Can't remove TROJ_VUNDO.ANL found on my PC [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Can't remove TROJ_VUNDO.ANL found on my PC [Solved]

Options

Teddy Ted View Member Profile	May 1 2009, 05:11 AM Post #1
New Member Posts: 6 OS: Windows XP SP2	Hey guys, I've tried to remove this malware (TROJ_VUNDO.ANL) with several programs (Trend Micro housecall 6.5 online, Superantispyware, Comodo, Malwarebytes) but none worked. Therefore I decided to ask for some professional help. Here is the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:56:21 PM, on 5/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Software\Comodo\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Software\AsusDVD\PDVDServ.exe D:\Software\COMODO~1\BOC425.exe D:\Jocuri\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Software\RivaTuner v2.21\RivaTuner.exe D:\Software\Comodo\COMODO Internet Security\cfp.exe D:\Jocuri\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\ctfmon.exe D:\Jocuri\DAEMON Tools Lite\daemon.exe D:\Software\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\svchost.exe D:\Software\ComodoBOClean\BOCORE.exe D:\Jocuri\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Firefox\firefox.exe D:\Jocuri\Java\jre6\bin\java.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Maria\LOCALS~1\Temp\Rar$EX00.032\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 86.121.4.105:80 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll F3 - REG:win.ini: load= F3 - REG:win.ini: run= O1 - Hosts: 75.125.177.50 l2authd.lineage2.com O1 - Hosts: 75.125.177.50 l2testauthd.lineage2.com O1 - Hosts: 216.107.250.194 nprotect.lineage2.com O1 - Hosts: 216.107.250.194 update.nprotect.com O1 - Hosts: 216.107.250.194 update.nprotect.net O2 - BHO: (no name) - {0140E6A5-5103-4FAD-906B-5535E0B8B10b} - C:\WINDOWS\system32\tnbijehy.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Jocuri\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Jocuri\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {6C1BE049-16A8-442F-8C8C-9D79C90820AF} - c:\windows\system32\ebqtqug.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Software\Free Download Manager\iefdmcks.dll (file missing) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Jocuri\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Jocuri\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] D:\Software\AsusDVD\PDVDServ.exe O4 - HKLM\..\Run: [BOC-425] D:\Software\COMODO~1\BOC425.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [YSearchProtection] "D:\Jocuri\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Software\RivaTuner v2.21\RivaTuner.exe" /S O4 - HKLM\..\Run: [RivaTuner] "D:\Software\RivaTuner v2.21\RivaTuner.exe" /T O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\QT\qttask.exe" -atboottime O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Software\Comodo\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Jocuri\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Jocuri\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Search Protection] D:\Jocuri\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [RGSC] D:\Jocuri\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Software\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Jocuri\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Software\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Software\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://D:\Software\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Jocuri\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188500935484 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - D:\Software\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ivujxwjz - C:\WINDOWS\SYSTEM32\ebqtqug.dll O20 - Winlogon Notify: urqQkiff - urqQkiff.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BOCore - COMODO - D:\Software\ComodoBOClean\BOCORE.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Software\Comodo\COMODO Internet Security\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Jocuri\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 11210 bytes Should you need more information, please let me know. If there is any other post which could help me to remove the infection, please post it here the link (there are a lot and I don't know what exactly to look for on this forum). Thanks in advance for your help. TT

CatByte View Member Profile	May 1 2009, 02:37 PM Post #2
Trusted Helper Posts: 914 From: Canada OS: XP SP3	Hi, Please do the following: Download ComboFix from one of these locations: Link 1 Link 2 Link 3 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now**

Teddy Ted View Member Profile	May 1 2009, 04:55 PM Post #3
New Member Posts: 6 OS: Windows XP SP2	Thanks for the quick reply! Here it is the log: ComboFix 09-05-02.3 - Maria 05/02/2009 1:14.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1602 [GMT 3:00] Running from: c:\documents and settings\Maria\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090501-0] On-access scanning disabled (Updated) AV: COMODO Antivirus On-access scanning enabled (Updated) FW: COMODO Firewall enabled WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Maria\Application Data\addons.dat c:\windows\pskt.ini c:\windows\system32\aspi32.exe c:\windows\system32\BReWErS.dll c:\windows\system32\drivers\ovfsthxmjuiybiw.sys c:\windows\system32\dsmletxa.ini c:\windows\system32\ebqtqug.dll c:\windows\system32\fcfrgfic.ini c:\windows\system32\gevjbdef.ini c:\windows\system32\kfibhhgu.ini c:\windows\system32\ovfsthxdhkpouwt.dat c:\windows\system32\ovfsthxeexnoisv.dll c:\windows\system32\ovfsthxiplrrndp.dll c:\windows\system32\ovfsthxiwtspkyf.dll c:\windows\system32\ovfsthxkdsbatmn.dll c:\windows\system32\ovfsthxlxbftprq.dat c:\windows\system32\ovfsthxqjmtnejr.dat c:\windows\system32\ovfsthxrsbvpwbe.dat c:\windows\system32\ovfsthxucimbhab.dll c:\windows\system32\ovfsthxudlxrmup.dll c:\windows\system32\tmp17.tmp c:\windows\system32\tmp81.tmp c:\windows\system32\tmp82.tmp c:\windows\system32\uutabpdt.ini c:\windows\system32\wkldmjon.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ovfsthxoetwmixf -------\Legacy_MWQPVLZR -------\Service_mwqpvlzr ((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 ))))))))))))))))))))))))))))))) . 2009-05-01 08:15 . 2009-05-01 11:08 -------- d-----w c:\documents and settings\Maria\.housecall6.6 2009-05-01 08:14 . 2009-05-01 08:14 -------- d-----w c:\windows\Sun 2009-05-01 07:49 . 2009-05-01 07:49 6853096 ----a-w C:\SpyHunter-Compact-OS.exe 2009-05-01 07:48 . 2009-05-01 07:48 -------- d-----w d:\jocuri\Enigma Software Group 2009-04-30 08:04 . 2009-04-30 08:04 -------- d-----w c:\documents and settings\Maria\Application Data\upzmbhzc 2009-04-30 08:04 . 2009-04-30 08:04 -------- d-----w c:\documents and settings\Maria\Local Settings\Application Data\upzmbhzc 2009-04-30 08:01 . 2009-04-30 08:01 -------- d-----w c:\documents and settings\NetworkService\Application Data\upzmbhzc 2009-04-30 08:01 . 2009-04-30 08:01 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\upzmbhzc 2009-04-20 11:01 . 2009-04-20 11:01 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache 2009-04-20 10:23 . 2009-04-20 10:23 -------- d-----w d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi 2009-04-20 10:03 . 2009-04-20 10:03 -------- d-----w d:\jocuri\Wonderlines 2009-04-20 09:44 . 2009-04-20 09:44 -------- d-----w c:\documents and settings\Maria\Saved Games 2009-04-20 09:44 . 2009-04-20 09:44 -------- d-----w c:\documents and settings\Maria\Local Settings\Application Data\Oberon Games 2009-04-20 09:44 . 2009-04-20 09:44 -------- d-----w d:\jocuri\Scrubbles 2009-04-19 19:12 . 2009-04-19 19:12 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-19 19:02 . 2009-04-19 19:12 -------- d-----w d:\jocuri\Java 2009-04-19 19:02 . 2009-04-19 19:02 -------- d-----w c:\documents and settings\Maria\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020} 2009-04-19 13:18 . 2009-04-19 13:18 -------- d-----w c:\documents and settings\Maria\Local Settings\Application Data\Aspyr 2009-04-17 11:11 . 2009-04-17 11:11 -------- d-----w c:\documents and settings\Maria\Application Data\Red Kawa 2009-04-17 11:11 . 2009-04-17 11:11 -------- d-----w d:\jocuri\AviSynth 2.5 2009-04-17 11:11 . 2009-04-17 11:11 -------- d-----w C:\Software 2009-04-16 15:33 . 2009-04-16 15:33 -------- d-----w c:\documents and settings\Maria\Application Data\fretsonfire 2009-04-16 15:18 . 2009-04-16 15:23 -------- d-----w d:\jocuri\Frets on Fire 2009-04-14 18:17 . 2009-04-14 18:17 41808 ----a-w c:\windows\system32\xfcodec.dll 2009-04-13 16:40 . 2009-04-13 16:40 -------- d-----w c:\documents and settings\Maria\Application Data\Saved Games 2009-04-12 16:07 . 2009-04-12 20:25 -------- d-----w c:\documents and settings\Maria\Application Data\Ubisoft 2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft 2009-04-12 13:32 . 2009-04-12 13:36 -------- d-----w c:\documents and settings\All Users\Application Data\Tages 2009-04-11 14:56 . 2009-04-11 14:56 -------- d-----w c:\documents and settings\Maria\Application Data\Switchball 2009-04-11 14:52 . 2009-04-11 14:52 -------- d-----w d:\jocuri\Sierra Online 2009-04-09 09:35 . 2009-04-10 08:10 -------- d-----w d:\jocuri\VirtualDJ 2009-04-09 08:38 . 2009-04-09 08:38 -------- d-----w c:\program files\Common Files\Native Instruments 2009-04-09 08:13 . 2009-04-09 08:38 -------- d-----w d:\jocuri\Native Instruments 2009-04-05 15:58 . 2009-04-05 15:58 -------- d-----w d:\jocuri\Midnight Racing 2009-04-05 15:36 . 2009-04-30 17:10 -------- d-----w d:\jocuri\GP Vs Superbike 2009-04-03 06:25 . 2009-04-03 06:26 -------- d-----w d:\jocuri\Pet Racer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-01 22:23 . 2007-08-30 18:07 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-05-01 22:09 . 2009-02-03 20:20 303920 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-30 22:46 . 2007-09-20 18:19 -------- d-----w d:\jocuri\Holly cards 2009-04-30 17:09 . 2007-12-27 12:12 -------- d--h--w d:\jocuri\InstallShield Installation Information 2009-04-30 17:07 . 2008-10-08 17:34 -------- d-----w d:\jocuri\Image-Line 2009-04-30 17:07 . 2008-07-07 09:33 -------- d-----w d:\jocuri\Kontiki 2009-04-24 07:22 . 2008-03-07 21:47 270 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job 2009-04-19 10:59 . 2007-09-01 14:06 189072 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-19 10:49 . 2007-09-01 14:07 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-19 07:02 . 2007-08-30 19:25 -------- d-----w d:\jocuri\EVE 2009-04-18 18:52 . 2007-09-20 18:24 -------- d-----w d:\jocuri\Holly board 2009-04-18 10:27 . 2008-08-07 12:50 -------- d-----w d:\jocuri\PKR 2009-04-17 17:07 . 2008-01-28 17:35 75064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-04-12 13:01 . 2008-01-08 15:51 279712 ----a-w c:\windows\system32\drivers\atksgt.sys 2009-04-10 17:17 . 2008-05-17 17:36 -------- d-----w d:\jocuri\Yahoo! 2009-04-10 05:21 . 2007-08-30 18:28 65984 ----a-w c:\documents and settings\Maria\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-30 18:57 . 2007-09-15 14:22 22328 ----a-w c:\documents and settings\Maria\Application Data\PnkBstrK.sys 2009-03-30 18:57 . 2007-11-17 13:45 682280 ----a-w c:\windows\system32\pbsvc.exe 2009-03-29 09:44 . 2009-02-15 08:33 -------- d-----w d:\jocuri\Lavasoft 2009-03-29 07:08 . 2009-03-29 07:08 -------- d-----w d:\jocuri\Advent Rising 2009-03-22 11:17 . 2007-09-01 13:05 -------- d-----w d:\jocuri\Fear Combat 2009-03-11 10:42 . 2009-03-11 10:42 -------- d-----w d:\jocuri\Cake Mania 3 2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll 2009-03-05 20:04 . 2007-09-20 18:12 -------- d-----w d:\jocuri\Holly puzzle 2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-03-02 21:00 . 2008-11-14 17:36 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys 2009-03-02 20:59 . 2008-11-14 17:36 155384 ----a-w c:\windows\system32\guard32.dll 2009-03-02 20:59 . 2008-11-14 17:36 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys 2009-02-22 11:48 . 2004-08-04 12:00 135680 ----a-w c:\windows\system32\taskmgr.exe 2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-15 08:34 . 2009-02-15 08:35 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-02-09 10:20 . 2004-08-04 12:00 723456 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:20 . 2004-08-04 12:00 399360 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:20 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:20 . 2004-08-04 12:00 616960 ----a-w c:\windows\system32\advapi32.dll 2009-02-06 17:14 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 16:54 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 20:08 . 2004-08-04 12:00 55808 ----a-w c:\windows\system32\secur32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 224248] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "DAEMON Tools Lite"="d:\jocuri\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856] "Search Protection"="d:\jocuri\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "RGSC"="d:\jocuri\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-02-11 306088] "SUPERAntiSpyware"="d:\software\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-30 1830128] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="d:\software\AsusDVD\PDVDServ.exe" [2004-11-02 32768] "BOC-425"="d:\software\COMODO~1\BOC425.exe" [2007-08-08 338432] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824] "YSearchProtection"="d:\jocuri\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "RivaTunerStartupDaemon"="d:\software\RivaTuner v2.21\RivaTuner.exe" [2008-12-10 2732032] "RivaTuner"="d:\software\RivaTuner v2.21\RivaTuner.exe" [2008-12-10 2732032] "QuickTime Task"="c:\program files\QT\qttask.exe" [2008-09-06 413696] "COMODO Internet Security"="d:\software\Comodo\COMODO Internet Security\cfp.exe" [2009-03-02 1851128] "SunJavaUpdateSched"="d:\jocuri\Java\jre6\bin\jusched.exe" [2009-04-19 148888] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - d:\jocuri\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 87040] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\software\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 09:05 356352 ----a-w d:\software\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "d:\\Jocuri\\Fear Combat\\FEARMP.exe"= "d:\\Software\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "e:\\Jocuri\\CRYTEK\\Crysis\\Bin32\\Crysis.exe"= "e:\\Jocuri\\CRYTEK\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "d:\\Software\\Xfire\\xfire.exe"= "c:\\Program Files\\GTactix\\GTactix.exe"= "d:\\Jocuri\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.8\\cnc3game.dat"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Jocuri\\EVE\\bin\\ExeFile.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "e:\\Jocuri\\Codemasters\\GRID\\GRID.exe"= "d:\\Jocuri\\Fear Combat\\FEARServer.exe"= "e:\\Jocuri\\CoD4\\iw3mp.exe"= "d:\\Jocuri\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "d:\\Jocuri\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "d:\\Jocuri\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "d:\\Jocuri\\Electronic Arts\\Dead Space\\Dead Space.exe"= "e:\\Jocuri\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"= "d:\\Jocuri\\EVE\\eve.exe"= "e:\\Jocuri\\Left4Dead\\hl2.exe"= "d:\\Software\\garena\\Garena.exe"= "d:\\Software\\StrongDC\\StrongDC.exe"= "d:\\Jocuri\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutLauncher.exe"= "d:\\Jocuri\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutConfigTool.exe"= "d:\\Jocuri\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutParadise.exe"= "d:\\Jocuri\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "d:\\Jocuri\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "d:\\Jocuri\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "e:\\Jocuri\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "e:\\Jocuri\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "d:\\Jocuri\\VirtualDJ\\virtualdj_trial.exe"= "e:\\Jocuri\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "e:\\Jocuri\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "e:\\Jocuri\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "e:\\Jocuri\\Aspyr\\Guitar Hero III\\GH3.exe"= "e:\\Jocuri\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "d:\\Jocuri\\Skype\\Phone\\Skype.exe"= R3 GarenaPEngine;GarenaPEngine; [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-02-15 64160] S1 aswSP;avast! Self Protection; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-03-02 110992] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-03-02 24336] S1 SASDIFSV;SASDIFSV;d:\software\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-27 9968] S1 SASKUTIL;SASKUTIL;d:\software\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S2 BOCore;BOCore;d:\software\ComodoBOClean\BOCORE.exe [2007-08-07 69632] S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2004-08-04 14336] S3 SASENUM;SASENUM;d:\software\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a8246c8-5977-11dc-bb0d-0018f3be6ca1}] \Shell\AutoRun\command - H:\Startup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{516c20c1-573b-11dc-a5cf-806d6172696f}] \Shell\AutoRun\command - f:\bin\Assetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18D4A75C-FF42-2E11-BB1E-00840E3BE400}] d:\jocuri\registery\svchost.exe s . Contents of the 'Scheduled Tasks' folder 2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job - d:\jocuri\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . - - - - ORPHANS REMOVED - - - - BHO-{0140E6A5-5103-4FAD-906B-5535E0B8B10b} - c:\windows\system32\tnbijehy.dll BHO-{6C1BE049-16A8-442F-8C8C-9D79C90820AF} - c:\windows\system32\ebqtqug.dll HKLM-Run-C6501Sound - c6501.cpl Notify-urqQkiff - urqQkiff.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyServer = 86.121.4.105:80 uSearchURL,(Default) = hxxp://www.google.ro IE: Download all with Free Download Manager - file://d:\software\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://d:\software\Free Download Manager\dlselected.htm IE: Download with Free Download Manager - file://d:\software\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} - hxxp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab FF - ProfilePath - c:\documents and settings\Maria\Application Data\Mozilla\Firefox\Profiles\toj33yrl.default\ FF - prefs.js: browser.search.selectedEngine - Amazon.com FF - prefs.js: keyword.enabled - false FF - plugin: c:\program files\Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin2.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin3.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin4.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin5.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin6.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin7.dll FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll . . ------- File Associations ------- . txtfile=c:\windows\NOTEPAD.EXE %1 . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-02 01:24 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1275210071-2077806209-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1275210071-2077806209-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:66,fb,87,1b,67,01,b0,be,9e,3b,9f,f2,8a,44,29,fb,cf,67,6e,0d,b6,3a,57, bf,a9,df,ac,22,54,c9,66,bb,51,60,28,c0,3f,36,bc,b4,44,71,03,2b,45,d2,58,e7,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-1275210071-2077806209-725345543-1004\Software\SecuROM\License information] "datasecu"=hex:10,f2,5d,ba,f9,67,8d,20,b9,ff,3b,45,fb,3f,8a,c1,19,0a,d2,69,9c, 60,7a,8d,51,e8,51,92,2d,b4,0c,f9,10,57,1c,b3,3e,f4,c0,c4,61,32,0b,ae,9c,87,\ "rkeysecu"=hex:8d,ab,5f,0a,e2,3f,2b,4c,6f,e4,9c,1f,c4,b7,e4,3e . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(788) c:\windows\system32\guard32.dll d:\software\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'lsass.exe'(848) c:\windows\system32\guard32.dll - - - - - - - > 'explorer.exe'(1176) c:\windows\system32\guard32.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll d:\software\CreativeLabs\NOMAD Explorer\CTJBNS.DLL d:\software\CreativeLabs\NOMAD Explorer\CTIntrfc.dll d:\software\CreativeLabs\NOMAD Explorer\JBNSHK.dll d:\software\CreativeLabs\NOMAD Explorer\JBNSRES.DLL c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . d:\software\Comodo\COMODO Internet Security\cmdagent.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe d:\jocuri\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe . ************************************************************************* . Completion time: 2009-05-01 1:40 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-01 22:40 Pre-Run: 8,915,894,272 bytes free Post-Run: 12,899,594,240 bytes free 332 --- E O F --- 2009-04-17 07:59

CatByte View Member Profile	May 1 2009, 05:09 PM Post #4
Trusted Helper Posts: 914 From: Canada OS: XP SP3	Hi, Please do the following: Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Copy/paste the text inside the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy') CODE Folder:: c:\documents and settings\Maria\Application Data\upzmbhzc c:\documents and settings\Maria\Local Settings\Application Data\upzmbhzc c:\documents and settings\NetworkService\Application Data\upzmbhzc c:\documents and settings\NetworkService\Local Settings\Application Data\upzmbhzc d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi d:\jocuri\Wonderlines Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a8246c8-5977-11dc-bb0d-0018f3be6ca1}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{516c20c1-573b-11dc-a5cf-806d6172696f}] Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste') Save this file to your desktop, Save this as "CFScript" Here's how to do that: 1.Click File; 2.Click Save As... Change the directory to your desktop; 3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript 5.Click Save ... * Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. * ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. * When finished, it shall produce a log for you. * Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. NOTE: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Teddy Ted View Member Profile	May 2 2009, 01:32 AM Post #5
New Member Posts: 6 OS: Windows XP SP2	Hi again, And thank you again! I performed the next steps and this is the new log: ComboFix 09-05-02.3 - Maria 05/02/2009 10:23.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1623 [GMT 3:00] Running from: c:\documents and settings\Maria\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Maria\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090501-0] On-access scanning disabled (Updated) AV: COMODO Antivirus On-access scanning enabled (Updated) FW: COMODO Firewall enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Maria\Application Data\upzmbhzc c:\documents and settings\Maria\Application Data\upzmbhzc\profiles.ini c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\cert8.db c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\compatibility.ini c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\compreg.dat c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\cookies.sqlite c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\formhistory.sqlite c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\key3.db c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\localstore.rdf c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\permissions.sqlite c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\places.sqlite-journal c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\places.sqlite c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\pluginreg.dat c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\prefs.js c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\secmod.db c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\webappsstore.sqlite c:\documents and settings\Maria\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\xpti.dat c:\documents and settings\Maria\Local Settings\Application Data\upzmbhzc c:\documents and settings\Maria\Local Settings\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\urlclassifier3.sqlite c:\documents and settings\Maria\Local Settings\Application Data\upzmbhzc\Profiles\ig1iq1gd.default\XPC.mfl c:\documents and settings\NetworkService\Application Data\upzmbhzc c:\documents and settings\NetworkService\Application Data\upzmbhzc\profiles.ini c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\cert8.db c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\compatibility.ini c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\compreg.dat c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\cookies.sqlite c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\formhistory.sqlite c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\key3.db c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\localstore.rdf c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\permissions.sqlite c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\places.sqlite-journal c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\places.sqlite c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\pluginreg.dat c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\prefs.js c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\secmod.db c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\webappsstore.sqlite c:\documents and settings\NetworkService\Application Data\upzmbhzc\Profiles\q3sl84i4.default\xpti.dat c:\documents and settings\NetworkService\Local Settings\Application Data\upzmbhzc c:\documents and settings\NetworkService\Local Settings\Application Data\upzmbhzc\Profiles\q3sl84i4.default\urlclassifier3.sqlite c:\documents and settings\NetworkService\Local Settings\Application Data\upzmbhzc\Profiles\q3sl84i4.default\XPC.mfl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\crack\wonderlines.exe d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\delight.nfo d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\bass.dll d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back0.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back1.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back10.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back11.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back12.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back13.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back14.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back15.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back2.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back3.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back4.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back5.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back6.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back7.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back8.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\_a_back9.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level0.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level1.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level10.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level11.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level12.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level13.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level14.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level15.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level2.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level3.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level4.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level5.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level6.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level7.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level8.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\animbacks\level9.lev d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\effects\ball1.par d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\effects\ball2.par d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\effects\bomb1.par d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\effects\bomb2.par d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\effects\chain1.par d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\effects\chain2.par d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\effects\dbomb1.par d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\effects\default.par d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\effects\diamond1.par d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\effects\scorewow.par d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\effects\square1.par d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\effects\square2.par d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\font.dat d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\jpeg.dat d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\help1.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\help2.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\help3.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\help4.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\help5.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\help6.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\help7.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\help8.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_01.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_02.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_03.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_04.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_05.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_06.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_07.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_08.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_09.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_10.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_11.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_12.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_13.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_14.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_15.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_16.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_17.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_18.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_19.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_20.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_21.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_22.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_23.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_24.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_25.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_26.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_27.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_28.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_29.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_30.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_31.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_32.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_33.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_34.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_35.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_36.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_37.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_38.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_39.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_40.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_41.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_42.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_43.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_44.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_45.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_46.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_47.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_48.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_49.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_50.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_51.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_52.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_53.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_54.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_55.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_56.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_57.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_58.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_59.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_60.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_61.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_62.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_63.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_64.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_65.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\pack1_66.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\tut1_01.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\tut1_02.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\tut1_03.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\levels\tut1_04.lvl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\loadbar.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\loadscreen.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\music.mo3 d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\settings\hiscore.dat d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\settings\MARIA_2.sav d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\settings\mode3.dat d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\settings\profiles.dat d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\settings\records.dat d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\settings\surrecs.dat d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\addball.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\addbonus.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\addlife.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\ball.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\birds1.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\birds2.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\birds3.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\bomb1.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\bomb2.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\brook.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\chain.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\diamond.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\diamond0.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\excellent.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\getbon.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\gethammer.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\hammer.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\levelcomplete.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\menu.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\menu2.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\score.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\selectaim.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\selectball.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\square.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\timeup.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\waterfall.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\sounds\wow.ogg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\splash1.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\splash2.jpg d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\targa.dat d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\texts.dat d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Data\trajectory1.spl d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\launch.ini d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\readme.txt d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\Shortcut to wonderlines.exe.lnk d:\jocuri\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines v1.0_Full+ crack...by Dadi\Wonderlines\wonderlines.exe d:\jocuri\Wonderlines d:\jocuri\Wonderlines\BASS.DLL d:\jocuri\Wonderlines\Data\animbacks\_a_back0.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back1.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back10.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back11.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back12.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back13.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back14.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back15.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back2.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back3.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back4.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back5.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back6.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back7.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back8.jpg d:\jocuri\Wonderlines\Data\animbacks\_a_back9.jpg d:\jocuri\Wonderlines\Data\animbacks\level0.lev d:\jocuri\Wonderlines\Data\animbacks\level1.lev d:\jocuri\Wonderlines\Data\animbacks\level10.lev d:\jocuri\Wonderlines\Data\animbacks\level11.lev d:\jocuri\Wonderlines\Data\animbacks\level12.lev d:\jocuri\Wonderlines\Data\animbacks\level13.lev d:\jocuri\Wonderlines\Data\animbacks\level14.lev d:\jocuri\Wonderlines\Data\animbacks\level15.lev d:\jocuri\Wonderlines\Data\animbacks\level2.lev d:\jocuri\Wonderlines\Data\animbacks\level3.lev d:\jocuri\Wonderlines\Data\animbacks\level4.lev d:\jocuri\Wonderlines\Data\animbacks\level5.lev d:\jocuri\Wonderlines\Data\animbacks\level6.lev d:\jocuri\Wonderlines\Data\animbacks\level7.lev d:\jocuri\Wonderlines\Data\animbacks\level8.lev d:\jocuri\Wonderlines\Data\animbacks\level9.lev d:\jocuri\Wonderlines\Data\effects\ball1.par d:\jocuri\Wonderlines\Data\effects\ball2.par d:\jocuri\Wonderlines\Data\effects\bomb1.par d:\jocuri\Wonderlines\Data\effects\bomb2.par d:\jocuri\Wonderlines\Data\effects\chain1.par d:\jocuri\Wonderlines\Data\effects\chain2.par d:\jocuri\Wonderlines\Data\effects\dbomb1.par d:\jocuri\Wonderlines\Data\effects\default.par d:\jocuri\Wonderlines\Data\effects\diamond1.par d:\jocuri\Wonderlines\Data\effects\scorewow.par d:\jocuri\Wonderlines\Data\effects\square1.par d:\jocuri\Wonderlines\Data\effects\square2.par d:\jocuri\Wonderlines\Data\font.dat d:\jocuri\Wonderlines\Data\jpeg.dat d:\jocuri\Wonderlines\Data\levels\help1.lvl d:\jocuri\Wonderlines\Data\levels\help2.lvl d:\jocuri\Wonderlines\Data\levels\help3.lvl d:\jocuri\Wonderlines\Data\levels\help4.lvl d:\jocuri\Wonderlines\Data\levels\help5.lvl d:\jocuri\Wonderlines\Data\levels\help6.lvl d:\jocuri\Wonderlines\Data\levels\help7.lvl d:\jocuri\Wonderlines\Data\levels\help8.lvl d:\jocuri\Wonderlines\Data\levels\pack1_01.lvl d:\jocuri\Wonderlines\Data\levels\pack1_02.lvl d:\jocuri\Wonderlines\Data\levels\pack1_03.lvl d:\jocuri\Wonderlines\Data\levels\pack1_04.lvl d:\jocuri\Wonderlines\Data\levels\pack1_05.lvl d:\jocuri\Wonderlines\Data\levels\pack1_06.lvl d:\jocuri\Wonderlines\Data\levels\pack1_07.lvl d:\jocuri\Wonderlines\Data\levels\pack1_08.lvl d:\jocuri\Wonderlines\Data\levels\pack1_09.lvl d:\jocuri\Wonderlines\Data\levels\pack1_10.lvl d:\jocuri\Wonderlines\Data\levels\pack1_11.lvl d:\jocuri\Wonderlines\Data\levels\pack1_12.lvl d:\jocuri\Wonderlines\Data\levels\pack1_13.lvl d:\jocuri\Wonderlines\Data\levels\pack1_14.lvl d:\jocuri\Wonderlines\Data\levels\pack1_15.lvl d:\jocuri\Wonderlines\Data\levels\pack1_16.lvl d:\jocuri\Wonderlines\Data\levels\pack1_17.lvl d:\jocuri\Wonderlines\Data\levels\pack1_18.lvl d:\jocuri\Wonderlines\Data\levels\pack1_19.lvl d:\jocuri\Wonderlines\Data\levels\pack1_20.lvl d:\jocuri\Wonderlines\Data\levels\pack1_21.lvl d:\jocuri\Wonderlines\Data\levels\pack1_22.lvl d:\jocuri\Wonderlines\Data\levels\pack1_23.lvl d:\jocuri\Wonderlines\Data\levels\pack1_24.lvl d:\jocuri\Wonderlines\Data\levels\pack1_25.lvl d:\jocuri\Wonderlines\Data\levels\pack1_26.lvl d:\jocuri\Wonderlines\Data\levels\pack1_27.lvl d:\jocuri\Wonderlines\Data\levels\pack1_28.lvl d:\jocuri\Wonderlines\Data\levels\pack1_29.lvl d:\jocuri\Wonderlines\Data\levels\pack1_30.lvl d:\jocuri\Wonderlines\Data\levels\pack1_31.lvl d:\jocuri\Wonderlines\Data\levels\pack1_32.lvl d:\jocuri\Wonderlines\Data\levels\pack1_33.lvl d:\jocuri\Wonderlines\Data\levels\pack1_34.lvl d:\jocuri\Wonderlines\Data\levels\pack1_35.lvl d:\jocuri\Wonderlines\Data\levels\pack1_36.lvl d:\jocuri\Wonderlines\Data\levels\pack1_37.lvl d:\jocuri\Wonderlines\Data\levels\pack1_38.lvl d:\jocuri\Wonderlines\Data\levels\pack1_39.lvl d:\jocuri\Wonderlines\Data\levels\pack1_40.lvl d:\jocuri\Wonderlines\Data\levels\pack1_41.lvl d:\jocuri\Wonderlines\Data\levels\pack1_42.lvl d:\jocuri\Wonderlines\Data\levels\pack1_43.lvl d:\jocuri\Wonderlines\Data\levels\pack1_44.lvl d:\jocuri\Wonderlines\Data\levels\pack1_45.lvl d:\jocuri\Wonderlines\Data\levels\pack1_46.lvl d:\jocuri\Wonderlines\Data\levels\pack1_47.lvl d:\jocuri\Wonderlines\Data\levels\pack1_48.lvl d:\jocuri\Wonderlines\Data\levels\pack1_49.lvl d:\jocuri\Wonderlines\Data\levels\pack1_50.lvl d:\jocuri\Wonderlines\Data\levels\pack1_51.lvl d:\jocuri\Wonderlines\Data\levels\pack1_52.lvl d:\jocuri\Wonderlines\Data\levels\pack1_53.lvl d:\jocuri\Wonderlines\Data\levels\pack1_54.lvl d:\jocuri\Wonderlines\Data\levels\pack1_55.lvl d:\jocuri\Wonderlines\Data\levels\pack1_56.lvl d:\jocuri\Wonderlines\Data\levels\pack1_57.lvl d:\jocuri\Wonderlines\Data\levels\pack1_58.lvl d:\jocuri\Wonderlines\Data\levels\pack1_59.lvl d:\jocuri\Wonderlines\Data\levels\pack1_60.lvl d:\jocuri\Wonderlines\Data\levels\pack1_61.lvl d:\jocuri\Wonderlines\Data\levels\pack1_62.lvl d:\jocuri\Wonderlines\Data\levels\pack1_63.lvl d:\jocuri\Wonderlines\Data\levels\pack1_64.lvl d:\jocuri\Wonderlines\Data\levels\pack1_65.lvl d:\jocuri\Wonderlines\Data\levels\pack1_66.lvl d:\jocuri\Wonderlines\Data\levels\tut1_01.lvl d:\jocuri\Wonderlines\Data\levels\tut1_02.lvl d:\jocuri\Wonderlines\Data\levels\tut1_03.lvl d:\jocuri\Wonderlines\Data\levels\tut1_04.lvl d:\jocuri\Wonderlines\Data\loadbar.jpg d:\jocuri\Wonderlines\Data\loadscreen.jpg d:\jocuri\Wonderlines\Data\music.mo3 d:\jocuri\Wonderlines\Data\settings\hiscore.dat d:\jocuri\Wonderlines\Data\settings\MARIA_2.sav d:\jocuri\Wonderlines\Data\settings\mode3.dat d:\jocuri\Wonderlines\Data\settings\profiles.dat d:\jocuri\Wonderlines\Data\settings\records.dat d:\jocuri\Wonderlines\Data\settings\surrecs.dat d:\jocuri\Wonderlines\Data\sounds\addball.ogg d:\jocuri\Wonderlines\Data\sounds\addbonus.ogg d:\jocuri\Wonderlines\Data\sounds\addlife.ogg d:\jocuri\Wonderlines\Data\sounds\ball.ogg d:\jocuri\Wonderlines\Data\sounds\birds1.ogg d:\jocuri\Wonderlines\Data\sounds\birds2.ogg d:\jocuri\Wonderlines\Data\sounds\birds3.ogg d:\jocuri\Wonderlines\Data\sounds\bomb1.ogg d:\jocuri\Wonderlines\Data\sounds\bomb2.ogg d:\jocuri\Wonderlines\Data\sounds\brook.ogg d:\jocuri\Wonderlines\Data\sounds\chain.ogg d:\jocuri\Wonderlines\Data\sounds\diamond.ogg d:\jocuri\Wonderlines\Data\sounds\diamond0.ogg d:\jocuri\Wonderlines\Data\sounds\excellent.ogg d:\jocuri\Wonderlines\Data\sounds\getbon.ogg d:\jocuri\Wonderlines\Data\sounds\gethammer.ogg d:\jocuri\Wonderlines\Data\sounds\hammer.ogg d:\jocuri\Wonderlines\Data\sounds\levelcomplete.ogg d:\jocuri\Wonderlines\Data\sounds\menu.ogg d:\jocuri\Wonderlines\Data\sounds\menu2.ogg d:\jocuri\Wonderlines\Data\sounds\score.ogg d:\jocuri\Wonderlines\Data\sounds\selectaim.ogg d:\jocuri\Wonderlines\Data\sounds\selectball.ogg d:\jocuri\Wonderlines\Data\sounds\square.ogg d:\jocuri\Wonderlines\Data\sounds\timeup.ogg d:\jocuri\Wonderlines\Data\sounds\waterfall.ogg d:\jocuri\Wonderlines\Data\sounds\wow.ogg d:\jocuri\Wonderlines\Data\splash1.jpg d:\jocuri\Wonderlines\Data\splash2.jpg d:\jocuri\Wonderlines\Data\targa.dat d:\jocuri\Wonderlines\Data\texts.dat d:\jocuri\Wonderlines\Data\trajectory1.spl d:\jocuri\Wonderlines\Uninstall.exe d:\jocuri\Wonderlines\wonderlines.exe . ((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 ))))))))))))))))))))))))))))))) . 2009-05-01 08:15 . 2009-05-01 11:08 -------- d-----w c:\documents and settings\Maria\.housecall6.6 2009-05-01 08:14 . 2009-05-01 08:14 -------- d-----w c:\windows\Sun 2009-05-01 07:49 . 2009-05-01 07:49 6853096 ----a-w C:\SpyHunter-Compact-OS.exe 2009-05-01 07:48 . 2009-05-01 07:48 -------- d-----w d:\jocuri\Enigma Software Group 2009-04-20 11:01 . 2009-04-20 11:01 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache 2009-04-20 09:44 . 2009-04-20 09:44 -------- d-----w c:\documents and settings\Maria\Saved Games 2009-04-20 09:44 . 2009-04-20 09:44 -------- d-----w c:\documents and settings\Maria\Local Settings\Application Data\Oberon Games 2009-04-20 09:44 . 2009-04-20 09:44 -------- d-----w d:\jocuri\Scrubbles 2009-04-19 19:12 . 2009-04-19 19:12 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-19 19:02 . 2009-04-19 19:12 -------- d-----w d:\jocuri\Java 2009-04-19 19:02 . 2009-04-19 19:02 -------- d-----w c:\documents and settings\Maria\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020} 2009-04-19 13:18 . 2009-04-19 13:18 -------- d-----w c:\documents and settings\Maria\Local Settings\Application Data\Aspyr 2009-04-17 11:11 . 2009-04-17 11:11 -------- d-----w c:\documents and settings\Maria\Application Data\Red Kawa 2009-04-17 11:11 . 2009-04-17 11:11 -------- d-----w d:\jocuri\AviSynth 2.5 2009-04-17 11:11 . 2009-04-17 11:11 -------- d-----w C:\Software 2009-04-16 15:33 . 2009-04-16 15:33 -------- d-----w c:\documents and settings\Maria\Application Data\fretsonfire 2009-04-16 15:18 . 2009-04-16 15:23 -------- d-----w d:\jocuri\Frets on Fire 2009-04-14 18:17 . 2009-04-14 18:17 41808 ----a-w c:\windows\system32\xfcodec.dll 2009-04-13 16:40 . 2009-04-13 16:40 -------- d-----w c:\documents and settings\Maria\Application Data\Saved Games 2009-04-12 16:07 . 2009-04-12 20:25 -------- d-----w c:\documents and settings\Maria\Application Data\Ubisoft 2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft 2009-04-12 13:32 . 2009-04-12 13:36 -------- d-----w c:\documents and settings\All Users\Application Data\Tages 2009-04-11 14:56 . 2009-04-11 14:56 -------- d-----w c:\documents and settings\Maria\Application Data\Switchball 2009-04-11 14:52 . 2009-04-11 14:52 -------- d-----w d:\jocuri\Sierra Online 2009-04-09 09:35 . 2009-04-10 08:10 -------- d-----w d:\jocuri\VirtualDJ 2009-04-09 08:38 . 2009-04-09 08:38 -------- d-----w c:\program files\Common Files\Native Instruments 2009-04-09 08:13 . 2009-04-09 08:38 -------- d-----w d:\jocuri\Native Instruments 2009-04-05 15:58 . 2009-04-05 15:58 -------- d-----w d:\jocuri\Midnight Racing 2009-04-05 15:36 . 2009-04-30 17:10 -------- d-----w d:\jocuri\GP Vs Superbike 2009-04-03 06:25 . 2009-04-03 06:26 -------- d-----w d:\jocuri\Pet Racer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-02 07:21 . 2007-08-30 18:07 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-05-02 07:10 . 2009-02-03 20:20 303920 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-30 22:46 . 2007-09-20 18:19 -------- d-----w d:\jocuri\Holly cards 2009-04-30 17:09 . 2007-12-27 12:12 -------- d--h--w d:\jocuri\InstallShield Installation Information 2009-04-30 17:07 . 2008-10-08 17:34 -------- d-----w d:\jocuri\Image-Line 2009-04-30 17:07 . 2008-07-07 09:33 -------- d-----w d:\jocuri\Kontiki 2009-04-24 07:22 . 2008-03-07 21:47 270 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job 2009-04-19 10:59 . 2007-09-01 14:06 189072 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-19 10:49 . 2007-09-01 14:07 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-19 07:02 . 2007-08-30 19:25 -------- d-----w d:\jocuri\EVE 2009-04-18 18:52 . 2007-09-20 18:24 -------- d-----w d:\jocuri\Holly board 2009-04-18 10:27 . 2008-08-07 12:50 -------- d-----w d:\jocuri\PKR 2009-04-17 17:07 . 2008-01-28 17:35 75064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-04-12 13:01 . 2008-01-08 15:51 279712 ----a-w c:\windows\system32\drivers\atksgt.sys 2009-04-10 17:17 . 2008-05-17 17:36 -------- d-----w d:\jocuri\Yahoo! 2009-04-10 05:21 . 2007-08-30 18:28 65984 ----a-w c:\documents and settings\Maria\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-30 18:57 . 2007-09-15 14:22 22328 ----a-w c:\documents and settings\Maria\Application Data\PnkBstrK.sys 2009-03-30 18:57 . 2007-11-17 13:45 682280 ----a-w c:\windows\system32\pbsvc.exe 2009-03-29 09:44 . 2009-02-15 08:33 -------- d-----w d:\jocuri\Lavasoft 2009-03-29 07:08 . 2009-03-29 07:08 -------- d-----w d:\jocuri\Advent Rising 2009-03-22 11:17 . 2007-09-01 13:05 -------- d-----w d:\jocuri\Fear Combat 2009-03-11 10:42 . 2009-03-11 10:42 -------- d-----w d:\jocuri\Cake Mania 3 2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll 2009-03-05 20:04 . 2007-09-20 18:12 -------- d-----w d:\jocuri\Holly puzzle 2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-03-02 21:00 . 2008-11-14 17:36 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys 2009-03-02 20:59 . 2008-11-14 17:36 155384 ----a-w c:\windows\system32\guard32.dll 2009-03-02 20:59 . 2008-11-14 17:36 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys 2009-02-22 11:48 . 2004-08-04 12:00 135680 ----a-w c:\windows\system32\taskmgr.exe 2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-15 08:34 . 2009-02-15 08:35 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-02-09 10:20 . 2004-08-04 12:00 723456 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:20 . 2004-08-04 12:00 399360 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:20 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:20 . 2004-08-04 12:00 616960 ----a-w c:\windows\system32\advapi32.dll 2009-02-06 17:14 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 16:54 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 20:08 . 2004-08-04 12:00 55808 ----a-w c:\windows\system32\secur32.dll . ((((((((((((((((((((((((((((( SnapShot@2009-05-01_22.25.11 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-02 07:12 . 2009-05-02 07:12 16384 c:\windows\TEMP\Perflib_Perfdata_640.dat + 2009-05-02 07:12 . 2009-05-02 07:12 16384 c:\windows\TEMP\Perflib_Perfdata_4f0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 224248] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "DAEMON Tools Lite"="d:\jocuri\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856] "Search Protection"="d:\jocuri\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "RGSC"="d:\jocuri\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-02-11 306088] "SUPERAntiSpyware"="d:\software\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-30 1830128] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="d:\software\AsusDVD\PDVDServ.exe" [2004-11-02 32768] "BOC-425"="d:\software\COMODO~1\BOC425.exe" [2007-08-08 338432] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824] "YSearchProtection"="d:\jocuri\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "RivaTunerStartupDaemon"="d:\software\RivaTuner v2.21\RivaTuner.exe" [2008-12-10 2732032] "RivaTuner"="d:\software\RivaTuner v2.21\RivaTuner.exe" [2008-12-10 2732032] "QuickTime Task"="c:\program files\QT\qttask.exe" [2008-09-06 413696] "COMODO Internet Security"="d:\software\Comodo\COMODO Internet Security\cfp.exe" [2009-03-02 1851128] "SunJavaUpdateSched"="d:\jocuri\Java\jre6\bin\jusched.exe" [2009-04-19 148888] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - d:\jocuri\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 87040] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\software\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 09:05 356352 ----a-w d:\software\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "d:\\Jocuri\\Fear Combat\\FEARMP.exe"= "d:\\Software\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "e:\\Jocuri\\CRYTEK\\Crysis\\Bin32\\Crysis.exe"= "e:\\Jocuri\\CRYTEK\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "d:\\Software\\Xfire\\xfire.exe"= "c:\\Program Files\\GTactix\\GTactix.exe"= "d:\\Jocuri\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.8\\cnc3game.dat"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Jocuri\\EVE\\bin\\ExeFile.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "e:\\Jocuri\\Codemasters\\GRID\\GRID.exe"= "d:\\Jocuri\\Fear Combat\\FEARServer.exe"= "e:\\Jocuri\\CoD4\\iw3mp.exe"= "d:\\Jocuri\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "d:\\Jocuri\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "d:\\Jocuri\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "d:\\Jocuri\\Electronic Arts\\Dead Space\\Dead Space.exe"= "e:\\Jocuri\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"= "d:\\Jocuri\\EVE\\eve.exe"= "e:\\Jocuri\\Left4Dead\\hl2.exe"= "d:\\Software\\garena\\Garena.exe"= "d:\\Software\\StrongDC\\StrongDC.exe"= "d:\\Jocuri\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutLauncher.exe"= "d:\\Jocuri\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutConfigTool.exe"= "d:\\Jocuri\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutParadise.exe"= "d:\\Jocuri\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "d:\\Jocuri\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "d:\\Jocuri\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "e:\\Jocuri\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "e:\\Jocuri\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "d:\\Jocuri\\VirtualDJ\\virtualdj_trial.exe"= "e:\\Jocuri\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "e:\\Jocuri\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "e:\\Jocuri\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "e:\\Jocuri\\Aspyr\\Guitar Hero III\\GH3.exe"= "e:\\Jocuri\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "d:\\Jocuri\\Skype\\Phone\\Skype.exe"= R2 BOCore;BOCore;d:\software\ComodoBOClean\BOCORE.exe [2007-08-07 69632] R3 GarenaPEngine;GarenaPEngine; [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-02-15 64160] S1 aswSP;avast! Self Protection; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-03-02 110992] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-03-02 24336] S1 SASDIFSV;SASDIFSV;d:\software\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-27 9968] S1 SASKUTIL;SASKUTIL;d:\software\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2004-08-04 14336] S3 SASENUM;SASENUM;d:\software\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18D4A75C-FF42-2E11-BB1E-00840E3BE400}] d:\jocuri\registery\svchost.exe s . Contents of the 'Scheduled Tasks' folder 2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job - d:\jocuri\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyServer = 86.121.4.105:80 uSearchURL,(Default) = hxxp://www.google.ro IE: Download all with Free Download Manager - file://d:\software\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://d:\software\Free Download Manager\dlselected.htm IE: Download with Free Download Manager - file://d:\software\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} - hxxp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab FF - ProfilePath - c:\documents and settings\Maria\Application Data\Mozilla\Firefox\Profiles\toj33yrl.default\ FF - prefs.js: browser.search.selectedEngine - Amazon.com FF - prefs.js: keyword.enabled - false FF - plugin: c:\program files\Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin2.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin3.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin4.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin5.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin6.dll FF - plugin: c:\program files\QT\Plugins\npqtplugin7.dll FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll . *********************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1275210071-2077806209-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1275210071-2077806209-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:66,fb,87,1b,67,01,b0,be,9e,3b,9f,f2,8a,44,29,fb,cf,67,6e,0d,b6,3a,57, bf,a9,df,ac,22,54,c9,66,bb,51,60,28,c0,3f,36,bc,b4,44,71,03,2b,45,d2,58,e7,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-1275210071-2077806209-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:10,f2,5d,ba,f9,67,8d,20,b9,ff,3b,45,fb,3f,8a,c1,19,0a,d2,69,9c, 60,7a,8d,51,e8,51,92,2d,b4,0c,f9,10,57,1c,b3,3e,f4,c0,c4,61,32,0b,ae,9c,87,\ "rkeysecu"=hex:8d,ab,5f,0a,e2,3f,2b,4c,6f,e4,9c,1f,c4,b7,e4,3e . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(784) c:\windows\system32\guard32.dll d:\software\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'lsass.exe'(844) c:\windows\system32\guard32.dll . Completion time: 2009-05-02 10:28 ComboFix-quarantined-files.txt 2009-05-02 07:28 ComboFix2.txt 2009-05-01 22:40 Pre-Run: 12,879,253,504 bytes free Post-Run: 12,830,134,272 bytes free 636 --- E O F --- 2009-04-17 07:59

CatByte View Member Profile	May 2 2009, 04:51 AM Post #6
Trusted Helper Posts: 914 From: Canada OS: XP SP3	Hi, Please do the following STEP #1 Please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2 Double-click GooredFix.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet. STEP #2 Please download the GMER Rootkit Scanner. Unzip it to your Desktop. Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Double-click gmer.exe. The program will begin to run. Caution These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised! If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click NO In the right panel, you will see a number of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked. Now click the Scan button. Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt" Save it where you can easily find it, such as your desktop. Post the contents of GMER.txt in your next reply. STEP #3 Please download Malwarebytes' Anti-Malware Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. <-- very important When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. In your next reply I need: Gooredix log GMER Log MBAM Log

Teddy Ted View Member Profile	May 2 2009, 11:05 AM Post #7
New Member Posts: 6 OS: Windows XP SP2	Ok, here we go: GOOREDFIX: GooredFix v1.92 by jpshortstuff Log created at 14:33 on 02/05/2009 running Option #1 (Maria) Firefox version 3.0.10 (en-US) =====Suspect Goored Entries===== =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions] "Plugins"="C:\Program Files\Firefox\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions] "Components"="C:\Program Files\Firefox\components" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "jqs@sun.com"="D:\Jocuri\Java\jre6\lib\deploy\jqs\ff" GMER is too long and I'll post it as attach. MALWAREBYTES: Malwarebytes' Anti-Malware 1.23 Database version: 986 Windows 5.1.2600 Service Pack 2 7:50:02 PM 5/2/2009 mbam-log-5-2-2009 (19-50-02).txt Scan type: Quick Scan Objects scanned: 40850 Time elapsed: 4 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attached File(s) GMERLog.txt ( 404.75K ) Number of downloads: 26

CatByte View Member Profile	May 2 2009, 12:13 PM Post #8
Trusted Helper Posts: 914 From: Canada OS: XP SP3	Hi, Things look good, One more scan to make certain there is nothing remaining then we can clean up our tools. Also, please describe how your computer is behaving and if there are any outstanding issues. Please do the following: Run an on-line scan with Kaspersky Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.) If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Open the Kaspersky WebScanner page. Click on the button on the main page. The program will launch and fill in the Information section on the left. Read the "Requirements and Limitations" then press the button. The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish. Once the files have been downloaded, click on the ...button. In the scan settings make sure the following are selected: Detect malicious programs of the following categories: Viruses, Worms, Trojan Horses, Rootkits Spyware, Adware, Dialers and other potentially dangerous programs Scan compound files (doesn't apply to the File scan area): Archives Mail databases By default the above items should already be checked. Click the button, if you made any changes. Now under the Scan section on the left: Select My Computer The program will now start and scan your system. This will run for a while, be patient and let it finish. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. You can refer to this animation by sundavis.

Teddy Ted View Member Profile	May 3 2009, 05:22 AM Post #9
New Member Posts: 6 OS: Windows XP SP2	It looks like it found something. Here it's the Kaspersky online scan log: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Sunday, May 3, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Sunday, May 03, 2009 08:40:00 Records in database: 2123156 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Y:\ Z:\ Scan statistics: Files scanned: 292349 Threat name: 2 Infected objects: 10 Suspicious objects: 0 Duration of the scan: 04:09:32 File name / Threat name / Threats count C:\Documents and Settings\Maria\.housecall6.6\Quarantine\tnbijehy.dll.bac_a02796 Infected: Trojan-Clicker.Win32.Delf.cbe 1 C:\Documents and Settings\Maria\.housecall6.6\Quarantine\tnbijehy.dll1.bac_a02796 Infected: Trojan-Clicker.Win32.Delf.cbe 1 C:\Documents and Settings\Maria\.housecall6.6\Quarantine\tnbijehy.dll2.bac_a02796 Infected: Trojan-Clicker.Win32.Delf.cbe 1 C:\Documents and Settings\Maria\.housecall6.6\Quarantine\tnbijehy.dll3.bac_a02796 Infected: Trojan-Clicker.Win32.Delf.cbe 1 C:\Documents and Settings\Maria\.housecall6.6\Quarantine\tnbijehy.dll4.bac_a02796 Infected: Trojan-Clicker.Win32.Delf.cbe 1 C:\Documents and Settings\Maria\.housecall6.6\Quarantine\tnbijehy.dll5.bac_a02796 Infected: Trojan-Clicker.Win32.Delf.cbe 1 C:\Documents and Settings\Maria\.housecall6.6\Quarantine\tnbijehy.dll6.bac_a02796 Infected: Trojan-Clicker.Win32.Delf.cbe 1 C:\Documents and Settings\Maria\.housecall6.6\Quarantine\tnbijehy.dll7.bac_a02796 Infected: Trojan-Clicker.Win32.Delf.cbe 1 C:\Documents and Settings\Maria\.housecall6.6\Quarantine\tnbijehy.dll8.bac_a02796 Infected: Trojan-Clicker.Win32.Delf.cbe 1 C:\Documents and Settings\Maria\.housecall6.6\Quarantine\War.Of.The.Worlds.2.The.Next.Wave.DVDRip.Xvid.TFE.avi.exe.bac_a02796 Infected: Trojan.Win32.VB.aia 1 The selected area was scanned.

CatByte View Member Profile	May 3 2009, 05:44 AM Post #10
Trusted Helper Posts: 914 From: Canada OS: XP SP3	Hi, Not to worry, all those items are already in quarantine and cannot harm the computer. You are clean. Now we need to do a little house keeping. Please do the following: STEP #1 Follow these steps to uninstall Combofix Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there. STEP #2 Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou ) Click the Pt. Restauration button and press OK to the prompts. Click the Corbeille button and press OK to the prompt. Click the Fichiers temp button and press OK to the prompt. Click the Recherche button and let it run ( it may look like it freezes but let it continue ) Once it is done click the Suppression button and let it remove anything it finds. Close the program STEP #3 Click Start >> Run and then copy/paste the following into the box and hit Enter: "%userprofile%\Desktop\GooredFix.exe" /uninstall If any of your security programs query a new Registry/AutoStart value being added please allow the changes. STEP #4 Below I have included a number of recommendations for how to protect your computer against malware infections. Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. For Firefox, I highly recommend these add-ons to keep your PC even more secure. NoScript - for blocking ads and other potential website attacks McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask. Please read the guide by Rorschach112 on how to prevent malware and about safe computing here Thank you for your patience, and performing all of the procedures requested.

Teddy Ted View Member Profile	May 3 2009, 06:29 AM Post #11
New Member Posts: 6 OS: Windows XP SP2	Thank you very much for your time spent with my issue and especially for the help provided. Before closing this topic, I have some questions about the software I have already installed, just to be sure if I still have to get those programs you told me about. At the moment I have installed: Avast and Comodo which run all the time, I also have Malwarebytes and SuperAntiSpyware free edition. I use both IE and Firefox, I got Firefox when IE had some issues and didn't start anymore. I saw it's ok and I kept using it but I don't know if having two browsers for internet is ok. About making the internet more secure, I cannot use the Custom level button, it's inactive and somewhere below says: Some settings are managed by your system administrator. However, there is no administrator account on this computer. What do you think about this? Once again, I really appreciate your help, thank you very much! :-)

CatByte View Member Profile	May 3 2009, 06:41 AM Post #12
Trusted Helper Posts: 914 From: Canada OS: XP SP3	Hi, QUOTE just to be sure if I still have to get those programs you told me about. No not at all - totally optional QUOTE Avast and Comodo which run all the time, I also have Malwarebytes and SuperAntiSpyware free edition. Great programs - just one question - Are you using the Antivirus that is included with the Comodo Internet security suite you have? If so, then you should remove Avast as having more than one AV can cause system instability and ultimately provide less protection not more. If you are just using Comodo for the firewall, sandbox etc. then fine to keep both. QUOTE I use both IE and Firefox, I don't know if having two browsers for internet is ok. you can use as many browsers as you want. QUOTE About making the internet more secure, I cannot use the Custom level button, it's inactive and somewhere below says: Some settings are managed by your system administrator. However, there is no administrator account on this computer. What do you think about this? Don't know? I've never used IE myself - you may wish to ask your question in our tech help forum for Browsers - probably a setting somewhere. QUOTE Once again, I really appreciate your help, thank you very much! :-) You are more than welcome. Stay safe CB

CatByte View Member Profile	May 6 2009, 07:24 AM Post #13
Trusted Helper Posts: 914 From: Canada OS: XP SP3	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Hardware, Components and Peripherals Can't get the audio working on my PC.	4 / 624	25th October 2006 - 03:43 AM Quimbly started - last by Quimbly
Windows Vista� and Windows 7� Vista- can't log in as admnistrator on my pc	2 / 2,776	5th April 2008 - 06:25 AM dbfarm started - last by dbfarm
Virus, Spyware and Trojan Removal Can't connect to the internet on my PC	1 / 583	20th June 2008 - 08:09 PM tenners started - last by tenners
Virus, Spyware and Trojan Removal Epic lag on my pc [Solved] 12	17 / 412	7th August 2009 - 06:17 PM ImWatchingYou started - last by JSntgRvr