PDA

View Full Version : Virtumonde problems (Resolved)



Oogabooga
2009-08-02, 13:12
Spybot found a Virtumonde.dll and i think it cannot remove it. Cleaned twice so far and it resurfaces.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:58 μμ, on 2/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AhnRpta.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\John\LOCALS~1\Temp\herss.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {5FFFA267-0B81-42B4-BE64-77B5C9FE287F} (MinWebLauncher Control) - http://www.playran.com/game/MinWebLauncher.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)

--
End of file - 4327 bytes

katana
2009-08-03, 15:27
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



AdAware
Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable AdWatch:

Open AdAware
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem.
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )

Oogabooga
2009-08-03, 18:09
Malwarebytes' Anti-Malware 1.39
Database version: 2549
Windows 5.1.2600 Service Pack 2

3/8/2009 6:00:32 μμ
mbam-log-2009-08-03 (18-00-32).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 196685
Time elapsed: 1 hour(s), 5 minute(s), 37 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\e8main0.dll (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\e8main0.dll (Spyware.OnlineGames) -> Delete on reboot.
c:\s.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\xbvv6o.com (Trojan.Gamania) -> Quarantined and deleted successfully.
d:\fsaht.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
d:\gbm6n.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
d:\lad.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
d:\s.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
d:\28b6ry9r.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
d:\d9c.bat (Trojan.Magania) -> Quarantined and deleted successfully.
d:\xbvv6o.com (Trojan.Gamania) -> Quarantined and deleted successfully.
d:\y6yol.exe (Trojan.Magania) -> Quarantined and deleted successfully.
c:\mqhnawe.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\John\local settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Delete on reboot.
c:\documents and settings\John\local settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Oogabooga
2009-08-03, 18:12
Logfile of random's system information tool 1.06 (written by random/random)
Run by John at 2009-08-03 18:07:58
Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (9%) free of 72 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:08 μμ, on 3/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\John.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {5FFFA267-0B81-42B4-BE64-77B5C9FE287F} (MinWebLauncher Control) - http://www.playran.com/game/MinWebLauncher.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)

--
End of file - 4175 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}]
IeCatch2 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2002-01-16 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-12-19 65024]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-24 520024]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-10-29 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-01-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWinKeys"=01000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Cabal\update\ESTdnheadless.exe"="C:\Cabal\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\World of Warcraft\WoW-1.12.0-enGB-downloader.exe"="C:\World of Warcraft\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"="C:\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Hamachi\hamachi.exe"="C:\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\Moooooo\DC++\DCPlusPlus.exe"="D:\Moooooo\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Documents and Settings\John\Desktop\DCPlusPlus.exe"="C:\Documents and Settings\John\Desktop\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"="C:\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\World of Warcraft\BackgroundDownloader.exe"="C:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\World of Warcraft\WoW-2.0.3-enGB-downloader.exe"="C:\World of Warcraft\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enGB-downloader.exe"="C:\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe"="C:\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe"="C:\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"="C:\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe"="C:\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"="C:\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\CABAL Online\launcher\update\ESTdnheadless.exe"="C:\CABAL Online\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\World of Warcraft\Repair.exe"="C:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\CABAL Online\cabal.exe"="C:\CABAL Online\cabal.exe:*:Enabled:Cabal"
"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe"="C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"="C:\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\John\Local Settings\Temp\Blizzard Launcher Temporary - c8e27190\Launcher.exe"="C:\Documents and Settings\John\Local Settings\Temp\Blizzard Launcher Temporary - c8e27190\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\John\Local Settings\Temp\Blizzard Launcher Temporary - cdd38108\Launcher.exe"="C:\Documents and Settings\John\Local Settings\Temp\Blizzard Launcher Temporary - cdd38108\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\John\Local Settings\Temp\Blizzard Launcher Temporary - cf10d368\Launcher.exe"="C:\Documents and Settings\John\Local Settings\Temp\Blizzard Launcher Temporary - cf10d368\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\John\Local Settings\Temp\Blizzard Launcher Temporary - d4b28d70\Launcher.exe"="C:\Documents and Settings\John\Local Settings\Temp\Blizzard Launcher Temporary - d4b28d70\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe"="C:\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\World of Warcraft\Launcher.exe"="C:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25584e50-8224-11dc-b8b6-000a5e3ff621}]
shell\AutoRun\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\plzrunmezz.exe
shell\open\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\plzrunmezz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25584e51-8224-11dc-b8b6-000a5e3ff621}]
shell\AutoRun\command - H:\ukvr.bat
shell\open\command - H:\ukvr.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a564c79-13bb-11dd-b9e4-000a5e3ff621}]
shell\auto\command - E:\Knight.exe open
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
shell\explore\command - E:\Knight.exe open
shell\find\command - E:\Knight.exe open
shell\install\command - E:\Knight.exe open
shell\open\command - E:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f031a3f-a993-11dd-bb21-000a5e3ff621}]
shell\AutoRun\command - E:\2a.exe
shell\open\command - E:\2a.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f6339ca-f8e6-11dc-b9b7-000a5e3ff621}]
shell\auto\command - E:\Knight.exe open
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
shell\explore\command - E:\Knight.exe open
shell\find\command - E:\Knight.exe open
shell\install\command - E:\Knight.exe open
shell\open\command - E:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a442a29-eca8-11dd-8f94-000a5e3ff621}]
shell\1\command - E:\.\recycled\info.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a370080-6315-11dd-ba9f-000a5e3ff621}]
shell\1\command - .\recycled\info.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{739b7012-f034-11db-b773-000a5e3ff621}]
shell\AutoRun\command - I:\2a.exe
shell\open\command - I:\2a.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a2cc4ed-3ad7-11dc-b801-000a5e3ff621}]
shell\auto\command - E:\Knight.exe open
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
shell\explore\command - E:\Knight.exe open
shell\find\command - E:\Knight.exe open
shell\install\command - E:\Knight.exe open
shell\open\command - E:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82557c2f-4288-11db-a739-000a5e3ff621}]
shell\AutoRun\command - K:\ukvr.bat
shell\open\command - K:\ukvr.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebf70c0-4570-11de-900e-000a5e3ff621}]
shell\AutoRun\command - E:\ukvr.bat
shell\open\command - E:\ukvr.bat


======List of files/folders created in the last 1 months======

2009-08-03 18:07:58 ----D---- C:\rsit
2009-08-02 18:25:57 ----RSH---- C:\ukfbi3aw.exe
2009-08-01 19:03:52 ----D---- C:\Reg Backup
2009-08-01 19:02:26 ----D---- C:\Program Files\ERUNT
2009-08-01 17:28:17 ----D---- C:\Program Files\Trend Micro
2009-08-01 16:20:36 ----RSH---- C:\6rxt26.exe
2009-07-30 19:45:44 ----RSH---- C:\rx.exe
2009-07-29 16:39:04 ----RSH---- C:\mb9x.exe
2009-07-29 16:30:18 ----RSH---- C:\eej2.exe

======List of files/folders modified in the last 1 months======

2009-08-03 18:05:56 ----D---- C:\Program Files\Mozilla Firefox
2009-08-03 18:03:06 ----D---- C:\WINDOWS\system32\drivers
2009-08-03 18:03:06 ----D---- C:\WINDOWS\system32
2009-08-03 18:03:06 ----D---- C:\WINDOWS
2009-08-03 12:12:14 ----D---- C:\WINDOWS\Temp
2009-08-02 23:33:42 ----RD---- C:\Cabal Online
2009-08-01 19:34:35 ----A---- C:\WINDOWS\WININIT.INI
2009-08-01 19:02:26 ----RD---- C:\Program Files
2009-07-30 16:35:35 ----D---- C:\Program Files\Warcraft III
2009-07-30 16:22:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-29 20:23:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-28 17:53:19 ----A---- C:\WINDOWS\DUMPbc2b.tmp
2009-07-26 22:09:39 ----A---- C:\WINDOWS\DUMPb92e.tmp
2009-07-24 16:14:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-24 14:11:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-24 14:08:49 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 atitray;atitray; \??\C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-01-13 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-01-13 14848]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-12-19 541548]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-10-29 1391104]
R3 EL90Xbc;3Com 3C90X-BC Family PCI EtherLink Adapter; C:\WINDOWS\system32\DRIVERS\el90Xbc5.SYS [2005-04-27 77463]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-01-13 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-01-13 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-01-13 31744]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-01-13 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-01-06 57856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-01-06 20480]
S1 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys []
S3 avxzo26j;avxzo26j; C:\WINDOWS\system32\drivers\avxzo26j.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2006-01-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2006-01-13 71552]
S3 dump_wmimmc;dump_wmimmc; \??\C:\Cabal Online\GameGuard\dump_wmimmc.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2006-12-04 16224]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-04-16 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-04-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-04-16 21568]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2006-01-06 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2006-01-06 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-01-06 26368]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-05-24 52384]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-05-24 6096]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-05-24 87424]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-05-24 79216]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-05-24 77040]
S3 WINIO;WINIO; \??\F:\DRIVER\Audio\winio.sys []
S3 XDva090;XDva090; \??\C:\WINDOWS\system32\XDva090.sys []
S3 XDva104;XDva104; \??\C:\WINDOWS\system32\XDva104.sys []
S3 XTrapD12;XTrapD12; \??\C:\Legend Of Ares\\XTrap\XTrapD12.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2006-01-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-10-29 389120]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2006-01-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2006-01-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-25 654848]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-24 1029456]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-25 3296812]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-01-13 38912]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2006-01-13 14336]

-----------------EOF-----------------

Oogabooga
2009-08-03, 18:13
info.txt logfile of random's system information tool 1.06 2009-08-03 18:08:10

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x1000
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Battle.net-->C:\WINDOWS\bnetunin.exe
BitComet 0.70-->C:\Program Files\BitComet\uninst.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EAX(tm) Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FastStone Image Viewer 2.6-->C:\Program Files\FastStone Image Viewer\uninst.exe
FINAL FANTASY VIII-->C:\WINDOWS\IsUninst.exe -f"c:\Final Fantasy VIII\Uninst.isu"
FlashGet(JetCar)-->C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
FlvGrabber-->"C:\Program Files\FlvGrabber\unins000.exe"
GoldWave v5.22-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.22" "C:\Program Files\GoldWave\unstall.log"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Mega Codec Pack 1.53-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerArchiver 2006 v9.63-->"C:\Program Files\PowerArchiver\unins000.exe"
QuickTime Alternative 1.67-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Radeon Omega Drivers v4.8.442 Setup Files and Tools-->"C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v4.8.442\Omega Uninstall.xml"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ZoneAlarm Anti-virus Antivirus (disabled)

======System event log======

Computer Name: JOHNM
Event Code: 7000
Message: The Upload Manager service failed to start due to the following error:
The account specified for this service is different from the account specified for other services running in the same process.


Record Number: 37114
Source Name: Service Control Manager
Time Written: 20090504185939.000000+180
Event Type: error
User:

Computer Name: JOHNM
Event Code: 7000
Message: The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 37113
Source Name: Service Control Manager
Time Written: 20090504185939.000000+180
Event Type: error
User:

Computer Name: JOHNM
Event Code: 7000
Message: The Task Scheduler service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 37112
Source Name: Service Control Manager
Time Written: 20090504185939.000000+180
Event Type: error
User:

Computer Name: JOHNM
Event Code: 2511
Message: The server service was unable to recreate the share SEGA because the directory C:\SEGA no longer exists. Please run "net share SEGA /delete" to delete the share, or recreate the directory C:\SEGA.

Record Number: 37111
Source Name: Server
Time Written: 20090504185938.000000+180
Event Type: warning
User:

Computer Name: JOHNM
Event Code: 7034
Message: The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).

Record Number: 37091
Source Name: Service Control Manager
Time Written: 20090504132504.000000+180
Event Type: error
User:

=====Application event log=====

Computer Name: JOHNM
Event Code: 1000
Message:
Record Number: 58
Source Name: Windows Live Messenger
Time Written: 20090504200520.000000+180
Event Type: error
User:

Computer Name: JOHNM
Event Code: 1013
Message: Product: Windows Live Messenger -- Your computer has a newer version of Windows Live Messenger than the one you are trying to install. To install an older version, first remove the current version (click Start, Settings, Control Panel, Add or Remove, Windows Live Messenger), and then run this Set Up again.

Record Number: 44
Source Name: MsiInstaller
Time Written: 20090504200106.000000+180
Event Type: error
User: JOHNM\John

Computer Name: JOHNM
Event Code: 12001
Message:
Record Number: 27
Source Name: usnjsvc
Time Written: 20090504191119.000000+180
Event Type:
User:

Computer Name: JOHNM
Event Code: 12001
Message:
Record Number: 11
Source Name: usnjsvc
Time Written: 20090504172346.000000+180
Event Type:
User:

Computer Name: JOHNM
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 8
Source Name: crypt32
Time Written: 20090504165505.000000+180
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

katana
2009-08-03, 21:34
Information

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitComet 0.70
eMule

Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.


----------------------------------------------------------------------------------------
Step 1

USBNoRisk

Please download USBNoRisk (http://amf.mycity.co.yu/personal/bobby/USBNoRisk/usbnorisk.exe) to your Desktop and run it by double-clicking the program's icon
wait a couple of seconds for initial scan to be done
connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds
if there are more USB storage devices to scan, please take a note about the order in which these were connected
after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab. That will open the log in Notepad. Please copy/paste the log to forum

----------------------------------------------------------------------------------------
Step 2


Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

----------------------------------------------------------------------------------------
Step 3


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)

----------------------------------------------------------------------------------------
Step 4

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

USB No Risk Log
Combofix Log
Kaspersky Log
How are things running now ?


---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes



Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) (http://java.sun.com/javase/downloads/index.jsp). ( don't install it yet )

Scroll down to where it says "Java SE Runtime Environment (JRE)".
Click the "Download" button to the right.
Platform = Windows Language = Multi Language
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Remove Programs

Older versions of some programs have vulnerabilities that malware can use to infect your system.

Now click Start---Control Panel. Double click Add or Remove Programs.
If any of the following programs are still listed there, click on the program to highlight it, and click on remove.

Adobe Reader 7.0.5

Java(TM) 6 Update 13
Java(TM) 6 Update 7
Now close the Control Panel.

Oogabooga
2009-08-05, 15:09
USBNoRisk 2.5 (26 July 2009) by bobby

Started at 4/8/2009 11:17:26 μμ

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {b8752886-2962-11db-8ba7-806d6172696f}
C: {b8752888-2962-11db-8ba7-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
autorun.inf found on C:
----------------------------------------
File C:\autorun.inf renamed successfully

Content of C:\autorun.inf.blocked
----------------------------------------
[AutoRun]
open=22yj2fy1.exe
shell\open\Command=22yj2fy1.exe
----------------------------------------

No mountpoint found for C:
No mountpoint found for b8752888-2962-11db-8ba7-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
autorun.inf found on D:
----------------------------------------
File D:\autorun.inf renamed successfully

Content of D:\autorun.inf.blocked
----------------------------------------
[AutoRun]
open=22yj2fy1.exe
shell\open\Command=22yj2fy1.exe
----------------------------------------

No mountpoint found for D:
No mountpoint found for b8752886-2962-11db-8ba7-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 4/8/2009 11:20:24 μμ

Scanning for connected USB mass storage...
----------------------------------------
I: {739b7012-f034-11db-b773-000a5e3ff621}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
autorun.inf found on I:
----------------------------------------
File I:\autorun.inf renamed successfully

Content of I:\autorun.inf.blocked
----------------------------------------
[AutoRun]
open=22yj2fy1.exe
shell\open\Command=22yj2fy1.exe
----------------------------------------

No mountpoint found for I:
Sanitized mountpoint for 739b7012-f034-11db-b773-000a5e3ff621
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
========================================






ComboFix 09-08-04.01 - John 04/08/2009 23:32.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.30.1033.18.2047.1538 [GMT 3:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: ZoneAlarm Anti-virus Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\eej2.exe
C:\m.com
C:\rbj9jn1n.bat
C:\sv8c2bjw.bat
c:\windows\Installer\1adb27e.msp
c:\windows\recover.reg
c:\windows\system32\autorun.ini
C:\xh319r9b.bat
D:\3.cmd
D:\autorun.inf
D:\b.com
D:\eej2.exe
D:\m.com
D:\mqhnawe.bat
D:\n68mqcra.exe
D:\rbj9jn1n.bat
D:\sv8c2bjw.bat
D:\xh319r9b.bat
I:\2a.exe
I:\autorun.inf
I:\icxpa.cmd
I:\lad.bat
I:\xh319r9b.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KAVSYS
-------\Legacy_ODBCASVC
-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-04 20:19 . 2009-08-04 20:23 -------- d-----w- C:\USBNoRisk
2009-08-03 18:28 . 2009-08-03 18:27 104533 --sh--r- C:\22yj2fy1.exe
2009-08-03 15:07 . 2009-08-03 15:08 -------- d-----w- C:\rsit
2009-08-02 15:25 . 2009-08-02 16:45 107841 --sh--r- C:\ukfbi3aw.exe
2009-08-01 16:03 . 2009-08-01 16:04 -------- d-----w- C:\Reg Backup
2009-08-01 16:02 . 2009-08-01 16:02 -------- d-----w- c:\program files\ERUNT
2009-08-01 14:28 . 2009-08-01 14:28 -------- d-----w- c:\program files\Trend Micro
2009-08-01 13:20 . 2009-08-01 13:20 107994 --sh--r- C:\6rxt26.exe
2009-07-30 16:45 . 2009-07-30 16:47 107843 --sh--r- C:\rx.exe
2009-07-29 13:39 . 2009-07-29 13:38 108530 --sh--r- C:\mb9x.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 20:11 . 2006-11-01 17:37 -------- d-----w- c:\program files\BitComet
2009-08-04 20:11 . 2007-03-29 21:37 -------- d-----w- c:\program files\eMule
2009-07-30 13:35 . 2006-11-05 21:16 -------- d-----w- c:\program files\Warcraft III
2009-07-29 17:23 . 2008-11-18 19:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-28 14:53 . 2006-08-11 17:57 102400 ----a-w- c:\windows\DUMPbc2b.tmp
2009-07-26 19:09 . 2006-08-11 17:57 102400 ----a-w- c:\windows\DUMPb92e.tmp
2009-07-24 13:14 . 2009-05-05 16:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 13:11 . 2009-06-25 15:15 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-24 13:11 . 2009-06-25 15:15 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-24 13:11 . 2009-06-25 15:15 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-24 13:11 . 2009-06-25 15:15 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-24 13:11 . 2009-06-25 15:15 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-24 13:11 . 2009-06-25 15:15 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-24 13:11 . 2009-06-25 15:15 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-24 13:10 . 2009-06-25 15:15 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-24 13:10 . 2009-06-25 15:15 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-24 13:10 . 2009-06-25 15:15 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-24 13:10 . 2009-06-25 15:15 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-24 13:10 . 2009-06-25 15:15 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-24 13:10 . 2009-06-25 15:15 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-24 13:10 . 2009-06-25 15:15 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-24 13:10 . 2009-06-25 15:14 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-24 13:10 . 2009-06-25 15:14 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-24 13:10 . 2009-06-25 15:14 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-24 13:07 . 2009-06-25 15:13 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-24 11:11 . 2008-11-18 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-13 10:36 . 2009-05-05 16:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 10:36 . 2009-05-05 16:34 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 16:02 . 2009-06-28 16:02 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2009-06-25 15:15 . 2009-06-25 15:15 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-25 15:15 . 2009-05-07 12:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-22 19:40 . 2006-10-28 20:20 -------- d-----w- c:\program files\FlashGet
2009-06-19 17:38 . 2009-06-19 17:38 -------- d-----w- c:\program files\NCSoft
2009-06-19 17:38 . 2006-08-11 17:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 17:38 . 2009-06-19 17:37 -------- d-----w- c:\documents and settings\John\Application Data\GetRightToGo
2009-06-11 14:16 . 2009-06-11 14:16 86528 ----a-w- c:\windows\bnetunin.exe
2009-05-19 12:21 . 2006-08-11 17:32 19504 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 11:10 . 2009-05-07 11:10 812344 ----a-w- C:\HJTInstall.exe
2009-05-07 11:00 . 2009-05-07 11:02 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-07 11:00 . 2009-05-07 11:00 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-07 10:53 . 2009-05-07 10:53 50688 ----a-w- C:\ATF-Cleaner.exe
2009-05-07 10:43 . 2009-05-07 10:40 37452296 ----a-w- C:\Ad-AwareAE.exe
2009-05-08 10:35 . 2008-12-18 10:33 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-24 520024]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-12-19 65024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-2 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 01000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\CABAL Online\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\World of Warcraft\\Repair.exe"=
"c:\\CABAL Online\\cabal.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe"=
"c:\\World of Warcraft\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24317:TCP"= 24317:TCP:BitComet 24317 TCP
"24317:UDP"= 24317:UDP:BitComet 24317 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/5/2009 2:02 μμ 64160]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [17/6/2008 7:10 μμ 17952]
S3 dump_wmimmc;dump_wmimmc;\??\c:\cabal online\GameGuard\dump_wmimmc.sys --> c:\cabal online\GameGuard\dump_wmimmc.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/3/2009 10:06 μμ 1029456]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva104;XDva104;\??\c:\windows\system32\XDva104.sys --> c:\windows\system32\XDva104.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:10]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
DPF: {5FFFA267-0B81-42B4-BE64-77B5C9FE287F} - hxxp://www.playran.com/game/MinWebLauncher.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://ares.netgame.com/download/mglaunch_USAv1002.cab
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\sotzj6n3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 23:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ati2evxx.exe
.
**************************************************************************
.
Completion time: 2009-08-04 23:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-04 20:47

Pre-Run: 6.705.565.696 bytes free
Post-Run: 6.625.087.488 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
203 --- E O F --- 2008-11-18 00:41

Oogabooga
2009-08-05, 15:10
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, August 5, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, August 05, 2009 10:00:43
Records in database: 2582302
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\
I:\

Scan statistics:
Files scanned: 155409
Threat name: 10
Infected objects: 16
Suspicious objects: 0
Duration of the scan: 03:27:18


File name / Threat name / Threats count
C:\22yj2fy1.exe Infected: Trojan-GameThief.Win32.Magania.bsup 1
C:\6rxt26.exe Infected: Trojan-GameThief.Win32.Magania.bsib 1
C:\mb9x.exe Infected: Trojan-GameThief.Win32.Magania.brut 1
C:\Qoobox\Quarantine\C\eej2.exe.vir Infected: Trojan-GameThief.Win32.Magania.bruw 1
C:\Qoobox\Quarantine\C\m.com.vir Infected: Trojan-GameThief.Win32.Magania.bidp 1
C:\Qoobox\Quarantine\C\rbj9jn1n.bat.vir Infected: Trojan-GameThief.Win32.Magania.baqk 1
C:\Qoobox\Quarantine\C\sv8c2bjw.bat.vir Infected: Trojan-GameThief.Win32.Magania.bgtt 1
C:\Qoobox\Quarantine\C\xh319r9b.bat.vir Infected: Trojan-GameThief.Win32.Magania.bcvu 1
C:\rx.exe Infected: Trojan-GameThief.Win32.Magania.bsdh 1
C:\ukfbi3aw.exe Infected: Trojan-GameThief.Win32.Magania.bspo 1
D:\22yj2fy1.exe Infected: Trojan-GameThief.Win32.Magania.bsup 1
D:\6rxt26.exe Infected: Trojan-GameThief.Win32.Magania.bsib 1
D:\mb9x.exe Infected: Trojan-GameThief.Win32.Magania.brut 1
D:\rx.exe Infected: Trojan-GameThief.Win32.Magania.bsdh 1
D:\ukfbi3aw.exe Infected: Trojan-GameThief.Win32.Magania.bspo 1
I:\22yj2fy1.exe Infected: Trojan-GameThief.Win32.Magania.bsup 1

The selected area was scanned.

katana
2009-08-05, 17:50
Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


http://forums.spybot.info/showthread.php?p=326476#post326476
Collect::[4]
C:\22yj2fy1.exe
C:\6rxt26.exe
C:\mb9x.exe
C:\rx.exe
C:\ukfbi3aw.exe
File::
D:\22yj2fy1.exe
D:\6rxt26.exe
D:\mb9x.exe
D:\rx.exe
D:\ukfbi3aw.exe
I:\22yj2fy1.exe
I:\22yj2fy1.exe
I:\6rxt26.exe
I:\mb9x.exe
I:\rx.exe
I:\ukfbi3aw.exe
Folder::
c:\Program Files\BitComet
c:\Program Files\eMule
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24317:TCP"=-
"24317:UDP"=-
"3724:TCP"=-

ADS::
Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box.
Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


How are things running now ?

Oogabooga
2009-08-05, 19:09
Question: I noticed that the CFScript also deleted a lot of mp3 files from the BitComet folder (basically the whole downloads folder). Is this a precaution or were those mp3's and ISO's infected? Because I've written some of them on audio and mp3's CDs. Do I need to throw away the CDs too?



ComboFix 09-08-04.03 - John 05/08/2009 18:39.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.30.1033.18.2047.1466 [GMT 3:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt
AV: ZoneAlarm Anti-virus Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"D:\22yj2fy1.exe"
"D:\6rxt26.exe"
"D:\mb9x.exe"
"D:\rx.exe"
"D:\ukfbi3aw.exe"
"I:\22yj2fy1.exe"
"I:\6rxt26.exe"
"I:\mb9x.exe"
"I:\rx.exe"
"I:\ukfbi3aw.exe"

file zipped: C:\22yj2fy1.exe
file zipped: C:\6rxt26.exe
file zipped: C:\mb9x.exe
file zipped: C:\rx.exe
file zipped: C:\ukfbi3aw.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\22yj2fy1.exe
C:\6rxt26.exe
C:\mb9x.exe
c:\program files\BitComet
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\codec\CodecCheck.exe
c:\program files\BitComet\codec\RealMediaSplitter.ax
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Bleed\01-Bleed.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Bleed\02-Black Rain.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Bleed\03-Never.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Bleed\04-Follow Me Pt.1.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Bleed\05-Follow Me Pt.2.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Bleed\06-Added To Serenity.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Bleed\07-Surrender.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Bleed\08-Sanity.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Bleed\09-Liquid Angel.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Bleed\10-Memories.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Bleed\11-Temple Of The King.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Bleed\12-Nightmare (Extended Version).mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\01 - Border of reality.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\02 - No more faith.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\03 - Nightmare.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\04 - Centuries.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\05 - When I die.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\06 - Where the wind blows.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\07 - Spotlight kid.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\08 - Behind the mirror.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\09 - Coming home.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\AlbumArt_{14535BC3-625C-40B5-8AF5-A6FE6234D10C}_Large.jpg
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\AlbumArt_{14535BC3-625C-40B5-8AF5-A6FE6234D10C}_Small.jpg
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\AlbumArtSmall.jpg
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\desktop.ini
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Border Of Reality\Folder.jpg
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\AlbumArt_{F38F7538-9D7E-410B-A8C5-844E15EC9E43}_Large.jpg
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\AlbumArt_{F38F7538-9D7E-410B-A8C5-844E15EC9E43}_Small.jpg
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\AlbumArtSmall.jpg
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\desktop.ini
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\Enlighten the Darkness - 01 Let Me Live.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\Enlighten the Darkness - 02 The One You Are.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\Enlighten the Darkness - 03 Enjoy!.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\Enlighten the Darkness - 04 Fly Away.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\Enlighten the Darkness - 05 Come into Resistance.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\Enlighten the Darkness - 06 Beneath the Silence.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\Enlighten the Darkness - 07 Still I'm Bleeding.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\Enlighten the Darkness - 08 I Need You.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\Enlighten the Darkness - 09 First in Line.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\Enlighten the Darkness - 10 Cross of Hatred.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\Enlighten the Darkness - 11 Oceans of Tomorrow.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Enlighten the Darkness\Folder.jpg
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Into The Dark Past\Angel Dust - Into The Dark Past - 01 - Into The Dark Past.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Into The Dark Past\Angel Dust - Into The Dark Past - 02 - I'll Come Back.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Into The Dark Past\Angel Dust - Into The Dark Past - 03 - Legions Of Destruction.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Into The Dark Past\Angel Dust - Into The Dark Past - 04 - Gambler.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Into The Dark Past\Angel Dust - Into The Dark Past - 05 - Fighter's Return.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Into The Dark Past\Angel Dust - Into The Dark Past - 06 - Atomic Roar.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Into The Dark Past\Angel Dust - Into The Dark Past - 07 - Victims Of Madness.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Into The Dark Past\Angel Dust - Into The Dark Past - 08 - Marching For Revenge.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\AlbumArt_{66BBFB12-2784-4E94-842D-DEDC5DC0F8ED}_Large.jpg
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\AlbumArt_{66BBFB12-2784-4E94-842D-DEDC5DC0F8ED}_Small.jpg
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\AlbumArtSmall.jpg
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\Angel Dust - 01 - The Human Bondage.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\Angel Dust - 02 - Inhuman.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\Angel Dust - 03 - Unreal Soul.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\Angel Dust - 04 - Disbeliever.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\Angel Dust - 05 - Forever.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\Angel Dust - 06 - Unite.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\Angel Dust - 07 - Got This Evil.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\Angel Dust - 08 - The Cultman.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\Angel Dust - 09 - Freedom Awaits.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\Angel Dust - 10 - Killer.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\desktop.ini
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - Of Human Bondage\Folder.jpg
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - To Dust You Will Decay\01 - 3rd Challenge.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - To Dust You Will Decay\02 - Mr. Inferno.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - To Dust You Will Decay\03 - Wings Of An Angel.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - To Dust You Will Decay\04 - Into The Dark Past (Chapter II).mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - To Dust You Will Decay\05 - The King.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - To Dust You Will Decay\06 - To Dust You Will Decay.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - To Dust You Will Decay\07 - Stranger.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - To Dust You Will Decay\08 - The Duell.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - To Dust You Will Decay\09 - Hold On.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - To Dust You Will Decay\10 - Flight To Russia.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\Angel Dust - To Dust You Will Decay\11 - Dawn Of The End.mp3
c:\program files\BitComet\Downloads\Angel Dust Discography\desktop.ini
c:\program files\BitComet\Downloads\Angel Dust Discography\note.txt
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\AlbumArt_{518A2A18-BDBB-4B11-881D-98F5EDCB6D3D}_Large.jpg
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\AlbumArt_{518A2A18-BDBB-4B11-881D-98F5EDCB6D3D}_Small.jpg
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\AlbumArtSmall.jpg
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\cheap trick - heaven tonight - 01 - surrender.mp3
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\cheap trick - heaven tonight - 02 - on top of the world.mp3
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\cheap trick - heaven tonight - 03 - california man.mp3
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\cheap trick - heaven tonight - 04 - high roller.mp3
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\cheap trick - heaven tonight - 05 - auf wiedersehen.mp3
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\cheap trick - heaven tonight - 06 - takin' me back.mp3
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\cheap trick - heaven tonight - 07 - on the radio.mp3
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\cheap trick - heaven tonight - 08 - heaven tonight.mp3
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\cheap trick - heaven tonight - 09 - stiff competition.mp3
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\cheap trick - heaven tonight - 10 - how are you.mp3
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\desktop.ini
c:\program files\BitComet\Downloads\Cheap trick - Heaven tonight (rem) (1978)\Folder.jpg
c:\program files\BitComet\Downloads\Cheap Trick - Rockford\AlbumArt_{1FA0F427-D377-471F-B226-7759C160E165}_Large.jpg
c:\program files\BitComet\Downloads\Cheap Trick - Rockford\AlbumArt_{1FA0F427-D377-471F-B226-7759C160E165}_Small.jpg
c:\program files\BitComet\Downloads\Cheap Trick - Rockford\AlbumArtSmall.jpg
c:\program files\BitComet\Downloads\Cheap Trick - Rockford\Cheap Trick - Rockford - 02 - Perfect Stranger.mp3
c:\program files\BitComet\Downloads\Cheap Trick - Rockford\desktop.ini
c:\program files\BitComet\Downloads\Cheap Trick - Rockford\Folder.jpg
c:\program files\BitComet\Downloads\Cheap Trick - The essential\101-cheap_trick-elo_kiddies_(single_version)-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\102-cheap_trick-hot_love-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\103-cheap_trick-hes_a_whore-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\104-cheap_trick-mandocello_(live_with_billy_corgan)-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\105-cheap_trick-clock_strikes_ten-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\106-cheap_trick-southern_girls_(single_version)-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\107-cheap_trick-downed-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\108-cheap_trick-hello_there-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\109-cheap_trick-surrender-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\110-cheap_trick-california_man-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\111-cheap_trick-high_roller-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\112-cheap_trick-auf_wiedersehen-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\113-cheap_trick-i_want_you_to_want_me_(live)-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\114-cheap_trick-aint_that_a_shame-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\115-cheap_trick-takin_me_back-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\116-cheap_trick-dream_police-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\117-cheap_trick-voices-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\118-cheap_trick-gonna_raise_hell_(live)-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\201-cheap_trick-way_of_the_world-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\202-cheap_trick-stop_this_game-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\203-cheap_trick-worlds_greatest_lover-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\204--everything_works_if_you_let_it_(full_version)-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\205-cheap_trick-shes_tight-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\206-if_you_want_my_love_(alternate_extra_bridge_version)-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\207-cheap_trick-i_cant_take_it-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\208-cheap_trick-tonight_its_you-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\209-cheap_trick-this_time_around-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\210-cheap_trick-the_flame-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\211-cheap_trick-had_to_make_you_mine-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\212-cheap_trick-i_cant_understand_it-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\213-cheap_trick-cant_stop_falling_into_love-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\214-cheap_trick-walk_away_(featuring_chrissie_hynde)-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\215-cheap_trick-woke_up_with_a_monster-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\216-cheap_trick-hard_to_tell_(live)-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\217-cheap_trick-say_goodbye-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\218-cheap_trick-scent_of_a_woman-xxl.mp3
c:\program files\BitComet\Downloads\Cheap Trick - The essential\front.JPG
c:\program files\BitComet\Downloads\ELLINIDES FITITRIES SE KRISI - Greek xxx NEW.avi
c:\program files\BitComet\Downloads\GoldWave v5.22 + Serial .rar
c:\program files\BitComet\Downloads\Greek homemade porn - Katerina & Eirini.avi
c:\program files\BitComet\Downloads\Iron Maiden - Seventh Son Of A Seventh Son {Original} (1988) [EAC - Lame V0]\01 - Moonchild.mp3
c:\program files\BitComet\Downloads\Iron Maiden - Seventh Son Of A Seventh Son {Original} (1988) [EAC - Lame V0]\02 - Infinite Dreams.mp3
c:\program files\BitComet\Downloads\Iron Maiden - Seventh Son Of A Seventh Son {Original} (1988) [EAC - Lame V0]\03 - Can I Play With Madness.mp3
c:\program files\BitComet\Downloads\Iron Maiden - Seventh Son Of A Seventh Son {Original} (1988) [EAC - Lame V0]\04 - The Evil That Men Do.mp3
c:\program files\BitComet\Downloads\Iron Maiden - Seventh Son Of A Seventh Son {Original} (1988) [EAC - Lame V0]\05 - Seventh Son Of A Seventh Son.mp3
c:\program files\BitComet\Downloads\Iron Maiden - Seventh Son Of A Seventh Son {Original} (1988) [EAC - Lame V0]\06 - The Prophecy.mp3
c:\program files\BitComet\Downloads\Iron Maiden - Seventh Son Of A Seventh Son {Original} (1988) [EAC - Lame V0]\07 - The Clairvoyant.mp3
c:\program files\BitComet\Downloads\Iron Maiden - Seventh Son Of A Seventh Son {Original} (1988) [EAC - Lame V0]\08 - Only The Good Die Young.mp3
c:\program files\BitComet\Downloads\Iron Maiden - Seventh Son Of A Seventh Son {Original} (1988) [EAC - Lame V0]\Dingo_RG.jpg
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\01 - -opening- Jinsei no merry-go-round.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\02 - youki na keikihei.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\03 - kuchu sanpo.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\04 - tokimeki.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\05 - arechi no majo.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\06 - sasurai no Sophie.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\07 - mahou no tobira.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\08 - kienai noroi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\09 - oosouji.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\10 - hoshi no umi he.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\11 - shizuka na omoi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\12 - ame no naka de.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\13 - kyoei to yujou.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\14 - 90 sai no shoujo.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\15 - Sariman no mahoujin -shiro he no kikan-.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\16 - himitsu no douketsu.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\17 - hikkoshi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\18 - hanazono.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\19 - hahsire!.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\20 - koi da ne.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\21 - famiry.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\22 - senka no koi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\23 - dasshutsu.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\24 - Sophie no shiro.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\25 - hoshi wo nonda shounen.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\26 - -ending- sekai no yakusoku -Jinsei no merry-go-round.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\cover.jpg
c:\program files\BitComet\Downloads\Joe Hisaishi\Howl's Moving Castle\Howl's Moving Castle Sountrack.mht
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Cd covers\Back.JPG
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Cd covers\Front-retro.JPG
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Cd covers\Front.JPG
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Cd covers\Pag1-front.JPG
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Cd covers\Pag1-retro.JPG
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Kiki's Delivery Service OST.m3u
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 01 - On a Clear Day.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 02 - Departure.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 03 - A Town where you can see the Ocean.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 04 - Flying Express Delivery Service.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 05 - Helping at the Bakery.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 06 - Starting a Job.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 07 - Substitute Jiji.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 08 - Jeff.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 09 - Hectic Kiki.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 10 - Late for the Party.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 11 - Osono's Favor.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 12 - Propeller Bicycle.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 13 - I Can't Fly!.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 14 - Heartbroken Kiki.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 15 - To Ursula's Cabin.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 16 - Mysterious Painting.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 17 - Rough-Flying Airship Adventure.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 18 - The Old Man's Deck Brush.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 19 - Rendezvous with a Deck Brush.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 20 - Lipstick Message.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Kiki's Delivery Service\Track 21 - If Enveloped in Tenderness.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 01 - The Girl Who Fell From The Sky .mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 02 - A Morning Of The Slag Ravine .mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 03 - A Fun Brawl (~ Pursuit).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 04 - Memories Of Gondoa.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 05 - Discouraged Pazu.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 06 - Robot Soldier (Resurrection ~ Rescue).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 07 - Carrying You Chorus Version.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 08 - Sheeta's Decision.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 09 - On The Tiger Moss.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 10 - An Omen To Ruin.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 11 - The Sea Of Cloud Under The Moonlight .mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 12 - Castle In The Sky.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 13 - The Collapse Of Laputa.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\laputa - castle in the sky ost\Laputa - 14 - Carrying You.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\_PLAY.M3U
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\01 - The Legend of Ashitaka.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\02 - The Demon God.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\03 - The Journey to the West.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\04 - The Demon Power.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\05 - The Land of the Impure.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\06 - The Encounter.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\07 - Kodamas.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\08 - The Forest of the Gods.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\09 - Evening at the Ironworks.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\10 - The Demon God II.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\11 - Lady Eboshi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\12 - The Tatara Women Work Song.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\13 - The Furies.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\14 - The Young Man From the East.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\15 - Requiem.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\16 - Will to Live.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\17 - San and Ashitaka in the Forest of the Deer God.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\18 - Princess Mononoke Theme Song (instrumental version).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\19 - Requiem II.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\20 - Princess Mononoke Theme Song.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\21 - The Battle Drums.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\22 - The Battle In Front of the Ironwork.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\23 - The Demon Power II.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\24 - Requiem III.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\25 - The Retreat.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\26 - The Demon God III.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\27 - Adagio of Life and Death.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\28 - The World of the Dead.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\29 - The World of the Dead II.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\30 - Adagio of Life and Death II.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\31 - Ashitaka and San.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\32 - Princess Mononoke Theme Song (2).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\33 - The Legend of Ashitaka Theme.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\COVER.ZIP
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\Cover\2.bmp
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\Cover\3.bmp
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\Cover\4.bmp
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\Cover\back.bmp
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\Cover\front.bmp
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\Cover\mononoke.jwl
c:\program files\BitComet\Downloads\Joe Hisaishi\Mononoke Hime\Mononoke Hime.m3u
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 01 - Kaze No Tani No Nausicaa (Opening).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 02 - Ohmu No Bousou (Stampede Of The Ohmu).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 03 - Kaze No Tani No Nausicaa (The Valley Of The Wind) Yasuda Narumi Vocals.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 04 - Mushi Aizuru Hime (A Princess Who Loves Insects).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 05 - Kushana No Shinryaku (Kushana's Invasion).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 06 - Sentou (Battle).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 07 - Ohmu To No Kouryuu (Interchange With The Ohmu).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 08 - Kusare-Umi Ni Te (In The Polluted Sea).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 09 - Pejitei No Zenmetsu (Annihilation Of The Pejitei).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 10 - Moewe To Corvette No Tatakai (Battle Between Moewe & Corvette).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 11 - Yomigaeru Kyo-Kami-Hei (Resurrecting The God Warrior).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 12 - Nausicaa Requiem.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD1 - 13 - Tori No Hito (Ending - Bird Person).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD2 - 01 - Kaze No Densetsu (Legend Of The Wind).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD2 - 02 - Sentou (Battle).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD2 - 03 - Harukana (To A Far Away Land).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD2 - 04 - Kusare-Umi (The Polluted Sea).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD2 - 05 - Moewe (Seagull - Nausicaa's Glider).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD2 - 06 - Kyoshinhei - Tokumekia Gun - Kushana Denka (God Warrior - Tokumekia - Princess Kushana).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD2 - 07 - Kazeno Tani No Nausicaa (Nausicaa Of The Valley Of The Wind).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD2 - 08 - Tooi Hibi (The Days Long Gone).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\CD2 - 09 - Tani Heno Michi (The Road To The Valley).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\Chat Chat - Kaze no Tani no Naushika.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\joe hisaishi - Symphonic Poem NAUSICAA.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\Kaze No Tani No Nausicaa (Unknown).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\Ohmu No Bousou (Stampede Of The Ohmu) - Alternate 'Rock' Version.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Nausicaa\Studio Ghibli Brass Fantasia - Nausicaa - Opening Theme.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\00 - Kurenai No Buta.m3u
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\00 - Kurenai No Buta.sfv
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\00 - Kurenai No Buta.txt
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\01 - jidai no kaze ~ hito ga hito de irareta toki.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\02 - Mamma Aiutto.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\03 - Addio!.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\04 - kaerazaru hibi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\05 - SEPIA-iro no shashin.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\06 - SERIBIA MAACHI.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\07 - Flying Boatment.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\08 - Doom ~ kumo no wana.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\09 - Porco e Bella ~ Ending.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\10 - Fio ~ Seventeen.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\11 - Piccolo no onna-tachi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\12 - Friend.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\13 - Partnership.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\14 - kyouki ~ hishou.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\15 - ADORIA no umi e.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\16 - toki jidai wo motomete.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\17 - areno no hitomebore.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\18 - natsu no owari ni.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\19 - ushinawareta tama ~ Lost Spirit.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\20 - Dogfight.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\21 - Porco e Bella ~ Ending.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\22 - sakuranbo no minoru koro.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\23 - toki ni wa mukashi no hanashi o.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\Kurenai No Buta - 01 - Face Avant.jpg
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\Kurenai No Buta - 02 - CD.jpg
c:\program files\BitComet\Downloads\Joe Hisaishi\Porco Rosso\Kurenai No Buta - 03 - Face Arri?re.jpg
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\01 - Ano Natsu He.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\02 - Touri Michi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\03 - Dare Mo Inai Ryouriten.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\04 - Yoru Kitaru.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\05 - Ryuu No Shounen.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\06 - Boiler Chuh - Boiraa Moshi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\07 - Kamisama Tachi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\08 - Yu-Baaba.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\09 - Yuya No Asa.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\10 - Ano Hi No Kawa.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\11 - Shigoto Wa Tsuraize.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\12 - Okusare Sama.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\13 - Sen No Yuuki.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\14 - Sokonashi Ana.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\15 - Kaonashi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\16 - 6 Banme No Eki.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\17 - Yu-Baaba Kyouran.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\18 - Numa No Soko No Ie.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\19 - Futatabi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\20 - Kaeru Hi.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\2001 Sen To Chihiro No Kamikakushi.txt
c:\program files\BitComet\Downloads\Joe Hisaishi\Spirited Away\21 - Itsudemo Nandemo.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\01. Sanpo Opening Shudaika.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\02. Gogatsu No Mura.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\03. Obake Yashiki!.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\04. Mei To Susuwatari.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\05. Yuugure No Kaze.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\06. Kowakunai.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\07. Omimai Ni Ikou.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\08. Oka Asan.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\09. Kosana Obake.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\10. Totoro.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\11. Tsukamori No Taiju.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\12. Mai Go.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\13. Kaze To Toori Michi (Instrumental).mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\14. Zubunure Obake.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\15. Tsukiyo No Hikou.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\16. Mei Ga Inai.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\17. Neko Bus.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\18. Yokatta Ne.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\19. Tonari No Totoro~Ending Shudaika.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Tonari No Totoro\20. Sanpo.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 01.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 02.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 03.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 04.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 05.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 06.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 07.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 08.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 09.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 10.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 11.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 12.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 13.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 14.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 15.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 16.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 17.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 18.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 19.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 20.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 21.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper of the Heart_Soundtrack_AudioTrack 22.mp3
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper_of_the_Heart__Back_Cover.bmp
c:\program files\BitComet\Downloads\Joe Hisaishi\Whisper Of The Heart\Whisper_of_the_Heart__Front_Cover.bmp
c:\program files\BitComet\Downloads\Kabamaru OST\01.Circus Game.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\02.The Spy Game.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\03.Kurisutaru Warutsu.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\04.Koi Wa Kibun Shidai.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\05.Ninpou [Mirakuru] Men.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\06.Igano Koiuta.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\07.Shuriken [Rarabai].mp3
c:\program files\BitComet\Downloads\Kabamaru OST\08.Koi Shite [Pinku].mp3
c:\program files\BitComet\Downloads\Kabamaru OST\09.How much ii Kao.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\10.Kingyoku Gakuin [Ma-Chingu Te-ma].mp3
c:\program files\BitComet\Downloads\Kabamaru OST\11.Kotogu No [Merodi].mp3
c:\program files\BitComet\Downloads\Kabamaru OST\12.Ok Gakuen No Kettou.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\13.Walking Pants.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\14.Yakisoba Ondo.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\15.Zukkoke Chanbara Ge-mu.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\16.Senchimentaru Memori.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\17.Wanda Suku-ru Ai No [Te-ma].mp3
c:\program files\BitComet\Downloads\Kabamaru OST\18.Ninja [Dansu] ha Watashi to.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\19.Sekiyou no Yuuhi.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\20.[Raburi] Asagoromo [Bo-i].mp3
c:\program files\BitComet\Downloads\Kabamaru OST\21.Magic Power.mp3
c:\program files\BitComet\Downloads\Kabamaru OST\22.[Sumimasen] My love.mp3
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\01 - Take a Bow.mp3
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\02 - Starlight.mp3
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\03 - Supermassive Black Hole.mp3
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\04 - Map of the Problematique.mp3
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\05 - Soldier's Poem.mp3
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\06 - Invincible.mp3
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\07 - Assasin.mp3
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\08 - Exo-Politics.mp3
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\09 - City of Delusion.mp3
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\10 - Hoodoo.mp3
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\11 - Knights of Cydonia.mp3
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\AlbumArt_{218613AA-E964-4404-8301-0DD48639663A}_Large.jpg
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\AlbumArt_{218613AA-E964-4404-8301-0DD48639663A}_Small.jpg
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\AlbumArtSmall.jpg
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\desktop.ini
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\Folder.jpg
c:\program files\BitComet\Downloads\Muse-Black.Holes.and.Revelations\Muse - Black Holes and Revelation - Frontal.jpg
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\01 - Stupid Girls.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\02 - Who Knew.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\03 - Long Way To Happy.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\04 - Nobody Knows.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\05 - Dear Mr. President.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\06 - I'm Not Dead.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\07 - Cuz I Can.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\08 - Leave ME Alone (I'm Lonely).mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\09 - U + Ur Hands.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\10 - Runaway.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\11 The One That Got Away.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\12 - I Got Money Now.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\13 - Conversations With My 13 Year Old Self.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\14 - Fingers.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\15 - Centerfold.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\16 - I Have Seen The Rain.mp3
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\AlbumArt_{A2109C89-D317-4E6E-8F3E-B1AF4B70177E}_Large.jpg
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\AlbumArt_{A2109C89-D317-4E6E-8F3E-B1AF4B70177E}_Small.jpg
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\AlbumArtSmall.jpg
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\Cover.jpg
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\desktop.ini
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\Folder.jpg
c:\program files\BitComet\Downloads\Pink - I'm Not Dead\[url]www.torrentpower.net.txt
c:\program files\BitComet\Downloads\tachyon the fringe\no-cd\divine.nfo
c:\program files\BitComet\Downloads\tachyon the fringe\no-cd\file_id.diz
c:\program files\BitComet\Downloads\tachyon the fringe\no-cd\space.exe
c:\program files\BitComet\Downloads\tachyon the fringe\serial numbers.txt
c:\program files\BitComet\Downloads\tachyon the fringe\tachyon.iso
c:\program files\BitComet\Downloads\tachyon the fringe\Tracked_by_Demonoid_com.txt
c:\program files\BitComet\Downloads\tachyon the fringe\update\ttf_update_050500_xx.exe
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\01 New Frontiers.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\02 Stargazer.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\03 Rage.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\04 I hold the key (Into the void).mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\05 Colours Of The Night.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\06 Mother.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\07 Let Me Cry.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\08 Justice.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\09 Fear.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\10 Burning In The Wind.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\11 Aperite!.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\12 Dungeons of the Vatican.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\13 Cold Flames Of Faith.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\14 Suspicions.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\15 White Collars.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\16 prisoner of dreams (condemned).mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\17 Black Rose.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\18 I Can't Smile.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\19 Silent Cry.mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\Act II Galileo BACK.JPEG
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\Act II Galileo FRONT.JPEG
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Act II Galileo\TIME MACHINE Galileo.txt
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Aliger daemon\01 - Eyes of Fire (Daemon Remix).mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Aliger daemon\02 - Army Of The Dead (Daemon Remix).mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Aliger daemon\03 - Desert of Souls (Remaster).mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Aliger daemon\04 - Will You Remember (Hidden Secrets Version).mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Aliger daemon\05 - Silent Revolution (Original Version).mp3
c:\program files\BitComet\Downloads\TIME MACHINE Discografia \Aliger daemon\Aliger daemon BACK.JPEG

Oogabooga
2009-08-05, 19:10
c:\program files\BitComet\Downloads\ZoneAlarm Security Suite v7.0.470.000 XP x86+ Keygen - HeartBug\Declaration of Use!!!.txt
c:\program files\BitComet\Downloads\ZoneAlarm Security Suite v7.0.470.000 XP x86+ Keygen - HeartBug\HeartBug.nfo
c:\program files\BitComet\Downloads\ZoneAlarm Security Suite v7.0.470.000 XP x86+ Keygen - HeartBug\How to Install!!.txt
c:\program files\BitComet\Downloads\ZoneAlarm Security Suite v7.0.470.000 XP x86+ Keygen - HeartBug\Keygen\Keygen.exe
c:\program files\BitComet\Downloads\ZoneAlarm Security Suite v7.0.470.000 XP x86+ Keygen - HeartBug\Specs.txt
c:\program files\BitComet\fav\ad\artow.gif
c:\program files\BitComet\fav\ad\previewdlg_en_us.htm
c:\program files\BitComet\fav\ad\previewdlg_zh_cn.htm
c:\program files\BitComet\fav\ad\previewwnd_en_us.htm
c:\program files\BitComet\fav\ad\previewwnd_zh_cn.htm
c:\program files\BitComet\fav\ad\pv_dlg.swf
c:\program files\BitComet\fav\ad\pv_us_10101.swf
c:\program files\BitComet\fav\ad\pv_us_10102.swf
c:\program files\BitComet\fav\ad\pv_wnd.swf
c:\program files\BitComet\fav\fav_bg_bg.xml
c:\program files\BitComet\fav\fav_ca_es.xml
c:\program files\BitComet\fav\fav_de_de.xml
c:\program files\BitComet\fav\fav_el_gr.xml
c:\program files\BitComet\fav\fav_en_us.xml
c:\program files\BitComet\fav\fav_es_es.xml
c:\program files\BitComet\fav\fav_fi_fi.xml
c:\program files\BitComet\fav\fav_he_il.xml
c:\program files\BitComet\fav\fav_hu_hu.xml
c:\program files\BitComet\fav\fav_it_it.xml
c:\program files\BitComet\fav\fav_jp_jp.xml
c:\program files\BitComet\fav\fav_ko_kr.xml
c:\program files\BitComet\fav\fav_lv_lv.xml
c:\program files\BitComet\fav\fav_nl_nl.xml
c:\program files\BitComet\fav\fav_pl_pl.xml
c:\program files\BitComet\fav\fav_pt_br.xml
c:\program files\BitComet\fav\fav_pt_pt.xml
c:\program files\BitComet\fav\fav_ru_ru.xml
c:\program files\BitComet\fav\fav_sl_si.xml
c:\program files\BitComet\fav\fav_th_th.xml
c:\program files\BitComet\fav\fav_uk_ua.xml
c:\program files\BitComet\fav\fav_va_es.xml
c:\program files\BitComet\fav\fav_vi_vn.xml
c:\program files\BitComet\fav\fav_zh_cn.xml
c:\program files\BitComet\fav\fav_zh_tw.xml
c:\program files\BitComet\fav\HowTo-AddYourSite.txt
c:\program files\BitComet\fav\introduce_zh_cn.mht
c:\program files\BitComet\fav\search_el_gr.mht
c:\program files\BitComet\fav\search_en_us.mht
c:\program files\BitComet\fav\search_uk_ua.mht
c:\program files\BitComet\fav\search_zh_cn.mht
c:\program files\BitComet\Favourite.xml
c:\program files\BitComet\lang\HowTo-Translate.txt
c:\program files\BitComet\lang\lang_ar_ae.xml
c:\program files\BitComet\lang\lang_ba_ba.xml
c:\program files\BitComet\lang\lang_ba_eu.xml
c:\program files\BitComet\lang\lang_bg_bg.xml
c:\program files\BitComet\lang\lang_ca_es.xml
c:\program files\BitComet\lang\lang_cz_cz.xml
c:\program files\BitComet\lang\lang_da_dk.xml
c:\program files\BitComet\lang\lang_de_de.xml
c:\program files\BitComet\lang\lang_el_gr.xml
c:\program files\BitComet\lang\lang_en_us.xml
c:\program files\BitComet\lang\lang_es_ar.xml
c:\program files\BitComet\lang\lang_es_es.xml
c:\program files\BitComet\lang\lang_et_ee.xml
c:\program files\BitComet\lang\lang_fi_fi.xml
c:\program files\BitComet\lang\lang_fr_fr.xml
c:\program files\BitComet\lang\lang_gl_es.xml
c:\program files\BitComet\lang\lang_he_il.xml
c:\program files\BitComet\lang\lang_hr_hr.xml
c:\program files\BitComet\lang\lang_hu_hu.xml
c:\program files\BitComet\lang\lang_it_it.xml
c:\program files\BitComet\lang\lang_jp_jp.xml
c:\program files\BitComet\lang\lang_ko_kr.xml
c:\program files\BitComet\lang\lang_lt_lt.xml
c:\program files\BitComet\lang\lang_lv_lv.xml
c:\program files\BitComet\lang\lang_nb_no.xml
c:\program files\BitComet\lang\lang_nl_nl.xml
c:\program files\BitComet\lang\lang_pl_pl.xml
c:\program files\BitComet\lang\lang_pt_br.xml
c:\program files\BitComet\lang\lang_pt_pt.xml
c:\program files\BitComet\lang\lang_ro_ro.xml
c:\program files\BitComet\lang\lang_ru_ru.xml
c:\program files\BitComet\lang\lang_sk_sk.xml
c:\program files\BitComet\lang\lang_sl_si.xml
c:\program files\BitComet\lang\lang_sq_al.xml
c:\program files\BitComet\lang\lang_sr_sr.xml
c:\program files\BitComet\lang\lang_sv_se.xml
c:\program files\BitComet\lang\lang_th_th.xml
c:\program files\BitComet\lang\lang_tr_tr.xml
c:\program files\BitComet\lang\lang_uk_ua.xml
c:\program files\BitComet\lang\lang_va_es.xml
c:\program files\BitComet\lang\lang_vi_vn.xml
c:\program files\BitComet\lang\lang_zh_cn.xml
c:\program files\BitComet\lang\lang_zh_tw.xml
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\BitComet\rules\ipfilter.dat
c:\program files\eMule
c:\program files\eMule\config\cancelled.met
c:\program files\eMule\config\clients.met
c:\program files\eMule\config\emfriends.met
c:\program files\eMule\config\known2_64.met
c:\program files\eMule\config\preferences.ini
c:\program files\eMule\config\server_met.old
c:\program files\eMule\config\statistics.ini
c:\program files\eMule\Temp\001.part
c:\program files\eMule\Temp\001.part.met
c:\program files\eMule\Temp\001.part.met.bak
c:\program files\eMule\Temp\002.part
c:\program files\eMule\Temp\002.part.met
c:\program files\eMule\Temp\002.part.met.bak
C:\rx.exe
C:\ukfbi3aw.exe
c:\windows\Installer\2c9d97d.msi
D:\22yj2fy1.exe
D:\6rxt26.exe
D:\mb9x.exe
D:\rx.exe
D:\ukfbi3aw.exe
I:\22yj2fy1.exe


.
((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-08-05 12:28 . 2009-08-05 12:28 -------- d-----w- c:\program files\Java
2009-08-04 20:19 . 2009-08-04 20:23 -------- d-----w- C:\USBNoRisk
2009-08-03 15:07 . 2009-08-03 15:08 -------- d-----w- C:\rsit
2009-08-01 16:03 . 2009-08-01 16:04 -------- d-----w- C:\Reg Backup
2009-08-01 16:02 . 2009-08-01 16:02 -------- d-----w- c:\program files\ERUNT
2009-08-01 14:28 . 2009-08-01 14:28 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 12:29 . 2008-12-07 12:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-05 12:22 . 2006-08-11 17:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-30 13:35 . 2006-11-05 21:16 -------- d-----w- c:\program files\Warcraft III
2009-07-29 17:23 . 2008-11-18 19:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-28 14:53 . 2006-08-11 17:57 102400 ----a-w- c:\windows\DUMPbc2b.tmp
2009-07-26 19:09 . 2006-08-11 17:57 102400 ----a-w- c:\windows\DUMPb92e.tmp
2009-07-24 13:14 . 2009-05-05 16:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 13:11 . 2009-06-25 15:15 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-24 13:11 . 2009-06-25 15:15 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-24 13:11 . 2009-06-25 15:15 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-24 13:11 . 2009-06-25 15:15 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-24 13:11 . 2009-06-25 15:15 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-24 13:11 . 2009-06-25 15:15 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-24 13:11 . 2009-06-25 15:15 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-24 13:10 . 2009-06-25 15:15 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-24 13:10 . 2009-06-25 15:15 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-24 13:10 . 2009-06-25 15:15 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-24 13:10 . 2009-06-25 15:15 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-24 13:10 . 2009-06-25 15:15 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-24 13:10 . 2009-06-25 15:15 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-24 13:10 . 2009-06-25 15:15 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-24 13:10 . 2009-06-25 15:14 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-24 13:10 . 2009-06-25 15:14 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-24 13:10 . 2009-06-25 15:14 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-24 13:07 . 2009-06-25 15:13 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-24 11:11 . 2008-11-18 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-13 10:36 . 2009-05-05 16:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 10:36 . 2009-05-05 16:34 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 16:02 . 2009-06-28 16:02 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2009-06-25 15:15 . 2009-06-25 15:15 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-25 15:15 . 2009-05-07 12:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-22 19:40 . 2006-10-28 20:20 -------- d-----w- c:\program files\FlashGet
2009-06-19 17:38 . 2009-06-19 17:38 -------- d-----w- c:\program files\NCSoft
2009-06-19 17:38 . 2006-08-11 17:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 17:38 . 2009-06-19 17:37 -------- d-----w- c:\documents and settings\John\Application Data\GetRightToGo
2009-06-11 14:16 . 2009-06-11 14:16 86528 ----a-w- c:\windows\bnetunin.exe
2009-05-19 12:21 . 2006-08-11 17:32 19504 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-08-04_20.43.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-05 12:29 . 2009-08-05 12:29 16384 c:\windows\Temp\Perflib_Perfdata_85c.dat
+ 2009-08-05 12:29 . 2009-08-05 12:29 149280 c:\windows\system32\javaws.exe
+ 2009-08-05 12:29 . 2009-08-05 12:29 145184 c:\windows\system32\javaw.exe
+ 2009-08-05 12:29 . 2009-08-05 12:29 145184 c:\windows\system32\java.exe
+ 2009-08-05 12:28 . 2009-08-05 12:28 1757696 c:\windows\Installer\d52389.msi
+ 2009-08-05 12:23 . 2009-08-05 12:23 3938816 c:\windows\Installer\d5211c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-05 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-12-19 65024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-2 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 01000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\CABAL Online\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\World of Warcraft\\Repair.exe"=
"c:\\CABAL Online\\cabal.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe"=
"c:\\World of Warcraft\\Launcher.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/5/2009 2:02 μμ 64160]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [17/6/2008 7:10 μμ 17952]
S3 dump_wmimmc;dump_wmimmc;\??\c:\cabal online\GameGuard\dump_wmimmc.sys --> c:\cabal online\GameGuard\dump_wmimmc.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/3/2009 10:06 μμ 1029456]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva104;XDva104;\??\c:\windows\system32\XDva104.sys --> c:\windows\system32\XDva104.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:10]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
DPF: {5FFFA267-0B81-42B4-BE64-77B5C9FE287F} - hxxp://www.playran.com/game/MinWebLauncher.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://ares.netgame.com/download/mglaunch_USAv1002.cab
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\sotzj6n3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 18:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-05 18:52
ComboFix-quarantined-files.txt 2009-08-05 15:52
ComboFix2.txt 2009-08-04 20:47

Pre-Run: 6.202.986.496 bytes free
Post-Run: 6.259.187.712 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
929 --- E O F --- 2008-11-18 00:41
Upload was successful

katana
2009-08-05, 21:05
ZoneAlarm Security Suite v7.0.470.000 XP x86+ Keygen

Cracks/Kegens/Warez etc.
I don't provide help for those using any form of cracked software or Operating Systems.

In doing the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product.
The distribution and use of cracked copies is illegal in almost every developed country.
They are also one of the biggest causes of infection.

This applies to Cracks, Keygens and Warez

Your log shows that you have ZonaAlarm installed. I must request that you remove it and install a different Antivirus

In the future I strongly suggest you stay away from using cracks and/or Keygens.


----------------------------------------------------------------------------------------



Question: I noticed that the CFScript also deleted a lot of mp3 files from the BitComet folder (basically the whole downloads folder).

The forum rules ask that you remove all P2P programs. I pointed this out to you.
I removed the Program Files folders that related to the P2P you had installed.

----------------------------------------------------------------------------------------

Recovery Console
!!!!!! Warning !!!!!!.... Your log shows that Recovery Console is not installed.
Due to the threat that current and future malware poses it is vital that you have some form of recovery console.
Please visit http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions for
Windows Recovery Console
It is important that you do this as soon as you can.


Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here (http://eric.71.mespages.googlepages.com/LopSD.exe)

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


How are things running now ?

Oogabooga
2009-08-06, 00:03
I don't see any Zonealarm entry in Add/Remove programs. How do I remove it if it's still installed?

And you missed the point of my question. Do I need to throw away the audio and data CDs I made if they have music files from P2P? Are they infected?



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : John ( Administrator )
BOOT : Normal boot
Antivirus : ZoneAlarm Anti-virus Antivirus 8.0.059.000 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:5 Go)
D:\ (Local Disk) - NTFS - Total:41 Go (Free:9 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
I:\ (Local Disk) - NTFS - Total:465 Go (Free:210 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Τετ 05/08/2009|23:56 )

--------------------\\ Listing folders in APPLIC~1

[07/05/2009|01:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[05/08/2009|03:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[11/08/2006|08:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[19/11/2008|10:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[15/10/2008|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Blizzard
[08/08/2007|01:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[26/05/2009|03:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[15/11/2008|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[01/11/2006|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[07/05/2009|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[18/12/2007|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Locktime
[05/05/2009|07:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/05/2009|07:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[20/04/2007|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[13/10/2006|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[24/07/2009|02:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[05/05/2009|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[15/11/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WEBREG
[18/11/2008|03:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/05/2009|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[11/08/2006|08:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[11/08/2006|08:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Mozilla

[26/05/2009|03:12] C:\DOCUME~1\John\APPLIC~1\<DIR> Adobe
[03/11/2006|03:39] C:\DOCUME~1\John\APPLIC~1\<DIR> Ahead
[17/06/2008|06:23] C:\DOCUME~1\John\APPLIC~1\<DIR> ATI
[17/06/2008|08:05] C:\DOCUME~1\John\APPLIC~1\<DIR> atitray
[01/11/2006|08:34] C:\DOCUME~1\John\APPLIC~1\<DIR> BitTorrent
[19/08/2006|08:58] C:\DOCUME~1\John\APPLIC~1\<DIR> FastStone
[19/06/2009|08:38] C:\DOCUME~1\John\APPLIC~1\<DIR> GetRightToGo
[28/12/2006|05:09] C:\DOCUME~1\John\APPLIC~1\<DIR> Hamachi
[15/11/2008|10:41] C:\DOCUME~1\John\APPLIC~1\<DIR> HP
[18/12/2007|10:34] C:\DOCUME~1\John\APPLIC~1\<DIR> Locktime
[11/08/2006|11:31] C:\DOCUME~1\John\APPLIC~1\<DIR> Macromedia
[05/05/2009|07:34] C:\DOCUME~1\John\APPLIC~1\<DIR> Malwarebytes
[13/10/2006|12:14] C:\DOCUME~1\John\APPLIC~1\<DIR> Media Player Classic
[25/06/2008|02:21] C:\DOCUME~1\John\APPLIC~1\<DIR> Microsoft
[18/12/2008|01:34] C:\DOCUME~1\John\APPLIC~1\<DIR> Mozilla
[20/10/2006|03:45] C:\DOCUME~1\John\APPLIC~1\<DIR> Real
[13/09/2008|06:54] C:\DOCUME~1\John\APPLIC~1\<DIR> Sun
[11/08/2006|08:42] C:\DOCUME~1\John\APPLIC~1\<DIR> Talkback
[25/02/2008|03:41] C:\DOCUME~1\John\APPLIC~1\<DIR> Ventrilo

[11/08/2006|08:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[28/01/2009|09:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[04/08/2009 11:42 μμ][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[05/08/2009 11:50 μμ][--ah-----] C:\WINDOWS\tasks\SA.DAT
[13/01/2006 04:42 πμ][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[05/08/2009|03:21] C:\Program Files\<DIR> Adobe
[19/11/2008|09:05] C:\Program Files\<DIR> ATI Technologies
[11/08/2006|08:34] C:\Program Files\<DIR> AvRack
[02/12/2008|08:57] C:\Program Files\<DIR> Bonjour
[06/05/2009|02:18] C:\Program Files\<DIR> CCleaner
[30/04/2007|10:57] C:\Program Files\<DIR> CDisplay
[05/08/2009|06:44] C:\Program Files\<DIR> Common Files
[14/07/2008|09:42] C:\Program Files\<DIR> Creative Labs
[01/11/2006|05:28] C:\Program Files\<DIR> DAEMON Tools
[09/04/2009|09:06] C:\Program Files\<DIR> DC++
[05/12/2007|07:24] C:\Program Files\<DIR> DivX
[01/08/2009|07:02] C:\Program Files\<DIR> ERUNT
[19/08/2006|08:57] C:\Program Files\<DIR> FastStone Image Viewer
[22/06/2009|10:40] C:\Program Files\<DIR> FlashGet
[28/09/2008|06:15] C:\Program Files\<DIR> FlvGrabber
[14/10/2006|01:50] C:\Program Files\<DIR> Gabest
[09/02/2009|07:56] C:\Program Files\<DIR> Game Boy
[13/02/2009|06:13] C:\Program Files\<DIR> Garena
[26/04/2008|01:22] C:\Program Files\<DIR> GoldWave
[16/11/2008|12:09] C:\Program Files\<DIR> HP
[19/06/2009|08:38] C:\Program Files\<DIR> InstallShield Installation Information
[19/11/2008|03:30] C:\Program Files\<DIR> Internet Explorer
[05/08/2009|03:28] C:\Program Files\<DIR> Java
[13/10/2006|02:51] C:\Program Files\<DIR> K-Lite Codec Pack
[07/05/2009|01:57] C:\Program Files\<DIR> Lavasoft
[24/07/2009|04:14] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[04/05/2009|09:04] C:\Program Files\<DIR> Microsoft
[11/08/2006|08:23] C:\Program Files\<DIR> Microsoft ActiveSync
[19/11/2008|03:09] C:\Program Files\<DIR> microsoft frontpage
[20/04/2007|03:20] C:\Program Files\<DIR> Microsoft Office
[19/11/2008|03:30] C:\Program Files\<DIR> Movie Maker
[05/08/2009|11:53] C:\Program Files\<DIR> Mozilla Firefox
[21/10/2006|01:39] C:\Program Files\<DIR> MSXML 4.0
[17/06/2008|08:21] C:\Program Files\<DIR> MultiRes
[19/06/2009|08:38] C:\Program Files\<DIR> NCSoft
[19/11/2008|03:30] C:\Program Files\<DIR> NetMeeting
[11/08/2006|08:16] C:\Program Files\<DIR> Online Services
[19/11/2008|03:09] C:\Program Files\<DIR> outlook express
[22/05/2009|08:05] C:\Program Files\<DIR> PowerArchiver
[11/08/2006|08:19] C:\Program Files\<DIR> QuickTime Alternative
[17/06/2008|07:10] C:\Program Files\<DIR> Radeon Omega Drivers
[29/07/2009|08:23] C:\Program Files\<DIR> Spybot - Search & Destroy
[01/08/2009|05:28] C:\Program Files\<DIR> Trend Micro
[11/08/2006|08:26] C:\Program Files\<DIR> Uninstall Information
[03/01/2009|08:27] C:\Program Files\<DIR> Unlocker
[15/11/2007|11:50] C:\Program Files\<DIR> Ventrilo
[30/07/2009|04:35] C:\Program Files\<DIR> Warcraft III
[25/06/2008|02:20] C:\Program Files\<DIR> Western Digital Technologies
[04/05/2009|09:03] C:\Program Files\<DIR> Windows Live
[19/11/2008|03:30] C:\Program Files\<DIR> Windows Media Player
[19/11/2008|03:30] C:\Program Files\<DIR> Windows NT
[11/08/2006|08:16] C:\Program Files\<DIR> WindowsUpdate
[11/08/2006|08:14] C:\Program Files\<DIR> WinRAR
[19/11/2008|03:09] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[05/08/2009|03:22] C:\Program Files\Common Files\<DIR> Adobe
[04/05/2009|06:20] C:\Program Files\Common Files\<DIR> Ahead
[28/05/2008|02:51] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[11/08/2006|08:23] C:\Program Files\Common Files\<DIR> DESIGNER
[15/11/2008|10:31] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[21/04/2008|03:56] C:\Program Files\Common Files\<DIR> INCA Shared
[02/06/2008|06:46] C:\Program Files\Common Files\<DIR> InstallShield
[13/09/2008|06:37] C:\Program Files\Common Files\<DIR> Java
[25/11/2008|02:04] C:\Program Files\Common Files\<DIR> Macrovision Shared
[04/05/2009|09:17] C:\Program Files\Common Files\<DIR> Microsoft Shared
[11/08/2006|08:15] C:\Program Files\Common Files\<DIR> MSSoap
[11/08/2006|09:04] C:\Program Files\Common Files\<DIR> ODBC
[19/11/2008|03:09] C:\Program Files\Common Files\<DIR> speechengines
[11/08/2006|08:23] C:\Program Files\Common Files\<DIR> System
[04/05/2009|07:12] C:\Program Files\Common Files\<DIR> Windows Live
[04/05/2009|08:10] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[11/12/2008|06:08] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 21 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 23:56:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 959

--------------------\\ Searching for other infections


No other infections found !

[F:2][D:1]-> C:\DOCUME~1\John\LOCALS~1\Temp
[F:22][D:0]-> C:\DOCUME~1\John\Cookies
[F:45][D:4]-> C:\DOCUME~1\John\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Τετ 05/08/2009|23:57 - Option : [1]

--------------------\\ Scan completed at 23:57:16

katana
2009-08-06, 02:01
I don't see any Zonealarm entry in Add/Remove programs. How do I remove it if it's still installed?
If you have previously removed ZoneAlarm, then it is just a leftover showing in your logs and it can be ignored.
If you don't have an AV installed, then you should get one.

Paid AV list
Kaspersky (http://www.kaspersky.co.uk/)
ESET NOD32 (http://www.eset.co.uk/)

Free AV list ( Home users only)
Avast (http://www.avast.com/eng/products.html)
Avira AntiVir (http://www.free-av.com/)



And you missed the point of my question.
You missed the point of my reply.
They were removed simply because they were in the Bitcomet folder that was deleted.
Kaspersky didn't show those files as being infected, so I doubt they are.

----------------------------------------------------------------------------------------
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png




OTCleanup
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt




You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

Oogabooga
2009-08-06, 12:11
Finished with unistalling ComboFix and using OTCleanup. No problems.

A million thanks. The whole system seems to have sped up considerably. I guess I can keep the CDs then. For AV I'll install Avast, and so far i have been using Spybot with Teatimer, Ad-Aware and Mbam.

Teatimer overlaps with Ad-Watch live? Should i have them enabled simultaneously? And also SpywareBlaster. Any conflicts?

And one last question:I have in my c:\ 3 files that I'm not sure what they are:

autorun.inf.blocked
boot.bak
cmldr

I can guess what's the first one but I don't know about the others. Delete?

katana
2009-08-06, 12:51
1) Teatimer overlaps with Ad-Watch live?
2) Should i have them enabled simultaneously?
3) And also SpywareBlaster. Any conflicts?

4) autorun.inf.blocked
boot.bak
cmldr

1) Correct
2) You would be better off removing AdAware completely, it is of limited use these days.
3) No conflict there, Spyware Blaster doesn't run "Actively"
4) You can delete autorun.inf.blocked, but leave the others alone.

Oogabooga
2009-08-06, 14:50
Deleted the file and removed Ad-Aware. At the moment I have Spybot, SpywareBlaster and Avast. Everything seems fine.