HIJACKTHIS LOG Please kindly help

bluewator · 08-19-2008, 09:10 AM

Dear Tech Support Analysts

I've been struck by malware attack resulting in the following:
Multiple IE's opening (URLs: pcprivacycleaner.com scannerend.com and others)

Fake Window Security Alert dialogues popping up

I’m trying to fix this with many Anti-spyware programs, but the problem can’t be fixed.

I really hope you can help me out

Regards,
Panupun

My Hi Jack log …………………

Logfile of HijackThis v1.99.1
Scan saved at 21:40:39, on 2551-08-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\soundman.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 58.253.71.248:80
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [protect_autorun] C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe /start
O4 - HKLM\..\Run: [BM0b3c1fb1] Rundll32.exe "C:\WINDOWS\system32\glbypncm.dll",s
O4 - HKLM\..\Run: [080f2c2d] rundll32.exe "C:\WINDOWS\system32\sabfmqyb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Security Service (WYQE) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)

…………

My fixwareout text.

Username "Administrator" - 08/19/2008 21:49:25 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"SoundMan"="soundman.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"
"egui"="\"C:\\Program Files\\Eset\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"protect_autorun"="C:\\Documents and Settings\\Administrator\\Desktop\\CPE17AntiAutorun1330.exe /start"
"BM0b3c1fb1"="Rundll32.exe \"C:\\WINDOWS\\system32\\glbypncm.dll\",s"
"080f2c2d"="rundll32.exe \"C:\\WINDOWS\\system32\\sabfmqyb.dll\",b"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

My combofix text

……………………

ComboFix 07-06-21.3 - C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
"Administrator" - 2008-08-19 21:57:11 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt

((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 )))))))))))))))))))))))))))))))

2008-08-19 21:37 107,520 --a------ C:\WINDOWS\system32\jrjhrj.dll
2008-08-19 21:36 107,520 --a------ C:\WINDOWS\system32\uygqdmqy.dll
2008-08-19 21:34 84,480 --a------ C:\WINDOWS\system32\sabfmqyb.dll
2008-08-19 21:34 2,048 --a------ C:\WINDOWS\system32\qcpdruwv.exe
2008-08-19 21:33 93,696 --a------ C:\WINDOWS\system32\glbypncm.dll
2008-08-19 20:32 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-08-18 21:37 84,992 --a------ C:\WINDOWS\system32\yptexrec.dll
2008-08-18 21:34 2,048 --a------ C:\WINDOWS\system32\nlrhpsjk.exe
2008-08-18 21:33 106,496 --a------ C:\WINDOWS\system32\sysukahh.dll
2008-08-18 21:33 106,496 --a------ C:\WINDOWS\system32\asrmxa.dll
2008-08-18 21:32 94,208 --a------ C:\WINDOWS\system32\okehteqj.dll
2008-08-17 17:59 2,238 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-17 10:07 119,808 --a------ C:\WINDOWS\system32\ibrrypuq.dll
2008-08-17 08:12 85,504 --a------ C:\WINDOWS\system32\qqhmqosd.dll
2008-08-17 08:12 107,008 --a------ C:\WINDOWS\system32\ycvjcuwl.dll
2008-08-17 08:12 107,008 --a------ C:\WINDOWS\system32\fnndda.dll
2008-08-17 08:09 2,048 --a------ C:\WINDOWS\system32\bwdtpbud.exe
2008-08-17 08:07 93,184 --a------ C:\WINDOWS\system32\vquvmisr.dll
2008-08-16 22:04 119,808 --a------ C:\WINDOWS\system32\viphriuc.dll
2008-08-16 22:03 119,808 --a------ C:\WINDOWS\system32\sahyexeq.dll
2008-08-16 22:01 93,184 --a------ C:\WINDOWS\system32\xvdvbnud.dll
2008-08-16 22:00 373,223 --ahs---- C:\WINDOWS\system32\qAKQAcfe.ini2
2008-08-16 21:59 249,344 --a------ C:\WINDOWS\system32\efcAQKAq.dll
2008-08-16 21:54 39,424 --a------ C:\WINDOWS\system32\yayvULcD.dll
2008-08-16 21:54 39,424 --a------ C:\WINDOWS\system32\yayaBQJb.dll
2008-08-16 21:54 39,424 --a------ C:\WINDOWS\system32\vtUlKDts.dll
2008-08-16 21:54 39,424 --a------ C:\WINDOWS\system32\ljJAQKbC.dll
2008-08-16 21:54 39,424 --a------ C:\WINDOWS\system32\hgGxWqpP.dll
2008-08-16 21:54 39,424 --a------ C:\WINDOWS\system32\hgGxWmmJ.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-07-13 13:50:42 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
2008-07-12 17:33:08 -------- d-----w C:\Program Files\DivX
2008-06-24 15:38:42 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\FFSJ
2008-06-18 17:52:28 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-11 00:07:24 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07:20 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:04:26 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04:26 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-06-11 00:03:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-06-11 00:03:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-06-11 00:03:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-06-11 00:03:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-06-11 00:03:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-06-11 00:03:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-06-11 00:03:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-06-11 00:03:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-06-11 00:03:20 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-06-11 00:03:20 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-06-11 00:03:20 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-06-11 00:03:20 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-06-11 00:03:18 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-22 22:18:54 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-03-09 08:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0CA5F609-5E95-4AEF-9088-788E77EB4E33}=C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\64177QTR\3077htsbdjyf[1].dll []
{1A4A235E-F82F-423B-B0C9-0AA9569CB007}=C:\WINDOWS\system32\efcAQKAq.dll [2008-08-16 22:00]
{4FFE5782-19F4-42CB-918A-0B88D8E7606e}=C:\WINDOWS\system32\ibrrypuq.dll [2008-08-17 10:08]
{7543347C-E33D-49FE-B2F0-580DAF43F608}=C:\WINDOWS\system32\yayvULcD.dll [2008-08-16 21:54]
{dfa4f453-1bc9-4c33-94a5-a3d6bfbfe077}=C:\WINDOWS\system32\jrjhrj.dll [2008-08-19 21:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="soundman.exe" [2002-02-05 04:15 C:\WINDOWS\soundman.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-23 02:39]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 16:25]
"protect_autorun"="C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe" [2008-04-04 10:44]
"BM0b3c1fb1"="C:\WINDOWS\system32\glbypncm.dll" [2008-08-19 21:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-07-01 22:02]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-09-14 13:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 19:29]
"{7543347C-E33D-49FE-B2F0-580DAF43F608}"="C:\WINDOWS\system32\yayvULcD.dll" [2008-08-16 21:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvULcD]
yayvULcD.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\efcAQKAq

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
C:\WINDOWS\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 22:01:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-08-19 22:03:24
C:\ComboFix2.txt ... 2008-08-18 21:55
C:\ComboFix3.txt ... 2008-08-17 09:40

--- E O F ---

tetonbob · 08-21-2008, 09:57 AM

Hello, bluewator -

The version of ComboFix you have is badly outdated. Delete it immediately, please.

FixWareout is intended for a specific infection, and you should not just be throwing dedicated tools at your machine without foreknowledge of what they do, or what they're used for. Please delete it.

You did not complete your last thread here, do you intend to see this through to the end, when you're given the "all clear"?

If so, I'll be glad to help you. I'll also want to help you understand how to prevent this from happening again, since part of our intent here is to educate our members about securing their machines, and having them examine their online behavior. Unlike other sections of TSF, we in this section hope our members only visit once, get cleaned up, protected, and we never see them in this section again. We do hope our members enjoy the rest of the forums as much as they like!

For now, I need a bit more information.

Please download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

---------------------------------------------------------------------------------------------

Create an uninstall list:

With HiJackThis still open

Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on the Box that says "Open Uninstall Manager"
Click on the button "Save list"
Copy and past the List from the notepad file into your post

---------------------------------------------------------------------------------------------

bluewator · 08-22-2008, 08:20 AM

Dear tetonbob,

Thank you for your answer. Combofix and Fixwareout were deleted.

This is my new HijackLOG ....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:03, on 2551-08-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\soundman.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 58.253.71.248:80
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [protect_autorun] C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe /start
O4 - HKLM\..\Run: [080f2c2d] rundll32.exe "C:\WINDOWS\system32\hgoqlmfx.dll",b
O4 - HKLM\..\Run: [BM0b3c1fb1] Rundll32.exe "C:\WINDOWS\system32\aoiblmwb.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Security Service (WYQE) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)

--
End of file - 4931 bytes

I do proceed following step, but there's nothing happen when click on the button "Save list"

Create an uninstall list:

With HiJackThis still open
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on the Box that says "Open Uninstall Manager"
Click on the button "Save list"
Copy and past the List from the notepad file into your post

----------------------------------------

I'll look forward to see your answer.

Thank you :)

tetonbob · 08-22-2008, 08:47 AM

Hi -

When you click on "Save List" you don't see this open up?

<image removed>

bluewator · 08-22-2008, 08:57 AM

No, there's really nothing happen when I click save list. I don't know why.

tetonbob · 08-22-2008, 09:05 AM

Ok, well, we can get that information another way. Let's see about cleaning the machine of it's infections.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Also....

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

If you have any questions along the way, STOP and ask them before proceeding.

So, please return with logs from:

ComboFix (C;\ComboFix.txt if it's been closed)
HijackThis
Add-Remove Programs.txt

bluewator · 08-23-2008, 01:59 AM

Thanks for your answer,

This is my combofix text

ComboFix 08-08-21.02 - Administrator 08/23/2008 14:29:22.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.103 [GMT 7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.12buzz[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@antispywaremaster[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pcsuanbukkon[3].txt
C:\install.exe
C:\WINDOWS\BM0b3c1fb1.txt
C:\WINDOWS\BM0b3c1fb1.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\aoiblmwb.dll
C:\WINDOWS\system32\aparlhic.exe
C:\WINDOWS\system32\bwdtpbud.exe
C:\WINDOWS\system32\byqmfbas.ini
C:\WINDOWS\system32\cerxetpy.ini
C:\WINDOWS\system32\CID
C:\WINDOWS\system32\cqwxgrei.dll
C:\WINDOWS\system32\ddcBQihE.dll
C:\WINDOWS\system32\dsoqmhqq.ini
C:\WINDOWS\system32\EhiQBcdd.ini
C:\WINDOWS\system32\EhiQBcdd.ini2
C:\WINDOWS\system32\exczgc.dll
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\fxldmhah.dll
C:\WINDOWS\system32\glbypncm.dll
C:\WINDOWS\system32\hbaxotct.dll
C:\WINDOWS\system32\idahcd.dll
C:\WINDOWS\system32\ikycrl.dll
C:\WINDOWS\system32\itxewged.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nlrhpsjk.exe
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\pivbtihx.exe
C:\WINDOWS\system32\plkhtgwp.dll
C:\WINDOWS\system32\ppjppkbi.ini
C:\WINDOWS\system32\qAKQAcfe.ini
C:\WINDOWS\system32\qAKQAcfe.ini2
C:\WINDOWS\system32\qcpdruwv.exe
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\smxnjroq.dll
C:\WINDOWS\system32\SvcNm
C:\WINDOWS\system32\tctoxabh.ini
C:\WINDOWS\system32\tlqmucyh.dll
C:\WINDOWS\system32\uqcryxso.exe
C:\WINDOWS\system32\url1
C:\WINDOWS\system32\url2
C:\WINDOWS\system32\url3
C:\WINDOWS\system32\vtUlKDts.dll
C:\WINDOWS\system32\winsecurityxp
C:\WINDOWS\system32\xfmlqogh.ini
C:\WINDOWS\system32\yayvULcD.dll
C:\WINDOWS\system32\yptexrec.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 13:34 --------- d-----w C:\Program Files\RogueRemover FREE
2008-07-13 13:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-07-12 17:33 --------- d-----w C:\Program Files\DivX
2008-06-26 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\pixelStorm
2008-06-24 15:38 --------- d-----w C:\Documents and Settings\Administrator\Application Data\FFSJ
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

------- Sigcheck -------

03/14/2005 08:17 AM 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
04/20/2006 07:18 PM 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
03/14/2005 07:55 AM 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
04/20/2006 06:51 PM 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys
04/20/2006 06:51 PM 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [07/01/2005 10:02 PM 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [09/14/2007 01:49 PM 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/23/2006 02:39 AM 282624]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM 213936]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [11/14/2007 03:05 PM 1410304]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 PM 6731312]
"protect_autorun"="C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe" [04/04/2008 10:44 AM 139264]
"SoundMan"="soundman.exe" [02/05/2002 04:15 AM 128259 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [07/01/2005 10:02 PM 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2549-07-18 18:25:07 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2547-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax
"msacm.divxa32"= msaud32_divx.acm
"MSACM.MSNAUDIO"= msnaudio.acm
"vidc.RMP4"= rmp4.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 08/18/2006 04:58 PM 49152 C:\WINDOWS\Domino.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [11/14/2007 03:06 PM]
S2 WYQE;Security Service;C:\WINDOWS\system32\svcd\svchost.exe []
S3 agony;agony;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_1\agony.sys []
.
- - - - ORPHANS REMOVED - - - -

BHO-{4FFE5782-19F4-42CB-918A-0B88D8E7606e} - C:\WINDOWS\system32\ibrrypuq.dll
BHO-{6A9683B7-374A-473F-9710-E4DABB16D9E6} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\NVSHWYXE\3077htsbdjyf[1].dll
BHO-{6AD49EC7-C4CC-4853-A903-6867A69463E5} - C:\WINDOWS\system32\efcAQKAq.dll
HKLM-Run-080f2c2d - C:\WINDOWS\system32\hbaxotct.dll
HKLM-Run-BM0b3c1fb1 - C:\WINDOWS\system32\aoiblmwb.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.th/
R0 -: HKLM-Main,Start Page = about:blank
R1 -: HKCU-Internet Settings,ProxyServer = 58.253.71.248:80
O8 -: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 -: ส่&งออกไปยัง Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 14:42:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\system32\userinit.exe,????)?|Y,?|??@???A?????????????7)?|?,?|??@?,????????????????????,?|X?????A????????????|??@???A????????|????A????(?????????w??@?k????????????(???????8?w????????????????????$W@???????@?0???????0g@???????????@?#?????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Completion time: 08/23/2008 14:50:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-23 07:50:31
ComboFix2.txt 2008-08-19 15:24:27

Pre-Run: 2,511,618,048 bytes free
Post-Run: 2,525,855,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

178

My lastest HIJACKLOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:20, on 2551-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\soundman.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 58.253.71.248:80
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [protect_autorun] C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe /start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Security Service (WYQE) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)

--
End of file - 4922 bytes

-------------------------------------------------------------

Add-Remove Programs.txt

Able2Extract v5.0 --> C:\Program Files\Investintech.com Inc\Able2Extract 5.0\Uninstal.exe
ACDSee 7.0 --> MsiExec.exe /I{ECE0113B-23D0-4DD8-89E6-D2F026CABF03}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-5A64-7E8A45000001}
Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitComet 0.68 --> C:\Program Files\BitComet\uninst.exe
BnB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{676A0360-AE74-40D6-9104-78673C59C374}\Setup.exe" -l0x9
Camtasia Studio 3 --> C:\Program Files\TechSmith\Camtasia Studio 3\CSuninst.EXE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CoreAAC --> "C:\Program Files\CoreAAC\Uninstall.exe"
CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus Beta --> C:\PROGRA~1\DAP\UNWISE.EXE C:\PROGRA~1\DAP\INSTALL.LOG
Easy CD Ripper 2.30 --> C:\Program Files\Kongsoft\Easy CD Ripper\uninst.exe
EPSON PhotoQuicker3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst
EPSON PRINT Image Framer Tool1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37D67C45-8484-4398-B5C1-3CAE19FDDF22}\setup.exe" anything
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
ESET NOD32 Antivirus --> MsiExec.exe /I{BB703122-AF65-4AD9-BCA0-273E165DABEE}
ESP830 Problem Solver --> C:\WINDOWS\uninst.exe -f"C:\Program Files\EPSON\PSOLVER\ESP830\E\DeIsL1.isu"
FLV Player 1.3.2 --> "C:\Program Files\FLVPlayer\uninstall.exe"
FLV SPLITTER --> "C:\Program Files\GNU\FLVSPLITTER\Uninstall.exe"
GOM Encoder --> "C:\Program Files\GRETECH\GomEncoder\uninstall.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239) --> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macromedia Dreamweaver 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall
Macromedia Dreamweaver 4x Thai Addon 2.0 --> MsiExec.exe /I{4011AB47-F492-11D5-BDF2-00E0292AB4BF}
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB886903) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 2.0 --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveX Control Pad --> C:\Program Files\ActiveX Control Pad\Setup\Remove.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011041E-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
MIKSOFT Mobile AMR converter --> "C:\Program Files\MIKSOFT\Mobile AMR converter\unins000.exe"
Minitab 15 English --> MsiExec.exe /I{340A945C-9385-4142-80CC-B0857CBC4211}
MP3 Cutter Joiner 1.00 --> "C:\Program Files\SuperAudiotool\MP3 Cutter Joiner\unins000.exe"
Natural Color Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Power MP3 Cutter Joiner 1.12 --> "C:\Program Files\Sagasoft\Power MP3 Cutter Joiner\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ProSavageDDR and Utilities --> C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
Real Alternative 1.7.5 --> "C:\Program Files\Real Alternative\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x001e -removeonly
Replay Converter 2.8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Converter\iruninRCV.ini"
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Windows Media Player (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sigma REALmagic MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection RMP4_Remove 132 C:\WINDOWS\INF\rmp4.inf
So Sethaputra Dictionary 2.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Dict95\DeIsL1.isu" -cC:\PROGRA~1\Dict95\_ISREG32.DLL
Sony Ericsson PC Suite --> MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797}
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SPSS 14.0 for Windows Evaluation Version --> MsiExec.exe /X{2763FD5A-57E9-442B-AFDF-6DCCC23883B0}
Tweak UI --> MsiExec.exe /I{64649281-4B5D-4425-A0F7-E79F6756FFC8}
Update for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
USB PC Camera (ZS211) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}\setup.exe" -l0x1e
VideoEgg Publisher --> C:\Documents and Settings\Administrator\Application Data\VideoEgg\Uninstall.exe
Windows Installer 3.1 (KB893803) -->
Windows Installer 3.1 (KB893803) --> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 7.1 --> C:\Program Files\Windows Media Components\Encoder\_instENC.exe /U
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873333 -->
Windows XP Hotfix - KB873339 -->
Windows XP Hotfix - KB885250 -->
Windows XP Hotfix - KB885835 -->
Windows XP Hotfix - KB885836 -->
Windows XP Hotfix - KB886185 -->
Windows XP Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742 -->
Windows XP Hotfix - KB888113 -->
Windows XP Hotfix - KB888302 -->
Windows XP Hotfix - KB890175 -->
Windows XP Hotfix - KB890859 -->
Windows XP Hotfix - KB891781 -->
Windows XP Hotfix - KB893066 -->
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ลบมหาหมอดู 8.0share (รุ่นสมบูรณ์) --> C:\WINDOWS\iun506.exe C:\Program Files\มหาหมอดู 8.0share\mahamodoUninstall.ini

Thank you for your help :) I’ll wait for your next reply.

tetonbob · 08-23-2008, 02:05 AM

Looks much better.

P2P - I see you have P2P software ( BitComet ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall this. You can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

bluewator · 08-23-2008, 07:13 AM

I uninstalled Bit Comet by going Control Panel >> Add or Remove Programs, but bit comet folder is still in program file.

Anyway, this is a log from ESET

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3381 (20080822)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=e4f21857e94b5f4986b4929d9eace349
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2551-08-23 01:00:03
# local_time=2551-08-23 08:00:03 (+0700, SE Asia Standard Time)
# country="Thailand"
# osver=5.1.2600 NT Service Pack 2
# scanned=191779
# found=11
# scan_time=5572
# nod_component=V3 Build:0x30000000 ()
C:\info.exe Win32/TrojanProxy.Fackemo.B trojan 173A060ED791E620C2EC84D7B360ED60
C:\Program Files\BitComet\Downloads\Winamp 5.32 Pro - Full + Keygen.rar probably a variant of Win32/Agent trojan 2DDC83E66E3D5E1EDF10A8C32D95A2C5
C:\Program Files\BitComet\Downloads\Winamp 5.32 Pro - Full + Keygen.rar ?RAR ?Winamp 5.32 Pro + Keygen\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\aparlhic.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31
C:\QooBox\Quarantine\C\WINDOWS\system32\bwdtpbud.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31
C:\QooBox\Quarantine\C\WINDOWS\system32\nlrhpsjk.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31
C:\QooBox\Quarantine\C\WINDOWS\system32\pivbtihx.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31
C:\QooBox\Quarantine\C\WINDOWS\system32\qcpdruwv.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31
C:\QooBox\Quarantine\C\WINDOWS\system32\uqcryxso.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31
C:\WINDOWS\system32\TmpX.exe probably a variant of Win32/Delf trojan D6CAA252FCCC412959B6A1430AFB928C
C:\WINDOWS\system32\wink2.exe probably a variant of Win32/Spy.KeyLogger trojan EAA7F184A1EEB060945C3B113E5EB856

------------------------------

Thank you :)

bluewator · 08-23-2008, 07:16 AM

And there's no pop up windows open up now.

tetonbob · 08-23-2008, 09:14 AM

Good to hear that the machine is behaving better.

From the Eset log, we can see a likely cause of the machine's infection.

It is quite likely that in a search for illegal software the machine has become infected.

This is one of the main causes why a computer gets infected. Visiting cracksites/warezsites - and other questionable/illegal sites is ALWAYS a risk. Even a single click on the site can be responsible for installing a huge amount of malware. Don't think: "I have a good Antivirus and Firewall installed, they will protect me" - because that's not true... and even before you know it, your Antivirus and Firewall may already be disabled because malware already found its way on your system.

Since you've uninstalled BitComet, we can remove it's folder using ComboFix. There are a couple other files Eset found I'd like to collect samples of.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Quote:

Resident AV is active

Be sure to exit Eset AntiVirus before performing this next set of instructions.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/282260-hijackthis-log-please-kindly-help.html

Folder::
C:\Program Files\BitComet

Driver::
WYQE
agony

Collect::
C:\info.exe
C:\WINDOWS\system32\TmpX.exe
C:\WINDOWS\system32\wink2.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_1\agony.sys
DirLook::
C:\WINDOWS\system32\svcd
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_1

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

bluewator · 08-23-2008, 10:17 AM

/quote

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

/unquote

I proceed above step but when I click OK, IE doesn't open up. There's 'media player classic' opening instead.

I think it's because of incorrect file type. When I check Folder Option > File Types > looking for htm, I see that .htm will be openned with media player classic, so I have changed it to open with IE.

And now I don't know how to access the htm page that combofix want me to do.

Anyway, this is my new combofix log.

ComboFix 08-08-21.02 - Administrator 08/23/2008 22:35:11.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.122 [GMT 7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\info.exe
C:\Program Files\BitComet
C:\Program Files\BitComet\0.68BitComet.zip
C:\Program Files\BitComet\0.68BitComet.zip.0001
C:\Program Files\BitComet\0.68BitComet.zip.0002
C:\Program Files\BitComet\0.68BitComet.zip.0003
C:\Program Files\BitComet\BitComet.xml
C:\Program Files\BitComet\codec\CodecCheck.exe
C:\Program Files\BitComet\codec\RealMediaSplitter.ax
C:\Program Files\BitComet\CRASH.DMP
C:\Program Files\BitComet\Downloads.xml
C:\Program Files\BitComet\Downloads\Able2Extract_Professional_v5.0_Incl_Keygen-PARADOX\datasheet_a2e_pro.pdf.bc!
C:\Program Files\BitComet\Downloads\Able2Extract_Professional_v5.0_Incl_Keygen-PARADOX\file_id.diz.bc!
C:\Program Files\BitComet\Downloads\Able2Extract_Professional_v5.0_Incl_Keygen-PARADOX\InstallAble2ExtractPro.exe.bc!
C:\Program Files\BitComet\Downloads\Able2Extract_Professional_v5.0_Incl_Keygen-PARADOX\Keygen\Able2Extract_Keygen.exe.bc!
C:\Program Files\BitComet\Downloads\Able2Extract_Professional_v5.0_Incl_Keygen-PARADOX\Paradox.nfo.bc!
C:\Program Files\BitComet\Downloads\Able2Extract_Professional_v5.0_Incl_Keygen-PARADOX\quickstart_a2e_pro.pdf.bc!
C:\Program Files\BitComet\Downloads\Able2Extract_Professional_v5.0_Incl_Keygen-PARADOX\Torrent downloaded from Demonoid.com.txt.bc!
C:\Program Files\BitComet\Downloads\Adobe Flash Player 9.0.16.rar.bc!
C:\Program Files\BitComet\Downloads\Atomic Kitten - Greatest Hits\Atomic Kitten - Greatest Hits - 01 - Right Now 2004.mp3.bc!
C:\Program Files\BitComet\Downloads\Atomic Kitten - Greatest Hits\Atomic Kitten - Greatest Hits - 05 - It's OK.mp3.bc!
C:\Program Files\BitComet\Downloads\Atomic Kitten - Greatest Hits\Atomic Kitten - Greatest Hits - 07 - If You Come To Me.mp3.bc!
C:\Program Files\BitComet\Downloads\Atomic Kitten - Greatest Hits\Atomic Kitten - Greatest Hits - 09 - Cradle.mp3.bc!
C:\Program Files\BitComet\Downloads\Atomic Kitten - Greatest Hits\Atomic Kitten - Greatest Hits - 13 - Love Doesn't Have To Hurt (Radio Version).mp3.bc!
C:\Program Files\BitComet\Downloads\Avril lavigne\2003 - My World Disc 1\01-Fuel [Live].mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2003 - My World Disc 1\02-Basketcase [Live].mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2003 - My World Disc 1\06-Why [UK B-Side Track].mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2003 - Unplugged\04 - Things ill never say.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2003 - Unplugged\05 - Nobodys fool.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2003 - Unplugged\07 - Things i'll never say (piano solo).mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2004 - Under My Skin\13-Avril Lavigne - I Always Get What I Want (Bonus Track).mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\00-avril_lavigne-bsides-2005-int.m3u
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\00-avril_lavigne-bsides-2005-int.sfv
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\01-avril_lavigne-bsides-i_dont_give-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\02-avril_lavigne-bsides-why-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\03-avril_lavigne-bsides-getoverIt(demo-version)-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\04-avril_lavigne-bsides-take_me_away-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\05-avril_lavigne-bsides-headset-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\06-avril_lavigne-bsides-falling_into_history-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\08-avril_lavigne-bsides-tomorrow_you_didn't-int.mp3.bc!
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\10-avril_lavigne-bsides-all_you_will_never_know-int.mp3.bc!
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\11-avril_lavigne-bsides-once_and_for_real-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\12-avril_lavigne-bsides-make_up-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\13-avril_lavigne-bsides-not_the_only_one-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\14-avril_lavigne-bsides-stay_be_the_one-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\15-avril_lavigne-bsides-move_your_little_self_on-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\16-avril_lavigne-bsides-you_never_satisfy_me-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\17-avril_lavigne-bsides-let_go-int.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\Avril Lavigne - Let Go - 14 - Complicated (The Matrix Mix).mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\avril_lavigne-bsides-2005-int.nfo
C:\Program Files\BitComet\Downloads\Avril lavigne\2005 - B-Sides\avril_lavigne-bsides-cover-int.jpg
C:\Program Files\BitComet\Downloads\Avril lavigne\Rare\Avril Lavigne - Temple of Life.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\Rare\DAYDREAM.mp3
C:\Program Files\BitComet\Downloads\Avril lavigne\Tracked_by_Demonoid_com.txt
C:\Program Files\BitComet\Downloads\Black Eyed Peas-My Humps (DVD-music-video-torrents.afz.biz).mpg.bc!
C:\Program Files\BitComet\Downloads\Britney Spears - Blackout (2007) - Pop [www.torrentazos.com].rar
C:\Program Files\BitComet\Downloads\Britney Spears - Blackout\Piece of me.mp3.bc!
C:\Program Files\BitComet\Downloads\Camfrog v3.80 - With Large Video Patch - Slimoo\Camfrog v3.80 - With Large Video Patch - Slimoo.rar.bc!
C:\Program Files\BitComet\Downloads\Camfrog v3.80 - With Large Video Patch - Slimoo\Torrent downloaded from Demonoid.com.txt.bc!
C:\Program Files\BitComet\Downloads\Camfrog Video Chat 3.80.20590 updated-fixed 11-2006\_trash.tmp
C:\Program Files\BitComet\Downloads\Camfrog Video Chat 3.80.20590 updated-fixed 11-2006\camfrog.exe
C:\Program Files\BitComet\Downloads\Camfrog Video Chat Pro v3.6.17299 Incl Unlimited Patch-UCF.rar.bc!
C:\Program Files\BitComet\Downloads\Camtasia Studio 3.0.1 (keygen) [www.themetalmulisha.com].rar.bc!
C:\Program Files\BitComet\Downloads\Christina Aguilera - Ain't No Other Man[2006][mpeg SkidVid]\Ain't No Other Man.jpg.bc!
C:\Program Files\BitComet\Downloads\Christina Aguilera - Ain't No Other Man[2006][mpeg SkidVid]\Christina Aguilera - Ain't No Other Man [2006][SkidVid].mpg.bc!
C:\Program Files\BitComet\Downloads\Christina Aguilera - Ain't No Other Man[2006][mpeg SkidVid]\Video Info.txt.bc!
C:\Program Files\BitComet\Downloads\Crazy Town\The Gift Of Game\06 - Crazy Town - Butterfly.mp3
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\CuteFTP v.8\cuteftppro.exe
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\CuteFTP v.8\serial.txt
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\crack\G6FTPServer.exe
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\crack\RESURRECTiON.nfo
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\g6ftpdsetup.exe
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\lang_pl.zip
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\Plugins & Scripts\[Plugin] CodSpirit's DirSize v1.5\cs_fs_dirsize.zip
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\Plugins & Scripts\[Plugin] CodSpirit's DirSize v1.5\Readme.txt
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\Plugins & Scripts\[Plugin] g6_maintenance\g6_maintenance.zip
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\Plugins & Scripts\[Plugin] g6_maintenance\Readme.txt
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\Plugins & Scripts\[Script] Boost's Gene6 SFV Checker v2.7\Readme.txt
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\Plugins & Scripts\[Script] Boost's Gene6 SFV Checker v2.7\SFVCheck_v27.zip
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\Plugins & Scripts\[Script] Boost's Site Who\Readme.txt
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\Plugins & Scripts\[Script] Boost's Site Who\SiteWho.Zip
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\Plugins & Scripts\[Script] Welcome Screen, Welcome everyone with their Own Stats and the Server Stats\Installation Notes.txt
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\Plugins & Scripts\[Script] Welcome Screen, Welcome everyone with their Own Stats and the Server Stats\Welcome.txt
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\Plugins & Scripts\CodSpirit's Web Interface for Users v2.5\UserWebInterface_v2-5.exe
C:\Program Files\BitComet\Downloads\CuteFTP&Gene6\Gene6 Ftp Server v3.8.0 Build 34\Plugins & Scripts\Gene6 FTP Server - WebAdmin v1.2.3.0\g6webadmin.exe
C:\Program Files\BitComet\Downloads\Destinys Child - Live in Atlanta (2006)\24 bad habit featuring kelly rowland.mp3.bc!
C:\Program Files\BitComet\Downloads\Dreamweaver MX 2004 + Keygen.rar
C:\Program Files\BitComet\Downloads\Dreamweaver MX 2004 + Keygen\Dreamweaver keygen\Dreamweaver_keygen.EXE
C:\Program Files\BitComet\Downloads\Dreamweaver MX 2004 + Keygen\Dreamweaver MX 2004 Installer.exe
C:\Program Files\BitComet\Downloads\Dreamweaver MX 2004 + Keygen\DreamweaverMX2004-en.zip
C:\Program Files\BitComet\Downloads\Dreamweaver MX 2004 + Keygen\DT.txt
C:\Program Files\BitComet\Downloads\Dreamweaver MX 2004 + Keygen\DWMX2004_API.pdf
C:\Program Files\BitComet\Downloads\Dreamweaver MX 2004 + Keygen\DWMX2004_Getting_Started.pdf
C:\Program Files\BitComet\Downloads\Dreamweaver MX 2004 + Keygen\Extending_DWMX2004.pdf
C:\Program Files\BitComet\Downloads\Dreamweaver MX 2004 + Keygen\HomeSite+ 5.5 Installer.exe
C:\Program Files\BitComet\Downloads\Dreamweaver MX 2004 + Keygen\README.TXT
C:\Program Files\BitComet\Downloads\Dreamweaver MX 2004 + Keygen\Using_DWMX2004.pdf
C:\Program Files\BitComet\Downloads\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\Dreamweaver MX Bible.pdf.bc!
C:\Program Files\BitComet\Downloads\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\dw_api.pdf.bc!
C:\Program Files\BitComet\Downloads\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\dw_getting_started.pdf.bc!
C:\Program Files\BitComet\Downloads\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\dw_shortcuts_win.swf.bc!
C:\Program Files\BitComet\Downloads\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\extending_dw.pdf.bc!
C:\Program Files\BitComet\Downloads\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\timelines.pdf.bc!
C:\Program Files\BitComet\Downloads\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\using_dw.pdf.bc!
C:\Program Files\BitComet\Downloads\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Crack\MMxpt.dll.bc!
C:\Program Files\BitComet\Downloads\Dreamweaver.MX.2004\Dreamweaver.MX.2004\dwmx2004_trial_en_win.exe.bc!
C:\Program Files\BitComet\Downloads\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Serial.txt.bc!
C:\Program Files\BitComet\Downloads\Dreamweaver.MX.2004\Updates\dwmx2004_701update_en.exe.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\00-duncan_james-future_past-2006.m3u.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\00-duncan_james-future_past-2006.nfo.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\00-duncan_james-future_past-2006.sfv.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\01-duncan_james-sooner_or_later.mp3.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\02-duncan_james-suffer.mp3.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\03-duncan_james-i_come_alive.mp3.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\04-duncan_james-cant_stop_a_river.mp3.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\05-duncan_james-i_dont_wanna_stop.mp3.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\06-duncan_james-what_are_we_waiting_for.mp3.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\07-duncan_james-amazed.mp3.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\08-duncan_james-turn_my_head.mp3.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\09-duncan_james-letter_to_god.mp3.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\10-duncan_james-breathing.mp3.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\11-duncan_james-frequency.mp3.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\12-duncan_james-somebody_still_loves_you.mp3.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\Get a FREE World Cup Football Shirt!.txt.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\Get a FREE World Cup Football Shirt!.url.bc!
C:\Program Files\BitComet\Downloads\Duncan_James-Future_Past-2006-RNS\ReadMe.txt.bc!
C:\Program Files\BitComet\Downloads\GE\ge1.8.23.51631-1.bin.bc!
C:\Program Files\BitComet\Downloads\GE\ge1.8.23.51631-2.bin.bc!
C:\Program Files\BitComet\Downloads\GE\ge1.8.23.51631-3.bin.bc!
C:\Program Files\BitComet\Downloads\GE\ge1.8.23.51631-4.bin.bc!
C:\Program Files\BitComet\Downloads\GE\ge1.8.23.51631.exe.bc!
C:\Program Files\BitComet\Downloads\Harry Potter and the Order of the Phoenix - Trailer 2\Torrent downloaded from Demonoid.com.txt.bc!
C:\Program Files\BitComet\Downloads\Harry Potter and the Order of the Phoenix - Trailer 2\trailer_2.wmv.bc!
C:\Program Files\BitComet\Downloads\Hilary Duff - Wake Up - Ellen 2006.03.29 - DTV DVDR Suave.vob.bc!
C:\Program Files\BitComet\Downloads\Hilary Duff - Wake Up [Nuati].m2v.bc!
C:\Program Files\BitComet\Downloads\Jesse McCartney\Beautiful Soul\04 Jesse McCartney - Take Your Sweet Time.mp3.bc!
C:\Program Files\BitComet\Downloads\Jesse McCartney\Beautiful Soul\10 Jesse McCartney - Because You Live.mp3.bc!
C:\Program Files\BitComet\Downloads\Jessica Simpson - A Public Affair (2006) - Pop [www.torrentazos.com].rar
C:\Program Files\BitComet\Downloads\Jonas Brothers - A Little Bit Longer 2008.rar
C:\Program Files\BitComet\Downloads\Jonas Brothers - Self Titled\04 That's Just The Way We Roll.mp3.bc!
C:\Program Files\BitComet\Downloads\Joss Stone -Introducing Joss Stone[2007][CD+SkidVid+Cov]\13 Joss Stone - What Were We Thinking.mp3
C:\Program Files\BitComet\Downloads\Julie Delpy - Julie Delpy\08. Julie Delpy - A Waltz For A Night.mp3.bc!
C:\Program Files\BitComet\Downloads\Just Jack - Overtones [2007][CD+SkidVid+Cov]\02 Just Jack - Glory Days.mp3
C:\Program Files\BitComet\Downloads\Kaspersky Internet Security 7.0 (with 2009 key!)\Instruction How to Use License key.txt
C:\Program Files\BitComet\Downloads\Kaspersky Internet Security 7.0 (with 2009 key!)\Kaspersky Internet Security 7.0 (with 2009 key!).rar
C:\Program Files\BitComet\Downloads\Kaspersky Internet Security 7.0 (with 2009 key!)\Kaspersky Internet Security 7.0 (with 2009 key!)\Instruction How to Use License key.txt
C:\Program Files\BitComet\Downloads\Kaspersky Internet Security 7.0 (with 2009 key!)\Kaspersky Internet Security 7.0 (with 2009 key!)\KIS keys\00147EA0.key
C:\Program Files\BitComet\Downloads\Kaspersky Internet Security 7.0 (with 2009 key!)\KIS keys\00147EA0.key
C:\Program Files\BitComet\Downloads\Kaspersky Internet Security 7.0 (with 2009 key!)\ReadMeFirst.txt
C:\Program Files\BitComet\Downloads\Kaspersky Internet Security 7.0.0.125 + New Working Key (Until 2008)\Extreme.kis7.key.bc!
C:\Program Files\BitComet\Downloads\Kaspersky Internet Security 7.0.0.125 + New Working Key (Until 2008)\kis7.0.0.125en.exe.bc!
C:\Program Files\BitComet\Downloads\Kaspersky Internet Security 7.0.0.125 + New Working Key (Until 2008)\shadowtorrents.url.bc!
C:\Program Files\BitComet\Downloads\Kylie Minogue - Ultimate Kylie\CD2\12 - Giving You Up.mp3
C:\Program Files\BitComet\Downloads\Lene Marlin - Lost In A Moment\03. How Would It Be.mp3.bc!
C:\Program Files\BitComet\Downloads\Lene_Marlin_-_How_Would_it_Be-Promo_CDS-2005-SMS\01-lene_marlin_-_how_would_it_be-sms.mp3.bc!
C:\Program Files\BitComet\Downloads\Lily Allen - Alright Still [2006][CD+Vid+Cov]\01 Lily Allen - Smile.mp3
C:\Program Files\BitComet\Downloads\Mandy Moore (5 CDs)\2001 - Mandy Moore\Mandy Moore - Mandy Moore - 07 - Crush.mp3.bc!
C:\Program Files\BitComet\Downloads\Mandy Moore (5 CDs)\2004 - The Best Of Mandy Moore\Mandy Moore - The Best Of Mandy Moore - 08 - Only Hope.mp3.bc!
C:\Program Files\BitComet\Downloads\Mandy Moore (5 CDs)\2004 - The Best Of Mandy Moore\Mandy Moore - The Best Of Mandy Moore - 13 - Top Of The World.mp3.bc!
C:\Program Files\BitComet\Downloads\Mandy Moore (5 CDs)\2004 - The Best Of Mandy Moore\Mandy Moore - The Best Of Mandy Moore - 14 - Secret Love.mp3.bc!
C:\Program Files\BitComet\Downloads\Marie_Serneholt-Enjoy_The_Ride-2006-SMO\01-marie_serneholt-enjoy_the_ride.mp3.bc!
C:\Program Files\BitComet\Downloads\Marie_Serneholt-Enjoy_The_Ride-2006-SMO\08-marie_serneholt-calling_all_detectives.mp3.bc!
C:\Program Files\BitComet\Downloads\Marie_Serneholt-Enjoy_The_Ride-2006-SMO\09-marie_serneholt-cant_be_loved.mp3.bc!
C:\Program Files\BitComet\Downloads\McAfee.VirusScan.Plus.2008 [App][Ingles][www.zonatorrent.com].rar.bc!
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 01 - Intro.mp3
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 02 - Are You Happy Now.mp3
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 03 - Find Your Way Back.mp3
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 04 - Empty Handed.mp3
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 05 - Tuesday Morning.mp3
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 06 - One of These Days.mp3
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 07 - Love Me Like That.mp3
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 08 - Desperately.mp3
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 09 - Breathe.mp3
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 10 - Where Are You Now!.mp3
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 11 - Hotel Paper.mp3
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 12 - Til' I Get Over You.mp3
C:\Program Files\BitComet\Downloads\Michelle Branch (3 CDs)\2003 - Hotel Paper\Michelle Branch - Hotel Paper - 13 - It's You.mp3
C:\Program Files\BitComet\Downloads\Microsoft Office 2003 Frontpage.iso
C:\Program Files\BitComet\Downloads\NOD32 Antivirus 3.0.414 RC1 + Serials [h33t] [CaZoR]\h33t - CaZoR.url
C:\Program Files\BitComet\Downloads\NOD32 Antivirus 3.0.414 RC1 + Serials [h33t] [CaZoR]\NOD32 3.0.414.msi
C:\Program Files\BitComet\Downloads\NOD32 Antivirus 3.0.414 RC1 + Serials [h33t] [CaZoR]\NOD32 Antivirus 3.0.414 RC1 + Serials [h33t] [CaZoR].rar
C:\Program Files\BitComet\Downloads\NOD32 Antivirus 3.0.414 RC1 + Serials [h33t] [CaZoR]\Serials.txt
C:\Program Files\BitComet\Downloads\NOD32 Antivirus 3.0.414 RC1 + Serials [h33t] [CaZoR]\tracked_by_h33t_com.txt
C:\Program Files\BitComet\Downloads\NOD32 version 3.0.290.0 Final + Key [www.zonatorrent.com].rar
C:\Program Files\BitComet\Downloads\NOD32 version 3.0.290.0 Final + Key [www.zonatorrent.com]\NOD32 version 3.0.290.0 Final + Key [www.zonatorrent.com]\Nod32ver3.msi
C:\Program Files\BitComet\Downloads\NOD32 version 3.0.290.0 Final + Key [www.zonatorrent.com]\NOD32 version 3.0.290.0 Final + Key [www.zonatorrent.com]\Serial.txt
C:\Program Files\BitComet\Downloads\NOD32 version 3.0.290.0 Final + Key [www.zonatorrent.com]\Nod32ver3.msi
C:\Program Files\BitComet\Downloads\NOD32 version 3.0.290.0 Final + Key [www.zonatorrent.com]\Serial.txt
C:\Program Files\BitComet\Downloads\Paris Hilton 37 min Sex Tape FULL.wmv.bc!
C:\Program Files\BitComet\Downloads\Paris Hilton Full Tape (38min)\ParisHilton_full.avi.bc!
C:\Program Files\BitComet\Downloads\Paris Hilton Full Tape (38min)\readme.txt.bc!
C:\Program Files\BitComet\Downloads\Paris Hilton Full Tape (38min)\tracked_by_h33t_com.txt.bc!
C:\Program Files\BitComet\Downloads\Portable Internet Explorer 7 (12MB)\1 - Maybe you need\How to extraction AIO pack.txt.bc!
C:\Program Files\BitComet\Downloads\Portable Internet Explorer 7 (12MB)\1 - Maybe you need\migel - h33t.url.bc!
C:\Program Files\BitComet\Downloads\Portable Internet Explorer 7 (12MB)\1 - Maybe you need\migel - RapidShare.url.bc!
C:\Program Files\BitComet\Downloads\Portable Internet Explorer 7 (12MB)\1 - Maybe you need\More AIO Packs.txt.bc!
C:\Program Files\BitComet\Downloads\Portable Internet Explorer 7 (12MB)\info.txt.bc!
C:\Program Files\BitComet\Downloads\Portable Internet Explorer 7 (12MB)\PLEASE README.txt.bc!
C:\Program Files\BitComet\Downloads\Portable Internet Explorer 7 (12MB)\Portable Internet Explorer 7.exe.bc!
C:\Program Files\BitComet\Downloads\Portable Internet Explorer 7 (12MB)\tracked_by_h33t_com.txt.bc!
C:\Program Files\BitComet\Downloads\Pussycat Dolls Feat Snoop Dogg - Buttons.avi.bc!
C:\Program Files\BitComet\Downloads\RealPlayer v10.5 GOLD+Premium.Activator+Keygen.rar.bc!
C:\Program Files\BitComet\Downloads\Rising Sun\01 Tonight.m4a.bc!
C:\Program Files\BitComet\Downloads\Rising Sun\02 Beautiful Life.m4a.bc!
C:\Program Files\BitComet\Downloads\Rising Sun\03 Rising Sun (??).m4a.bc!
C:\Program Files\BitComet\Downloads\Rising Sun\04 ?? (Unforgettable).m4a.bc!
C:\Program Files\BitComet\Downloads\Rising Sun\05 ?? ??? ?? (Love Is Never Gone).m4a.bc!
C:\Program Files\BitComet\Downloads\Rising Sun\06 Love After Love.m4a.bc!
C:\Program Files\BitComet\Downloads\Rising Sun\07 Dangerous Mind.m4a.bc!
C:\Program Files\BitComet\Downloads\Rising Sun\08 One.m4a.bc!
C:\Program Files\BitComet\Downloads\Rising Sun\09 Love Is....m4a.bc!
C:\Program Files\BitComet\Downloads\Rising Sun\10 Free Your Mind.m4a.bc!
C:\Program Files\BitComet\Downloads\Rising Sun\11 ?? ?? (Your Love Is All I Need).m4a.bc!
C:\Program Files\BitComet\Downloads\Rising Sun\12 ???? ? ?? (Always There...).m4a.bc!
C:\Program Files\BitComet\Downloads\Santana FEAT Michelle Branch - I'm Feeling You presented by www.michellebranch.best.cd The only web with Michelle Branch Torrents.mpg.bc!
C:\Program Files\BitComet\Downloads\santana_ft_michelle_branch_&_the_wreckers-im_feeling_you-svcd-2005-mv4u.mpg.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Crack e Seriale\Crack\SimCity 4.exe.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Crack e Seriale\Keygen\EA.Games.Multi.Keygen.exe.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Extra\Cover SimCity 4 Rush Hour\Cover CD\SimCity 4 Rush Hour (Cover CD).jpg.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Extra\Cover SimCity 4 Rush Hour\Cover Custodia CD\SimCity 4 Rush Hour (Cover Custodia CD - Back).jpg.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Extra\Cover SimCity 4 Rush Hour\Cover Custodia CD\SimCity 4 Rush Hour (Cover Custodia CD - Front).jpg.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Extra\Cover SimCity 4 Rush Hour\Cover Custodia DVD\SimCity 4 Rush Hour (Cover custodia DVD - Dutch).jpg.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Extra\Cover SimCity 4 Rush Hour\Cover Custodia DVD\SimCity 4 Rush Hour (Cover custodia DVD - Spanish).jpg.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Extra\Traduzione in italiano\File Di Registro\Lingua_Inglese.reg.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Extra\Traduzione in italiano\File Di Registro\Lingua_Italiana.reg.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Extra\Traduzione in italiano\Istruzioni Per La Traduzione\Istruzioni Per La Traduzione.txt.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Extra\Traduzione in italiano\Traduzione In Italiano\Italian.rar.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Istruzioni Per l'Installazione\Istruzioni Per l' Installazione.txt.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\SimCity 4 Rush Hour [Immagine]\SimCity 4 Rush Hour.bin.bc!
C:\Program Files\BitComet\Downloads\SimCity 4 Rush Hour\Tools Utilizzati\Daemon Tools\daemon.exe.bc!
C:\Program Files\BitComet\Downloads\Simon Webbe - Sanctuary (with covers) a DHZ.Inc release\00-simon_webbe-sanctuary-2005.m3u.bc!
C:\Program Files\BitComet\Downloads\Simon Webbe - Sanctuary (with covers) a DHZ.Inc release\01-simon_webbe-lay_your_hands.mp3.bc!
C:\Program Files\BitComet\Downloads\Simon Webbe - Sanctuary (with covers) a DHZ.Inc release\03-simon_webbe-after_all_this_time.mp3.bc!
C:\Program Files\BitComet\Downloads\Simon Webbe - Sanctuary (with covers) a DHZ.Inc release\Simon Webbe_sanctuary_back.jpg.bc!
C:\Program Files\BitComet\Downloads\Simon Webbe - Sanctuary (with covers) a DHZ.Inc release\Simon Webbe_sanctuary_disc.jpg.bc!
C:\Program Files\BitComet\Downloads\Simon Webbe - Sanctuary (with covers) a DHZ.Inc release\Simon Webbe_sanctuary_front.jpg.bc!
C:\Program Files\BitComet\Downloads\SPSS 14.0 + Crack\SPSS 14.0 Crack - RECOiL.rar
C:\Program Files\BitComet\Downloads\SPSS 14.0 + Crack\SPSS 14.0 Crack - RECOiL\recoil.nfo
C:\Program Files\BitComet\Downloads\SPSS 14.0 + Crack\SPSS 14.0 Crack - RECOiL\SPSS 14.0 patch.exe
C:\Program Files\BitComet\Downloads\SPSS 14.0 + Crack\SPSS 14.0 Crack - RECOiL\spssutil.dll
C:\Program Files\BitComet\Downloads\SPSS 14.0 + Crack\SPSS14Evaluation.exe
C:\Program Files\BitComet\Downloads\Stacie_Orrico_-_Beautiful_Awakening-Advance-2006-BIOMP3\01-so_simple.mp3
C:\Program Files\BitComet\Downloads\Stacie_Orrico_-_Beautiful_Awakening-Advance-2006-BIOMP3\AlbumArt_{64A4871D-9D5A-4CC6-A9A3-06DA1FD1CF99}_Large.jpg
C:\Program Files\BitComet\Downloads\Stacie_Orrico_-_Beautiful_Awakening-Advance-2006-BIOMP3\AlbumArt_{64A4871D-9D5A-4CC6-A9A3-06DA1FD1CF99}_Small.jpg
C:\Program Files\BitComet\Downloads\Stacie_Orrico_-_Beautiful_Awakening-Advance-2006-BIOMP3\AlbumArtSmall.jpg
C:\Program Files\BitComet\Downloads\Stacie_Orrico_-_Beautiful_Awakening-Advance-2006-BIOMP3\desktop.ini
C:\Program Files\BitComet\Downloads\Stacie_Orrico_-_Beautiful_Awakening-Advance-2006-BIOMP3\Folder.jpg
C:\Program Files\BitComet\Downloads\SWiSHMax v1.0 2006.02.01\crack\SwishMax.exe.bc!
C:\Program Files\BitComet\Downloads\SWiSHMax v1.0 2006.02.01\SetupSwishmax.exe.bc!
C:\Program Files\BitComet\Downloads\SWiSHmax.2006.02.01.incl.crack-Snd.by.ChingLiu.zip.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\00-switchfoot-nothing_is_sound-(advance)-2005.m3u.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\00-switchfoot-nothing_is_sound-(advance)-2005.nfo.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\00-switchfoot-nothing_is_sound-(advance)-2005.sfv.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\01-switchfoot-lonely_nation.mp3.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\02-switchfoot-stars.mp3.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\03-switchfoot-happy_is_a_yuppie_word.mp3.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\04-switchfoot-the_shadow_proves_the_sunshine.mp3.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\05-switchfoot-easier_than_love.mp3.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\06-switchfoot-the_blues.mp3.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\07-switchfoot-the_setting_sun.mp3.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\08-switchfoot-politicians.mp3.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\09-switchfoot-golden.mp3.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\10-switchfoot-the_fatal_wound.mp3.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\11-switchfoot-we_are_on_tonight.mp3.bc!
C:\Program Files\BitComet\Downloads\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS\12-switchfoot-daisy.mp3.bc!
C:\Program Files\BitComet\Downloads\Take That - Beautiful World (2006) - Pop [www.torrentazos.com].rar
C:\Program Files\BitComet\Downloads\Techsmith.Camtasia.Studio.v3.1.2.Incl.Keymaker-ZWT.rar
C:\Program Files\BitComet\Downloads\Techsmith.Camtasia.Studio.v3.1.2.Incl.Keymaker-ZWT\file_id.diz
C:\Program Files\BitComet\Downloads\Techsmith.Camtasia.Studio.v3.1.2.Incl.Keymaker-ZWT\keygen.exe
C:\Program Files\BitComet\Downloads\Techsmith.Camtasia.Studio.v3.1.2.Incl.Keymaker-ZWT\setup.exe
C:\Program Files\BitComet\Downloads\Techsmith.Camtasia.Studio.v3.1.2.Incl.Keymaker-ZWT\zwt.nfo
C:\Program Files\BitComet\Downloads\The Verve - 5 Albums\The Verve - Urban Hymns\The Verve - Urban Hymns - 01 - Bittersweet Symphony.mp3
C:\Program Files\BitComet\Downloads\The.Sims.2.Glamour.Life.Stuff-1CD.MuLTi15-TXT\CD\TXT-TS2GLS.iso.bc!
C:\Program Files\BitComet\Downloads\The.Sims.2.Glamour.Life.Stuff-1CD.MuLTi15-TXT\Crack\Sims2SP2.exe.bc!
C:\Program Files\BitComet\Downloads\The.Sims.2.Glamour.Life.Stuff-1CD.MuLTi15-TXT\I N F O.nfo.bc!
C:\Program Files\BitComet\Downloads\Will Young - Fridays Child\05 - Will Young - Love Is A Matter Of Distance.mp3
C:\Program Files\BitComet\Downloads\Will Young - Fridays Child\AlbumArt_{3B6DDA8D-EDF8-4B66-9FB3-791C127A4C58}_Large.jpg
C:\Program Files\BitComet\Downloads\Will Young - Fridays Child\AlbumArt_{3B6DDA8D-EDF8-4B66-9FB3-791C127A4C58}_Small.jpg
C:\Program Files\BitComet\Downloads\Will Young - Fridays Child\AlbumArtSmall.jpg
C:\Program Files\BitComet\Downloads\Will Young - Fridays Child\desktop.ini
C:\Program Files\BitComet\Downloads\Will Young - Fridays Child\Folder.jpg
C:\Program Files\BitComet\Downloads\Will Young ALL 3 ALBUMS by SHAGSTER\1 - Will Y oung - From Now On\01 - Evergreen.mp3.bc!
C:\Program Files\BitComet\Downloads\Winamp 5.32 Pro - Full + Keygen.rar
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Key Finder 1.5 Beta 3.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Key Finder.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\MSKey4in1.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Cool Windows Longhorn 4074 4074 Effects.reg.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Even More Corp CD Keys.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Evidence.nfo.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\file_id.diz.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Longhorn Crack.nfo.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Microsoft Serial List.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\More WinXP Corp Keys.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\MSKey4in1 Read Me.doc.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Reset 5.02.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Win XP Activator.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Windows 2003 & XP Anti Product Activation Crack 1.1.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Windows 2003 & XP Anti Product Activation Crack 1.2.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Windows Longhorn 4074 CD KEY.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Windows Longhorn Build 4074 Tweak Guide.mht.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Windows Server 2003 ALL RTM Keygen Twiz Stealth.nfo.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Windows Update Fix 5.7.nfo.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Windows XP CD Key and Product ID Changer.nfo.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\Windows XP Pro. SP2 VLK CD KEYS.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\WinXP Activation 1.0.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\WinXP Activation 1.1.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\WinXP Corp CD Keys.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\WinXP Corp. Key Changer.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\WinXP Home CD Keys.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\WinXP Pro CD Keys.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\WinXP Serivce Pack Links.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Text Files\XP Patch Instructions.txt.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Win XP Activator.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Win2K3 Server Update Fix 5.5.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Win2K3 VLK KeyGen.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Windows 2003 & XP & LH Anti Product Activation Crack 2.0.0.zip.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Windows 2003 & XP Anti Product Activation Crack 1.1.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Windows 2003 & XP Anti Product Activation Crack 1.2.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Windows 2003 & XP Anti Product Activation Crack 1.6.2.zip.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Windows 2003 & XP Anti Product Activation Crack 1.8 Beta 2.rar.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Windows Longhorn Build 4074 Crack - BetasIRC.zip.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Windows Server 2003 ALL RTM Keygen Twiz Stealth.rar.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Windows XP-NET-2003 Product Key Changer.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Windows XP CD Key and Product ID Changer.rar.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\Windows XP SP1a KeyGen.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\windows.xp.keygenerator.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\WinXP Activation 1.0.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\WinXP Activation 1.1.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\WinXP Corp. Key Changer 2.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\WinXP Corp. Key Changer.exe.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\WinXP Crack.zip.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\WinXP KeyGen.rar.bc!
C:\Program Files\BitComet\Downloads\windows xp KeyGens & Cracks by freak_gamer\WinXP Product Key Viewer.exe.bc!
C:\Program Files\BitComet\Downloads\windowsxp_keygen.exe
C:\Program Files\BitComet\Downloads\Xilisoft Audio Converter 2.1.rar.bc!
C:\Program Files\BitComet\Downloads\XPKey.exe.bc!
C:\Program Files\BitComet\ERRORLOG.TXT
C:\Program Files\BitComet\fav\ad\previewdlg_en_us.htm
C:\Program Files\BitComet\fav\ad\previewdlg_zh_cn.htm
C:\Program Files\BitComet\fav\ad\previewwnd_en_us.htm
C:\Program Files\BitComet\fav\ad\previewwnd_zh_cn.htm
C:\Program Files\BitComet\fav\ad\pv_dlg.swf
C:\Program Files\BitComet\fav\ad\pv_wnd.swf
C:\Program Files\BitComet\fav\fav_bg_bg.xml
C:\Program Files\BitComet\fav\fav_ca_es.xml
C:\Program Files\BitComet\fav\fav_de_de.xml
C:\Program Files\BitComet\fav\fav_el_gr.xml
C:\Program Files\BitComet\fav\fav_en_us.xml
C:\Program Files\BitComet\fav\fav_es_es.xml
C:\Program Files\BitComet\fav\fav_fi_fi.xml
C:\Program Files\BitComet\fav\fav_he_il.xml
C:\Program Files\BitComet\fav\fav_hu_hu.xml
C:\Program Files\BitComet\fav\fav_it_it.xml
C:\Program Files\BitComet\fav\fav_jp_jp.xml
C:\Program Files\BitComet\fav\fav_ko_kr.xml
C:\Program Files\BitComet\fav\fav_lv_lv.xml
C:\Program Files\BitComet\fav\fav_nl_nl.xml
C:\Program Files\BitComet\fav\fav_pl_pl.xml
C:\Program Files\BitComet\fav\fav_pt_br.xml
C:\Program Files\BitComet\fav\fav_pt_pt.xml
C:\Program Files\BitComet\fav\fav_ru_ru.xml
C:\Program Files\BitComet\fav\fav_sl_si.xml
C:\Program Files\BitComet\fav\fav_th_th.xml
C:\Program Files\BitComet\fav\fav_uk_ua.xml
C:\Program Files\BitComet\fav\fav_va_es.xml
C:\Program Files\BitComet\fav\fav_vi_vn.xml
C:\Program Files\BitComet\fav\fav_zh_cn.xml
C:\Program Files\BitComet\fav\fav_zh_tw.xml
C:\Program Files\BitComet\fav\HowTo-AddYourSite.txt
C:\Program Files\BitComet\fav\introduce_zh_cn.mht
C:\Program Files\BitComet\fav\search_el_gr.mht
C:\Program Files\BitComet\fav\search_en_us.mht
C:\Program Files\BitComet\fav\search_uk_ua.mht
C:\Program Files\BitComet\fav\search_zh_cn.mht
C:\Program Files\BitComet\Favourite.xml
C:\Program Files\BitComet\lang\HowTo-Translate.txt
C:\Program Files\BitComet\lang\lang_ar_ae.xml
C:\Program Files\BitComet\lang\lang_ba_ba.xml
C:\Program Files\BitComet\lang\lang_ba_eu.xml
C:\Program Files\BitComet\lang\lang_bg_bg.xml
C:\Program Files\BitComet\lang\lang_ca_es.xml
C:\Program Files\BitComet\lang\lang_cz_cz.xml
C:\Program Files\BitComet\lang\lang_da_dk.xml
C:\Program Files\BitComet\lang\lang_de_de.xml
C:\Program Files\BitComet\lang\lang_el_gr.xml
C:\Program Files\BitComet\lang\lang_en_us.xml
C:\Program Files\BitComet\lang\lang_es_ar.xml
C:\Program Files\BitComet\lang\lang_es_es.xml
C:\Program Files\BitComet\lang\lang_et_ee.xml
C:\Program Files\BitComet\lang\lang_fi_fi.xml
C:\Program Files\BitComet\lang\lang_fr_fr.xml
C:\Program Files\BitComet\lang\lang_gl_es.xml
C:\Program Files\BitComet\lang\lang_he_il.xml
C:\Program Files\BitComet\lang\lang_hr_hr.xml
C:\Program Files\BitComet\lang\lang_hu_hu.xml
C:\Program Files\BitComet\lang\lang_it_it.xml
C:\Program Files\BitComet\lang\lang_jp_jp.xml
C:\Program Files\BitComet\lang\lang_ko_kr.xml
C:\Program Files\BitComet\lang\lang_lt_lt.xml
C:\Program Files\BitComet\lang\lang_lv_lv.xml
C:\Program Files\BitComet\lang\lang_nb_no.xml
C:\Program Files\BitComet\lang\lang_nl_nl.xml
C:\Program Files\BitComet\lang\lang_pl_pl.xml
C:\Program Files\BitComet\lang\lang_pt_br.xml
C:\Program Files\BitComet\lang\lang_pt_pt.xml
C:\Program Files\BitComet\lang\lang_ro_ro.xml
C:\Program Files\BitComet\lang\lang_ru_ru.xml
C:\Program Files\BitComet\lang\lang_sk_sk.xml
C:\Program Files\BitComet\lang\lang_sl_si.xml
C:\Program Files\BitComet\lang\lang_sq_al.xml
C:\Program Files\BitComet\lang\lang_sr_sr.xml
C:\Program Files\BitComet\lang\lang_sv_se.xml
C:\Program Files\BitComet\lang\lang_th_th.xml
C:\Program Files\BitComet\lang\lang_tr_tr.xml
C:\Program Files\BitComet\lang\lang_uk_ua.xml
C:\Program Files\BitComet\lang\lang_va_es.xml
C:\Program Files\BitComet\lang\lang_vi_vn.xml
C:\Program Files\BitComet\lang\lang_zh_cn.xml
C:\Program Files\BitComet\lang\lang_zh_tw.xml
C:\Program Files\BitComet\rules\dhtnodes.dat
C:\Program Files\BitComet\rules\ipfilter.dat
C:\Program Files\BitComet\Torrents\Able2Extract_Professional_v5.0_Incl_Keygen-PARADOX.torrent
C:\Program Files\BitComet\Torrents\Able2Extract_Professional_v5.0_Incl_Keygen-PARADOX.xml
C:\Program Files\BitComet\Torrents\Adobe Flash Player 9.0.16.rar.torrent
C:\Program Files\BitComet\Torrents\Adobe Flash Player 9.0.16.rar.xml
C:\Program Files\BitComet\Torrents\Aqualung - Still Life.torrent
C:\Program Files\BitComet\Torrents\Aqualung - Still Life.xml
C:\Program Files\BitComet\Torrents\Atomic Kitten - Greatest Hits.torrent
C:\Program Files\BitComet\Torrents\Atomic Kitten - Greatest Hits.xml
C:\Program Files\BitComet\Torrents\Avril Lavigne - B-Sides.torrent
C:\Program Files\BitComet\Torrents\Avril Lavigne - B-Sides.xml
C:\Program Files\BitComet\Torrents\Avril Lavigne - GirlFriend[2007]-DVD-Quality.Marshel007.torrent
C:\Program Files\BitComet\Torrents\Avril Lavigne - GirlFriend[2007]-DVD-Quality.Marshel007.xml
C:\Program Files\BitComet\Torrents\Avril Lavigne - The Best Damn Thing [Explicit Retal].torrent
C:\Program Files\BitComet\Torrents\Avril Lavigne - The Best Damn Thing [Explicit Retal].xml
C:\Program Files\BitComet\Torrents\Avril Lavigne BEST DAM THING prerelease 2007 {SVE}.torrent
C:\Program Files\BitComet\Torrents\Avril Lavigne BEST DAM THING prerelease 2007 {SVE}.xml
C:\Program Files\BitComet\Torrents\Avril lavigne.torrent
C:\Program Files\BitComet\Torrents\Avril lavigne.xml
C:\Program Files\BitComet\Torrents\Bianca Ryan - Bianca Ryan (2006).torrent
C:\Program Files\BitComet\Torrents\Bianca Ryan - Bianca Ryan (2006).xml
C:\Program Files\BitComet\Torrents\Black Eyed Peas-My Humps (DVD-music-video-torrents.afz.biz).mpg.torrent
C:\Program Files\BitComet\Torrents\Black Eyed Peas-My Humps (DVD-music-video-torrents.afz.biz).mpg.xml
C:\Program Files\BitComet\Torrents\Britney Spears - Blackout (2007) - Pop [www.torrentazos.com].rar.torrent
C:\Program Files\BitComet\Torrents\Britney Spears - Blackout (2007) - Pop [www.xmlazos.com].rar.xml
C:\Program Files\BitComet\Torrents\Britney Spears - Blackout.torrent
C:\Program Files\BitComet\Torrents\Britney Spears - Blackout.xml
C:\Program Files\BitComet\Torrents\Camfrog v3.80 - With Large Video Patch - Slimoo.torrent
C:\Program Files\BitComet\Torrents\Camfrog v3.80 - With Large Video Patch - Slimoo.xml
C:\Program Files\BitComet\Torrents\Camfrog Video Chat 3.80.20590 updated-fixed 11-2006.zip.torrent
C:\Program Files\BitComet\Torrents\Camfrog Video Chat 3.80.20590 updated-fixed 11-2006.zip.xml
C:\Program Files\BitComet\Torrents\Camfrog Video Chat Pro v3.6.17299 Incl Unlimited Patch-UCF.rar.torrent
C:\Program Files\BitComet\Torrents\Camfrog Video Chat Pro v3.6.17299 Incl Unlimited Patch-UCF.rar.xml
C:\Program Files\BitComet\Torrents\Camfrog.Videochat.Pro.v3.72.+.crack.rar.torrent
C:\Program Files\BitComet\Torrents\Camfrog.Videochat.Pro.v3.72.+.crack.rar.xml
C:\Program Files\BitComet\Torrents\Camtasia Studio 3.0.1 (keygen) [www.themetalmulisha.com].rar.torrent
C:\Program Files\BitComet\Torrents\Camtasia Studio 3.0.1 (keygen) [www.themetalmulisha.com].rar.xml
C:\Program Files\BitComet\Torrents\Christina Aguilera - Ain't No Other Man[2006][mpeg SkidVid].torrent
C:\Program Files\BitComet\Torrents\Christina Aguilera - Ain't No Other Man[2006][mpeg SkidVid].xml
C:\Program Files\BitComet\Torrents\Crazy Town.torrent
C:\Program Files\BitComet\Torrents\Crazy Town.xml
C:\Program Files\BitComet\Torrents\CuteFTP&Gene6.torrent
C:\Program Files\BitComet\Torrents\CuteFTP&Gene6.xml
C:\Program Files\BitComet\Torrents\Destinys Child - Live in Atlanta (2006).torrent
C:\Program Files\BitComet\Torrents\Destinys Child - Live in Atlanta (2006).xml
C:\Program Files\BitComet\Torrents\Dreamweaver MX 2004 + Keygen.rar.torrent
C:\Program Files\BitComet\Torrents\Dreamweaver MX 2004 + Keygen.rar.xml
C:\Program Files\BitComet\Torrents\Dreamweaver.MX.2004.torrent
C:\Program Files\BitComet\Torrents\Dreamweaver.MX.2004.xml
C:\Program Files\BitComet\Torrents\Duncan_James-Future_Past-2006-RNS.torrent
C:\Program Files\BitComet\Torrents\Duncan_James-Future_Past-2006-RNS.xml
C:\Program Files\BitComet\Torrents\Evanescence -The Open Door[2006][CD+SkidVid+Cov].torrent
C:\Program Files\BitComet\Torrents\Evanescence -The Open Door[2006][CD+SkidVid+Cov].xml
C:\Program Files\BitComet\Torrents\GE.xml
C:\Program Files\BitComet\Torrents\Hanson-The_Walk-2007-SAW.torrent
C:\Program Files\BitComet\Torrents\Hanson-The_Walk-2007-SAW.xml
C:\Program Files\BitComet\Torrents\Harry Potter and the Order of the Phoenix - Trailer 2.torrent
C:\Program Files\BitComet\Torrents\Harry Potter and the Order of the Phoenix - Trailer 2.xml
C:\Program Files\BitComet\Torrents\High School Musical Soundtrack.torrent
C:\Program Files\BitComet\Torrents\High School Musical Soundtrack.xml
C:\Program Files\BitComet\Torrents\Hilary Duff - Wake Up - Ellen 2006.03.29 - DTV DVDR Suave.vob.torrent
C:\Program Files\BitComet\Torrents\Hilary Duff - Wake Up - Ellen 2006.03.29 - DTV DVDR Suave.vob.xml
C:\Program Files\BitComet\Torrents\Hilary Duff - Wake Up [Nuati].m2v.torrent
C:\Program Files\BitComet\Torrents\Hilary Duff - Wake Up [Nuati].m2v.xml
C:\Program Files\BitComet\Torrents\Hilary Duff (3 CDs).torrent
C:\Program Files\BitComet\Torrents\Hilary Duff (3 CDs).xml
C:\Program Files\BitComet\Torrents\Hilary_Duff-Dignity-2007-SAW.torrent
C:\Program Files\BitComet\Torrents\Hilary_Duff-Dignity-2007-SAW.xml
C:\Program Files\BitComet\Torrents\Jesse McCartney.torrent
C:\Program Files\BitComet\Torrents\Jesse McCartney.xml
C:\Program Files\BitComet\Torrents\Jesse_Mccartney-Departure-(Advance)-2008-BiGJESSE.torrent
C:\Program Files\BitComet\Torrents\Jesse_Mccartney-Departure-(Advance)-2008-BiGJESSE.xml
C:\Program Files\BitComet\Torrents\Jesse_McCartney_-_Right_Where_You_Want_Me-(CN_TW_Ver)-2CD-2006-Luna.torrent
C:\Program Files\BitComet\Torrents\Jesse_McCartney_-_Right_Where_You_Want_Me-(CN_TW_Ver)-2CD-2006-Luna.xml
C:\Program Files\BitComet\Torrents\Jessica Simpson - A Public Affair (2006) - Pop [www.torrentazos.com].rar.torrent
C:\Program Files\BitComet\Torrents\Jessica Simpson - A Public Affair (2006) - Pop [www.xmlazos.com].rar.xml
C:\Program Files\BitComet\Torrents\jessica_simpson-a_public_affair-dvdrip-xvid-2006-mv4u.torrent
C:\Program Files\BitComet\Torrents\jessica_simpson-a_public_affair-dvdrip-xvid-2006-mv4u.xml
C:\Program Files\BitComet\Torrents\Jonas Brothers - A Little Bit Longer 2008.rar.torrent
C:\Program Files\BitComet\Torrents\Jonas Brothers - A Little Bit Longer 2008.rar.xml
C:\Program Files\BitComet\Torrents\Jonas Brothers - Self Titled.torrent
C:\Program Files\BitComet\Torrents\Jonas Brothers - Self Titled.xml
C:\Program Files\BitComet\Torrents\Joss Stone -Introducing Joss Stone[2007][CD+SkidVid+Cov].torrent
C:\Program Files\BitComet\Torrents\Joss Stone -Introducing Joss Stone[2007][CD+SkidVid+Cov].xml
C:\Program Files\BitComet\Torrents\Julie Delpy - Julie Delpy.torrent
C:\Program Files\BitComet\Torrents\Julie Delpy - Julie Delpy.xml
C:\Program Files\BitComet\Torrents\Just Jack - Overtones [2007][CD+SkidVid+Cov].torrent
C:\Program Files\BitComet\Torrents\Just Jack - Overtones [2007][CD+SkidVid+Cov].xml
C:\Program Files\BitComet\Torrents\Kaspersky Internet Security 7.0 (with 2009 key!).torrent
C:\Program Files\BitComet\Torrents\Kaspersky Internet Security 7.0 (with 2009 key!).xml
C:\Program Files\BitComet\Torrents\Kaspersky Internet Security 7.0.0.125 + New Working Key (Until 2008).torrent
C:\Program Files\BitComet\Torrents\Kaspersky Internet Security 7.0.0.125 + New Working Key (Until 2008).xml
C:\Program Files\BitComet\Torrents\Kelly Rowland - Simply Deep.torrent
C:\Program Files\BitComet\Torrents\Kelly Rowland - Simply Deep.xml
C:\Program Files\BitComet\Torrents\Kylie Minogue - Ultimate Kylie.torrent
C:\Program Files\BitComet\Torrents\Kylie Minogue - Ultimate Kylie.xml
C:\Program Files\BitComet\Torrents\Lene Marlin - Lost In A Moment.torrent
C:\Program Files\BitComet\Torrents\Lene Marlin - Lost In A Moment.xml
C:\Program Files\BitComet\Torrents\Lene_Marlin_-_How_Would_it_Be-Promo_CDS-2005-SMS.torrent
C:\Program Files\BitComet\Torrents\Lene_Marlin_-_How_Would_it_Be-Promo_CDS-2005-SMS.xml
C:\Program Files\BitComet\Torrents\Leona Lewis - Spirit [2007][CD+SkidVid_XviD+Cov]192Kbps.torrent
C:\Program Files\BitComet\Torrents\Leona Lewis - Spirit [2007][CD+SkidVid_XviD+Cov]192Kbps.xml
C:\Program Files\BitComet\Torrents\Lily Allen - Alright Still [2006][CD+Vid+Cov].torrent
C:\Program Files\BitComet\Torrents\Lily Allen - Alright Still [2006][CD+Vid+Cov].xml
C:\Program Files\BitComet\Torrents\Mandy Moore (5 CDs).torrent
C:\Program Files\BitComet\Torrents\Mandy Moore (5 CDs).xml
C:\Program Files\BitComet\Torrents\Mandy_Moore-Wild_Hope-2007-ERB.torrent
C:\Program Files\BitComet\Torrents\Mandy_Moore-Wild_Hope-2007-ERB.xml
C:\Program Files\BitComet\Torrents\Mariah Carey E=MC2 [FULL ALBUM 2008].torrent
C:\Program Files\BitComet\Torrents\Mariah Carey E=MC2 [FULL ALBUM 2008].xml
C:\Program Files\BitComet\Torrents\Marie_Serneholt-Enjoy_The_Ride-2006-SMO.torrent
C:\Program Files\BitComet\Torrents\Marie_Serneholt-Enjoy_The_Ride-2006-SMO.xml
C:\Program Files\BitComet\Torrents\Matt Willis - Dont Let It Go To Waste - www.boorstar.com.torrent
C:\Program Files\BitComet\Torrents\Matt Willis - Dont Let It Go To Waste - www.boorstar.com.xml
C:\Program Files\BitComet\Torrents\McAfee.VirusScan.Plus.2008 [App][Ingles][www.zonatorrent.com].rar.torrent
C:\Program Files\BitComet\Torrents\McAfee.VirusScan.Plus.2008 [App][Ingles][www.zonatorrent.com].rar.xml
C:\Program Files\BitComet\Torrents\McFly - Motion In The Ocean.torrent
C:\Program Files\BitComet\Torrents\McFly - Motion In The Ocean.xml
C:\Program Files\BitComet\Torrents\Melanie_C.-The_Moment_You_Believe-(CDM)-2007-MST.torrent
C:\Program Files\BitComet\Torrents\Melanie_C.-The_Moment_You_Believe-(CDM)-2007-MST.xml
C:\Program Files\BitComet\Torrents\Michelle Branch - The Spirit Room [2001].torrent
C:\Program Files\BitComet\Torrents\Michelle Branch - The Spirit Room [2001].xml
C:\Program Files\BitComet\Torrents\Michelle Branch (3 CDs).torrent
C:\Program Files\BitComet\Torrents\Michelle Branch (3 CDs).xml
C:\Program Files\BitComet\Torrents\Microsoft Office 2003 Frontpage.iso.torrent
C:\Program Files\BitComet\Torrents\Microsoft Office 2003 Frontpage.iso.xml
C:\Program Files\BitComet\Torrents\NOD32 Antivirus 3.0.414 RC1 + Serials [h33t] [CaZoR].torrent
C:\Program Files\BitComet\Torrents\NOD32 Antivirus 3.0.414 RC1 + Serials [h33t] [CaZoR].xml
C:\Program Files\BitComet\Torrents\NOD32 version 3.0.290.0 Final + Key [www.zonatorrent.com].rar.torrent
C:\Program Files\BitComet\Torrents\NOD32 version 3.0.290.0 Final + Key [www.zonatorrent.com].rar.xml
C:\Program Files\BitComet\Torrents\Paris Hilton 37 min Sex Tape FULL.wmv.torrent
C:\Program Files\BitComet\Torrents\Paris Hilton 37 min Sex Tape FULL.wmv.xml
C:\Program Files\BitComet\Torrents\Paris Hilton Full Tape (38min).torrent
C:\Program Files\BitComet\Torrents\Paris Hilton Full Tape (38min).xml
C:\Program Files\BitComet\Torrents\Photoshop CS2 v9.0 + working KeyGen.torrent
C:\Program Files\BitComet\Torrents\Photoshop CS2 v9.0 + working KeyGen.xml
C:\Program Files\BitComet\Torrents\Pink - I'm Not Dead [2006][CD+Vid+Covers].torrent
C:\Program Files\BitComet\Torrents\Pink - I'm Not Dead [2006][CD+Vid+Covers].xml
C:\Program Files\BitComet\Torrents\Portable Internet Explorer 7 (12MB).torrent
C:\Program Files\BitComet\Torrents\Portable Internet Explorer 7 (12MB).xml
C:\Program Files\BitComet\Torrents\Power DVD 6 Deluxe and Serial.torrent
C:\Program Files\BitComet\Torrents\Power DVD 6 Deluxe and Serial.xml
C:\Program Files\BitComet\Torrents\Pussycat Dolls Feat Snoop Dogg - Buttons.avi.torrent
C:\Program Files\BitComet\Torrents\Pussycat Dolls Feat Snoop Dogg - Buttons.avi.xml
C:\Program Files\BitComet\Torrents\Right Where You Want Me.torrent
C:\Program Files\BitComet\Torrents\Right Where You Want Me.xml
C:\Program Files\BitComet\Torrents\Rising Sun.torrent
C:\Program Files\BitComet\Torrents\Rising Sun.xml
C:\Program Files\BitComet\Torrents\santana_ft_michelle_branch_&_the_wreckers-im_feeling_you-svcd-2005-mv4u.mpg.torrent
C:\Program Files\BitComet\Torrents\santana_ft_michelle_branch_&_the_wreckers-im_feeling_you-svcd-2005-mv4u.mpg.xml
C:\Program Files\BitComet\Torrents\SimCity 4 Rush Hour.torrent
C:\Program Files\BitComet\Torrents\SimCity 4 Rush Hour.xml
C:\Program Files\BitComet\Torrents\Simon Webbe - Sanctuary (with covers) a DHZ.Inc release.torrent
C:\Program Files\BitComet\Torrents\Simon Webbe - Sanctuary (with covers) a DHZ.Inc release.xml
C:\Program Files\BitComet\Torrents\Simple Plan - No Pads, No Helmets... Just Balls [2002].torrent
C:\Program Files\BitComet\Torrents\Simple Plan - No Pads, No Helmets... Just Balls [2002].xml
C:\Program Files\BitComet\Torrents\Simple_Plan-Still_Not_Getting_Any-(Limited_Edition)-2004-h8me.torrent
C:\Program Files\BitComet\Torrents\Simple_Plan-Still_Not_Getting_Any-(Limited_Edition)-2004-h8me.xml
C:\Program Files\BitComet\Torrents\SPSS 14.0 + Crack.torrent
C:\Program Files\BitComet\Torrents\SPSS 14.0 + Crack.xml
C:\Program Files\BitComet\Torrents\Stacie_Orrico_-_Beautiful_Awakening-Advance-2006-BIOMP3.torrent
C:\Program Files\BitComet\Torrents\Stacie_Orrico_-_Beautiful_Awakening-Advance-2006-BIOMP3.xml
C:\Program Files\BitComet\Torrents\SWiSHMax v1.0 2006.02.01.torrent
C:\Program Files\BitComet\Torrents\SWiSHMax v1.0 2006.02.01.xml
C:\Program Files\BitComet\Torrents\SWiSHmax.2006.02.01.incl.crack-Snd.by.ChingLiu.zip.torrent
C:\Program Files\BitComet\Torrents\SWiSHmax.2006.02.01.incl.crack-Snd.by.ChingLiu.zip.xml
C:\Program Files\BitComet\Torrents\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS.torrent
C:\Program Files\BitComet\Torrents\Switchfoot-Nothing_Is_Sound-(Advance)-2005-RNS.xml
C:\Program Files\BitComet\Torrents\Take That - Beautiful World (2006) - Pop [www.torrentazos.com].rar.torrent
C:\Program Files\BitComet\Torrents\Take That - Beautiful World (2006) - Pop [www.xmlazos.com].rar.xml
C:\Program Files\BitComet\Torrents\Take That - Rule The World.torrent
C:\Program Files\BitComet\Torrents\Take That - Rule The World.xml
C:\Program Files\BitComet\Torrents\Techsmith.Camtasia.Studio.v3.1.2.Incl.Keymaker-ZWT.rar.torrent
C:\Program Files\BitComet\Torrents\Techsmith.Camtasia.Studio.v3.1.2.Incl.Keymaker-ZWT.rar.xml
C:\Program Files\BitComet\Torrents\The Jonas Brothers.torrent
C:\Program Files\BitComet\Torrents\The Jonas Brothers.xml
C:\Program Files\BitComet\Torrents\The Verve - 5 Albums.torrent
C:\Program Files\BitComet\Torrents\The Verve - 5 Albums.xml
C:\Program Files\BitComet\Torrents\The.Sims.2.Glamour.Life.Stuff-1CD.MuLTi15-TXT.torrent
C:\Program Files\BitComet\Torrents\The.Sims.2.Glamour.Life.Stuff-1CD.MuLTi15-TXT.xml
C:\Program Files\BitComet\Torrents\The_Wreckers-Stand_Still_Look_Pretty-2006-RNS.torrent
C:\Program Files\BitComet\Torrents\The_Wreckers-Stand_Still_Look_Pretty-2006-RNS.xml
C:\Program Files\BitComet\Torrents\Utada Hikaru - Ultra Blue.torrent
C:\Program Files\BitComet\Torrents\Utada Hikaru - Ultra Blue.xml
C:\Program Files\BitComet\Torrents\Utada Hikaru.torrent
C:\Program Files\BitComet\Torrents\Utada Hikaru.xml
C:\Program Files\BitComet\Torrents\Will Young - Fridays Child.torrent
C:\Program Files\BitComet\Torrents\Will Young - Fridays Child.xml
C:\Program Files\BitComet\Torrents\Will Young ALL 3 ALBUMS by SHAGSTER.torrent
C:\Program Files\BitComet\Torrents\Will Young ALL 3 ALBUMS by SHAGSTER.xml
C:\Program Files\BitComet\Torrents\Winamp 5.32 Pro - Full + Keygen.rar.torrent
C:\Program Files\BitComet\Torrents\Winamp 5.32 Pro - Full + Keygen.rar.xml
C:\Program Files\BitComet\Torrents\windows xp KeyGens & Cracks by freak_gamer.torrent
C:\Program Files\BitComet\Torrents\windows xp KeyGens & Cracks by freak_gamer.xml
C:\Program Files\BitComet\Torrents\windowsxp_keygen.exe.torrent
C:\Program Files\BitComet\Torrents\windowsxp_keygen.exe.xml
C:\Program Files\BitComet\Torrents\Xilisoft Audio Converter 2.1.rar.torrent
C:\Program Files\BitComet\Torrents\Xilisoft Audio Converter 2.1.rar.xml
C:\Program Files\BitComet\Torrents\XPKey.exe.torrent
C:\Program Files\BitComet\Torrents\XPKey.exe.xml
C:\WINDOWS\system32\TmpX.exe
C:\WINDOWS\system32\wink2.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AGONY
-------\Legacy_WYQE
-------\Service_agony
-------\Service_WYQE

((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 13:00 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-07-13 13:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-07-12 17:33 --------- d-----w C:\Program Files\DivX
2008-06-26 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\pixelStorm
2008-06-24 15:38 --------- d-----w C:\Documents and Settings\Administrator\Application Data\FFSJ
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_1 ----

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_1\

---- Directory of C:\WINDOWS\system32\svcd ----

------- Sigcheck -------

03/14/2005 08:17 AM 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
04/20/2006 07:18 PM 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
03/14/2005 07:55 AM 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
06/20/2008 05:45 PM 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
06/20/2008 05:44 PM 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
06/20/2008 06:51 PM 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
06/20/2008 06:59 PM 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
04/20/2006 06:51 PM 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys
04/20/2006 06:51 PM 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@Sat 08-23-2008_14.49.59.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-05-25 21:16:24 75,544 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 12:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-27 08:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 08:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-05 13:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 06:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-02 11:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-02 11:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-06 06:17:40 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 04:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
+ 2007-07-30 12:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-30 12:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
+ 2004-12-07 04:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
- 2005-05-25 21:16:30 465,176 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 12:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2005-05-25 21:16:30 124,184 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 12:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2005-05-25 21:16:30 1,343,768 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 12:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2005-05-25 21:16:30 127,256 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 12:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2005-05-25 21:16:30 41,240 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 12:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2005-05-25 21:16:30 18,200 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2007-07-30 12:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [07/01/2005 10:02 PM 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [09/14/2007 01:49 PM 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/23/2006 02:39 AM 282624]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM 213936]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [11/14/2007 03:05 PM 1410304]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 PM 6731312]
"protect_autorun"="C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe" [04/04/2008 10:44 AM 139264]
"SoundMan"="soundman.exe" [02/05/2002 04:15 AM 128259 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [07/01/2005 10:02 PM 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2549-07-18 18:25:07 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2547-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax
"msacm.divxa32"= msaud32_divx.acm
"MSACM.MSNAUDIO"= msnaudio.acm
"vidc.RMP4"= rmp4.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 08/18/2006 04:58 PM 49152 C:\WINDOWS\Domino.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [11/14/2007 03:06 PM]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 22:46:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Completion time: 08/23/2008 22:54:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-23 15:54:27
ComboFix2.txt 2008-08-23 07:50:39
ComboFix3.txt 2008-08-19 15:24:27

Pre-Run: 2,429,751,296 bytes free
Post-Run: 2,127,953,920 bytes free

765

------------------------

My lastest HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 23:16:58, on 2551-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\soundman.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 58.253.71.248:80
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [protect_autorun] C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe /start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

----------------------------

Thank you very much :)

tetonbob · 08-23-2008, 10:38 AM

There should be on your desktop a file named similar to this:

[4]-Submit***.***.zip

Please upload that file here:

http://www.bleepingcomputer.com/subm....php?channel=4

Let me know when it's been uploaded, please.

Look at what's in the BitComet folder...

Please be more careful about what you download and execute on your machine in the future.

bluewator · 08-23-2008, 07:44 PM

Already uploaded the zip file. Thank you :)

tetonbob · 08-23-2008, 08:02 PM

Good job, thanks.

Please delete [4]-Submit_Sat-08-23-2008@22.34.zip from your desktop, and empty the recycle bin.

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to

-> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
Winpatrol

Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
- Once updated you should see another prompt that the task was completed.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Do not install more than one AntiVirus program because they will conflict with each other.
FIREWALL
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here

Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

bluewator · 08-23-2008, 09:34 PM

Everything is ok now. Thank you very much for your kindly help.

tetonbob · 08-23-2008, 09:35 PM

You're quite welcome.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.

08-19-2008, 09:10 AM	#1 (permalink)
bluewator Registered User Join Date: Dec 2007 Posts: 12 OS: Windows XP SP2	HIJACKTHIS LOG Please kindly help Dear Tech Support Analysts I've been struck by malware attack resulting in the following: Multiple IE's opening (URLs: pcprivacycleaner.com scannerend.com and others) Fake Window Security Alert dialogues popping up I’m trying to fix this with many Anti-spyware programs, but the problem can’t be fixed. I really hope you can help me out Regards, Panupun My Hi Jack log ………………… Logfile of HijackThis v1.99.1 Scan saved at 21:40:39, on 2551-08-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\soundman.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 58.253.71.248:80 O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [protect_autorun] C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe /start O4 - HKLM\..\Run: [BM0b3c1fb1] Rundll32.exe "C:\WINDOWS\system32\glbypncm.dll",s O4 - HKLM\..\Run: [080f2c2d] rundll32.exe "C:\WINDOWS\system32\sabfmqyb.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Security Service (WYQE) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing) ………… My fixwareout text. Username "Administrator" - 08/19/2008 21:49:25 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "SoundMan"="soundman.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "ISUSPM"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler" "egui"="\"C:\\Program Files\\Eset\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "protect_autorun"="C:\\Documents and Settings\\Administrator\\Desktop\\CPE17AntiAutorun1330.exe /start" "BM0b3c1fb1"="Rundll32.exe \"C:\\WINDOWS\\system32\\glbypncm.dll\",s" "080f2c2d"="rundll32.exe \"C:\\WINDOWS\\system32\\sabfmqyb.dll\",b" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ My combofix text …………………… ComboFix 07-06-21.3 - C:\Documents and Settings\Administrator\Desktop\ComboFix.exe "Administrator" - 2008-08-19 21:57:11 - Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt ((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 ))))))))))))))))))))))))))))))) 2008-08-19 21:37 107,520 --a------ C:\WINDOWS\system32\jrjhrj.dll 2008-08-19 21:36 107,520 --a------ C:\WINDOWS\system32\uygqdmqy.dll 2008-08-19 21:34 84,480 --a------ C:\WINDOWS\system32\sabfmqyb.dll 2008-08-19 21:34 2,048 --a------ C:\WINDOWS\system32\qcpdruwv.exe 2008-08-19 21:33 93,696 --a------ C:\WINDOWS\system32\glbypncm.dll 2008-08-19 20:32 <DIR> d-------- C:\Program Files\RogueRemover FREE 2008-08-18 21:37 84,992 --a------ C:\WINDOWS\system32\yptexrec.dll 2008-08-18 21:34 2,048 --a------ C:\WINDOWS\system32\nlrhpsjk.exe 2008-08-18 21:33 106,496 --a------ C:\WINDOWS\system32\sysukahh.dll 2008-08-18 21:33 106,496 --a------ C:\WINDOWS\system32\asrmxa.dll 2008-08-18 21:32 94,208 --a------ C:\WINDOWS\system32\okehteqj.dll 2008-08-17 17:59 2,238 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-17 10:07 119,808 --a------ C:\WINDOWS\system32\ibrrypuq.dll 2008-08-17 08:12 85,504 --a------ C:\WINDOWS\system32\qqhmqosd.dll 2008-08-17 08:12 107,008 --a------ C:\WINDOWS\system32\ycvjcuwl.dll 2008-08-17 08:12 107,008 --a------ C:\WINDOWS\system32\fnndda.dll 2008-08-17 08:09 2,048 --a------ C:\WINDOWS\system32\bwdtpbud.exe 2008-08-17 08:07 93,184 --a------ C:\WINDOWS\system32\vquvmisr.dll 2008-08-16 22:04 119,808 --a------ C:\WINDOWS\system32\viphriuc.dll 2008-08-16 22:03 119,808 --a------ C:\WINDOWS\system32\sahyexeq.dll 2008-08-16 22:01 93,184 --a------ C:\WINDOWS\system32\xvdvbnud.dll 2008-08-16 22:00 373,223 --ahs---- C:\WINDOWS\system32\qAKQAcfe.ini2 2008-08-16 21:59 249,344 --a------ C:\WINDOWS\system32\efcAQKAq.dll 2008-08-16 21:54 39,424 --a------ C:\WINDOWS\system32\yayvULcD.dll 2008-08-16 21:54 39,424 --a------ C:\WINDOWS\system32\yayaBQJb.dll 2008-08-16 21:54 39,424 --a------ C:\WINDOWS\system32\vtUlKDts.dll 2008-08-16 21:54 39,424 --a------ C:\WINDOWS\system32\ljJAQKbC.dll 2008-08-16 21:54 39,424 --a------ C:\WINDOWS\system32\hgGxWqpP.dll 2008-08-16 21:54 39,424 --a------ C:\WINDOWS\system32\hgGxWmmJ.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-07-13 13:50:42 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX 2008-07-12 17:33:08 -------- d-----w C:\Program Files\DivX 2008-06-24 15:38:42 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\FFSJ 2008-06-18 17:52:28 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-06-11 00:07:24 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-06-11 00:07:20 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-06-11 00:04:26 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-06-11 00:04:26 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-06-11 00:03:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-06-11 00:03:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-06-11 00:03:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-06-11 00:03:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-06-11 00:03:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-06-11 00:03:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-06-11 00:03:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-06-11 00:03:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-06-11 00:03:20 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-06-11 00:03:20 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-06-11 00:03:20 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-06-11 00:03:20 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-06-11 00:03:18 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-05-22 22:18:54 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-03-09 08:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {0CA5F609-5E95-4AEF-9088-788E77EB4E33}=C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\64177QTR\3077htsbdjyf[1].dll [] {1A4A235E-F82F-423B-B0C9-0AA9569CB007}=C:\WINDOWS\system32\efcAQKAq.dll [2008-08-16 22:00] {4FFE5782-19F4-42CB-918A-0B88D8E7606e}=C:\WINDOWS\system32\ibrrypuq.dll [2008-08-17 10:08] {7543347C-E33D-49FE-B2F0-580DAF43F608}=C:\WINDOWS\system32\yayvULcD.dll [2008-08-16 21:54] {dfa4f453-1bc9-4c33-94a5-a3d6bfbfe077}=C:\WINDOWS\system32\jrjhrj.dll [2008-08-19 21:37] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2002-02-05 04:15 C:\WINDOWS\soundman.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-23 02:39] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34] "egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 16:25] "protect_autorun"="C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe" [2008-04-04 10:44] "BM0b3c1fb1"="C:\WINDOWS\system32\glbypncm.dll" [2008-08-19 21:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-07-01 22:02] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-09-14 13:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"=0 (0x0) "SynchronousUserGroupPolicy"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRemoteRecursiveEvents"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 19:29] "{7543347C-E33D-49FE-B2F0-580DAF43F608}"="C:\WINDOWS\system32\yayvULcD.dll" [2008-08-16 21:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvULcD] yayvULcD.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 C:\WINDOWS\system32\efcAQKAq [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino] C:\WINDOWS\Domino.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Adobe LM Service"=3 (0x3) ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-19 22:01:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2008-08-19 22:03:24 C:\ComboFix2.txt ... 2008-08-18 21:55 C:\ComboFix3.txt ... 2008-08-17 09:40 --- E O F ---

08-21-2008, 09:57 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,581 OS: 2000 Pro; XP Pro; XP Home	Re: HIJACKTHIS LOG Please kindly help Hello, bluewator - The version of ComboFix you have is badly outdated. Delete it immediately, please. FixWareout is intended for a specific infection, and you should not just be throwing dedicated tools at your machine without foreknowledge of what they do, or what they're used for. Please delete it. You did not complete your last thread here, do you intend to see this through to the end, when you're given the "all clear"? If so, I'll be glad to help you. I'll also want to help you understand how to prevent this from happening again, since part of our intent here is to educate our members about securing their machines, and having them examine their online behavior. Unlike other sections of TSF, we in this section hope our members only visit once, get cleaned up, protected, and we never see them in this section again. We do hope our members enjoy the rest of the forums as much as they like! For now, I need a bit more information. Please download HijackThis to your desktop Alternate link Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Upon install, HijackThis should open for you. Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. 3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless. --------------------------------------------------------------------------------------------- Create an uninstall list: With HiJackThis still open Click on the configure button on the bottom right Click on the tab "Misc Tools" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" Copy and past the List from the notepad file into your post --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

08-22-2008, 08:20 AM	#3 (permalink)
bluewator Registered User Join Date: Dec 2007 Posts: 12 OS: Windows XP SP2	Re: HIJACKTHIS LOG Please kindly help Dear tetonbob, Thank you for your answer. Combofix and Fixwareout were deleted. This is my new HijackLOG .... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:07:03, on 2551-08-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\soundman.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 58.253.71.248:80 O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [protect_autorun] C:\Documents and Settings\Administrator\Desktop\CPE17AntiAutorun1330.exe /start O4 - HKLM\..\Run: [080f2c2d] rundll32.exe "C:\WINDOWS\system32\hgoqlmfx.dll",b O4 - HKLM\..\Run: [BM0b3c1fb1] Rundll32.exe "C:\WINDOWS\system32\aoiblmwb.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Security Service (WYQE) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing) -- End of file - 4931 bytes I do proceed following step, but there's nothing happen when click on the button "Save list" Create an uninstall list: With HiJackThis still open Click on the configure button on the bottom right Click on the tab "Misc Tools" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" Copy and past the List from the notepad file into your post ---------------------------------------- I'll look forward to see your answer. Thank you :)

08-22-2008, 08:47 AM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,581 OS: 2000 Pro; XP Pro; XP Home	Re: HIJACKTHIS LOG Please kindly help Hi - When you click on "Save List" you don't see this open up? <image removed> __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009 Last edited by tetonbob; 08-22-2008 at 09:06 AM. Reason: image removed to shorten thread

08-22-2008, 08:57 AM	#5 (permalink)
bluewator Registered User Join Date: Dec 2007 Posts: 12 OS: Windows XP SP2	Re: HIJACKTHIS LOG Please kindly help No, there's really nothing happen when I click save list. I don't know why. Last edited by tetonbob; 08-22-2008 at 09:06 AM. Reason: image removed to shorten thread

08-22-2008, 09:05 AM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,581 OS: 2000 Pro; XP Pro; XP Home	Re: HIJACKTHIS LOG Please kindly help Ok, well, we can get that information another way. Let's see about cleaning the machine of it's infections. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return. Once the Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. Also.... Please go to Start > Run and copy/paste the following, then press Enter: C:\QooBox\Add-Remove Programs.txt A text file should open. Please post the contents of that file in your next reply. If you have any questions along the way, STOP and ask them before proceeding. So, please return with logs from: ComboFix (C;\ComboFix.txt if it's been closed) HijackThis Add-Remove Programs.txt __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

08-23-2008, 02:05 AM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,581 OS: 2000 Pro; XP Pro; XP Home	Re: HIJACKTHIS LOG Please kindly help Looks much better. P2P - I see you have P2P software ( BitComet ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. References for the risk of these programs are here, here and here. I would strongly recommend that you uninstall this. You can do so via Control Panel >> Add or Remove Programs. --------------------------------------------------------------------------------------------- Go here to run an online scannner from ESET. Note: You will need to use Internet explorer for this scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic and also let me know how things are now. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

08-23-2008, 07:13 AM	#9 (permalink)
bluewator Registered User Join Date: Dec 2007 Posts: 12 OS: Windows XP SP2	Re: HIJACKTHIS LOG Please kindly help I uninstalled Bit Comet by going Control Panel >> Add or Remove Programs, but bit comet folder is still in program file. Anyway, this is a log from ESET # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3381 (20080822) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=e4f21857e94b5f4986b4929d9eace349 # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2551-08-23 01:00:03 # local_time=2551-08-23 08:00:03 (+0700, SE Asia Standard Time) # country="Thailand" # osver=5.1.2600 NT Service Pack 2 # scanned=191779 # found=11 # scan_time=5572 # nod_component=V3 Build:0x30000000 () C:\info.exe Win32/TrojanProxy.Fackemo.B trojan 173A060ED791E620C2EC84D7B360ED60 C:\Program Files\BitComet\Downloads\Winamp 5.32 Pro - Full + Keygen.rar probably a variant of Win32/Agent trojan 2DDC83E66E3D5E1EDF10A8C32D95A2C5 C:\Program Files\BitComet\Downloads\Winamp 5.32 Pro - Full + Keygen.rar ?RAR ?Winamp 5.32 Pro + Keygen\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 C:\QooBox\Quarantine\C\WINDOWS\system32\aparlhic.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31 C:\QooBox\Quarantine\C\WINDOWS\system32\bwdtpbud.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31 C:\QooBox\Quarantine\C\WINDOWS\system32\nlrhpsjk.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31 C:\QooBox\Quarantine\C\WINDOWS\system32\pivbtihx.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31 C:\QooBox\Quarantine\C\WINDOWS\system32\qcpdruwv.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31 C:\QooBox\Quarantine\C\WINDOWS\system32\uqcryxso.exe.vir Win32/Adware.Virtumonde application 134346ACD9DD7FA8305CC02D66B86D31 C:\WINDOWS\system32\TmpX.exe probably a variant of Win32/Delf trojan D6CAA252FCCC412959B6A1430AFB928C C:\WINDOWS\system32\wink2.exe probably a variant of Win32/Spy.KeyLogger trojan EAA7F184A1EEB060945C3B113E5EB856 ------------------------------ Thank you :)

08-23-2008, 07:16 AM	#10 (permalink)
bluewator Registered User Join Date: Dec 2007 Posts: 12 OS: Windows XP SP2	Re: HIJACKTHIS LOG Please kindly help And there's no pop up windows open up now. Last edited by bluewator; 08-23-2008 at 07:18 AM.

08-23-2008, 10:38 AM	#13 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,581 OS: 2000 Pro; XP Pro; XP Home	Re: HIJACKTHIS LOG Please kindly help There should be on your desktop a file named similar to this: [4]-Submit*..zip Please upload that file here: http://www.bleepingcomputer.com/subm....php?channel=4 Let me know when it's been uploaded, please. Look at what's in the BitComet folder... Please be more careful about what you download and execute on your machine in the future. __________________ Practice Safe Surfing* PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

08-23-2008, 07:44 PM	#14 (permalink)
bluewator Registered User Join Date: Dec 2007 Posts: 12 OS: Windows XP SP2	Re: HIJACKTHIS LOG Please kindly help Already uploaded the zip file. Thank you :)

08-23-2008, 08:02 PM	#15 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,581 OS: 2000 Pro; XP Pro; XP Home	Re: HIJACKTHIS LOG Please kindly help Good job, thanks. Please delete [4]-Submit_Sat-08-23-2008@22.34.zip from your desktop, and empty the recycle bin. Your logs appear clean.You should be good to go. We still have a few items to address. Go to -> Run -> copy/paste in the following single line command & click OK combofix /u This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs: Microsoft Windows Update - http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items Winpatrol Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here. You can get a free copy of Winpatrol or use the Plus version for more features. You can read Winpatrol's FAQ if you run into problems. MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. Once updated you should see another prompt that the task was completed. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. Do not install more than one AntiVirus program because they will conflict with each other. FIREWALL Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here Do not install more than one firewall program because they will conflict with each other. Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer Here are some additional utilities that will further enhance your safety. http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

08-23-2008, 09:34 PM	#16 (permalink)
bluewator Registered User Join Date: Dec 2007 Posts: 12 OS: Windows XP SP2	Re: HIJACKTHIS LOG Please kindly help Everything is ok now. Thank you very much for your kindly help.

08-23-2008, 09:35 PM	#17 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,581 OS: 2000 Pro; XP Pro; XP Home	Re: HIJACKTHIS LOG Please kindly help You're quite welcome. Surf Safely, and Think Prevention! Since this issue is resolved, this topic will be archived. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009