Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virtumonde infection!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virtumonde infection!

Unread postby Jacob A » December 5th, 2008, 11:38 am

Hello guys! Im infected with Virtumonde! Ive tried to delete virtumonde using "Vundofix", "vitrumondebegone", ad-aware and also Norman Virus Control. Now Norman virus control finds Virtumonde and puts it in an quarantine and when I click the "Close" button Norman just finds the same file again called "efcDVPhF.dll" which norman says is "Virtumonde.ADFM" virus. So Nothing seems to get rid of Virtumonde therefor Ive come to this site hoping for help !
I have Windows XP SP 2!

I'm getting pop-ups and my computer sometimes slows down (almost only when I try to access my hard-drives), I have updated Norman a few times now and it has found some other virtumonde/vundo virus aswell thats called:
c:\windows\system32\zgifvy.dll "Vundo.FMF"
and
c:\windows\system32\fhxdagkr.dll "Virtumonde.AEIC"

These however seem to not come back when I press the close buttom like
c:\windows\system32\efcDVPhF.dll "Virtumonde.ADFM"
does!

There is also the error messages when I start my computer which says something like "It wasnt possible to read C:\WINDOWS\system32\drvduv.dll" and also "It wasnt possible to read C:\WINDOWS\system32\drvkez.dll" It also says in the end on both "The mentioned module cant be found". Now I got into the msconfig tab where I could de-select them and that stopped the error messages.. im just wondering if it is ok to do that and If I need to get rid of the file thats trying to open them in the first place?
Here is my Hijackthis log if you want to know anything else just say so!
Thanks in advance, Jacob A!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:36, on 2008-12-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TBPanel.exe
C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Norman\npm\bin\NREN.EXE
C:\Program\Mozilla Firefox\firefox.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {5E798107-FEE2-442E-94B8-DE11744CC7E1} - C:\WINDOWS\system32\mllmn.dll (file missing)
O2 - BHO: (no name) - {6EF90672-9177-4C56-AF93-956C00C9C359} - C:\WINDOWS\system32\efcDVPhF.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d608436d-be10-3a58-1644-4d784125d2cc} - {cc2d5214-87d4-4461-85a3-01ebd634806d} - C:\WINDOWS\system32\gtrzgv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\winver.exe
O4 - HKLM\..\Run: [DelReg] C:\Program\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [RemoteControl8] C:\Program\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Program\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [0010ac0f] rundll32.exe "C:\WINDOWS\system32\sgkfylcs.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} (client Object) - http://www.octoshape.com/test/ax/octoshape.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2C23695-0449-4812-A255-8B4BC5A2F966}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: gtrzgv.dll
O21 - SSODL: zip - {0b0db999-e8f6-48b0-b5bd-0681f3cb037a} - C:\WINDOWS\Installer\{0b0db999-e8f6-48b0-b5bd-0681f3cb037a}\zip.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AODService - Unknown owner - C:\Program\AMD\OverDrive\AODAssist (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

--
End of file - 9067 bytes

I'm very grateful for any help!
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm
Advertisement
Register to Remove

Re: Virtumonde infection!

Unread postby Axephilic » December 6th, 2008, 3:12 pm

Hello ,

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to expain or go more into depth for you. :)
  2. I am still in training, so my responses may take more time than usual because all of my posts must be checked by an expert or teacher.
    Also, please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replys in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.

Please stop using programs such as VundoFix, virtumondebegone, etc. because they should be used under supervision of someone trained. I will do my best to resolve your malware issues. Also, please stop using MSCONFIG until I give you the all clean message. It could interfere with my fixes and cause them not to work correctly.

Make an Uninstall List

Next, please make an uninstall list using HijackThis.
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply. Please also include a new HijackThis log.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Virtumonde infection!

Unread postby Jacob A » December 6th, 2008, 8:44 pm

Hello there Adam! Nice to meet you and thanks alot for helping me!
Here is my uninstall list and a new Hijackthis log!

Uninstall list:
3DMark06
AC3Filter (remove only)
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player
AMD OverDrive
AMD OverDrive
Apple Mobile Device Support
Apple Software Update
Assassin's Creed
ATI - Hjälp för avinstallation av program
BitLord 1.1
Bonjour
BS.Player ControlBar
BS.Player FREE
BS.Player PRO
CD Audio Reader Filter (remove only)
Command & Conquer Generals
Command & Conquer Tiberian Sun
Command & Conquer™ Red Alert™ 3
Command and ConquerTM Generals Zero Hour
CoreAVC Professional Edition (remove only)
Counter-Strike
Crysis WARHEAD(R)
Crysis WARHEAD(R)
Crysis(R)
CyberLink PowerDVD 8
CyberLink PowerDVD 8
DC++ 0.707
Deluge
DirectVobSub (remove only)
DivX Converter
DivX Player
DivX Web Player
DScaler 5 Mpeg Decoders
Dual-Core Optimizer
DualCoreCenter
EXPERTool
ffdshow [rev 2335] [2008-11-17]
FinalCodecs 2008 Olympic Edition
Fraps (remove only)
Futuremark Measurement Services Client
Half-Life(R) 2
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
Java(TM) 6 Update 11
Kaspersky Online Scanner
Maxtor OneTouch
MediaInfo 0.7.7.8
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Media Video 9 VCM
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
MONOGRAM AMR Splitter/Decoder (remove only)
Mozilla (1.7.13)
Mozilla Firefox (3.0.4)
muveeNow 2.1
Norman Virus Control
NVIDIA Drivers
NVIDIA nTune
NVIDIA PhysX v8.10.13
OpenOffice.org Installer 1.0
Personal 4.5.4
Promise FastTrak PDC42819 RAID Controller Windows Driver
PunkBuster Services
QuickPar 0.9
QuickTime
Realtek High Definition Audio Driver
Security Task Manager 1.7f
SHOUTcast Source (remove only)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
Skype™ 3.8
Snabbkorrigering för Windows Internet Explorer 7 (KB947864)
Snabbkorrigering för Windows Media Player 11 (KB939683)
Snabbkorrigering för Windows XP (KB935448)
Snabbkorrigering för Windows XP (KB952287)
SPORE™
Steam(TM)
System Requirements Lab
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB942615)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB944533)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB956390)
Säkerhetsuppdatering för Windows Media Player (KB911564)
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
Säkerhetsuppdatering för Windows Media Player 11 (KB954154)
Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)
Säkerhetsuppdatering för Windows XP (KB890046)
Säkerhetsuppdatering för Windows XP (KB893756)
Säkerhetsuppdatering för Windows XP (KB896358)
Säkerhetsuppdatering för Windows XP (KB896423)
Säkerhetsuppdatering för Windows XP (KB896428)
Säkerhetsuppdatering för Windows XP (KB899587)
Säkerhetsuppdatering för Windows XP (KB899591)
Säkerhetsuppdatering för Windows XP (KB900725)
Säkerhetsuppdatering för Windows XP (KB901017)
Säkerhetsuppdatering för Windows XP (KB901190)
Säkerhetsuppdatering för Windows XP (KB901214)
Säkerhetsuppdatering för Windows XP (KB902400)
Säkerhetsuppdatering för Windows XP (KB905414)
Säkerhetsuppdatering för Windows XP (KB905749)
Säkerhetsuppdatering för Windows XP (KB908519)
Säkerhetsuppdatering för Windows XP (KB911562)
Säkerhetsuppdatering för Windows XP (KB911927)
Säkerhetsuppdatering för Windows XP (KB913580)
Säkerhetsuppdatering för Windows XP (KB914388)
Säkerhetsuppdatering för Windows XP (KB914389)
Säkerhetsuppdatering för Windows XP (KB918118)
Säkerhetsuppdatering för Windows XP (KB918439)
Säkerhetsuppdatering för Windows XP (KB919007)
Säkerhetsuppdatering för Windows XP (KB920213)
Säkerhetsuppdatering för Windows XP (KB920670)
Säkerhetsuppdatering för Windows XP (KB920683)
Säkerhetsuppdatering för Windows XP (KB920685)
Säkerhetsuppdatering för Windows XP (KB921503)
Säkerhetsuppdatering för Windows XP (KB922819)
Säkerhetsuppdatering för Windows XP (KB923191)
Säkerhetsuppdatering för Windows XP (KB923414)
Säkerhetsuppdatering för Windows XP (KB923980)
Säkerhetsuppdatering för Windows XP (KB924270)
Säkerhetsuppdatering för Windows XP (KB924667)
Säkerhetsuppdatering för Windows XP (KB925902)
Säkerhetsuppdatering för Windows XP (KB926255)
Säkerhetsuppdatering för Windows XP (KB926436)
Säkerhetsuppdatering för Windows XP (KB927779)
Säkerhetsuppdatering för Windows XP (KB927802)
Säkerhetsuppdatering för Windows XP (KB928255)
Säkerhetsuppdatering för Windows XP (KB928843)
Säkerhetsuppdatering för Windows XP (KB929123)
Säkerhetsuppdatering för Windows XP (KB930178)
Säkerhetsuppdatering för Windows XP (KB931261)
Säkerhetsuppdatering för Windows XP (KB931784)
Säkerhetsuppdatering för Windows XP (KB932168)
Säkerhetsuppdatering för Windows XP (KB933729)
Säkerhetsuppdatering för Windows XP (KB935839)
Säkerhetsuppdatering för Windows XP (KB935840)
Säkerhetsuppdatering för Windows XP (KB936021)
Säkerhetsuppdatering för Windows XP (KB937894)
Säkerhetsuppdatering för Windows XP (KB938464)
Säkerhetsuppdatering för Windows XP (KB938829)
Säkerhetsuppdatering för Windows XP (KB941202)
Säkerhetsuppdatering för Windows XP (KB941568)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB941644)
Säkerhetsuppdatering för Windows XP (KB941693)
Säkerhetsuppdatering för Windows XP (KB943055)
Säkerhetsuppdatering för Windows XP (KB943460)
Säkerhetsuppdatering för Windows XP (KB943485)
Säkerhetsuppdatering för Windows XP (KB944653)
Säkerhetsuppdatering för Windows XP (KB945553)
Säkerhetsuppdatering för Windows XP (KB946026)
Säkerhetsuppdatering för Windows XP (KB946648)
Säkerhetsuppdatering för Windows XP (KB948590)
Säkerhetsuppdatering för Windows XP (KB948881)
Säkerhetsuppdatering för Windows XP (KB950749)
Säkerhetsuppdatering för Windows XP (KB950760)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951698)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB953839)
Säkerhetsuppdatering för Windows XP (KB954211)
Säkerhetsuppdatering för Windows XP (KB955069)
Säkerhetsuppdatering för Windows XP (KB956391)
Säkerhetsuppdatering för Windows XP (KB956803)
Säkerhetsuppdatering för Windows XP (KB956841)
Säkerhetsuppdatering för Windows XP (KB957095)
Säkerhetsuppdatering för Windows XP (KB957097)
Säkerhetsuppdatering för Windows XP (KB958644)
TeamSpeak 2 RC2
The KMPlayer (remove only)
TimeShift
Tortun 0.8
Uppdatering för Windows XP (KB894391)
Uppdatering för Windows XP (KB898461)
Uppdatering för Windows XP (KB900485)
Uppdatering för Windows XP (KB908531)
Uppdatering för Windows XP (KB910437)
Uppdatering för Windows XP (KB911280)
Uppdatering för Windows XP (KB916595)
Uppdatering för Windows XP (KB920872)
Uppdatering för Windows XP (KB922582)
Uppdatering för Windows XP (KB927891)
Uppdatering för Windows XP (KB930916)
Uppdatering för Windows XP (KB932823-v3)
Uppdatering för Windows XP (KB938828)
Uppdatering för Windows XP (KB942763)
Uppdatering för Windows XP (KB951072-v2)
USB Storage Adapter FX (MXO)
Ventrilo Client
VideoMach 4.0.4
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live inloggningsassistenten
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format 11 SDK
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Windows-drivrutinspaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
WinRAR
VLC media player 0.9.6
World of Warcraft
Wrath of the Lich King Beta
Xfire (remove only)
Zoom Player (remove only)

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:43:31, on 2008-12-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\npm\bin\NREN.EXE
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Skype\Plugin Manager\skypePM.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\MSI\DualCoreCenter\DualCoreCenter.exe
C:\WINDOWS\TBPanel.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {5E798107-FEE2-442E-94B8-DE11744CC7E1} - C:\WINDOWS\system32\mllmn.dll (file missing)
O2 - BHO: (no name) - {6EF90672-9177-4C56-AF93-956C00C9C359} - C:\WINDOWS\system32\efcDVPhF.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d608436d-be10-3a58-1644-4d784125d2cc} - {cc2d5214-87d4-4461-85a3-01ebd634806d} - C:\WINDOWS\system32\gtrzgv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\winver.exe
O4 - HKLM\..\Run: [DelReg] C:\Program\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [RemoteControl8] C:\Program\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Program\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [0010ac0f] rundll32.exe "C:\WINDOWS\system32\fudcnahp.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} (client Object) - http://www.octoshape.com/test/ax/octoshape.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2C23695-0449-4812-A255-8B4BC5A2F966}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: gtrzgv.dll
O21 - SSODL: zip - {0b0db999-e8f6-48b0-b5bd-0681f3cb037a} - C:\WINDOWS\Installer\{0b0db999-e8f6-48b0-b5bd-0681f3cb037a}\zip.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AODService - Unknown owner - C:\Program\AMD\OverDrive\AODAssist (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

--
End of file - 8970 bytes
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Virtumonde infection!

Unread postby Axephilic » December 7th, 2008, 1:20 pm

It has come to my attention that you have posted for help with your computer at other forums.

Here are your other topic(s): http://forums.techguy.org/malware-remov ... sages.html

May I draw your attention to the Forum Guidelines on Multi-Posting
  • If you wish to continue here, please notify the other forums so they can close your threads.
  • If you wish to be helped elsewhere let me know so I can close your thread here.
If I do not hear back from you on this matter within 24 hours, this thread will be closed.
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Virtumonde infection!

Unread postby Jacob A » December 7th, 2008, 2:06 pm

Hello Adam! I want help here sorry about having 2 threads I didnt get any help there for over a week so I thought I post here instead I have now notified them that I have gotten help here and that they can close my thread on the other forums!
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Virtumonde infection!

Unread postby Axephilic » December 7th, 2008, 2:11 pm

Ok, thank you. I will post back as soon as I get my fix checked by a Teacher or Expert. :)

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Virtumonde infection!

Unread postby Axephilic » December 8th, 2008, 12:42 pm

Hello,

Upload a file to VirusTotal

Please visit Virustotal
  • Click the Browse.. button
  • Navigate to the file C:\WINDOWS\system32\winver.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


In your next reply, please include:
  1. C:\ComboFix.txt report
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Virtumonde infection!

Unread postby Jacob A » December 8th, 2008, 4:22 pm

Hello Adam! Here is my 3 logs for you!

Virustotal scan:

Antivirus Version Last Update Result
AhnLab-V3 2008.12.6.0 2008.12.06 -
AntiVir 7.9.0.43 2008.12.08 -
Authentium 5.1.0.4 2008.12.08 -
Avast 4.8.1281.0 2008.12.08 -
AVG 8.0.0.199 2008.12.07 -
BitDefender 7.2 2008.12.07 -
CAT-QuickHeal 10.00 2008.12.08 -
ClamAV 0.94.1 2008.12.07 -
Comodo 708 2008.12.08 -
DrWeb 4.44.0.09170 2008.12.08 -
eSafe 7.0.17.0 2008.12.08 -
eTrust-Vet 31.6.6246 2008.12.05 -
Ewido 4.0 2008.12.08 -
F-Prot 4.4.4.56 2008.12.04 -
Fortinet 3.117.0.0 2008.12.07 -
GData 19 2008.12.07 -
Ikarus T3.1.1.45.0 2008.12.08 -
K7AntiVirus 7.10.548 2008.12.08 -
Kaspersky 7.0.0.125 2008.12.07 -
McAfee 5456 2008.12.06 -
McAfee+Artemis 5456 2008.12.06 -
Microsoft 1.4205 2008.12.08 -
NOD32 3670 2008.12.08 -
Panda 9.0.0.4 2008.12.07 -
PCTools 4.4.2.0 2008.12.08 -
Prevx1 V2 2008.12.08 -
Rising 21.07.02.00 2008.12.08 -
SecureWeb-Gateway 6.7.6 2008.12.08 -
Sophos 4.36.0 2008.12.07 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.08 -
TheHacker 6.3.1.2.179 2008.12.06 -
TrendMicro 8.700.0.1004 2008.12.08 -
VBA32 3.12.8.10 2008.12.07 -
ViRobot 2008.12.6.1504 2008.12.06 -
VirusBuster 4.5.11.0 2008.12.08 -
Additional information
File size: 5632 bytes
MD5...: fbfa0c4d9440ffdfff8412a212c45642
SHA1..: 9029966a8a3191d1e3235c3b38850826efe9de8b
SHA256: 9fa1ed0fb9b934a76baa8a18c498d22f16d9c881cd3feeff8e53bcec49343b49
SHA512: bfe40ac66f82257488e411f17c514eea2db52021e36b13456fe411bc04b157cb
e465d88555741ca5f0071b5cb2eccebfdf495737aed5559312a6838cdb1924c8
ssdeep: 96:Riygpcp96NfOwFxZ3AI6li3QWVTjjuWrdMG2bKX:cylENGwB3AI6BWNjuGBz
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10012a5
timedatestamp.....: 0x480252df (Sun Apr 13 18:37:19 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x656 0x800 5.31 82fe59d09f88f02eeb689d632bf9d2ea
.data 0x2000 0xc 0x200 0.18 0a51db8cd0b7c8717de6c352c99a5eed
.rsrc 0x3000 0x7a4 0x800 4.53 b36069e5e89368de66559d6c0c6ace15

( 3 imports )
> KERNEL32.dll: GetTimeFormatW, GetDateFormatW, FileTimeToSystemTime, FileTimeToLocalFileTime, GetModuleHandleW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter
> USER32.dll: LoadStringW
> SHELL32.dll: ShellAboutW

( 0 exports )

Virustotal scan on winver.exe file!


Combofix scan:


ComboFix 08-12-07.01 - Jacob 2008-12-08 21:10:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1536 [GMT 1:00]
Körs från: c:\documents and settings\Jacob\Skrivbord\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\Jacob\Skrivbord\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Skapade en ny återställningspunkt
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\{0b0db999-e8f6-48b0-b5bd-0681f3cb037a}\zip.dll
c:\windows\system32\_006110_.tmp.dll
c:\windows\system32\_006111_.tmp.dll
c:\windows\system32\_006112_.tmp.dll
c:\windows\system32\_006113_.tmp.dll
c:\windows\system32\_006120_.tmp.dll
c:\windows\system32\_006121_.tmp.dll
c:\windows\system32\_006122_.tmp.dll
c:\windows\system32\_006123_.tmp.dll
c:\windows\system32\_006125_.tmp.dll
c:\windows\system32\_006126_.tmp.dll
c:\windows\system32\_006129_.tmp.dll
c:\windows\system32\_006130_.tmp.dll
c:\windows\system32\_006132_.tmp.dll
c:\windows\system32\_006133_.tmp.dll
c:\windows\system32\_006134_.tmp.dll
c:\windows\system32\_006136_.tmp.dll
c:\windows\system32\_006139_.tmp.dll
c:\windows\system32\_006140_.tmp.dll
c:\windows\system32\_006144_.tmp.dll
c:\windows\system32\_006145_.tmp.dll
c:\windows\system32\_006147_.tmp.dll
c:\windows\system32\_006150_.tmp.dll
c:\windows\system32\_006152_.tmp.dll
c:\windows\system32\_006153_.tmp.dll
c:\windows\system32\_006154_.tmp.dll
c:\windows\system32\_006155_.tmp.dll
c:\windows\system32\_006156_.tmp.dll
c:\windows\system32\_006159_.tmp.dll
c:\windows\system32\_006160_.tmp.dll
c:\windows\system32\_006161_.tmp.dll
c:\windows\system32\_006162_.tmp.dll
c:\windows\system32\_006163_.tmp.dll
c:\windows\system32\_006168_.tmp.dll
c:\windows\system32\_006170_.tmp.dll
c:\windows\system32\asjrwaxn.dll
c:\windows\system32\ayixtoye.ini
c:\windows\system32\bcrlxwmy.ini
c:\windows\system32\ceypkiev.ini
c:\windows\system32\drnxtdbe.ini
c:\windows\system32\erehhslp.ini
c:\windows\system32\FhPVDcfe.ini
c:\windows\system32\FhPVDcfe.ini2
c:\windows\system32\fudcnahp.dll
c:\windows\system32\ganurcxy.ini
c:\windows\system32\gtrzgv.dll
c:\windows\system32\gxxcfads.ini
c:\windows\system32\iscpranv.ini
c:\windows\system32\jausrsnb.ini
c:\windows\system32\jgkbry.dll
c:\windows\system32\kjcmubsn.ini
c:\windows\system32\mtwovscy.ini
c:\windows\system32\npqgnflf.ini
c:\windows\system32\nrvlgmqm.ini
c:\windows\system32\nylnxpav.ini
c:\windows\system32\phancduf.ini
c:\windows\system32\pnqeejjw.dll
c:\windows\system32\qknbcoyx.ini
c:\windows\system32\qmmbtgyq.ini
c:\windows\system32\qsfykdmr.ini
c:\windows\system32\quemeisl.ini
c:\windows\system32\qwybocxy.dll
c:\windows\system32\rkgadxhf.ini
c:\windows\system32\rlqniamm.dll
c:\windows\system32\rsorookf.ini
c:\windows\system32\sclyfkgs.ini
c:\windows\system32\sdafcxxg.dll
c:\windows\system32\sgkfylcs.dll
c:\windows\system32\shvpsxkx.ini
c:\windows\system32\tadwlkpy.dll
c:\windows\system32\teyalt.dll
c:\windows\system32\tnqgml.dll
c:\windows\system32\unugmnnv.dll
c:\windows\system32\uvxotrpl.ini
c:\windows\system32\visnuokf.ini
c:\windows\system32\vnarpcsi.dll
c:\windows\system32\woaiqk.dll
c:\windows\system32\xyocbnkq.dll
c:\windows\system32\ycsvowtm.dll
c:\windows\system32\yjfyasil.dll
c:\windows\system32\ymwxlrcb.dll
c:\windows\system32\zgtbqc.dll
c:\windows\Tasks\diwlsklr.job

.
((((((((((((((((((((( Filer Skapade från 2008-11-08 till 2008-12-08 ))))))))))))))))))))))))))))))))))))
.

2008-12-08 14:16 . 2008-12-08 14:16 <KAT> d-------- c:\windows\LastGood
2008-12-08 14:10 . 2008-12-08 14:10 <KAT> d-------- c:\windows\system32\CatRoot_bak
2008-12-08 14:08 . 2004-08-04 01:34 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-08 13:48 . <KAT> c:\windows\LastGood.Tmp
2008-12-08 13:43 . 2008-12-08 13:44 <KAT> d-------- c:\windows\system32\bits
2008-12-08 13:36 . 2008-04-14 00:10 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-12-08 13:34 . 2006-12-29 00:31 19,569 --a------ c:\windows\005672_.tmp
2008-12-08 12:44 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-08 12:44 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2008-12-08 12:44 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-08 12:44 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2008-12-08 12:44 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-08 12:44 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-08 12:44 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2008-12-08 12:40 . 2008-12-08 12:40 <KAT> d-------- c:\windows\system32\xlive
2008-12-08 12:40 . 2008-12-08 12:54 <KAT> d-------- c:\program\Microsoft Games for Windows - LIVE
2008-12-08 12:40 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-08 12:40 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-08 12:40 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-08 12:26 . 2008-12-08 12:26 <KAT> d-------- c:\program\MSBuild
2008-12-08 12:25 . 2008-12-08 12:25 <KAT> d-------- c:\windows\system32\XPSViewer
2008-12-08 12:24 . 2008-12-08 12:24 <KAT> d-------- c:\program\Reference Assemblies
2008-12-08 12:24 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-03 21:20 . 2008-12-03 21:21 <KAT> d-------- c:\program\iTunes
2008-12-03 21:20 . 2008-12-03 21:20 <KAT> d-------- c:\program\iPod
2008-12-03 21:20 . 2008-12-03 21:21 <KAT> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 21:19 . 2008-12-03 21:19 <KAT> d-------- c:\program\QuickTime
2008-12-03 21:19 . 2008-12-03 21:19 <KAT> d-------- c:\program\Bonjour
2008-12-03 21:18 . 2008-12-03 21:18 <KAT> d-------- c:\program\Apple Software Update
2008-12-03 20:18 . 2008-12-03 23:07 <KAT> d-------- c:\windows\system32\Adobe
2008-12-02 00:47 . 2008-12-04 21:56 <KAT> d-------- c:\documents and settings\Jacob\Application Data\vlc
2008-11-29 17:54 . 2008-11-29 17:54 48 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-29 17:53 . 2008-11-29 17:53 <KAT> d-------- c:\program\Delade filer\Skype
2008-11-29 17:22 . 2008-11-29 17:22 <KAT> d-------- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2008-11-29 17:14 . 2008-11-29 17:23 <KAT> d-------- c:\windows\NV512516.TMP
2008-11-29 17:14 . 2008-12-08 21:13 201,151 --a------ c:\windows\system32\nvapps.xml
2008-11-29 17:07 . 2008-11-29 17:07 <KAT> d-------- c:\documents and settings\Jacob\Application Data\Download Manager
2008-11-29 16:43 . 2008-11-29 16:43 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-29 16:43 . 2008-11-29 16:43 552 --a------ c:\windows\system32\d3d8caps.dat
2008-11-29 16:39 . 2008-11-29 16:41 <KAT> d-------- c:\windows\NV29282976.TMP
2008-11-29 16:32 . 2008-11-29 16:35 <KAT> d-------- c:\windows\NV1364072.TMP
2008-11-26 23:52 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-11-26 23:51 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys
2008-11-26 23:51 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys
2008-11-26 23:51 . 2008-11-10 15:35 34,816 --a------ c:\windows\system32\RtkCoInstXP.dll
2008-11-25 13:17 . 2008-11-25 13:17 <KAT> d-------- c:\program\SHOUTcast Source
2008-11-25 13:17 . 2008-11-25 13:17 <KAT> d-------- c:\program\MONOGRAM AMR SplitterDecoder
2008-11-25 13:17 . 2008-11-25 13:17 <KAT> d-------- c:\program\DScaler5
2008-11-25 13:17 . 2008-11-25 13:17 <KAT> d-------- c:\program\DirectVobSub
2008-11-25 13:17 . 2008-11-25 13:17 <KAT> d-------- c:\program\CD Audio Reader Filter
2008-11-25 13:16 . 2008-11-25 13:16 <KAT> d-------- c:\program\Zoom Player
2008-11-25 13:16 . 2008-12-08 17:21 <KAT> d-------- c:\documents and settings\All Users\Application Data\Zoom Player
2008-11-25 13:08 . 2008-11-25 13:08 <KAT> d-------- c:\program\Delade filer\Sonic Shared
2008-11-25 13:08 . 2008-11-25 13:08 <KAT> d-------- c:\program\Delade filer\Real
2008-11-25 13:07 . 2008-11-25 13:08 <KAT> d-------- c:\program\Final Codecs
2008-11-25 12:40 . 2008-11-25 12:40 <KAT> d-------- c:\program\MediaInfo
2008-11-25 12:07 . 2008-11-25 12:07 <KAT> d-------- c:\program\Delade filer\CyberLink
2008-11-25 12:06 . 2008-11-25 12:08 <KAT> d-------- c:\program\CyberLink
2008-11-25 12:05 . 2008-11-25 12:05 <KAT> d-------- c:\documents and settings\All Users\Application Data\Temp
2008-11-24 18:06 . 2008-11-24 18:06 <KAT> d-------- c:\program\Webteh
2008-11-24 17:29 . 2008-11-24 17:29 <KAT> d-------- c:\program\WMSDK
2008-11-24 16:10 . 2008-11-24 16:13 <KAT> d-------- c:\windows\NV30401900.TMP
2008-11-24 16:10 . 2008-10-07 13:33 6,133,856 --a------ c:\windows\system32\drivers\nv4_mini.sys
2008-11-24 16:10 . 2008-10-07 13:33 6,133,856 --a--c--- c:\windows\system32\dllcache\nv4_mini.sys
2008-11-24 16:10 . 2008-10-07 13:33 6,058,112 --a------ c:\windows\system32\nv4_disp.dll
2008-11-24 16:10 . 2008-10-07 13:33 6,058,112 --a--c--- c:\windows\system32\dllcache\nv4_disp.dll
2008-11-24 16:10 . 2008-10-07 13:33 3,989,504 --a------ c:\windows\system32\nvdisps.dll
2008-11-24 16:10 . 2008-10-07 13:33 3,764,224 --a------ c:\windows\system32\nvvitvs.dll
2008-11-24 16:10 . 2008-10-07 13:33 3,444,736 --a------ c:\windows\system32\nvgames.dll
2008-11-24 16:10 . 2008-10-07 13:33 2,686,976 --a------ c:\windows\system32\nvwss.dll
2008-11-24 16:10 . 2008-10-07 13:33 1,257,472 --a------ c:\windows\system32\nvmobls.dll
2008-11-24 16:10 . 2008-10-07 13:33 188,416 --a------ c:\windows\system32\nvmccss.dll
2008-11-24 12:15 . 2008-11-24 12:15 <KAT> d-------- c:\program\MSI
2008-11-24 12:15 . 2006-10-13 08:13 1,622,016 --a------ c:\windows\NVBenchMarks.dll
2008-11-24 12:15 . 2005-09-23 16:33 1,060,864 --a------ c:\windows\MFC71.dll
2008-11-24 12:15 . 2005-09-23 16:33 499,712 --a------ c:\windows\msvcp71.dll
2008-11-24 12:15 . 2006-10-13 08:16 421,888 --a------ c:\windows\nvsulib.dll
2008-11-24 12:15 . 2006-10-13 08:18 380,928 --a------ c:\windows\ntuneoem.dll
2008-11-24 12:15 . 2005-09-23 16:33 348,160 --a------ c:\windows\msvcr71.dll
2008-11-24 12:15 . 2006-09-05 14:59 217,088 --a------ c:\windows\NVGfxOgl.dll
2008-11-24 12:15 . 2006-08-21 09:20 45,056 --a------ c:\windows\NTuneGpu.dll
2008-11-24 12:15 . 2006-10-13 08:12 28,672 --a------ c:\windows\AutoTuneScript.dll
2008-11-24 12:15 . 2006-10-13 08:18 18,216 --a------ c:\windows\nvoclk64.sys
2008-11-24 12:15 . 2006-10-13 08:18 6,912 --a------ c:\windows\nvoclock.sys
2008-11-24 11:47 . 2008-11-24 11:47 <KAT> d-------- c:\program\Sun
2008-11-24 11:47 . 2008-12-03 20:25 <KAT> d-------- c:\program\Java
2008-11-24 11:47 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-24 11:47 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-23 14:32 . 2008-11-23 14:32 <KAT> d-------- c:\program\Trend Micro
2008-11-22 17:26 . 2008-11-22 17:26 0 --a------ C:\LHT3.tmp
2008-11-20 01:28 . 2008-11-20 01:28 <KAT> d-------- c:\program\BS.Player ControlBar
2008-11-20 01:28 . 2008-11-20 01:35 <KAT> d-------- c:\documents and settings\Jacob\Application Data\BSplayer
2008-11-17 22:42 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-15 02:55 . 2008-11-15 02:57 <KAT> d-------- c:\windows\NV36481812.TMP
2008-11-12 14:54 . 2008-11-12 14:54 13,672,448 --a------ c:\windows\system32\SET26.tmp
2008-11-12 14:54 . 2008-11-12 14:54 6,148,864 --a------ c:\windows\system32\SET1C.tmp
2008-11-12 14:54 . 2008-11-12 14:54 602,112 --a------ c:\windows\system32\SET20.tmp
2008-11-12 14:54 . 2008-11-12 14:54 122,880 --a------ c:\windows\system32\SET41.tmp
2008-11-12 14:54 . 2008-11-12 14:54 86,016 --a------ c:\windows\system32\SET28.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 20:04 --------- d-----w c:\documents and settings\Jacob\Application Data\Skype
2008-12-08 19:59 --------- d-----w c:\documents and settings\Jacob\Application Data\skypePM
2008-12-08 18:51 --------- d-----w c:\documents and settings\Jacob\Application Data\uTorrent
2008-12-08 11:28 --------- d--h--w c:\program\InstallShield Installation Information
2008-12-06 18:12 --------- d-----w c:\documents and settings\Jacob\Application Data\dvdcss
2008-12-04 20:56 --------- d-----w c:\documents and settings\Jacob\Application Data\vlc
2008-12-03 20:20 --------- d-----w c:\program\Delade filer\Apple
2008-11-30 14:15 --------- d-----w c:\program\DC++
2008-11-29 16:22 --------- d-----w c:\program\Delade filer\Wise Installation Wizard
2008-11-27 19:13 --------- d-----w c:\program\AMD
2008-11-25 11:05 505,128 ----a-w c:\windows\system32\msvcp71.dll
2008-11-25 11:05 29,480 ----a-w c:\windows\system32\msxml3a.dll
2008-11-24 23:41 --------- d-----w c:\program\The KMPlayer
2008-11-24 23:20 --------- d-----w c:\program\Windows Media Connect 2
2008-11-24 17:09 --------- d-----w c:\documents and settings\Jacob\Application Data\BSplayer PRO
2008-11-24 15:15 98,304 ----a-w c:\windows\DUMP57b5.tmp
2008-11-24 15:11 --------- d-----w c:\program\AGEIA Technologies
2008-11-20 13:30 --------- d-----w c:\program\Lavasoft
2008-11-20 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-20 00:30 --------- d-----w c:\program\ffdshow
2008-11-20 00:23 --------- d-----w c:\program\Delade filer\Adobe
2008-11-19 23:36 --------- d-----w c:\program\CoreCodec
2008-11-13 12:39 --------- d-----w c:\program\Delade filer\Blizzard Entertainment
2008-11-12 23:38 --------- d-----w c:\program\AC3Filter
2008-11-12 13:54 801,312 ----a-w c:\windows\system32\nvcplui.exe
2008-11-12 13:54 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-11-12 12:45 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-11-11 16:21 4,946,944 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-11-10 18:59 --------- d-----w c:\program\Windows Live Safety Center
2008-11-09 14:51 --------- d-----w c:\documents and settings\Jacob\Application Data\Hamachi
2008-11-07 15:40 17,421,824 ----a-w c:\windows\RTHDCPL.EXE
2008-11-02 02:49 --------- d-----w c:\documents and settings\Jacob\Application Data\Red Alert 3
2008-11-01 17:40 --------- d-----w c:\documents and settings\Jacob\Application Data\Bioshock
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 14:04 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-13 08:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-10-10 13:04 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-10 12:44 --------- dc-h--w c:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll
2008-10-07 08:13 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-10-07 08:13 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
2008-10-07 08:13 23,320 ----a-w c:\windows\system32\PhysXDevice.dll
2008-09-30 15:38 2,168,320 ----a-w c:\windows\MicCal.exe
2008-09-19 16:48 1,200,128 ----a-w c:\windows\RtlUpd.exe
2008-09-18 00:41 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-01-09 19:33 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-09 14:33 22,328 ----a-w c:\documents and settings\Jacob\Application Data\PnkBstrK.sys
.

(((((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIDIA nTune"="c:\program\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\windows\TBPanel.exe" [2007-11-27 2189864]
"MaxtorOneTouch"="c:\program\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]
"AODAssist.exe"="c:\program\AMD\AMD OverDrive\AODAssist.exe" [2007-11-06 69632]
"Norman ZANDA"="c:\norman\Npm\bin\ZLH.EXE" [2008-06-02 273520]
"DelReg"="c:\program\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"RemoteControl8"="c:\program\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"amd_dc_opt"="c:\program\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-07 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
DualCoreCenter.lnk - c:\program\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-11-24 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jgkbry.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"VIDC.XFR1"= xfcodec.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.l3codecp"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Personal.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Personal.lnk
backup=c:\windows\pss\Personal.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Spel\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Spel\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program\\uTorrent\\uTorrent.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program\\Messenger\\msmsgs.exe"=
"c:\\Program\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program\\DC++\\DCPlusPlus.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\iTunes\\iTunes.exe"=
"c:\\Spel\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Spel\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Spel\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:warcraft
"6112:UDP"= 6112:UDP:warcraft2

R0 FTT3;FTT3;c:\windows\system32\DRIVERS\FTT3.sys [2008-01-09 155792]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program\CyberLink\PowerDVD8\000.fcl [2008-10-07 20:31:38 61424]
R2 Ndiskio;Ndiskio;\??\c:\norman\Nse\bin\NDISKIO.SYS [2008-02-04 20448]
R3 DualCoreCenter;DualCoreCenter;\??\c:\program\MSI\DualCoreCenter\NTGLM7X.sys [2008-11-24 28160]
R3 m4cxwxp;NDIS5.1 Miniport Driver for D-Link DGE-530T Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\m4cxwxp.sys [2008-01-09 171264]
R3 nsesvc;Norman Scanner Engine Service;"c:\norman\nse\bin\NSESVC.EXE" -daemon [2008-06-30 322616]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2008-02-04 19512]
R3 nvcoas;Norman Virus Control on-access component;"c:\norman\Nvc\bin\nvcoas.exe" [2008-02-04 183352]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\norman\Nvc\BIN\NVCSCHED.EXE [2008-02-04 146488]
R3 RushTopDevice2;RushTopDevice2;\??\c:\program\MSI\DualCoreCenter\RushTop.sys [2008-11-24 55296]
S2 AODService;AODService;c:\program\AMD\OverDrive\AODAssist []
S3 ASUDriver;ASUDriver;\??\c:\program\AMD\AMD OverDrive\i386\AODDriver.sys [2007-10-24 6144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eeecfa6-fb6c-11dc-8f83-000d886c0ca0}]
\Shell\AutoRun\command - H:\Launch.exe
.
Innehållet i mappen 'Schemalagda aktiviteter'

2008-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

BHO-{480EC110-12FC-403C-8F6D-C837582DC5ED} - c:\windows\system32\efcDVPhF.dll
BHO-{5E798107-FEE2-442E-94B8-DE11744CC7E1} - c:\windows\system32\mllmn.dll
BHO-{eed3688e-984f-48c4-9c1a-d42a89066f62} - c:\windows\system32\jgkbry.dll
HKLM-Run-MXO Auto Loader - c:\windows\MXOALDR.EXE
ShellExecuteHooks-{4E007A5F-299F-44FC-8B6B-F06B61867A2E} - (no file)
MSConfigStartUp-MSDisp32 - c:\windows\system32\drvkez.dll
MSConfigStartUp-MSDrive - c:\windows\system32\drvduv.dll


.
------- Extra genomsökning -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: {E2C23695-0449-4812-A255-8B4BC5A2F966} = 192.168.1.1

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDow ... eqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf

O16 -: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} - hxxp://www.octoshape.com/test/ax/octoshape.cab
c:\windows\Downloaded Program Files\octoshape.inf
FireFox -: Profile - c:\documents and settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF -: plugin - c:\documents and settings\Jacob\Application Data\Mozilla\plugins\npoctoshape.dll
FF -: plugin - c:\program\Final Codecs\MozillaPlugins\nppl3260.dll
FF -: plugin - c:\program\Final Codecs\MozillaPlugins\nprjplug.dll
FF -: plugin - c:\program\Final Codecs\MozillaPlugins\nprpjplug.dll
FF -: plugin - c:\program\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program\Octoshape Streaming Services\Jacob\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 21:12:58
Windows 5.1.2600 Service Pack 3 NTFS

genomsöker dolda processer ...

genomsöker dolda autostartpunkter ...

genomsöker dolda filer ...

genomsökningen avslutades lyckosamt
dolda filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AODService]
"ImagePath"="c:\program\AMD\OverDrive\AODAssist"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program\CyberLink\PowerDVD8\000.fcl"
.
------------------------ Andra pågående processer ------------------------
.
c:\norman\npm\bin\elogsvc.exe
c:\norman\npm\bin\Zanda.exe
c:\program\Lavasoft\Ad-Aware\aawservice.exe
c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program\Bonjour\mDNSResponder.exe
c:\program\Java\jre6\bin\jqs.exe
c:\program\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\norman\npm\bin\Njeeves.exe
c:\windows\system32\rundll32.exe
c:\program\iPod\bin\iPodService.exe
c:\program\MSI\DualCoreCenter\DualCoreCenter.exe
c:\norman\NVC\Bin\Nip.exe
c:\norman\NVC\Bin\CClaw.exe
.
**************************************************************************
.
Sluttid: 2008-12-08 21:15:56 - datorn startades om
ComboFix-quarantined-files.txt 2008-12-08 20:15:45

Före genomsökningen: 14 475 804 672 byte ledigt
Efter genomsökningen: 14,498,037,760 byte ledigt

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

435 --- E O F --- 2008-11-18 02:47:18


New Hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:21, on 2008-12-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\explorer.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [DelReg] C:\Program\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [RemoteControl8] C:\Program\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Program\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} (client Object) - http://www.octoshape.com/test/ax/octoshape.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2C23695-0449-4812-A255-8B4BC5A2F966}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: jgkbry.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AODService - Unknown owner - C:\Program\AMD\OverDrive\AODAssist (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

--
End of file - 8456 bytes

Thanks so far for your help I really appreciate it! :)
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Virtumonde infection!

Unread postby Axephilic » December 10th, 2008, 12:25 pm

Hello,

P2P Warning!

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate the following programs and click on the Change/Remove button to uninstall them.

    BitLord 1.1
    DC++ 0.707
    Deluge
  3. Close Add/Remove Programs and Control Panel when done.

Please post a fresh HijackThis log when done.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Virtumonde infection!

Unread postby Jacob A » December 10th, 2008, 3:07 pm

Hello Adam, Ive removed those programs from my computer.

Here's a new Hijackthis log!

Thanks alot so far for all your help! :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:41, on 2008-12-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TBPanel.exe
C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Program\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program\iPod\bin\iPodService.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [DelReg] C:\Program\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [RemoteControl8] C:\Program\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Program\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} (client Object) - http://www.octoshape.com/test/ax/octoshape.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2C23695-0449-4812-A255-8B4BC5A2F966}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: jgkbry.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AODService - Unknown owner - C:\Program\AMD\OverDrive\AODAssist (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

--
End of file - 8397 bytes
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Virtumonde infection!

Unread postby Axephilic » December 12th, 2008, 12:33 pm

Hello,

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Close all open windows and click on Fix checked and when you get a popup window click on Yes.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
c:\windows\005672_.tmp
c:\windows\DUMP57b5.tmp

Folder::
c:\documents and settings\Jacob\Application Data\uTorrent

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

[HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program\\uTorrent\\uTorrent.exe"=-



Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Please Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

In your next reply, please include:
  1. ComboFix log
  2. MalwareByte's log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Virtumonde infection!

Unread postby Jacob A » December 12th, 2008, 8:10 pm

Hello Adam! Here are my three logs for you! :)

Malwarebytes log:

Malwarebytes' Anti-Malware 1.31
Databasversion: 1495
Windows 5.1.2600 Service Pack 3

2008-12-13 01:04:15
mbam-log-2008-12-13 (01-04-15).txt

Skanningstyp: Fullständig skanning (C:\|E:\|G:\|J:\|)
Antal skannade objekt: 178137
Förfluten tid: 47 minute(s), 21 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 4
Infekterade registervärden: 1
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 24

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Infekterade registervärden:
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.Agent) -> Quarantined and deleted successfully.

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\Documents and Settings\Jacob\Mina dokument\Codecs\BS.Player.Pro.v2.32.975.Multilingual.Incl.Keymaker-CORE\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program\mozilla.org\Mozilla\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fudcnahp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jgkbry.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qwybocxy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rlqniamm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tadwlkpy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tnqgml.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\unugmnnv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vnarpcsi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\woaiqk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xyocbnkq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ymwxlrcb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1B99AC46-0E4E-4D26-B634-5F13441F5C56}\RP369\A0078417.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1B99AC46-0E4E-4D26-B634-5F13441F5C56}\RP369\A0078423.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1B99AC46-0E4E-4D26-B634-5F13441F5C56}\RP369\A0078435.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1B99AC46-0E4E-4D26-B634-5F13441F5C56}\RP369\A0078437.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1B99AC46-0E4E-4D26-B634-5F13441F5C56}\RP369\A0078445.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1B99AC46-0E4E-4D26-B634-5F13441F5C56}\RP369\A0078446.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1B99AC46-0E4E-4D26-B634-5F13441F5C56}\RP369\A0078449.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1B99AC46-0E4E-4D26-B634-5F13441F5C56}\RP369\A0078450.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1B99AC46-0E4E-4D26-B634-5F13441F5C56}\RP369\A0078451.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1B99AC46-0E4E-4D26-B634-5F13441F5C56}\RP369\A0078454.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1B99AC46-0E4E-4D26-B634-5F13441F5C56}\RP369\A0078443.dll (Trojan.Vundo) -> Quarantined and deleted successfully.



Combofix log:



ComboFix 08-12-12.02 - Jacob 2008-12-13 0:06:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.2047.1431 [GMT 1:00]
Körs från: c:\documents and settings\Jacob\Skrivbord\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\Jacob\Skrivbord\CFScript.txt.txt
* Skapade en ny återställningspunkt

FILE ::
c:\windows\005672_.tmp
c:\windows\DUMP57b5.tmp
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jacob\Application Data\uTorrent
c:\documents and settings\Jacob\Application Data\uTorrent\07.04.04.Children of Men.HDDVD.REMUX.VC-1.1080P.DTS.EAC3.Fanxy@Silu.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\07.04.11.Terminator.3.Rise.Of.The.Machines.HD-DVD.Remux.1080p.VC-1.DTS.DDPlus.Fanxy@Silu.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\07.05.01.Equilibrium.HD DVD.Remux.1080P.H264.DDPlus.DTS.Orbitlee@Silu.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\07.05.17.The.Matrix.HD-DVD.Remux.1080p.VC-1.DD51.DDPlus.Fanxy@Silu.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\07.05.26.American.Psycho.Blu-Ray.REMUX.MPEG2.1080P.DTSHD-HR.DD51.Fanxy@Silu.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\07.07.25.The.Fifth.Element(Remastered).Blu-Ray.REMUX.H264.1080P.DTS.LPCM.Dolby.TrueHD.DD51.F_Silu.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\07.08.09.IMAX.Blue.Planet.Blu-ray.REMUX.1080P.VC-1.TrueHD.DD51.F_Silu.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\07.10.07.Spider-Man.3.Blu-Ray.REMUX.H264.1080P.LPCM.Dolby-TrueHD.F@Silu.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\07.10.08.Spider-Man.3.Blu-Ray.RE.X264.720P.DD51.F@Silu.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\07.10.27.Alexander.Revisited.The.Final.Cut.HDDVD.REMUX.1080P.VC-1.DDPlus-SiLU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\07.10.27.Transformers.HDDVD.REMUX.1080P.H264.DDPlus.DD51-SiLU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\08.03.06.I.Am.Legend.Alternate.Version.Blu-ray.REMUX.1080P.VC1.TrueHD.DD51-SiLU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\1 By-Day_Zafira_&_Kyla_Fox_HD_Video_1280x720.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\10,000 BC[2008]R5 DvDrip AC3[Eng]-FXG.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\10.13.07.Spiderman.2002.DiVX6.DTS.BDRiP-CHD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\10.14.07.Spiderman.2.2004.EXTENDED.DiVX6.DTS.BDRiP-CHD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\10000.BC.720p.BD5.x264-Chakra.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\12.09.07.Transformers.2007.HD-DVDRip.1080p.DTS.2DVD.x264-CHD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\12.20.07.The.Hunt.For.Red.October.1990.x264.720p.DTS.HD.DVDRiP-CHD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\12.24.07.The.Bourne.Ultimatum.2007.HD-DVDrip.1080p.VC1.DTS_CHD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\1408.DC.2007.SE.FI.NO.PAL.DVDR-AFTERMATH.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\1Destram - KI4GoodQualityt.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\2008.05.25.Lady.Vengeance.2005.Blu-ray.Re.x264.a1080.AC3-C@SiLU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\24-Redemption.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\28 Weeks Later - Soundtrack www.escaparatesonico.blogspot.com.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\3v3.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\56million.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\6_Pack_Vol.1_HD_Videos_1280x720.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\6_Pack_Vol.12_HD_Videos_1280x720.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\6_Pack_Vol.14_HD_Videos_1280x720.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\6_Pack_Vol.17_HD_Videos_1280x720.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\6_Pack_Vol.2_HD_Videos_1280x720.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\6_Pack_Vol.5_HD_Videos_1280x720.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\6_Pack_Vol.6_HD_Videos_1280x720.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\6_Pack_Vol.8_HD_Videos_1280x720.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\6_Pack_Vol.9_HD_Videos_1280x720.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\6882v1.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Alexander-ost.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\American.Dad.S04E01.PDTV.XviD.REAL-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\American.Dad.S04E02.PDTV.XviD-SYS.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\American.Dad.S04E03.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\American.Dad.S04E04.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\American.Dad.S04E05.PDTV.XVID-ROGER.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\American.Dad.S04E06.REPACK.PDTV.XviD-XOR.[VTV].avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\American.Dad.S04E07.PDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Americas.Got.Talent.S03E18.PDTV.XViD-YesTV.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Anabolic.Video.Girlgasmic.XXX.DVDRiP.XviD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Anamorph.LIMITED.720p.BD5.x264-REFiNED.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Assassins.Creed.REPACK-RELOADED.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Babylon A.D. (NL Subs).torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Babylon A.D. [2008]DVDRip[Xvid AC3[2ch]-RoCK&BlueLadyRG.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Babysitters(DVDRiP)(www.pornorip.net).torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Barfly.custom.swe.TFMP.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Batman Begins - Soundtrack [2005].rar.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Batman.Begins.1080p.HDDVD.x264-ESiR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Be Cool (2005) - Soundtrack By FEFE2003.rar.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\BestBugEver-final-ws.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Bikini Destinations 3rd Fantasy HD 720p x264 Mitradatas.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Box.Lunch.Compilation.[DVDRIP][Pornstars](pornorip.net).torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Breaking.Bad.S01E01.DSR.XviD-0TV.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Bree And Kayden XXX [DVDRip][www.zonatorrent.com].torrent
c:\documents and settings\Jacob\Application Data\uTorrent\BS.Player.Pro.v2.32.975.Multilingual.Incl.Keymaker-CORE.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\BS.Player.Pro.v2.32.975.Multilingual.rar.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\BT-speed-clear-3x.mp4.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\btaw3.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Buddha-Bar (CD Series).torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Buddhist_ master of necromancy.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Burn.After.Reading.720p.BluRay.x264-REFiNED.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Carmen Goes To College 4.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Carmen.Goes.South_www.hornywhores.net.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\CHD??.CHP@???.GLADIATOR.1080P(????).PROPER.dts-ES????????.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Children.Of.Men.2006.1080p.HDDVD.x264-DEFiNiTE.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Chrille7.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Club Devon (Devon) XXX [DVDRiP][All Sex].www.lokotorrents.com.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Coldplay - A Rush of Blood to the Head.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Coldplay - Viva La Vida [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Command.And.Conquer.Red.Alert.3-RELOADED.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\CoreAVC.Professional.Edition.v1.8.5.0-EDGE.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\CoreFinal.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Cornelis_Vreeswijk-CV_Det_Basta_Med_Cornelis_Vreeswijk-3CD-SE-REPACK-2007-LzY.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Crysis.Warhead-RELOADED.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\CyberLink_PowerDVD_8.0.2217.50_Ultra_Rus.rar.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Cylia_1_ArenasHQ.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Dance Party 2009 (Mixed By The Happy Boys) (2008) DivXNLTeam.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Dark.City.1998.Directors.Cut.720p.BluRay.x264-SiNNERS.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\DDF_Aiwe_and_Roxana_Lesbo_1by-day.com_2008_HDV.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\DDF_Alexa_and_Kitty_Lesbo_1by-day.com_2008_HDV.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\DDF_Eufrat_red_vibrator_1byday.com_2008_HDV.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\DDF_Gina_&_Laura_Crystal_1by-day.com_2008_FINU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\DDF_Gina_and_Michelle_1byday.com_2008_HDV.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\DDF_Rose_&_Fiva_1byday.com_2008_FINU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\DDF_Zafira_&_Juliana_Grandi_1by-day.com_2008_FINU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\DDF_Zafira_Plug_1by-day.com_2008_FINU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\DDF_Zoe_and_Tea_Lesbo_1by-day.com_2008_HDV.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\DDGirls_3_Pack_HD_Videos_1280x720.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Dead.Mans.Shoes.LiMiTED.DVDRip.XviD-DoNE.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Death.Proof.2007.720p.BluRay.x264-SEPTiC.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Death.Race.2008.DVDSCR.DVDR-TDM.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Debbie Does Dallas Again - 2007 (Evan Stone, Savanna Samson, Hillary Scott, Courtney Simpson, Penny Flame, Moniqu.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Deep.Inside.Tawny.Roberts.2004(www.pornorip.net).torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Demolition man.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Destram - Echoes of Doom.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Devon.Stripped.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Dexter.S03E01.DVDScr.XviD-NOTYOU.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\dht.dat
c:\documents and settings\Jacob\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Jacob\Application Data\uTorrent\Diablo3-GameplayTrailer_US.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\DigitalDesire_X2_+_CDGirls_HD_Videos_1280x720.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Dilir 24.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\District.B13.2004.720p.HDDVD.x264-ESiR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\DOA.Dead.or.Alive.720p.BluRay.x264-iNFAMOUS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Donnie.Darko.2001.720p.HDTV.x264-THOR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Earth.2007.1080p.BluRay.x264-hV.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage Season 1, 2 & 3.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\entourage.504.720p.hdtv.x264-sys.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S01.DVDRiP.XviD-SCC.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S02E01.HDTV.XviD-0TV.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S04E09.HDTV.XviD-NoTV.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S05E01.720p.HDTV.x264-SYS.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S05E02.720p.HDTV.x264-SYS.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\entourage.s05e03.hdtv.xvid-0tv.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S05E05.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S05E06.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S05E07.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S05E08.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S05E09.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S05E10.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S05E11.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Entourage.S05E12.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Epic.Movie.2007.UNRATED.R3.NTSC.DVDR-FiL3.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Eraser.1996.720p.BluRay.x264-SiNNERS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Eristina3.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Eviscerate 8a.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Expert.Guide.to.the.G.Spot.2007.720p.XXX.BluRay.x264-CtrlHD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Family Guy Season 4 - Complete.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Family.Guy.S06E11.PDTV.XviD-XOR.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\family.guy.s07e01.pdtv.xvid-xor.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Family.Guy.S07E02.READNFO.PDTV.XviD-SYS.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Family.Guy.S07E03.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Family.Guy.S07E04.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Family.Guy.S07E05.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Family.Guy.S07E06.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Family.Guy.S07E06.PROPER.REPACK.PDTV.XviD-XOR.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Fedriaran4.mp4.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Felon.2008.720p.BluRay.x264-SiNNERS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Final Codecs Olympic Edition (August 2008).exe.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Final.Fantasy.VII.Advent.Children.UMD.Rip.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\FinalCodecs 2008 (Codecs for HD-DVD and Blu-Ray Included).torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Flags.Of.Our.Fathers.2006.DVD5.720p.HDDVD.x264-REVEiLLE.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Fools.Gold.720p.Bluray.x264-Chakra.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Forever.Jill(DVDRiP)(www.pornorip.net).torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Forgetting.Sarah.Marshall.2008.720p.BluRay.x264-SiNNERS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Futurama - Season 1.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Futurama - Season 2.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Futurama - Season 3.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Futurama - Season 4.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Futurama - Season 5.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Futurama.Benders.Big.Score.XViD.DVDRiP-ANiVCD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Get.Smart.2008.720p.BluRay.x264-SiNNERS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Girl.In.6C(DVDRiP).torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Girls.Hunting.Girls.15.XXX.DVDRip.XviD-Pr0nStarS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Girlvana 3 XXX [DVDRIP][All Sex].www.lokotorrents.com.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Gone.In.Sixty.Seconds.2000.1080p.BluRay.x264-WPi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\GTA IV PC Version.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\GTA.IV.Crack.Securom.Bypass.Launcher.UBER-PROPER-FeD0R.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\gudril_ undmag and thunder.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Hampenberg - Love In Siberia.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Harold.&.Kumar.Go.to.White.Castle.Unrated.2004.720p.BluRay.DTS.x264-ESiR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Harold.and.Kumar.Escape.from.Guantanamo.Bay.UNRATED.720p.BD5.x264-REFiNED.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Harold.and.Kumar.Go.To.White.Castle.2004.720p.BluRay.x264-HALCYON.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Harry Potter.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\HD PornPack - pornbay.org.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Heart.Breaker(DVDRiP)(www.pornorip.net).torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Hellboy.2.The.Golden.Army.720p.BluRay.x264-SEPTiC.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Hellboy.2004.Unrated.BluRayRip.720p.x264.DTS_51-HDB.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Her.First.Lesbian.Sex.13.XXX.DVDRiP.XviD-DivXfacTory.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Heroes.S03E01.720p.HDTV.X264-DIMENSION [www.btarena.org].torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Heroes.S03E02.720p.HDTV.X264-DIMENSION.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Heroes.S03E03.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Heroes.S03E04.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Heroes.S03E05.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Heroes.S03E06.720p.HDTV.X264-DIMENSION.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Heroes.S03E06.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Heroes.S03E07.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Heroes.S03E08.720p.HDTV.x264-CTU.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Hitman.2007.720p.BluRay.x264-REVEiLLE.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\I Dream Of Jenna 2 XXX [DVDRIP] [www.zonatorrent.com].torrent
c:\documents and settings\Jacob\Application Data\uTorrent\I Has No Mace - Final.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\I.Want.Candy.720p.BluRay.x264-iNFAMOUS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\In.Bruges.2008.720p.HDTV.DD5.1.x264 - HDxT.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Interactive Sex with Bree Olson XXX HDDVD pornbay.org.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Iron.Man.2008.CUSTOM.SWESUB.DVDR-iNjECT.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Island Fever 4 1080p DD5.1_???@www.2dmu.info.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Jenna Loves Diamonds - DivXfacTory.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Jenna.Loves.Diamonds.2002.720p.XXX.BluRay.x264-CtrlHD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Jesse.Jane.Kiss.Kiss.XXX.DVDRip.XviD-NYMPHO.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\King.Arthur.Director's.Cut.2004.720p.BluRay.DTS.x264-CtrlHD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Krymu 5.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\kung-ringofvalor2.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Leon.The.Professional.1994.DVD5.720p.HDTV.x264-NBS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Life.S01E01.REPACK.HDTV.XviD-XOR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Life.S01E02.HDTV.XviD.SWESUB-ThaKebab.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Life.S01E03.HDTV.XviD-XOR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Life.S01E04.HDTV.XviD.SWESUB-ThaKebab.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Life.S01E05.HDTV.XviD-LOL.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Lost.S04E09.720p.HDTV.x264-CTU.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Lost.S04E10.720p.HDTV.x264-CTU.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Lost.S04E12.720p.HDTV.x264-CTU.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\lost.s04e13.e14--POC.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\LOTR- Fellowship of the Ring (ExtEd) HD 1080P Xvid AC3.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\LOTR- The Return of the King (ExtEd) HD 1080P Xvid AC3.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Love Always XXX [DVDRip][www.zonatorrent.com].torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Luda NW 2v2.mp4.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\lulzdigitalself.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Madagascar.2005.720p.BluRay.x264-SiNNERS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Magehancement HD.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Magehancement_HD.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Mamma.Mia.2008.720p.BluRay.x264-SiNNERS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Man.On.Fire.2004.720p.Bluray.x264-SEPTiC.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Master.and.Commander.2003.720p.BluRay.x264-REFiNED.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Matrix.Trilogy.1080p.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Matrix.Trilogy.720p.HDDVD.DTS.x264-ESiR.1.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Matrix.Trilogy.720p.HDDVD.DTS.x264-ESiR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\melee_style_720p.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Metamorphosis 2.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Michael.Clayton.720p.Bluray.x264-SEPTiC.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Minorty Report 720p.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\mmonly@????@[Wicked Pictures] Manhunters.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Mongol.2007.720p.BluRay.DTS.x264-ESiR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Mongol.2007.DVDRip.XviD-TDM.[www.torrentfive.com].torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Monsters.INC.720p-PLM.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Movie main.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\My.Super.Ex-Girlfriend[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\NEVER BACK DOWN.ISO.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Never.Back.Down.2008.Extended.Beat.Down.Edition.DVDRiP.XviD-iNTiMiD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\novalockedwotlk2.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Oceans.BOXSET.720p.HDDVD.x264-TL.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Oceans.Twelve.2004.720p.HDDVD.x264-CDDHD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Oceans_Twelve_OST-2004-MUSiQ.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Outbreak.1995.720p.BluRay.x264-SiNNERS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Paladin Pvp Part IV.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Pamela Anderson Uncensored.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Panda 1080p By (Empy Edition).mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Pat-PvP3.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Penn & Teller_ Bullshit! S01-S04.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Pirates XXX 720p Blu-Ray x264-CtrlHD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Pirates.2.Stagnettis.Revenge.XXX.2008.720p.BluRay.x264-WDE.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Planet Earth 2.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\pmme@????@www.6ytk.com@Fallen.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Porno Valley Series 1.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Priceless Fantasies XXX [DVDRip][All Sex].www.lokotorrents.com.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\RAINBOW.SIX.LOCKDOWN-DEViANCE.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Resident.Evil-Degeneration[2008]DvDrip-aXXo.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\resume.dat
c:\documents and settings\Jacob\Application Data\uTorrent\resume.dat.1.bad
c:\documents and settings\Jacob\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Jacob\Application Data\uTorrent\Rhok Four_ Finaly_.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Robinson Crusoe SWESUB DVDRip x264-Emailo.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Robinson.Crusoe.1996.PAL.SWESUB.DVDRip.Xvid-monica112.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\rss.dat
c:\documents and settings\Jacob\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Jacob\Application Data\uTorrent\SAVING PRIVATE RYAN.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Scarface.720p.x264.OAR.DD5.1-DoNOLi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\settings.dat
c:\documents and settings\Jacob\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Jacob\Application Data\uTorrent\Sex_Tape_Scandal_For_Free_High_Quality-2008-DJNilo.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Shaman_Ele_WM_divx.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Shaman_Enh_WM.avi.1.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Shaman_Enh_WM.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\shivan 7 - Arena.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Sin City 720P - THOR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Sin.City.2005.1080p.HDTV.DTS.x264-ESiR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Spore-RELOADED.1.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Spore.Crackfix-RELOADED.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Star.Wars.Episodes.Complete.1080p.HDTV.x264-hV.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Starship.Troopers.1997.720p.BluRay.x264-hV.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\stg34u.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Street.Kings.1080p.Bluray.x264-1920.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Sunny.Loves.Matt.XXX.720p.BluRay.x264.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\swiftywotlk3.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Taken 2008 DVDRip Repack [A Release Lounge H264 By Micky22].torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Tasty XXX [DVDRip][English][www.zonatorrent.com].torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.Pack.720p.x264-ESiR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S01E01.720p.HDTV.x264-HDQ.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S01E02.720p.HDTV.x264-CTU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S01E03.720p.HDTV.x264-CTU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S01E04.720p.HDTV.x264-CTU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S01E05.720p.HDTV.x264-CTU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S01E06.720p.HDTV.x264-CTU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S01E07.720p.HDTV.x264-CTU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S01E08.720p.HDTV.x264-CTU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S01E09.720p.HDTV.x264-CTU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S02E01.720p.HDTV.x264-CTU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S02E02.REPACK.720p.HDTV.x264-SYS.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S02E03.720p.HDTV.x264-CTU.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S02E04.720p.HDTV.x264-CTU.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S02E05.720p.HDTV.x264-CTU.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Terminator.The.Sarah.Connor.Chronicles.S02E06.720p.HDTV.x264-CTU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The All Time Greatest Christmas Songs - 2 CD - 2002.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The Dark Knight (2008) Soundtrack.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The Last Rose XXX DVDRiP XviD [www.TopePorno.com].torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The Simpsons - 20x07 - Mypods and Boomsticks.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Boondock.Saints.1999.WS.COMLETE.Int.NTSC.DVDR-DVDHQ.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Bourne.Identity.2002.DVD5.720p.HDDVD.x264-REVEiLLE.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Bucket.List.720p.BluRay.x264-REFiNED.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Count.Of.Monte.Cristo.2002.NORDiC.iNT.PAL.DVDR-SYLTAS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Dark.Knight.2008.PROPER.1080p.BluRay.x264-CiNEFiLE.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Fall.2006.LiMiTED.720p.BluRay.x264-SiNNERS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Fast.and.the.Furious.Pack.720p.HDDVD.x264.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Forbidden.Kingdom.R5.XViD-PUKKA.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Hulk.2003.1080p.HDDVD.x264-TiMELORDS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Incredible.Hulk.2008.PROPER.720p.BluRay.x264-METiS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Lord.Of.The.Rings.Trilogy.720p.HDTV.x264-SCC.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Matrix.1999.720p.nHD.x264.AAC.NhaNc3.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Mummy.1999.DVD9.720p.HDDVD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Mummy.Tomb.Of.The.Dragon.Emperor.2008.720p.BluRay.x264-SiNNERS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Orphanage.2007.SWESUB.DVDRip.XviD-pirat.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Simpsons.S19E20.PROPER.PDTV.XviD-E7.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Simpsons.S20E01.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Simpsons.S20E02.PDTV.XviD-XOR.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Simpsons.S20E03.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Simpsons.S20E04.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Simpsons.S20E05.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Simpsons.S20E06.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Simpsons.S20E08.The.Burns.and.the.Bees.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Unit.S04E01.720p.HDTV.X264-DIMENSION.mkv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Unit.S04E02.REPACK.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Unit.S04E03.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Unit.S04E04.The.Conduit.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Unit.S04E05.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Unit.S04E06.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Unit.S04E07.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\The.Usual.Suspects.1995.DVD5.720p.BluRay.x264-hV.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\THEKABLAMO.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Traitor.720p.BluRay.x264-NGR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Tristan.and.Isolde.720p.Bluray.x264-Chakra.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two and a half men Seaon 4.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two And a Half Men Seson 3.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.And.A.Half.Men.6x04.The.Flavin.And.The.Mavin.HDTV.XviD-FoV.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.And.A.Half.Men.S01.DVDRip.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\two.and.a.half.men.s03e01.hdtv-tcm.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\two.and.a.half.men.s03e02-cc204.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.And.A.Half.Men.S03E08.SWESUB.PDTV.XviD-cc204.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.and.a.Half.Men.S04E01.HDTV.XviD-XOR.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.And.A.Half.Men.S05E07.SWESUB.HDTV.XviD - Christley.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.And.A.Half.Men.S05E08.SWESUB.HDTV.Xvid-Nimol.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.And.A.Half.Men.S05E15.SWESUB.HDTV.Xvid-Nimol.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.and.a.Half.Men.S05E16.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.and.a.Half.Men.S05E18.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.and.a.Half.Men.S05E19.720p.HDTV.x264-CTU.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.and.a.Half.Men.S06E01.HDTV.XviD-XOR.avi.1.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.and.a.Half.Men.S06E02.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.and.a.Half.Men.S06E03.HDTV.XViD-DOT.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.and.a.Half.Men.S06E05.HDTV.XViD-DOT.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.and.a.Half.Men.S06E06.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.And.A.Half.Men.S06E07.SWESUB.HDTV.XviD-OOKEJ[www.TankaFett.com].avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.And.A.Half.Men.S06E08.SWESUB.HDTV.XviD-OOKEJ[www.TankaFett.com].avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two.And.A.Half.Men.S06E09.SWESUB.HDTV.XviD-OOKEJ[www.TankaFett.com].avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Two_And_A_Half_Men.6x10.He_Smelled_The_Ham_He_Got_Excited.HDTV_XviD-FoV.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Jacob\Application Data\uTorrent\WALL-E.720p.BluRay.x264-iNFAMOUS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Wanted.2008.R5.CUSTOM.SWESUB.DVDR-iNjECT.1.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Weresogay2-H.264 LAN.mov.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\What.Happens.In.Vegas.720p.BluRay.x264-iNFAMOUS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Where The Boys Aren t 18.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\Where.The.Boys.Arent.19.XXX.DVDRip.XviD-DoggPound.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\whippedass_5181_wmvhd.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\whippedass_5397_wmvhd.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\VIDEO_TS.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\WotLK.-.Solo.Onyxia._Hunter_.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\WotlkPaladinDemo.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\WoW 3K.avi.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\X-Men.3.The.Last.Stand.2006.1080p.BluRay.DTS.x264-CtrlHD.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\xahlior6.wmv.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\ycyjc@Eye Of The Beholder.torrent
c:\documents and settings\Jacob\Application Data\uTorrent\You.Dont.Mess.With.The.Zohan.R5.LINE.DVDR-PMM.torrent
c:\windows\005672_.tmp
c:\windows\DUMP57b5.tmp
c:\windows\NVGfxOgl.dll

.
((((((((((((((((((((( Filer Skapade från 2008-11-12 till 2008-12-12 ))))))))))))))))))))))))))))))))))))
.

2008-12-09 21:28 . 2008-12-09 21:28 244 --ah----- C:\sqmnoopt02.sqm
2008-12-09 21:28 . 2008-12-09 21:28 232 --ah----- C:\sqmdata02.sqm
2008-12-09 20:05 . 2008-12-09 20:05 244 --ah----- C:\sqmnoopt01.sqm
2008-12-09 20:05 . 2008-12-09 20:05 232 --ah----- C:\sqmdata01.sqm
2008-12-09 19:58 . 2008-12-09 19:58 244 --ah----- C:\sqmnoopt00.sqm
2008-12-09 19:58 . 2008-12-09 19:58 232 --ah----- C:\sqmdata00.sqm
2008-12-08 14:10 . 2008-12-08 14:10 <KAT> d-------- c:\windows\system32\CatRoot_bak
2008-12-08 14:08 . 2004-08-04 01:34 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-08 13:43 . 2008-12-08 13:44 <KAT> d-------- c:\windows\system32\bits
2008-12-08 13:36 . 2008-04-14 00:10 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-12-08 12:44 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-08 12:44 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2008-12-08 12:44 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-08 12:44 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2008-12-08 12:44 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-08 12:44 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-08 12:44 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2008-12-08 12:40 . 2008-12-08 12:40 <KAT> d-------- c:\windows\system32\xlive
2008-12-08 12:40 . 2008-12-08 12:54 <KAT> d-------- c:\program\Microsoft Games for Windows - LIVE
2008-12-08 12:40 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-08 12:40 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-08 12:40 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-08 12:26 . 2008-12-08 12:26 <KAT> d-------- c:\program\MSBuild
2008-12-08 12:25 . 2008-12-08 12:25 <KAT> d-------- c:\windows\system32\XPSViewer
2008-12-08 12:24 . 2008-12-08 12:24 <KAT> d-------- c:\program\Reference Assemblies
2008-12-08 12:24 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-03 21:20 . 2008-12-03 21:21 <KAT> d-------- c:\program\iTunes
2008-12-03 21:20 . 2008-12-03 21:20 <KAT> d-------- c:\program\iPod
2008-12-03 21:20 . 2008-12-03 21:21 <KAT> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 21:19 . 2008-12-03 21:19 <KAT> d-------- c:\program\QuickTime
2008-12-03 21:19 . 2008-12-03 21:19 <KAT> d-------- c:\program\Bonjour
2008-12-03 21:18 . 2008-12-03 21:18 <KAT> d-------- c:\program\Apple Software Update
2008-12-03 20:18 . 2008-12-03 23:07 <KAT> d-------- c:\windows\system32\Adobe
2008-12-02 00:47 . 2008-12-04 21:56 <KAT> d-------- c:\documents and settings\Jacob\Application Data\vlc
2008-11-29 17:54 . 2008-11-29 17:54 48 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-29 17:53 . 2008-11-29 17:53 <KAT> d-------- c:\program\Delade filer\Skype
2008-11-29 17:22 . 2008-11-29 17:22 <KAT> d-------- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2008-11-29 17:14 . 2008-11-29 17:23 <KAT> d-------- c:\windows\NV512516.TMP
2008-11-29 17:14 . 2008-12-12 03:12 201,151 --a------ c:\windows\system32\nvapps.xml
2008-11-29 17:07 . 2008-11-29 17:07 <KAT> d-------- c:\documents and settings\Jacob\Application Data\Download Manager
2008-11-29 16:43 . 2008-11-29 16:43 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-29 16:43 . 2008-11-29 16:43 552 --a------ c:\windows\system32\d3d8caps.dat
2008-11-29 16:39 . 2008-11-29 16:41 <KAT> d-------- c:\windows\NV29282976.TMP
2008-11-29 16:32 . 2008-11-29 16:35 <KAT> d-------- c:\windows\NV1364072.TMP
2008-11-26 23:52 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-11-26 23:51 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys
2008-11-26 23:51 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys
2008-11-26 23:51 . 2008-11-10 15:35 34,816 --a------ c:\windows\system32\RtkCoInstXP.dll
2008-11-25 13:17 . 2008-12-10 20:00 <KAT> d-------- c:\program\SHOUTcast Source
2008-11-25 13:17 . 2008-12-10 19:57 <KAT> d-------- c:\program\MONOGRAM AMR SplitterDecoder
2008-11-25 13:17 . 2008-12-10 19:56 <KAT> d-------- c:\program\DirectVobSub
2008-11-25 13:17 . 2008-11-25 13:17 <KAT> d-------- c:\program\CD Audio Reader Filter
2008-11-25 13:16 . 2008-11-25 13:16 <KAT> d-------- c:\program\Zoom Player
2008-11-25 13:16 . 2008-12-10 16:41 <KAT> d-------- c:\documents and settings\All Users\Application Data\Zoom Player
2008-11-25 13:08 . 2008-11-25 13:08 <KAT> d-------- c:\program\Delade filer\Sonic Shared
2008-11-25 13:08 . 2008-11-25 13:08 <KAT> d-------- c:\program\Delade filer\Real
2008-11-25 13:07 . 2008-11-25 13:08 <KAT> d-------- c:\program\Final Codecs
2008-11-25 12:40 . 2008-12-10 19:57 <KAT> d-------- c:\program\MediaInfo
2008-11-25 12:07 . 2008-11-25 12:07 <KAT> d-------- c:\program\Delade filer\CyberLink
2008-11-25 12:06 . 2008-11-25 12:08 <KAT> d-------- c:\program\CyberLink
2008-11-25 12:05 . 2008-11-25 12:05 <KAT> d-------- c:\documents and settings\All Users\Application Data\Temp
2008-11-24 18:06 . 2008-11-24 18:06 <KAT> d-------- c:\program\Webteh
2008-11-24 17:29 . 2008-11-24 17:29 <KAT> d-------- c:\program\WMSDK
2008-11-24 16:10 . 2008-11-24 16:13 <KAT> d-------- c:\windows\NV30401900.TMP
2008-11-24 16:10 . 2008-10-07 13:33 6,133,856 --a------ c:\windows\system32\drivers\nv4_mini.sys
2008-11-24 16:10 . 2008-10-07 13:33 6,133,856 --a--c--- c:\windows\system32\dllcache\nv4_mini.sys
2008-11-24 16:10 . 2008-10-07 13:33 6,058,112 --a------ c:\windows\system32\nv4_disp.dll
2008-11-24 16:10 . 2008-10-07 13:33 6,058,112 --a--c--- c:\windows\system32\dllcache\nv4_disp.dll
2008-11-24 16:10 . 2008-10-07 13:33 3,989,504 --a------ c:\windows\system32\nvdisps.dll
2008-11-24 16:10 . 2008-10-07 13:33 3,764,224 --a------ c:\windows\system32\nvvitvs.dll
2008-11-24 16:10 . 2008-10-07 13:33 3,444,736 --a------ c:\windows\system32\nvgames.dll
2008-11-24 16:10 . 2008-10-07 13:33 2,686,976 --a------ c:\windows\system32\nvwss.dll
2008-11-24 16:10 . 2008-10-07 13:33 1,257,472 --a------ c:\windows\system32\nvmobls.dll
2008-11-24 16:10 . 2008-10-07 13:33 188,416 --a------ c:\windows\system32\nvmccss.dll
2008-11-24 12:15 . 2008-11-24 12:15 <KAT> d-------- c:\program\MSI
2008-11-24 12:15 . 2006-10-13 08:13 1,622,016 --a------ c:\windows\NVBenchMarks.dll
2008-11-24 12:15 . 2005-09-23 16:33 1,060,864 --a------ c:\windows\MFC71.dll
2008-11-24 12:15 . 2005-09-23 16:33 499,712 --a------ c:\windows\msvcp71.dll
2008-11-24 12:15 . 2006-10-13 08:16 421,888 --a------ c:\windows\nvsulib.dll
2008-11-24 12:15 . 2006-10-13 08:18 380,928 --a------ c:\windows\ntuneoem.dll
2008-11-24 12:15 . 2005-09-23 16:33 348,160 --a------ c:\windows\msvcr71.dll
2008-11-24 12:15 . 2006-08-21 09:20 45,056 --a------ c:\windows\NTuneGpu.dll
2008-11-24 12:15 . 2006-10-13 08:12 28,672 --a------ c:\windows\AutoTuneScript.dll
2008-11-24 12:15 . 2006-10-13 08:18 18,216 --a------ c:\windows\nvoclk64.sys
2008-11-24 12:15 . 2006-10-13 08:18 6,912 --a------ c:\windows\nvoclock.sys
2008-11-24 11:47 . 2008-11-24 11:47 <KAT> d-------- c:\program\Sun
2008-11-24 11:47 . 2008-12-03 20:25 <KAT> d-------- c:\program\Java
2008-11-24 11:47 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-24 11:47 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-23 14:32 . 2008-11-23 14:32 <KAT> d-------- c:\program\Trend Micro
2008-11-22 17:26 . 2008-11-22 17:26 0 --a------ C:\LHT3.tmp
2008-11-20 01:28 . 2008-11-20 01:28 <KAT> d-------- c:\program\BS.Player ControlBar
2008-11-20 01:28 . 2008-11-20 01:35 <KAT> d-------- c:\documents and settings\Jacob\Application Data\BSplayer
2008-11-17 22:42 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-15 02:55 . 2008-11-15 02:57 <KAT> d-------- c:\windows\NV36481812.TMP
2008-11-12 14:54 . 2008-11-12 14:54 13,672,448 --a------ c:\windows\system32\SET26.tmp
2008-11-12 14:54 . 2008-11-12 14:54 6,148,864 --a------ c:\windows\system32\SET1C.tmp
2008-11-12 14:54 . 2008-11-12 14:54 602,112 --a------ c:\windows\system32\SET20.tmp
2008-11-12 14:54 . 2008-11-12 14:54 122,880 --a------ c:\windows\system32\SET41.tmp
2008-11-12 14:54 . 2008-11-12 14:54 86,016 --a------ c:\windows\system32\SET28.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 22:01 --------- d-----w c:\program\uTorrent
2008-12-10 19:02 --------- d-----w c:\program\BitLord
2008-12-10 18:59 --------- d--h--w c:\program\InstallShield Installation Information
2008-12-10 18:59 --------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan
2008-12-10 18:56 --------- d-----w c:\program\DC++
2008-12-10 12:11 --------- d-----w c:\documents and settings\Jacob\Application Data\Skype
2008-12-09 23:00 --------- d-----w c:\documents and settings\Jacob\Application Data\skypePM
2008-12-06 18:12 --------- d-----w c:\documents and settings\Jacob\Application Data\dvdcss
2008-12-04 20:56 --------- d-----w c:\documents and settings\Jacob\Application Data\vlc
2008-12-03 20:20 --------- d-----w c:\program\Delade filer\Apple
2008-11-29 16:22 --------- d-----w c:\program\Delade filer\Wise Installation Wizard
2008-11-27 19:13 --------- d-----w c:\program\AMD
2008-11-25 11:05 505,128 ----a-w c:\windows\system32\msvcp71.dll
2008-11-25 11:05 29,480 ----a-w c:\windows\system32\msxml3a.dll
2008-11-24 23:41 --------- d-----w c:\program\The KMPlayer
2008-11-24 23:20 --------- d-----w c:\program\Windows Media Connect 2
2008-11-24 17:09 --------- d-----w c:\documents and settings\Jacob\Application Data\BSplayer PRO
2008-11-24 15:11 --------- d-----w c:\program\AGEIA Technologies
2008-11-20 13:30 --------- d-----w c:\program\Lavasoft
2008-11-20 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-20 00:30 --------- d-----w c:\program\ffdshow
2008-11-20 00:23 --------- d-----w c:\program\Delade filer\Adobe
2008-11-19 23:36 --------- d-----w c:\program\CoreCodec
2008-11-13 12:39 --------- d-----w c:\program\Delade filer\Blizzard Entertainment
2008-11-12 23:38 --------- d-----w c:\program\AC3Filter
2008-11-12 13:54 801,312 ----a-w c:\windows\system32\nvcplui.exe
2008-11-12 13:54 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-11-12 12:45 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-11-11 16:21 4,946,944 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-11-10 18:59 --------- d-----w c:\program\Windows Live Safety Center
2008-11-09 14:51 --------- d-----w c:\documents and settings\Jacob\Application Data\Hamachi
2008-11-07 15:40 17,421,824 ----a-w c:\windows\RTHDCPL.EXE
2008-11-02 02:49 --------- d-----w c:\documents and settings\Jacob\Application Data\Red Alert 3
2008-11-01 17:40 --------- d-----w c:\documents and settings\Jacob\Application Data\Bioshock
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-18 14:04 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-13 08:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-10-10 13:04 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll
2008-10-07 08:13 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-10-07 08:13 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
2008-10-07 08:13 23,320 ----a-w c:\windows\system32\PhysXDevice.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:38 2,168,320 ----a-w c:\windows\MicCal.exe
2008-09-19 16:48 1,200,128 ----a-w c:\windows\RtlUpd.exe
2008-09-18 00:41 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-01-09 19:33 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-09 14:33 22,328 ----a-w c:\documents and settings\Jacob\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-08_21.15.06.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:52:38 512,000 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:52:38 180,224 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:52:38 172,032 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:52:38 430,080 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:52:38 90,112 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:40:57 18,296 ----a-w c:\windows\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:40:57 232,824 ----a-w c:\windows\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:40:57 26,488 ----a-w c:\windows\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:41:00 759,160 ----a-w c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:41:00 392,568 ----a-w c:\windows\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-09-10 01:13:07 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:40:57 18,296 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:40:57 232,824 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:40:57 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:41:00 759,160 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:41:00 392,568 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:40:57 18,296 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:40:57 232,824 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:40:57 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:41:00 759,160 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:41:00 392,568 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:45:13 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:21:36 18,296 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:21:37 232,824 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:21:36 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:58:55 759,160 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:59:03 392,568 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-26 08:26:55 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 08:26:55 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 08:26:56 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 08:26:56 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 08:26:56 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:43:33 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 08:26:56 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 08:26:56 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 08:26:56 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 08:26:56 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:26:34 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 08:26:58 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 08:26:58 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 08:26:59 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 08:26:59 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 08:26:59 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 09:27:02 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 08:27:00 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 08:27:00 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 08:27:00 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 08:27:01 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 08:27:01 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 03:38:55 214,752 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 03:40:05 381,152 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 08:27:01 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 08:27:01 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 08:27:01 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 08:27:02 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
- 2008-01-09 19:16:30 29,926 ----a-r c:\windows\Installer\{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}\MsblIco.Exe
+ 2008-12-09 20:22:49 29,926 ----a-r c:\windows\Installer\{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}\MsblIco.Exe
- 2008-08-26 08:26:55 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:33:23 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-04-14 20:35:04 139,264 ----a-w c:\windows\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\system32\cscript.exe
- 2008-08-26 08:26:55 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:33:23 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-05-07 09:07:23 135,168 -c----w c:\windows\system32\dllcache\cscript.exe
- 2008-08-26 08:26:55 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:33:23 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 08:26:56 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:33:23 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 08:26:56 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:33:23 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:43:06 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 08:26:56 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:33:23 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:43:33 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:16:31 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 08:26:56 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:33:24 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 08:26:56 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:33:24 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 08:26:56 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:33:24 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 08:26:56 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:33:24 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:26:34 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:33:27 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 08:26:58 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:33:27 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 08:26:58 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:33:27 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-05-09 10:56:21 512,000 -c----w c:\windows\system32\dllcache\jscript.dll
- 2008-08-26 08:26:59 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:33:28 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-18 19:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 08:26:59 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:33:29 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 08:26:59 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:33:29 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 09:27:02 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-17 01:03:34 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 08:27:00 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:33:32 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 08:27:00 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:33:32 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 08:27:00 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:33:33 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 20:34:46 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:16:22 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-08-26 08:27:01 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:33:33 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 08:27:01 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:33:33 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-05-09 10:56:21 180,224 -c----w c:\windows\system32\dllcache\scrobj.dll
+ 2008-05-09 10:56:21 172,032 -c----w c:\windows\system32\dllcache\scrrun.dll
- 2008-04-14 20:34:54 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:04:47 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 08:27:01 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:33:33 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-26 08:27:01 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:33:34 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-09 10:56:21 430,080 -c----w c:\windows\system32\dllcache\vbscript.dll
- 2008-08-26 08:27:01 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:33:34 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 08:27:02 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:33:34 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2006-10-18 20:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 20:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2008-05-08 11:24:44 155,648 -c----w c:\windows\system32\dllcache\wscript.exe
+ 2008-05-09 10:56:21 90,112 -c----w c:\windows\system32\dllcache\wshext.dll
- 2008-08-26 08:26:55 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:33:23 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 08:26:56 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:33:23 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 08:26:56 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:33:23 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-12-08 13:07:37 108,600 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-12 02:10:11 99,048 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-08-26 08:26:56 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:33:23 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:43:33 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:16:31 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 08:26:56 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:33:24 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 08:26:56 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:33:24 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 08:26:56 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:33:24 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 08:26:56 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:33:24 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:26:34 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:33:27 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 08:26:58 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:33:27 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 08:26:58 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:33:27 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-04-14 20:34:42 512,000 ----a-w c:\windows\system32\jscript.dll
+ 2008-05-09 10:56:21 512,000 ----a-w c:\windows\system32\jscript.dll
- 2008-08-26 08:26:59 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:33:28 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-18 19:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2007-11-20 15:52:00 2,884,992 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2007-11-20 15:52:00 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-12-10 12:20:38 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 08:26:59 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:33:29 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 08:26:59 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:33:29 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 09:27:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-17 01:03:34 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 08:27:00 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:33:32 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 08:27:00 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:33:32 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 08:27:00 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:33:33 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-04-14 20:34:46 1,306,624 ----a-w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:16:22 1,307,648 ----a-w c:\windows\system32\msxml6.dll
- 2008-08-26 08:27:01 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:33:33 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-12-08 13:12:28 67,560 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-12 02:16:25 67,560 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-08 13:12:28 78,970 ----a-w c:\windows\system32\perfc01D.dat
+ 2008-12-12 02:16:25 78,970 ----a-w c:\windows\system32\perfc01D.dat
- 2008-12-08 13:12:28 432,856 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-12 02:16:25 432,856 ----a-w c:\windows\system32\perfh009.dat
- 2008-12-08 13:12:28 434,980 ----a-w c:\windows\system32\perfh01D.dat
+ 2008-12-12 02:16:25 434,980 ----a-w c:\windows\system32\perfh01D.dat
- 2008-08-26 08:27:01 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:33:33 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-04-14 20:34:48 180,224 ----a-w c:\windows\system32\scrobj.dll
+ 2008-05-09 10:56:21 180,224 ----a-w c:\windows\system32\scrobj.dll
- 2008-04-14 20:34:48 172,032 ----a-w c:\windows\system32\scrrun.dll
+ 2008-05-09 10:56:21 172,032 ----a-w c:\windows\system32\scrrun.dll
- 2007-11-30 11:21:42 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:40:57 18,296 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 20:35:24 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-26 08:27:01 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:33:33 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 08:27:01 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:33:34 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-04-14 20:34:54 434,176 ----a-w c:\windows\system32\vbscript.dll
+ 2008-05-09 10:56:21 430,080 ----a-w c:\windows\system32\vbscript.dll
- 2008-08-26 08:27:01 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:33:34 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2006-10-18 20:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-18 20:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
- 2008-04-14 20:35:26 155,648 ----a-w c:\windows\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\system32\wscript.exe
- 2008-04-14 20:34:56 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2008-05-09 10:56:21 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2008-12-12 02:12:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7a8.dat
+ 2008-12-12 02:12:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7d4.dat
- 2008-12-08 13:09:26 1,500 ----a-w c:\windows\UI\BIOSCTL.DAT
+ 2008-12-12 02:12:33 1,500 ----a-w c:\windows\UI\BIOSCTL.DAT
.
-- Snapshot återställt till dagens datum --
.
(((((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIDIA nTune"="c:\program\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\windows\TBPanel.exe" [2007-11-27 2189864]
"MaxtorOneTouch"="c:\program\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]
"AODAssist.exe"="c:\program\AMD\AMD OverDrive\AODAssist.exe" [2007-11-06 69632]
"Norman ZANDA"="c:\norman\Npm\bin\ZLH.EXE" [2008-06-02 273520]
"DelReg"="c:\program\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"RemoteControl8"="c:\program\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"amd_dc_opt"="c:\program\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-07 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
DualCoreCenter.lnk - c:\program\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-11-24 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"VIDC.XFR1"= xfcodec.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.l3codecp"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Personal.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Personal.lnk
backup=c:\windows\pss\Personal.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Spel\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Spel\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program\\Messenger\\msmsgs.exe"=
"c:\\Program\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\iTunes\\iTunes.exe"=
"c:\\Spel\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Spel\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Spel\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:warcraft
"6112:UDP"= 6112:UDP:warcraft2

R0 FTT3;FTT3;c:\windows\system32\DRIVERS\FTT3.sys [2008-01-09 155792]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program\CyberLink\PowerDVD8\000.fcl [2008-10-07 20:31:38 61424]
R2 AODService;AODService;c:\program\AMD\OverDrive\AODAssist []
R2 Ndiskio;Ndiskio;\??\c:\norman\Nse\bin\NDISKIO.SYS [2008-02-04 20448]
R3 AODDriver;AODDriver;\??\c:\program\AMD\OverDrive\i386\AODDriver.sys [2008-09-17 10240]
R3 DualCoreCenter;DualCoreCenter;\??\c:\program\MSI\DualCoreCenter\NTGLM7X.sys [2008-11-24 28160]
R3 m4cxwxp;NDIS5.1 Miniport Driver for D-Link DGE-530T Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\m4cxwxp.sys [2008-01-09 171264]
R3 nsesvc;Norman Scanner Engine Service;"c:\norman\nse\bin\NSESVC.EXE" -daemon [2008-06-30 322616]
R3 RushTopDevice2;RushTopDevice2;\??\c:\program\MSI\DualCoreCenter\RushTop.sys [2008-11-24 55296]
S3 ASUDriver;ASUDriver;\??\c:\program\AMD\AMD OverDrive\i386\AODDriver.sys [2007-10-24 6144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eeecfa6-fb6c-11dc-8f83-000d886c0ca0}]
\Shell\AutoRun\command - H:\Launch.exe
.
Innehållet i mappen 'Schemalagda aktiviteter'

2008-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Extra genomsökning -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {E2C23695-0449-4812-A255-8B4BC5A2F966} = 192.168.1.1

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDow ... eqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf

O16 -: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} - hxxp://www.octoshape.com/test/ax/octoshape.cab
c:\windows\Downloaded Program Files\octoshape.inf
FF - ProfilePath - c:\documents and settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\
FF - prefs.js: browser.search.selectedEngine - BS.Player Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - plugin: c:\documents and settings\Jacob\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program\Final Codecs\MozillaPlugins\nppl3260.dll
FF - plugin: c:\program\Final Codecs\MozillaPlugins\nprjplug.dll
FF - plugin: c:\program\Final Codecs\MozillaPlugins\nprpjplug.dll
FF - plugin: c:\program\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program\Octoshape Streaming Services\Jacob\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 00:08:12
Windows 5.1.2600 Service Pack 3 NTFS

genomsöker dolda processer ...

genomsöker dolda autostartpunkter ...

genomsöker dolda filer ...

genomsökningen avslutades lyckosamt
dolda filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AODService]
"ImagePath"="c:\program\AMD\OverDrive\AODAssist"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program\CyberLink\PowerDVD8\000.fcl"
.
Sluttid: 2008-12-13 0:09:05
ComboFix-quarantined-files.txt 2008-12-12 23:08:48
ComboFix2.txt 2008-12-08 20:15:57

Före genomsökningen: 16 762 429 440 byte ledigt
Efter genomsökningen: 16,878,972,928 byte ledigt

946 --- E O F --- 2008-12-12 02:03:42



Hijackthis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:07:40, on 2008-12-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TBPanel.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\AMD\OverDrive\AODAssist.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Program\iPod\bin\iPodService.exe
C:\Norman\npm\bin\NREN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [DelReg] C:\Program\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [RemoteControl8] C:\Program\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Program\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} (client Object) - http://www.octoshape.com/test/ax/octoshape.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2C23695-0449-4812-A255-8B4BC5A2F966}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AODService - Unknown owner - C:\Program\AMD\OverDrive\AODAssist (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

--
End of file - 7772 bytes

Thanks alot for all your help and your efforts to clean up my system so far I really appreciate it! :)

/Jacob
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Virtumonde infection!

Unread postby Axephilic » December 13th, 2008, 2:28 pm

Hello,

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

Congratulations! You are now all clean! To help to prevent from becoming reinfected, please follow the instructions below in order. If you have any questions, please feel free to ask them.

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


No Firewall!
I don't see a firewall program present on your system! You should pick ONE of the following and install it. Never install more than 1 anti-virus or firewall.



Hide system files

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Do not show hidden files and folders.
  6. Check (tick) Hide extensions of known file types.
  7. Check (tick) Hide protected operating system files (Recommended).
  8. Click OK.
  9. Close My Computer.

Flush the system restore points

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Check (tick) Turn off system restore on all drives box.
  4. Click Apply.
  5. Uncheck (untick) Turn off system restore on all drives box.
  6. Click OK.
  7. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update


Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

  1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  2. Never open emails from unknown senders.
  3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer.

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Stop malicious scripts

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  2. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.

  3. Spybot Search and Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

  4. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Virtumonde infection!

Unread postby Jacob A » December 15th, 2008, 8:50 pm

Hello Adam! Everything seems to be clean Im not getting any virus pop ups and my virus programs cant find the virus anymore yaay! :)

Thanks for all the tips I will look over them carefully!
Also thanks for all your help and work in your free time to help me with my problem it has truly been a pleasure to work with you and you have inspired me to perhaps start this Malware removal education myself!
Jacob A!
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Virtumonde infection!

Unread postby Axephilic » December 15th, 2008, 11:59 pm

Your welcome. :)

If you due want to pursue training, you can find information on this page.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware