERGROUND [HIGH VOLTAGE].zip.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[NyaaTorrents.org] [TAMUSIC] Touhou Violin 6.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 02.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 03 HQ.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 03.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 04_v2.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 05 HQ.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 06.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 07.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 08 (704x396_XviD).avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 08 HQ.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 08 SQ.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 09 (704x396_XviD) v2.avi.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 09.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 1 v2.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 10.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 11.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 12.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Nyoron Subs] Gurren Lagann 13.mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[QMF]_Gurren_Lagann_01_(640x360DivX511-29.97eng-sub).avi.da.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Shinsen-Radio]_abingdon_boys_school_-_Nephilim_V2.rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Shinsen-Subs]_Romeo_x_Juliet_-_01_[H264][62CA93FC].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[SS-anon] Tengen Toppa Gurren-Lagann 15 (720p x264 AAC).mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[SS-BSS] Tengen Toppa Gurren-Lagann 16 (720p x264 AAC).mkv -[mininova.org]-.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo] Darker Than Black 17 [A12DB774] mkv [www.Fulldls.com].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo] Darker than Black 26 [945E1285].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_01_[ABDDD1DD].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_02_[86C09AD0].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_03_[9A9DAAF8].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_04_[307A96FF].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_05_[1F8A1474].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_06_[9F283151].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_07_[29154075].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_08_[9C680479].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_09_[6A5B33E1].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_10_[4A187F26].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_11_[EF0B9DF4].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_12_[08C14207].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_13_[28C5D807].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_14_[646CD48C].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_15_[64B50743].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_18_[E4CCB11C].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_19_[150DB5E0].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_20_[9D59CADD].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_21_[D367949C].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_22_[6F17C44F].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_23_[AB95EFB1].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_24_[1C11D176].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[sudo]_Darker_Than_Black_25_[97393190].mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\[Triad]_Magical_Girl_Lyrical_Nanoha_-_01-13.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\_-Demonoid.com-_Queen_All_Time_Greatest_Hits_3_CD_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\+-Demonoid.com-+_Dungeon_Keeper_2_Silver_Skirmish_Maps__5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\++Demonoid.com++-Nightwish_Dark_Passion_Play_(FULL_includes_TPATP_Demo_version)_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\76289.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\AMV Hell 3 - The Motion Picture.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Bla [-www.meganova.org-].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Cage_of_desire.4424447.TPB.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Captain_Dan_The_Scurvy_Crew_Rimes_of_the_Hip_Hop_Mariners_x-Demonoid.com-x_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Dan_Le_Sac_Vs_Scroobius_Pip-Angles2008-V0-FLAWL3SS_RG.4232055.TPB.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\dht.dat
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Disgaea2 OST b-mininova.org-d .torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\DND_WOTC_3_5_Complete_OEF_collection_D_D_Dungeons_Dragons-[Demonoid.com]_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\DragonForce_Discography[4CDs]_ghatway-[]Demonoid.com[]_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\E+Nomine+-+Megapack+by+Dragonheart.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Extratorrent com SS-BSS Tengen Toppa Gurren Lagann 17 (720p x264 AAC) mkv.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Final_Fantasy_VII_-_Voices_of_the_Lifestream.1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Final_Fantasy_VII_-_Voices_of_the_Lifestream.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Gakuen Series HCG.1.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Gakuen Series HCG.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\HCGA Week 02.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\HIGH and MIGHTY COLOR - Discography.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\HIGH and MIGHTY COLOR - Guo on PROGRESSIVE [320 kbps] [2006.04.05] [+Scans].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\HIGH and MIGHTY COLOR.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Imperishable Night.rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\IT_Crowd_Season_1_2_Comedy_x-Demonoid.com-x_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Jimmy_Eat_World_Discography-[[Demonoid.com]]_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Linkin_Park_-_Minutes_to_Midnight.3739028.TPB.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Linkin_Park_Minutes_To_Midnight_(Original_CD_Rip)-((Demonoid.com))_656388.1444 ^mininova.org^.torrent
Drakstern
2009-04-01, 01:35
Part 2
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Makai Senki Disgaea 2 Soundtracks.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Moe_MP3_C73_TAMUSIC_-_Touhou_Violin_7.rar[www.btmon.com].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Muse_Discography_MP3_V0-(Demonoid.com)_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\O-Demonoid.com-O_Captain_Dan_and_the_Scurvy_Crew_Authentic_Pirate_Hip_Hop_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\o-Demonoid.com-o_Eisbrecher_Sunde_(2008)_[Promo]_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Red_Hot_Chili_Peppers_Discography_[_complete_]-((Demonoid.com))_5490026.0988.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\resume.dat
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\settings.dat
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\Touhou 10 Fuujinroku ~ Mountain of Faith (bin+cue).rar.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\tsukihimegbmusc.torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\X-Change [www.Fulldls.com].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\X-Change_HENTAI[www.btmon.com].torrent
c:\documents and settings\Luke Letourneau\Application Data\uTorrent\x-Demonoid.com-x_Grimm_Fairy_Tales_complete_as_of_12_28_08_5490026.0988.torrent
c:\windows\system32\serulise.exe
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.
2009-03-31 01:02 . 2009-03-31 01:01 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-29 06:28 . 2009-03-29 06:29 <DIR> d-------- c:\program files\ERUNT
2009-03-29 06:23 . 2009-03-29 06:23 <DIR> d-------- c:\program files\Trend Micro
2009-03-06 21:02 . 2009-03-06 21:06 <DIR> d-------- c:\program files\GamerLog
2009-03-05 20:07 . 2009-03-05 20:07 <DIR> d-------- c:\documents and settings\Luke Letourneau\Application Data\SanDisk
2009-03-05 14:14 . 2009-03-05 14:33 <DIR> d-------- c:\program files\Common Files\Real
2009-03-05 14:10 . 2009-03-05 14:10 <DIR> d-------- c:\program files\Real
2009-03-05 14:09 . 2009-03-10 10:25 <DIR> d-------- c:\program files\Rhapsody
2009-02-25 22:01 . 2009-03-04 21:31 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-25 21:31 . 2009-03-04 21:31 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-25 21:30 . 2009-02-25 21:30 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-08 23:09 . 2006-02-13 04:43 94,208 --a------ c:\windows\system32\zmbv.dll
2009-02-08 23:09 . 2004-03-29 17:23 90,112 --a------ c:\windows\unvise32.exe
2009-02-08 23:08 . 2009-02-08 23:09 <DIR> d-------- c:\program files\XCOM-Total Pack
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 05:01 --------- d-----w c:\program files\Java
2009-03-29 06:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 06:39 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-29 03:35 --------- d-----w c:\program files\Trillian
2009-02-26 01:30 --------- d-----w c:\program files\Lavasoft
2009-02-26 01:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-08 22:50 --------- d-----w c:\program files\Tsukihime
2004-09-06 16:06 787,456 ----a-w c:\documents and settings\Luke Letourneau\D3dHook.dll
2004-09-06 16:06 756,224 ----a-w c:\documents and settings\Luke Letourneau\D3DWindower.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-30_17.03.29.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 16:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2009-03-31\ERDNT.EXE
+ 2009-03-31 22:24:45 9,293,824 ----a-w c:\windows\ERDNT\AutoBackup\2009-03-31\Users\00000001\ntuser.dat
+ 2009-03-31 22:24:45 200,704 ----a-w c:\windows\ERDNT\AutoBackup\2009-03-31\Users\00000002\UsrClass.dat
+ 2005-10-20 16:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\3-31-2009\ERDNT.EXE
+ 2009-03-31 04:43:02 9,285,632 ----a-w c:\windows\ERDNT\AutoBackup\3-31-2009\Users\00000001\ntuser.dat
+ 2009-03-31 04:43:02 196,608 ----a-w c:\windows\ERDNT\AutoBackup\3-31-2009\Users\00000002\UsrClass.dat
+ 2008-04-14 00:12:08 155,136 ----a-w c:\windows\ezozexow.dll
- 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-03-31 05:01:53 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-31 05:01:53 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-31 05:01:53 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-31 22:24:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_144.dat
+ 2009-03-31 22:23:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_634.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SansaDispatch"="c:\documents and settings\Luke Letourneau\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-03-05 79872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-31 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-04 515416]
"Rbezugiyelovaw"="c:\windows\ezozexow.dll" [2008-04-13 155136]
"CTHelper"="CTHELPER.EXE" [2005-12-08 c:\windows\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
c:\documents and settings\Luke Letourneau\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-08-17 557568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.ZMBV"= zmbv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli cpxtus.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\Luke Letourneau\\Desktop\\utorrent.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\HydraIRC\\HydraIRC.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Dungeon Helper\\DH_Server.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\th105\\th105.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"=
"c:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"10800:TCP"= 10800:TCP:*:Disabled:SWR
"10800:UDP"= 10800:UDP:*:Disabled:SWR2
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-25 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-13 20560]
R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [2007-12-13 439656]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2007-03-09 23400]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
.
Contents of the 'Scheduled Tasks' folder
2009-03-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-04 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dominic-deegan.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Luke Letourneau\Application Data\Mozilla\Firefox\Profiles\vhobyknq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.4chan.org/
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 18:25:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(768)
c:\windows\cpxtus.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-31 18:27:52 - machine was rebooted [Luke Letourneau]
ComboFix-quarantined-files.txt 2009-03-31 22:27:48
ComboFix2.txt 2009-03-30 21:04:37
Pre-Run: 31,893,430,272 bytes free
Post-Run: 31,831,744,512 bytes free
382 --- E O F --- 2009-03-15 06:10:27
Drakstern
2009-04-01, 01:36
HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:52 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Luke Letourneau\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dominic-deegan.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Rbezugiyelovaw] rundll32.exe "C:\WINDOWS\ezozexow.dll",e
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Luke Letourneau\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221593371750
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7682 bytes
Drakstern
2009-04-01, 01:37
And the virustotal log
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.30 Trojan.Win32.Hiloti!IK
AhnLab-V3 5.0.0.2 2009.03.29 -
AntiVir 7.9.0.129 2009.03.29 TR/Crypt.XPACK.Gen
Antiy-AVL 2.0.3.1 2009.03.29 -
Authentium 5.1.2.4 2009.03.29 -
Avast 4.8.1335.0 2009.03.29 -
AVG 8.5.0.285 2009.03.29 -
BitDefender 7.2 2009.03.30 -
CAT-QuickHeal 10.00 2009.03.28 -
ClamAV 0.94.1 2009.03.29 -
Comodo 1089 2009.03.29 -
DrWeb 4.44.0.09170 2009.03.30 -
eSafe 7.0.17.0 2009.03.27 -
eTrust-Vet 31.6.6421 2009.03.27 -
F-Prot 4.4.4.56 2009.03.29 -
F-Secure 8.0.14470.0 2009.03.30 -
Fortinet 3.117.0.0 2009.03.29 -
GData 19 2009.03.30 -
Ikarus T3.1.1.48.0 2009.03.30 Trojan.Win32.Hiloti
K7AntiVirus 7.10.684 2009.03.28 -
Kaspersky 7.0.0.125 2009.03.30 -
McAfee 5568 2009.03.29 -
McAfee+Artemis 5568 2009.03.29 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.03.29 Trojan.Crypt.XPACK.Gen
Microsoft 1.4502 2009.03.29 Trojan:Win32/Hiloti.gen!A
NOD32 3972 2009.03.28 -
Norman 6.00.06 2009.03.27 -
nProtect 2009.1.8.0 2009.03.29 -
Panda 10.0.0.10 2009.03.29 -
PCTools 4.4.2.0 2009.03.29 -
Prevx1 V2 2009.03.30 High Risk Cloaked Malware
Rising 21.22.62.00 2009.03.29 -
Sophos 4.40.0 2009.03.30 Troj/Virtum-Gen
Sunbelt 3.2.1858.2 2009.03.29 -
Symantec 1.4.4.12 2009.03.30 -
TheHacker 6.3.3.9.296 2009.03.30 -
TrendMicro 8.700.0.1004 2009.03.28 -
VBA32 3.12.10.1 2009.03.29 -
ViRobot 2009.3.27.1666 2009.03.27 -
Additional information
File size: 45056 bytes
MD5...: 473f6d505619962ebff93c5f8173d64b
SHA1..: b2814ef271d7cfc102841e5b97dd4703d93021d4
SHA256: 9492c190c3a23193f8e6930f5ff36887074342373bc74d92d90054218f23db72
SHA512: 79dcad2002732cd93c6e9d9da6c86c561bd53da762b9d32af3f8771782d619b7
172902c08c3559ae12e905d7f0c181308c49a295fc252f5f08b1ac1cc5b6e69f
ssdeep: 768:TFebeyVF+8D/y920ufO/ZWJchumUQ0xLlmXwcapD0V42:RebhLfD/D0umRme
UhxYFapp2
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x6400
timedatestamp.....: 0x48ff25a8 (Wed Oct 22 13:07:52 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8000 0x7600 7.61 86ddddd5878dda2b1ae235a493ed1786
.data 0x9000 0x3000 0x2400 6.23 d40c1239ff58d7270dd991f1eab8c8ff
.rsrc 0xc000 0x1000 0x400 2.80 7c8331ff25fbae657993b83ddacacc53
.reloc 0xd000 0x1000 0x200 3.22 cf9ad282fc8bc9ccea4276748fbe857a
( 5 imports )
> KERNEL32.dll: ExitProcess, FlushFileBuffers, HeapAlloc, HeapCreate, TlsGetValue, DeviceIoControl
> msvcrt.dll: wcscpy, exit, fwprintf, time, _exit
> user32.dll: LoadMenuA, PeekMessageA, ChildWindowFromPoint, IsWindowVisible
> OLEAUT32.dll: -, -, -, -, -
> SHLWAPI.dll: SHDeleteEmptyKeyA, PathBuildRootA, ChrCmpIA
( 0 exports )
RDS...: NSRL Reference Data Set
-
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=FADA5A4F0062C88FB06A007988F15600CAEF31A0
Drakstern
2009-04-03, 23:51
It looks like, due to circumstances out of my control, I'm going to be out of town for at least the next few weeks and will not have access to this computer again until then.
Thank you for all your help, Shaba. Please lock this thread, and when I return I will ask for it to be re-opened if I am still having issues.