ComboFix 09-03-13.01 - Administrator 2009-03-14 8:32:06.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1983.1449 [GMT 8:00] Running from: c:\program files\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp1.tmp c:\recycler\RECYCLER.exe c:\windows\system32\logondll.dll c:\windows\system32\setting.ini ----- File Replicators ----- c:\a4tech\a4tech.exe c:\a4tech\CameraH\CameraH.exe c:\a4tech\CameraH\Win2K_XP\EffectRes\EffectRes.exe c:\a4tech\CameraH\Win2K_XP\Win2K_XP.exe c:\a4tech\CameraH\Win64Bits\EffectRes\EffectRes.exe c:\a4tech\CameraH\Win64Bits\Win64Bits.exe c:\a4tech\CameraH\Win98_ME\EffectRes\EffectRes.exe c:\a4tech\CameraH\Win98_ME\Win98_ME.exe c:\ati\ATI.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\BIN\BIN.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\Blizzard\Blizzard.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CatalystRegistration\CatalystRegistration.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Branding\Branding.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\CCC.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Core-Implementation\Core-Implementation.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Core-PreInstall\Core-PreInstall.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Core-Static\Core-Static.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Graphics-Full-Existing\Graphics-Full-Existing.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Graphics-Full-New\Graphics-Full-New.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Graphics-Light\Graphics-Light.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Graphics-Previews-Common\Graphics-Previews-Common.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Help\en-us\en-us.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Help\Help.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\MOM-InstallProxy\MOM-InstallProxy.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Skins\Skins.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Utility\Utility.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Utility64\Utility64.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\Driver\Driver.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\Driver\XP_INF\B_67690\B_67690.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\Driver\XP_INF\XP_INF.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\GARTnt\GARTnt.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\IDE\IDE.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\IDEATA133\IDEATA133.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\RAID\i386\i386.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\RAID\RAID.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\RAID7xx\RAID7xx.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\RAID7xx\x86\x86.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\SATARAID\SATARAID.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\SBDrv.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\SMBUS\SMBUS.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\WDM_ALL\AVS_T200\AVS_T200.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\WDM_ALL\AVS_T200\XP\XP.exe c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\WDM_ALL\WDM_ALL.exe c:\ati\SUPPORT\SUPPORT.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\BIN\BIN.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CatalystRegistration\CatalystRegistration.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\CCC.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Core-Implementation\Core-Implementation.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Core-PreInstall\Core-PreInstall.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Core-Static\Core-Static.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Graphics-Full-Existing\Graphics-Full-Existing.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Graphics-Full-New\Graphics-Full-New.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Graphics-Light\Graphics-Light.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Graphics-Previews-Common\Graphics-Previews-Common.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Help\en-us\en-us.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Help\Help.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Skins\Skins.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Utility\Utility.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Utility64\Utility64.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\Driver\Driver.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\Driver\XP_INF\B_64119\B_64119.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\Driver\XP_INF\XP_INF.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\IDE\IDE.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\IDEATA133\IDEATA133.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\RAID\i386\i386.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\RAID\RAID.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\RAID7xx\RAID7xx.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\RAID7xx\x86\x86.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\SATARAID\SATARAID.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\SBDrv.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\SMBUS\SMBUS.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\WDM_ALL\AVS_T200\AVS_T200.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\WDM_ALL\AVS_T200\XP\XP.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\WDM_ALL\WDM_ALL.exe c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\Xtreme-G Catalyst 8.5 XP 32bit.exe c:\attachments_2009_02_130\attachments_2009_02_130.exe c:\bios\bios.exe c:\bios\EMX-AMD780G-PRO BIOS V1.2\DOS\DOS.exe c:\bios\EMX-AMD780G-PRO BIOS V1.2\EMX-AMD780G-PRO BIOS V1.2.exe c:\bios\EMX-AMD780G-PRO BIOS V1.2\Wintools\Wintools.exe c:\canoscan\CanoScan.exe c:\canoscan\CNQL25\CNQL25.exe c:\canoscan\CNQL25\CNQL25\CNQL25.exe c:\canoscan\CNQL25\CNQSG110\CNQSG110.exe c:\counterstrike_cd_key\COUNTERSTRIKE_CD_KEY.exe c:\dmc\DEVILMAYCRY4\DEVILMAYCRY4.exe c:\dmc\dmc.exe c:\ga-m61vme-s2 1.0\GA-M61VME-S2 1.0.exe c:\ga-m61vme-s2 1.0\Realtek\Config\Config.exe c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\MSHDQFE.exe c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\Win2K_XP\us\us.exe c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\Win2K_XP\Win2K_XP.exe c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\Win2K3\us\us.exe c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\Win2K3\Win2K3.exe c:\ga-m61vme-s2 1.0\Realtek\Realtek.exe c:\ga-m61vme-s2 1.0\Realtek\Vista\Vista.exe c:\ga-m61vme-s2 1.0\Realtek\Vista64\Vista64.exe c:\ga-m61vme-s2 1.0\Realtek\WDM\WDM.exe c:\ga-m61vme-s2 1.0\Setup\Ethernet\Ethernet.exe c:\ga-m61vme-s2 1.0\Setup\IDE\IDE.exe c:\ga-m61vme-s2 1.0\Setup\IDE\Win2K\raidtool\raidtool.exe c:\ga-m61vme-s2 1.0\Setup\IDE\Win2K\sata_ide\sata_ide.exe c:\ga-m61vme-s2 1.0\Setup\IDE\Win2K\sataraid\sataraid.exe c:\ga-m61vme-s2 1.0\Setup\IDE\Win2K\Win2K.exe c:\ga-m61vme-s2 1.0\Setup\IDE\WinXP\raidtool\raidtool.exe c:\ga-m61vme-s2 1.0\Setup\IDE\WinXP\sata_ide\sata_ide.exe c:\ga-m61vme-s2 1.0\Setup\IDE\WinXP\sataraid\sataraid.exe c:\ga-m61vme-s2 1.0\Setup\IDE\WinXP\WinXP.exe c:\ga-m61vme-s2 1.0\Setup\SMBus\SMBus.exe c:\games\GAMES.exe c:\games\Granado Espada\ge\ge.exe c:\games\Granado Espada\ge\ies\ies.exe c:\games\Granado Espada\ge\item_hi\item_hi.exe c:\games\Granado Espada\ge\item_hi\material\material.exe c:\games\Granado Espada\ge\ui\loadingimg\loadingimg.exe c:\games\Granado Espada\ge\ui\minimap\minimap.exe c:\games\Granado Espada\ge\ui\ui.exe c:\games\Granado Espada\ge\ui\uiscp\uiscp.exe c:\games\Granado Espada\ge\ui\uixml\uixml.exe c:\games\Granado Espada\Granado Espada.exe c:\games\Granado Espada\release\patch\patch.exe c:\games\Granado Espada\release\release.exe c:\games\Granado Espada\release\replay\replay.exe c:\games\Granado Espada\release\screenshot\screenshot.exe c:\games\Granado Espada\release\user\hotkey\hotkey.exe c:\games\Granado Espada\release\user\skin\skin.exe c:\games\Granado Espada\release\user\ui\ui.exe c:\games\Granado Espada\release\user\url\url.exe c:\games\Granado Espada\release\user\user.exe c:\games\Granado Espada\release\xtrap\xtrap.exe c:\games\NBA2008\EA SPORTS online\EA SPORTS online.exe c:\games\NBA2008\NBA LIVE 08\ai\act\act.exe c:\games\NBA2008\NBA LIVE 08\ai\ai.exe c:\games\NBA2008\NBA LIVE 08\anim\anim.exe c:\games\NBA2008\NBA LIVE 08\anim\body\body.exe c:\games\NBA2008\NBA LIVE 08\anim\skel\skel.exe c:\games\NBA2008\NBA LIVE 08\audio\aems\aems.exe c:\games\NBA2008\NBA LIVE 08\audio\audio.exe c:\games\NBA2008\NBA LIVE 08\audio\music\music.exe c:\games\NBA2008\NBA LIVE 08\audio\speech\arena\arena.exe c:\games\NBA2008\NBA LIVE 08\audio\speech\asw\asw.exe c:\games\NBA2008\NBA LIVE 08\audio\speech\asw\english\english.exe c:\games\NBA2008\NBA LIVE 08\audio\speech\asw\french\french.exe c:\games\NBA2008\NBA LIVE 08\audio\speech\frontend\english\english.exe c:\games\NBA2008\NBA LIVE 08\audio\speech\frontend\french\french.exe c:\games\NBA2008\NBA LIVE 08\audio\speech\frontend\frontend.exe c:\games\NBA2008\NBA LIVE 08\audio\speech\gamespch\english\english.exe c:\games\NBA2008\NBA LIVE 08\audio\speech\gamespch\french\french.exe c:\games\NBA2008\NBA LIVE 08\audio\speech\gamespch\gamespch.exe c:\games\NBA2008\NBA LIVE 08\audio\speech\speech.exe c:\games\NBA2008\NBA LIVE 08\database\database.exe c:\games\NBA2008\NBA LIVE 08\database\OrigDB\OrigDB.exe c:\games\NBA2008\NBA LIVE 08\fe\act\act.exe c:\games\NBA2008\NBA LIVE 08\fe\fe.exe c:\games\NBA2008\NBA LIVE 08\fe\fonts\common\common.exe c:\games\NBA2008\NBA LIVE 08\fe\fonts\fonts.exe c:\games\NBA2008\NBA LIVE 08\gamedir\gamedir.exe c:\games\NBA2008\NBA LIVE 08\interface\configs\configs.exe c:\games\NBA2008\NBA LIVE 08\interface\interface.exe c:\games\NBA2008\NBA LIVE 08\layouts\credits\credits.exe c:\games\NBA2008\NBA LIVE 08\layouts\layouts.exe c:\games\NBA2008\NBA LIVE 08\loc\loc.exe c:\games\NBA2008\NBA LIVE 08\main\cscripts\cscripts.exe c:\games\NBA2008\NBA LIVE 08\main\main.exe c:\games\NBA2008\NBA LIVE 08\merlin\merlin.exe c:\games\NBA2008\NBA LIVE 08\movies\English\English.exe c:\games\NBA2008\NBA LIVE 08\movies\French\French.exe c:\games\NBA2008\NBA LIVE 08\movies\German\German.exe c:\games\NBA2008\NBA LIVE 08\movies\Italian\Italian.exe c:\games\NBA2008\NBA LIVE 08\movies\movies.exe c:\games\NBA2008\NBA LIVE 08\NBA LIVE 08.exe c:\games\NBA2008\NBA LIVE 08\scripter\noncdrom\noncdrom.exe c:\games\NBA2008\NBA LIVE 08\scripter\scripter.exe c:\games\NBA2008\NBA LIVE 08\sgsm\allstar\allstar.exe c:\games\NBA2008\NBA LIVE 08\sgsm\allstar\judges\judges.exe c:\games\NBA2008\NBA LIVE 08\sgsm\coach\coach.exe c:\games\NBA2008\NBA LIVE 08\sgsm\common\common.exe c:\games\NBA2008\NBA LIVE 08\sgsm\crowd\crowd.exe c:\games\NBA2008\NBA LIVE 08\sgsm\crowd3d\crowd3d.exe c:\games\NBA2008\NBA LIVE 08\sgsm\feenv\feenv.exe c:\games\NBA2008\NBA LIVE 08\sgsm\players\players.exe c:\games\NBA2008\NBA LIVE 08\sgsm\props\props.exe c:\games\NBA2008\NBA LIVE 08\sgsm\sgsm.exe c:\games\NBA2008\NBA LIVE 08\sgsm\stadia\stadia.exe c:\games\NBA2008\NBA LIVE 08\sgsm\uniforms\uniforms.exe c:\games\NBA2008\NBA LIVE 08\sgsm\uniforms\unihalf\unihalf.exe c:\games\NBA2008\NBA LIVE 08\simeng\simeng.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Cz\Cz.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Da\Da.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\De\De.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\EA Help.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-uk\en-uk.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Controller\Controller.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Crash\Crash.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Direct_X\Direct_X.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\en-us.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Error_Message\Error_Message.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Getting_More_Help_Online\Getting_More_Help_Online.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Graphics\Graphics.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Install\Install.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Lock-up_and_Freeze\Lock-up_and_Freeze.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Online_Connectivity_and_Performance\Online_Connectivity_and_Performance.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Sound\Sound.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\WebHelp_Skin_Files\WebHelp_Skin_Files.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\XP_Silver.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\whdata\whdata.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Whitepages\Whitepages.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\whxdata\whxdata.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Es\Es.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Fi\Fi.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\fr-fr\fr-fr.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Hu\Hu.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\It\It.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\NL\NL.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\No\No.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Pol\Pol.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\pt-br\pt-br.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\pt\pt.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Ru\Ru.exe c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Sv\Sv.exe c:\games\NBA2008\NBA LIVE 08\Support\Support.exe c:\games\NBA2008\NBA LIVE 08\sysmgr\autocfg\autocfg.exe c:\games\NBA2008\NBA LIVE 08\sysmgr\synctest\synctest.exe c:\games\NBA2008\NBA LIVE 08\sysmgr\sysmgr.exe c:\games\NBA2008\NBA LIVE 08\tuning\tuning.exe c:\games\NBA2008\NBA LIVE 08\ubi\ubi.exe c:\games\NBA2008\NBA2008.exe c:\games\RagnarokOnline\_tmpEmblem\_tmpEmblem.exe c:\games\RagnarokOnline\AI\AI.exe c:\games\RagnarokOnline\AI\USER_AI\USER_AI.exe c:\games\RagnarokOnline\BGM\BGM.exe c:\games\RagnarokOnline\Chat\Chat.exe c:\games\RagnarokOnline\GameGuard\GameGuard.exe c:\games\RagnarokOnline\PatchClient\PatchClient.exe c:\games\RagnarokOnline\RagnarokOnline.exe c:\games\RagnarokOnline\ScreenShot\ScreenShot.exe c:\games\RagnarokOnline\skin\default\basic_interface\basic_interface.exe c:\games\RagnarokOnline\skin\default\default.exe c:\games\RagnarokOnline\skin\Scribbling Kid\basic_interface\basic_interface.exe c:\games\RagnarokOnline\skin\Scribbling Kid\Scribbling Kid.exe c:\games\RagnarokOnline\skin\skin.exe c:\games\Rohan\bitmaps\bitmaps.exe c:\games\Rohan\bitmaps\effect\effect.exe c:\games\Rohan\bitmaps\interface\interface.exe c:\games\Rohan\bitmaps\interface4\basicaction\basicaction.exe c:\games\Rohan\bitmaps\interface4\CreateCharacter2\CreateCharacter2.exe c:\games\Rohan\bitmaps\interface4\Font\Font.exe c:\games\Rohan\bitmaps\interface4\interface4.exe c:\games\Rohan\bitmaps\interface4\iteminventory\iteminventory.exe c:\games\Rohan\bitmaps\interface4\itemscript\itemscript.exe c:\games\Rohan\bitmaps\interface4\loadingsheet\loadingsheet.exe c:\games\Rohan\bitmaps\interface4\login\login.exe c:\games\Rohan\bitmaps\interface4\Minimap\Minimap.exe c:\games\Rohan\bitmaps\interface4\npcscript\npcscript.exe c:\games\Rohan\bitmaps\interface4\QuestDialog\QuestDialog.exe c:\games\Rohan\bitmaps\interface4\rohanguide\rohanguide.exe c:\games\Rohan\bitmaps\interface4\skillicon\skillicon.exe c:\games\Rohan\bitmaps\interface4\skillscript\skillscript.exe c:\games\Rohan\bitmaps\interface4\SystemSheet\SystemSheet.exe c:\games\Rohan\bitmaps\interface4\Trade\Trade.exe c:\games\Rohan\bitmaps\interface4\UI\UI.exe c:\games\Rohan\bitmaps\item\item.exe c:\games\Rohan\Collision\Collision.exe c:\games\Rohan\data\data.exe c:\games\Rohan\data\data\data.exe c:\games\Rohan\data\Script\Script.exe c:\games\Rohan\GameGuard\GameGuard.exe c:\games\Rohan\model\Building\Animation\Animation.exe c:\games\Rohan\model\Building\Bin\Bin.exe c:\games\Rohan\model\Building\Building.exe c:\games\Rohan\model\Building\Material\Material.exe c:\games\Rohan\model\Building\Mesh\Mesh.exe c:\games\Rohan\model\Building\Skeleton\Skeleton.exe c:\games\Rohan\model\Building\Texture\Texture.exe c:\games\Rohan\model\Etc\Animation\Animation.exe c:\games\Rohan\model\Etc\Bin\Bin.exe c:\games\Rohan\model\Etc\Etc.exe c:\games\Rohan\model\Etc\Material\Material.exe c:\games\Rohan\model\Etc\Mesh\Mesh.exe c:\games\Rohan\model\Etc\Skeleton\Skeleton.exe c:\games\Rohan\model\Etc\texture\texture.exe c:\games\Rohan\model\Grass\Animation\Animation.exe c:\games\Rohan\model\Grass\Bin\Bin.exe c:\games\Rohan\model\Grass\Grass.exe c:\games\Rohan\model\Grass\Material\Material.exe c:\games\Rohan\model\Grass\Mesh\Mesh.exe c:\games\Rohan\model\Grass\Skeleton\Skeleton.exe c:\games\Rohan\model\Grass\texture\texture.exe c:\games\Rohan\model\item\bin\bin.exe c:\games\Rohan\model\item\item.exe c:\games\Rohan\model\model.exe c:\games\Rohan\model\monster\animation\animation.exe c:\games\Rohan\model\monster\bin\bin.exe c:\games\Rohan\model\monster\material\material.exe c:\games\Rohan\model\monster\mesh\mesh.exe c:\games\Rohan\model\monster\monster.exe c:\games\Rohan\model\monster\skeleton\skeleton.exe c:\games\Rohan\model\monster\texture\texture.exe c:\games\Rohan\model\natureobject\animation\animation.exe c:\games\Rohan\model\natureobject\bin\bin.exe c:\games\Rohan\model\natureobject\material\material.exe c:\games\Rohan\model\natureobject\mesh\mesh.exe c:\games\Rohan\model\natureobject\natureobject.exe c:\games\Rohan\model\natureobject\skeleton\skeleton.exe c:\games\Rohan\model\natureobject\texture\texture.exe c:\games\Rohan\model\npc\Animation\Animation.exe c:\games\Rohan\model\npc\Bin\Bin.exe c:\games\Rohan\model\npc\Material\Material.exe c:\games\Rohan\model\npc\Mesh\Mesh.exe c:\games\Rohan\model\npc\npc.exe c:\games\Rohan\model\npc\Skeleton\Skeleton.exe c:\games\Rohan\model\npc\Texture\Texture.exe c:\games\Rohan\model\player\animation\animation.exe c:\games\Rohan\model\player\bin\bin.exe c:\games\Rohan\model\player\ief\ief.exe c:\games\Rohan\model\player\material\material.exe c:\games\Rohan\model\player\mesh\mesh.exe c:\games\Rohan\model\player\player.exe c:\games\Rohan\model\player\texture\texture.exe c:\games\Rohan\model\Tree\Animation\Animation.exe c:\games\Rohan\model\Tree\Bin\Bin.exe c:\games\Rohan\model\Tree\Material\Material.exe c:\games\Rohan\model\Tree\Mesh\Mesh.exe c:\games\Rohan\model\Tree\Skeleton\Skeleton.exe c:\games\Rohan\model\Tree\texture\texture.exe c:\games\Rohan\model\Tree\Tree.exe c:\games\Rohan\music\background\background.exe c:\games\Rohan\music\background\EventMusic\EventMusic.exe c:\games\Rohan\music\background\JukeBox\JukeBox.exe c:\games\Rohan\music\background\MiniCardGame\MiniCardGame.exe c:\games\Rohan\music\music.exe c:\games\Rohan\res\model\AniClientObject\AniClientObject.exe c:\games\Rohan\res\model\Building\Building.exe c:\games\Rohan\res\model\BuildingSiege\BuildingSiege.exe c:\games\Rohan\res\model\Effect\Effect.exe c:\games\Rohan\res\model\Etc\Etc.exe c:\games\Rohan\res\model\Grass\Grass.exe c:\games\Rohan\res\model\Item\Item.exe c:\games\Rohan\res\model\model.exe c:\games\Rohan\res\model\Monster\Monster.exe c:\games\Rohan\res\model\NatureObject\NatureObject.exe c:\games\Rohan\res\model\Npc\Npc.exe c:\games\Rohan\res\model\Player\Player.exe c:\games\Rohan\res\model\Sky\Sky.exe c:\games\Rohan\res\model\Tree\Tree.exe c:\games\Rohan\res\res.exe c:\games\Rohan\res\sound\sound.exe c:\games\Rohan\Rohan.exe c:\games\Rohan\Save\ittest01\ittest01.exe c:\games\Rohan\Save\ittest02\ittest02.exe c:\games\Rohan\Save\RHBW197081\RHBW197081.exe c:\games\Rohan\Save\RHCBT096793\RHCBT096793.exe c:\games\Rohan\Save\RHCBT097201\RHCBT097201.exe c:\games\Rohan\Save\rtest04\rtest04.exe c:\games\Rohan\Save\Save.exe c:\games\Rohan\Save\TestPH04\TestPH04.exe c:\games\Rohan\shaderbin\shaderbin.exe c:\games\Rohan\sound\entity\entity.exe c:\games\Rohan\sound\entity\mon\mon.exe c:\games\Rohan\sound\entity\mon\pet_duck\pet_duck.exe c:\games\Rohan\sound\entity\mon\pet_maid\pet_maid.exe c:\games\Rohan\sound\entity\voice\society_add\society_add.exe c:\games\Rohan\sound\entity\voice\voice.exe c:\games\Rohan\sound\sound.exe c:\games\Rohan\world\1-0\1-0.exe c:\games\Rohan\world\1-0\layer\layer.exe c:\games\Rohan\world\1-0\layer\layer\layer.exe c:\games\Rohan\world\1-1\1-1.exe c:\games\Rohan\world\1-2\1-2.exe c:\games\Rohan\world\1-3\1-3.exe c:\games\Rohan\world\1-4\1-4.exe c:\games\Rohan\world\2-0\2-0.exe c:\games\Rohan\world\2-1\2-1.exe c:\games\Rohan\world\2-2\2-2.exe c:\games\Rohan\world\2-3\2-3.exe c:\games\Rohan\world\2-4\2-4.exe c:\games\Rohan\world\3-0\3-0.exe c:\games\Rohan\world\3-1\3-1.exe c:\games\Rohan\world\3-2\3-2.exe c:\games\Rohan\world\3-3\3-3.exe c:\games\Rohan\world\3-4\3-4.exe c:\games\Rohan\world\4-0\4-0.exe c:\games\Rohan\world\4-1\4-1.exe c:\games\Rohan\world\4-4\4-4.exe c:\games\Rohan\world\5-0\5-0.exe c:\games\Rohan\world\5-1\5-1.exe c:\games\Rohan\world\5-2\5-2.exe c:\games\Rohan\world\5-3\5-3.exe c:\games\Rohan\world\5-3\layer\layer.exe c:\games\Rohan\world\5-4\5-4.exe c:\games\Rohan\world\5-5\5-5.exe c:\games\Rohan\world\6-0\6-0.exe c:\games\Rohan\world\6-1\6-1.exe c:\games\Rohan\world\6-2\6-2.exe c:\games\Rohan\world\6-2\layer\layer.exe c:\games\Rohan\world\minimap\minimap.exe c:\games\Rohan\world\region\region.exe c:\games\Rohan\world\srvattr\5-1\5-1.exe c:\games\Rohan\world\srvattr\srvattr.exe c:\games\Rohan\world\world.exe c:\games\VanRO\_tmpEmblem\_tmpEmblem.exe c:\games\VanRO\[u]0[/u]2-24-2009.play.ratemyserver.net.client\[u]0[/u]2-24-2009.play.ratemyserver.net.client.exe c:\games\VanRO\AI\AI.exe c:\games\VanRO\beta\beta.exe c:\games\VanRO\beta\Book\Book.exe c:\games\VanRO\beta\Dev\Dev.exe c:\games\VanRO\beta\PatchClient\PatchClient.exe c:\games\VanRO\beta\skin\default\basic_interface\basic_interface.exe c:\games\VanRO\beta\skin\default\default.exe c:\games\VanRO\beta\skin\default\login_interface\login_interface.exe c:\games\VanRO\beta\skin\euRO\basic_interface\basic_interface.exe c:\games\VanRO\beta\skin\euRO\euRO.exe c:\games\VanRO\beta\skin\skin.exe c:\games\VanRO\beta\sprite\npc\npc.exe c:\games\VanRO\beta\sprite\sprite.exe c:\games\VanRO\beta\texture\À¯ÀúÀÎÅÍÆäÀ̽º\À¯ÀúÀÎÅÍÆäÀ̽º.exe c:\games\VanRO\beta\texture\À¯ÀúÀÎÅÍÆäÀ̽º\basic_interface\basic_interface.exe c:\games\VanRO\beta\texture\À¯ÀúÀÎÅÍÆäÀ̽º\illust\illust.exe c:\games\VanRO\beta\texture\À¯ÀúÀÎÅÍÆäÀ̽º\login_interface\login_interface.exe c:\games\VanRO\beta\texture\Aí-AuAIAIAaAI_o\Aí-AuAIAIAaAI_o.exe c:\games\VanRO\beta\texture\Aí-AuAIAIAaAI_o\basic_interface\basic_interface.exe c:\games\VanRO\beta\texture\Aí-AuAIAIAaAI_o\login_interface\login_interface.exe c:\games\VanRO\beta\texture\effect\effect.exe c:\games\VanRO\beta\texture\texture.exe c:\games\VanRO\BGM\BGM.exe c:\games\VanRO\Chat\Chat.exe c:\games\VanRO\Chat_BM\Chat_BM.exe c:\games\VanRO\Emblem\Emblem.exe c:\games\VanRO\GameGuard\GameGuard.exe c:\games\VanRO\neoncube\neoncube.exe c:\games\VanRO\neoncube\vanro\vanro.exe c:\games\VanRO\New Folder (2)\New Folder (2).exe c:\games\VanRO\New Folder\data\data.exe c:\games\VanRO\New Folder\data\Dev\Dev.exe c:\games\VanRO\New Folder\data\PatchClient\PatchClient.exe c:\games\VanRO\New Folder\data\skin\default\basic_interface\basic_interface.exe c:\games\VanRO\New Folder\data\skin\default\default.exe c:\games\VanRO\New Folder\data\skin\default\login_interface\login_interface.exe c:\games\VanRO\New Folder\data\skin\euRO\basic_interface\basic_interface.exe c:\games\VanRO\New Folder\data\skin\euRO\euRO.exe c:\games\VanRO\New Folder\data\skin\skin.exe c:\games\VanRO\New Folder\data\sprite\npc\npc.exe c:\games\VanRO\New Folder\data\sprite\sprite.exe c:\games\VanRO\New Folder\data\texture\À¯ÀúÀÎÅÍÆäÀ̽º\À¯ÀúÀÎÅÍÆäÀ̽º.exe c:\games\VanRO\New Folder\data\texture\À¯ÀúÀÎÅÍÆäÀ̽º\basic_interface\basic_interface.exe c:\games\VanRO\New Folder\data\texture\À¯ÀúÀÎÅÍÆäÀ̽º\illust\illust.exe c:\games\VanRO\New Folder\data\texture\À¯ÀúÀÎÅÍÆäÀ̽º\login_interface\login_interface.exe c:\games\VanRO\New Folder\data\texture\texture.exe c:\games\VanRO\New Folder\New Folder.exe c:\games\VanRO\PatchClient\PatchClient.exe c:\games\VanRO\RagLite-DLL-1210\RagLite-DLL-1210.exe c:\games\VanRO\ScreenShot\ScreenShot.exe c:\games\VanRO\skin\default\basic_interface\basic_interface.exe c:\games\VanRO\skin\default\default.exe c:\games\VanRO\skin\scribbling kid\basic_interface\basic_interface.exe c:\games\VanRO\skin\scribbling kid\scribbling kid.exe c:\games\VanRO\skin\skin.exe c:\games\WARCRAFT\Warcraft III 1.20e\AI Scripts\AI Scripts.exe c:\games\WARCRAFT\Warcraft III 1.20e\Campaigns\Campaigns.exe c:\games\WARCRAFT\Warcraft III 1.20e\downloads\downloads.exe c:\games\WARCRAFT\Warcraft III 1.20e\Errors\Errors.exe c:\games\WARCRAFT\Warcraft III 1.20e\Maps\Download\Download.exe c:\games\WARCRAFT\Warcraft III 1.20e\Maps\downloads\downloads.exe c:\games\WARCRAFT\Warcraft III 1.20e\Maps\FrozenThrone\FrozenThrone.exe c:\games\WARCRAFT\Warcraft III 1.20e\Maps\FrozenThrone\Scenario\Scenario.exe c:\games\WARCRAFT\Warcraft III 1.20e\Maps\Maps.exe c:\games\WARCRAFT\Warcraft III 1.20e\Maps\Scenario\Scenario.exe c:\games\WARCRAFT\Warcraft III 1.20e\Movies\Movies.exe c:\games\WARCRAFT\Warcraft III 1.20e\redist\miles\miles.exe c:\games\WARCRAFT\Warcraft III 1.20e\redist\redist.exe c:\games\WARCRAFT\Warcraft III 1.20e\replay\replay.exe c:\games\WARCRAFT\Warcraft III 1.20e\save\Multiplayer\Multiplayer.exe c:\games\WARCRAFT\Warcraft III 1.20e\save\Profile1\Profile1.exe c:\games\WARCRAFT\Warcraft III 1.20e\save\save.exe c:\games\WARCRAFT\Warcraft III 1.20e\support\BattleNet\BattleNet.exe c:\games\WARCRAFT\Warcraft III 1.20e\support\Images\ClanIcons\ClanIcons.exe c:\games\WARCRAFT\Warcraft III 1.20e\support\Images\Images.exe c:\games\WARCRAFT\Warcraft III 1.20e\support\Images\Nav\Nav.exe c:\games\WARCRAFT\Warcraft III 1.20e\support\Layout\Layout.exe c:\games\WARCRAFT\Warcraft III 1.20e\support\Readme\Readme.exe c:\games\WARCRAFT\Warcraft III 1.20e\support\support.exe c:\games\WARCRAFT\Warcraft III 1.20e\support\Support\Support.exe c:\games\WARCRAFT\Warcraft III 1.20e\support\WorldEdit\WorldEdit.exe c:\games\WARCRAFT\Warcraft III 1.20e\Warcraft III 1.20e.exe c:\games\WARCRAFT\WARCRAFT.exe c:\internet cafe software\Internet Cafe Software.exe c:\logs\logs.exe c:\mobo\BIOSTAR N61VM21.1\BIOSTAR N61VM21.1.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\2kxp.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\Ethernet\Ethernet.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\Ethernet\NAM\NAM.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\IDE.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\raidtool\raidtool.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\sata_ide\sata_ide.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\sataraid\sataraid.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\Win2K.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\raidtool\raidtool.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\sata_ide\sata_ide.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\sataraid\sataraid.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\WinXP.exe c:\mobo\BIOSTAR NF61V v1.0\2kxp\SMBus\SMBus.exe c:\mobo\BIOSTAR NF61V v1.0\BIOSTAR NF61V v1.0.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\GA-M61VME-S2 (rev. 1.0).exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\Ethernet\Ethernet.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\Ethernet\NAM\NAM.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\MCP61.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\SMBus\SMBus.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\New Folder.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\Config\Config.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\MSHDQFE.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K_XP\us\us.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K_XP\Win2K_XP.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K3\us\us.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K3\Win2K3.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\realtek.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\Vista\Vista.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\Vista64\Vista64.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\WDM\WDM.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\Ethernet\Ethernet.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\IDE.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\raidtool\raidtool.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\sata_ide\sata_ide.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\sataraid\sataraid.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\Win2K.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\raidtool\raidtool.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\sata_ide\sata_ide.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\sataraid\sataraid.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\WinXP.exe c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\SMBus\SMBus.exe c:\mobo\GA_M61spm\GA_M61spm.exe c:\mobo\GA_M61spm\MSHDQFE\MSHDQFE.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\ara\ara.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\br\br.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\chs\chs.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\cht\cht.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\cs\cs.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\da\da.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\el\el.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\es\es.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\fi\fi.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\fr\fr.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\ger\ger.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\heb\heb.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\hu\hu.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\it\it.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\jpn\jpn.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\kor\kor.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\nl\nl.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\no\no.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\pl\pl.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\pt\pt.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\ru\ru.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\sk\sk.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\sl\sl.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\sv\sv.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\tr\tr.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\us\us.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\Win2K_XP.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\ara\ara.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\br\br.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\chs\chs.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\cht\cht.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\cs\cs.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\da\da.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\el\el.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\es\es.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\fi\fi.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\fr\fr.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\ger\ger.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\heb\heb.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\hu\hu.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\it\it.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\jpn\jpn.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\kor\kor.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\nl\nl.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\no\no.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\pl\pl.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\pt\pt.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\ru\ru.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\sk\sk.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\sl\sl.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\sv\sv.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\tr\tr.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\us\us.exe c:\mobo\GA_M61spm\MSHDQFE\Win2K3\Win2K3.exe c:\mobo\GA_M61spm\Realtek\Config\Config.exe c:\mobo\GA_M61spm\Realtek\MSHDQFE\MSHDQFE.exe c:\mobo\GA_M61spm\Realtek\MSHDQFE\Win2K_XP\us\us.exe c:\mobo\GA_M61spm\Realtek\MSHDQFE\Win2K_XP\Win2K_XP.exe c:\mobo\GA_M61spm\Realtek\MSHDQFE\Win2K3\us\us.exe c:\mobo\GA_M61spm\Realtek\MSHDQFE\Win2K3\Win2K3.exe c:\mobo\GA_M61spm\Realtek\Realtek.exe c:\mobo\GA_M61spm\Realtek\Vista\Vista.exe c:\mobo\GA_M61spm\Realtek\Vista64\Vista64.exe c:\mobo\GA_M61spm\Realtek\WDM\WDM.exe c:\mobo\GA_M61spm\Setup\Ethernet\Ethernet.exe c:\mobo\GA_M61spm\Setup\IDE\IDE.exe c:\mobo\GA_M61spm\Setup\IDE\Win2K\raidtool\raidtool.exe c:\mobo\GA_M61spm\Setup\IDE\Win2K\sata_ide\sata_ide.exe c:\mobo\GA_M61spm\Setup\IDE\Win2K\sataraid\sataraid.exe c:\mobo\GA_M61spm\Setup\IDE\Win2K\Win2K.exe c:\mobo\GA_M61spm\Setup\IDE\WinXP\raidtool\raidtool.exe c:\mobo\GA_M61spm\Setup\IDE\WinXP\sata_ide\sata_ide.exe c:\mobo\GA_M61spm\Setup\IDE\WinXP\sataraid\sataraid.exe c:\mobo\GA_M61spm\Setup\IDE\WinXP\WinXP.exe c:\mobo\GA_M61spm\Setup\SMBus\SMBus.exe c:\mobo\L177WSB\L177WSB.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\2kxp.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\Ethernet\Ethernet.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\Ethernet\NAM\NAM.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\IDE.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\raidtool\raidtool.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\sata_ide\sata_ide.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\sataraid\sataraid.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\Win2K.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\raidtool\raidtool.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\sata_ide\sata_ide.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\sataraid\sataraid.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\WinXP.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\SMBus\SMBus.exe c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\BIOSTAR NF61V v1.0.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\GA-M61VME-S2 (rev. 1.0).exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\Ethernet\Ethernet.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\Ethernet\NAM\NAM.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\MCP61.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\SMBus\SMBus.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\New Folder.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\Config\Config.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\MSHDQFE.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K_XP\us\us.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K_XP\Win2K_XP.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K3\us\us.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K3\Win2K3.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\realtek.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\Vista\Vista.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\Vista64\Vista64.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\WDM\WDM.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\Ethernet\Ethernet.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\IDE.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\raidtool\raidtool.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\sata_ide\sata_ide.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\sataraid\sataraid.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\Win2K.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\raidtool\raidtool.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\sata_ide\sata_ide.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\sataraid\sataraid.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\WinXP.exe c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\SMBus\SMBus.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\Audio_Realtek-AC65x-850_3.74_all(2).exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\Ap\Ap.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\V3.74.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\WDM\WDM.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\Win95\Win95.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\WinNT4\WinNT4.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\Ethernet\Ethernet.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\IDE.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\Win2K\raidtool\raidtool.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\Win2K\sata_ide\sata_ide.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\Win2K\sataraid\sataraid.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\Win2K\Win2K.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\WinXP\raidtool\raidtool.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\WinXP\sata_ide\sata_ide.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\WinXP\sataraid\sataraid.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\WinXP\WinXP.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\SMBus\SMBus.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\geforce 6100.exe c:\mobo\MOBO DRIVER\geforce6100epox\geforce6100epox.exe c:\mobo\MOBO DRIVER\MOBO DRIVER.exe c:\mobo\mobo.exe c:\pansa\Games\Games.exe c:\pansa\Internet\Internet.exe c:\pansa\Office\Office.exe c:\pansa\pansa.exe c:\rockstar games\GTA San Andreas\anim\anim.exe c:\rockstar games\GTA San Andreas\audio\audio.exe c:\rockstar games\GTA San Andreas\audio\CONFIG\CONFIG.exe c:\rockstar games\GTA San Andreas\audio\SFX\SFX.exe c:\rockstar games\GTA San Andreas\audio\streams\streams.exe c:\rockstar games\GTA San Andreas\data\data.exe c:\rockstar games\GTA San Andreas\data\Decision\Allowed\Allowed.exe c:\rockstar games\GTA San Andreas\data\Decision\andyd\andyd.exe c:\rockstar games\GTA San Andreas\data\Decision\chris\chris.exe c:\rockstar games\GTA San Andreas\data\Decision\ChrisM\ChrisM.exe c:\rockstar games\GTA San Andreas\data\Decision\Craig\Craig.exe c:\rockstar games\GTA San Andreas\data\Decision\david\david.exe c:\rockstar games\GTA San Andreas\data\Decision\Decision.exe c:\rockstar games\GTA San Andreas\data\Decision\Imran\Imran.exe c:\rockstar games\GTA San Andreas\data\Icons\Icons.exe c:\rockstar games\GTA San Andreas\data\maps\country\country.exe c:\rockstar games\GTA San Andreas\data\maps\generic\generic.exe c:\rockstar games\GTA San Andreas\data\maps\interior\interior.exe c:\rockstar games\GTA San Andreas\data\maps\LA\LA.exe c:\rockstar games\GTA San Andreas\data\maps\leveldes\leveldes.exe c:\rockstar games\GTA San Andreas\data\maps\maps.exe c:\rockstar games\GTA San Andreas\data\maps\SF\SF.exe c:\rockstar games\GTA San Andreas\data\maps\vegas\vegas.exe c:\rockstar games\GTA San Andreas\data\maps\veh_mods\veh_mods.exe c:\rockstar games\GTA San Andreas\data\Paths\Paths.exe c:\rockstar games\GTA San Andreas\data\script\script.exe c:\rockstar games\GTA San Andreas\filterscripts\filterscripts.exe c:\rockstar games\GTA San Andreas\gamemodes\gamemodes.exe c:\rockstar games\GTA San Andreas\GTA San Andreas.exe c:\rockstar games\GTA San Andreas\models\coll\coll.exe c:\rockstar games\GTA San Andreas\models\generic\generic.exe c:\rockstar games\GTA San Andreas\models\grass\grass.exe c:\rockstar games\GTA San Andreas\models\models.exe c:\rockstar games\GTA San Andreas\models\txd\txd.exe c:\rockstar games\GTA San Andreas\movies\movies.exe c:\rockstar games\GTA San Andreas\pawno\include\include.exe c:\rockstar games\GTA San Andreas\ReadMe\ReadMe.exe c:\rockstar games\GTA San Andreas\samp022server.win32\filterscripts\filterscripts.exe c:\rockstar games\GTA San Andreas\samp022server.win32\gamemodes\gamemodes.exe c:\rockstar games\GTA San Andreas\samp022server.win32\pawno\include\include.exe c:\rockstar games\GTA San Andreas\samp022server.win32\samp022server.win32.exe c:\rockstar games\GTA San Andreas\samp022server.win32\scriptfiles\scriptfiles.exe c:\rockstar games\GTA San Andreas\scriptfiles\scriptfiles.exe c:\rockstar games\GTA San Andreas\text\text.exe c:\rockstar games\Rockstar Games.exe c:\rockstar games\samp022server.win32\filterscripts\filterscripts.exe c:\rockstar games\samp022server.win32\gamemodes\gamemodes.exe c:\rockstar games\samp022server.win32\pawno\include\include.exe c:\rockstar games\samp022server.win32\samp022server.win32.exe c:\rockstar games\samp022server.win32\scriptfiles\scriptfiles.exe c:\sierra\Half-Life\cstrike\cl_dlls\cl_dlls.exe c:\sierra\Half-Life\cstrike\classes\classes.exe c:\sierra\Half-Life\cstrike\cstrike.exe c:\sierra\Half-Life\cstrike\dlls\dlls.exe c:\sierra\Half-Life\cstrike\events\events.exe c:\sierra\Half-Life\cstrike\gfx\env\env.exe c:\sierra\Half-Life\cstrike\gfx\gfx.exe c:\sierra\Half-Life\cstrike\gfx\shell\shell.exe c:\sierra\Half-Life\cstrike\gfx\vgui\vgui.exe c:\sierra\Half-Life\cstrike\manual\manual.exe c:\sierra\Half-Life\cstrike\maps\maps.exe c:\sierra\Half-Life\cstrike\media\media.exe c:\sierra\Half-Life\cstrike\models\models.exe c:\sierra\Half-Life\cstrike\models\player\arctic\arctic.exe c:\sierra\Half-Life\cstrike\models\player\gign\gign.exe c:\sierra\Half-Life\cstrike\models\player\gsg9\gsg9.exe c:\sierra\Half-Life\cstrike\models\player\guerilla\guerilla.exe c:\sierra\Half-Life\cstrike\models\player\leet\leet.exe c:\sierra\Half-Life\cstrike\models\player\player.exe c:\sierra\Half-Life\cstrike\models\player\sas\sas.exe c:\sierra\Half-Life\cstrike\models\player\terror\terror.exe c:\sierra\Half-Life\cstrike\models\player\urban\urban.exe c:\sierra\Half-Life\cstrike\models\player\vip\vip.exe c:\sierra\Half-Life\cstrike\overviews\overviews.exe c:\sierra\Half-Life\cstrike\PODBot\BotChats\BotChats.exe c:\sierra\Half-Life\cstrike\PODBot\Docs\Docs.exe c:\sierra\Half-Life\cstrike\PODBot\Docs\GFX\GFX.exe c:\sierra\Half-Life\cstrike\PODBot\PODBot.exe c:\sierra\Half-Life\cstrike\PODBot\Wptcs10\Wptcs10.exe c:\sierra\Half-Life\cstrike\PODBot\WPTCS11\WPTCS11.exe c:\sierra\Half-Life\cstrike\PODBot\WPTCS6.x\WPTCS6.x.exe c:\sierra\Half-Life\cstrike\PODBot\WPTCS71\WPTCS71.exe c:\sierra\Half-Life\cstrike\PODBot\WPTCustom\WPTCustom.exe c:\sierra\Half-Life\cstrike\PODBot\WPTDefault\WPTDefault.exe c:\sierra\Half-Life\cstrike\SAVE\SAVE.exe c:\sierra\Half-Life\cstrike\sound\ambience\ambience.exe c:\sierra\Half-Life\cstrike\sound\de_torn\de_torn.exe c:\sierra\Half-Life\cstrike\sound\hostage\hostage.exe c:\sierra\Half-Life\cstrike\sound\items\items.exe c:\sierra\Half-Life\cstrike\sound\misc\misc.exe c:\sierra\Half-Life\cstrike\sound\plats\plats.exe c:\sierra\Half-Life\cstrike\sound\player\player.exe c:\sierra\Half-Life\cstrike\sound\radio\radio.exe c:\sierra\Half-Life\cstrike\sound\sound.exe c:\sierra\Half-Life\cstrike\sound\storm\storm.exe c:\sierra\Half-Life\cstrike\sound\weapons\weapons.exe c:\sierra\Half-Life\cstrike\sprites\sprites.exe c:\sierra\Half-Life\dmc\dlls\dlls.exe c:\sierra\Half-Life\dmc\events\door\door.exe c:\sierra\Half-Life\dmc\events\events.exe c:\sierra\Half-Life\dmc\gfx\gfx.exe c:\sierra\Half-Life\dmc\gfx\shell\shell.exe c:\sierra\Half-Life\dmc\gfx\vgui\vgui.exe c:\sierra\Half-Life\dmc\maps\maps.exe c:\sierra\Half-Life\dmc\media\media.exe c:\sierra\Half-Life\dmc\models\models.exe c:\sierra\Half-Life\dmc\overviews\overviews.exe c:\sierra\Half-Life\dmc\sound\ambience\ambience.exe c:\sierra\Half-Life\dmc\sound\items\items.exe c:\sierra\Half-Life\dmc\sound\misc\misc.exe c:\sierra\Half-Life\dmc\sound\player\player.exe c:\sierra\Half-Life\dmc\sound\sound.exe c:\sierra\Half-Life\dmc\sound\weapons\weapons.exe c:\sierra\Half-Life\dmc\sprites\sprites.exe c:\sierra\Half-Life\gldrv\gldrv.exe c:\sierra\Half-Life\Half-Life.exe c:\sierra\Half-Life\logos\logos.exe c:\sierra\Half-Life\tfc\cl_dlls\cl_dlls.exe c:\sierra\Half-Life\tfc\classes\classes.exe c:\sierra\Half-Life\tfc\dlls\dlls.exe c:\sierra\Half-Life\tfc\events\door\door.exe c:\sierra\Half-Life\tfc\events\events.exe c:\sierra\Half-Life\tfc\events\explode\explode.exe c:\sierra\Half-Life\tfc\events\misc\misc.exe c:\sierra\Half-Life\tfc\events\wpn\wpn.exe c:\sierra\Half-Life\tfc\gfx\env\env.exe c:\sierra\Half-Life\tfc\gfx\gfx.exe c:\sierra\Half-Life\tfc\gfx\shell\shell.exe c:\sierra\Half-Life\tfc\gfx\vgui\vgui.exe c:\sierra\Half-Life\tfc\manual\manual.exe c:\sierra\Half-Life\tfc\maps\maps.exe c:\sierra\Half-Life\tfc\media\media.exe c:\sierra\Half-Life\tfc\models\models.exe c:\sierra\Half-Life\tfc\models\player\civilian\civilian.exe c:\sierra\Half-Life\tfc\models\player\demo\demo.exe c:\sierra\Half-Life\tfc\models\player\engineer\engineer.exe c:\sierra\Half-Life\tfc\models\player\hvyweapon\hvyweapon.exe c:\sierra\Half-Life\tfc\models\player\medic\medic.exe c:\sierra\Half-Life\tfc\models\player\player.exe c:\sierra\Half-Life\tfc\models\player\pyro\pyro.exe c:\sierra\Half-Life\tfc\models\player\scout\scout.exe c:\sierra\Half-Life\tfc\models\player\sniper\sniper.exe c:\sierra\Half-Life\tfc\models\player\soldier\soldier.exe c:\sierra\Half-Life\tfc\models\player\spy\spy.exe c:\sierra\Half-Life\tfc\overviews\overviews.exe c:\sierra\Half-Life\tfc\sound\misc\misc.exe c:\sierra\Half-Life\tfc\sound\sound.exe c:\sierra\Half-Life\tfc\sound\vox\vox.exe c:\sierra\Half-Life\tfc\sound\weapons\weapons.exe c:\sierra\Half-Life\tfc\sprites\sprites.exe c:\sierra\Half-Life\tfc\tfc.exe c:\sierra\Half-Life\valve\cl_dlls\cl_dlls.exe c:\sierra\Half-Life\valve\dlls\dlls.exe c:\sierra\Half-Life\valve\events\events.exe c:\sierra\Half-Life\valve\gfx\gfx.exe c:\sierra\Half-Life\valve\gfx\shell\shell.exe c:\sierra\Half-Life\valve\gfx\vgui\fonts\fonts.exe c:\sierra\Half-Life\valve\gfx\vgui\vgui.exe c:\sierra\Half-Life\valve\hw\hw.exe c:\sierra\Half-Life\valve\maps\maps.exe c:\sierra\Half-Life\valve\media\DrvPage\DrvPage.exe c:\sierra\Half-Life\valve\media\media.exe c:\sierra\Half-Life\valve\media\previews\img\img.exe c:\sierra\Half-Life\valve\media\previews\media\media.exe c:\sierra\Half-Life\valve\media\previews\previews.exe c:\sierra\Half-Life\valve\models\models.exe c:\sierra\Half-Life\valve\models\player\barney\barney.exe c:\sierra\Half-Life\valve\models\player\gman\gman.exe c:\sierra\Half-Life\valve\models\player\hgrunt\hgrunt.exe c:\sierra\Half-Life\valve\models\player\player.exe c:\sierra\Half-Life\valve\models\player\recon\recon.exe c:\sierra\Half-Life\valve\models\player\robo\robo.exe c:\sierra\Half-Life\valve\models\player\zombie\zombie.exe c:\sierra\Half-Life\valve\overviews\overviews.exe c:\sierra\Half-Life\valve\resource\resource.exe c:\sierra\Half-Life\valve\scripts\scripts.exe c:\sierra\Half-Life\valve\sprites\sprites.exe c:\sierra\Half-Life\valve\valve.exe c:\sierra\SIERRA.exe c:\sotec\EN3165A\EN3165A.exe c:\sotec\EN3189A\EN3189A.exe c:\sotec\EN3547A\EN3547A.exe c:\sotec\EN3547A\Win2K\Win2K.exe c:\sotec\EN3547A\Win98\Win98.exe c:\sotec\EN3547A\WinMe\WinMe.exe c:\sotec\EN3547A\WinXP\WinXP.exe c:\sotec\EN4769A\EN4769A.exe c:\sotec\sis\a12112d\a12112d.exe c:\sotec\sis\a12112d\a12112d\a12112d.exe c:\sotec\sis\a12112d\a12112d\App\App.exe c:\sotec\sis\a12112d\a12112d\NT40\NT40.exe c:\sotec\sis\a12112d\a12112d\srv2003\srv2003.exe c:\sotec\sis\a12112d\a12112d\Win2000\Win2000.exe c:\sotec\sis\a12112d\a12112d\win95_98\win95_98.exe c:\sotec\sis\a12112d\a12112d\Win98se\Win98se.exe c:\sotec\sis\a12112d\a12112d\WinME\WinME.exe c:\sotec\sis\a12112d\a12112d\WinXP\WinXP.exe c:\sotec\sis\a12112d\a12112d\WS03XP64\WS03XP64.exe c:\sotec\sis\awi2152\awi2152.exe c:\sotec\sis\ide204a\ide204a.exe c:\sotec\sis\ide204a\R204a\IDE\IDE.exe c:\sotec\sis\ide204a\R204a\IDE\IdeUtil\IdeUtil.exe c:\sotec\sis\ide204a\R204a\IDE\win2k\win2k.exe c:\sotec\sis\ide204a\R204a\IDE\winxp\winxp.exe c:\sotec\sis\ide204a\R204a\R204a.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]003\[u]0[/u]003.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]005\[u]0[/u]005.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]006\[u]0[/u]006.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]007\[u]0[/u]007.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]008\[u]0[/u]008.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]009\[u]0[/u]009.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]00a\[u]0[/u]00a.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]00b\[u]0[/u]00b.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]00e\[u]0[/u]00e.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]010\[u]0[/u]010.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]011\[u]0[/u]011.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]012\[u]0[/u]012.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]013\[u]0[/u]013.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]014\[u]0[/u]014.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]015\[u]0[/u]015.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]019\[u]0[/u]019.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]01b\[u]0[/u]01b.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]01d\[u]0[/u]01d.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]01e\[u]0[/u]01e.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]01f\[u]0[/u]01f.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]021\[u]0[/u]021.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]024\[u]0[/u]024.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]02d\[u]0[/u]02d.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]404\[u]0[/u]404.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]40c\[u]0[/u]40c.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]416\[u]0[/u]416.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]804\[u]0[/u]804.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]816\[u]0[/u]816.exe c:\sotec\sis\ide204a\R204a\setupdir\[u]0[/u]c0c\[u]0[/u]c0c.exe c:\sotec\sis\ide204a\R204a\setupdir\setupdir.exe c:\sotec\sis\ide204a\R204a\SISfiles\SISfiles.exe c:\sotec\sis\sis.exe c:\sotec\sis\uvga3_373\3[1].73Logo\3[1].73Logo.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\373_Logo.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\AGP.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\current.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WIN2000\WIN2000.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WIN2003\WIN2003.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WIN64\WIN64.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WIN98\WIN98.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WINME\WINME.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WINXP\WINXP.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\old.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\WIN2000\WIN2000.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\WIN98\WIN98.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\WINME\WINME.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\WINXP\WINXP.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\sisuagp\sisuagp.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\sisuagp\WIN32\WIN32.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\sisuagp\WIN64\WIN64.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGPPack.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\SISfiles\SISfiles.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\USB.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\Win2K_XP\Win2K_XP.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\Win2K_XP\WinXPUSB\WinXPUSB.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\Win9x\SiSFiles\SiSFiles.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\Win9x\Win9x.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\Language\Language.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\NT4\NT4.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\setupDLL\setupDLL.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\SETUPRES\SETUPRES.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\9xBin\315\315.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\9xBin\9xBin.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\9xBin\Xabre\Xabre.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\ntBin\ntBin.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\utilDLL.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\3DWizard\3DWizard.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Gamma\Gamma.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\General\General.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\ICO\ICO.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Info\Info.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Manager\Manager.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Sistray\Sistray.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\UtilRes.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Video\Video.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\Win98_ME\Win98_ME.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\WinXP_2K\WinXP_2K.exe c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\WinXP64\WinXP64.exe c:\sotec\sis\uvga3_373\uvga3_373.exe c:\sotec\SOTEC.exe c:\zh_reborn_v5.0_the_last_stand\zh_reborn_v5.0_the_last_stand.exe . . ((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 ))))))))))))))))))))))))))))))) . 2009-03-14 08:24 . 2009-03-14 08:24 2,933,582 -ra------ c:\program files\ComboFix.exe 2009-03-13 07:39 . 2009-03-14 08:36 30 -rahs---- c:\windows\pc-off.bat 2009-03-11 22:55 . 2008-11-17 17:33 298,157 -rahs---- c:\windows\password_viewer.exe 2009-03-11 13:42 . 2009-03-11 13:44 d-------- c:\documents and settings\Administrator\Application Data\uTorrent 2009-03-11 12:33 . 2009-03-11 12:33 d-------- c:\program files\SSC Service Utility 2009-03-11 11:48 . 2009-03-11 11:48 5,248 --a------ c:\windows\system32\giveio.sys 2009-03-11 02:01 . 2009-02-23 05:22 3,105,530 --a------ c:\windows\system32\GameMon.des 2009-03-08 15:41 . 2009-03-08 15:41 162 --ah----- C:\~$nus That can be prepared in different Patient.docx 2009-03-01 15:34 . 2009-03-01 15:34 162 --ah----- C:\~$abeg22.docx 2009-02-26 21:47 . 2009-02-26 21:47 d-------- c:\program files\Imikimi 2009-02-26 19:21 . 2009-02-26 19:21 162 --ah----- C:\~$ring Basa.docx 2009-02-26 19:21 . 2009-02-26 19:21 162 --ah----- C:\~$Ina.docx 2009-02-22 16:13 . 2009-02-22 16:13 d-------- c:\documents and settings\Administrator\Application Data\Avira 2009-02-14 15:57 . 2009-02-14 15:57 d-------- c:\documents and settings\All Users\Application Data\Trymedia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-14 00:36 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire 2009-03-12 12:50 --------- d-----w c:\program files\Caffe 2009-02-14 07:52 --------- d-----w c:\program files\Yahoo! 2009-02-13 06:01 1,478,486 ----a-w C:\attachments_2009_02_130.zip 2009-02-13 03:23 1,478,486 ----a-w C:\attachments_2009_02_13....zip 2009-02-12 16:26 --------- d-----w c:\program files\HighStreet 5 2009-02-12 16:12 --------- d-----w c:\program files\Garena 2009-01-18 13:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-15 10:33 231,077,053 ----a-w C:\CrazyKart_OBT.zip 2008-06-12 23:00 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys 2008-11-17 09:33 298,157 --sha-r c:\windows\password_viewer.exe 2004-08-03 22:56 165,141 --sha-r c:\windows\system32\zdljjssh.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2008-06-02 1275904] "PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-26 212992] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "Caffe-Server"="c:\program files\Caffe\Server.exe" [2009-01-19 5387776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-09-19 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe,password_viewer.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:H * [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6021:TCP"= 6021:TCP:ffognh R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2007-03-07 130584] R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-10-10 164097] R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2008-10-10 258305] R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-10-10 41217] S2 gqpwn;Config Server;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] S2 mdrmsozkk;Center Update;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] S2 sfosk;Microsoft Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-11-27 428160] S3 XDva098;XDva098;\??\c:\windows\system32\XDva098.sys --> c:\windows\system32\XDva098.sys [?] S3 XDva197;XDva197;\??\c:\windows\system32\XDva197.sys --> c:\windows\system32\XDva197.sys [?] S3 XDva231;XDva231;\??\c:\windows\system32\XDva231.sys --> c:\windows\system32\XDva231.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp mdrmsozkk sfosk gqpwn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##herick_server#H] \Shell\AutoRun\command - Z:\SETUP.EXE \Shell\configure\command - Z:\SETUP.EXE \Shell\install\command - Z:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12e7157e-d941-11dd-81d3-00e0b0f957ac}] \Shell\AutoRun\command - E:\kk3.bat \Shell\explore\Command - E:\kk3.bat \Shell\open\Command - E:\kk3.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12e7157f-d941-11dd-81d3-00e0b0f957ac}] \Shell\AutoRun\command - password_viewer.exe %1 \Shell\Explore\command - password_viewer.exe %1 \Shell\Open\command - password_viewer.exe %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}] \Shell\Auto\command - Recycled/dllcache32.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe \Shell\explore\Command - Recycled/dllcache32.exe \Shell\open\Command - Recycled/dllcache32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1de41e83-cbda-11dd-81c2-00e0b0f957ac}] \Shell\AutoRun\command - E:\password_viewer.exe %1 \Shell\Explore\command - E:\password_viewer.exe %1 \Shell\Open\command - E:\password_viewer.exe %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f1fd748-ed31-11dd-81fb-00e0b0f957ac}] \Shell\AutoPlay\Command - wscript.exe ntidr.vbs \Shell\AutoRun\command - wscript.exe ntidr.vbs \Shell\Explore\Command - wscript.exe ntidr.vbs \Shell\Open\Command - wscript.exe ntidr.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f1fd749-ed31-11dd-81fb-00e0b0f957ac}] \Shell\AutoRun\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe \Shell\open\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a8ad220-dd3c-11dd-81d9-00e0b0f957ac}] \Shell\AutoRun\command - 1u0o8bnq.cmd \Shell\explore\Command - 1u0o8bnq.cmd \Shell\open\Command - 1u0o8bnq.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33bae6c2-f7fd-11dd-820c-00e0b0f957ac}] \ShElL\autoplAy\coMMand - E:\kvogm.exe \ShElL\AutoRun\command - E:\kvogm.exe \ShElL\Explore\comMANd - E:\kvogm.exe \ShElL\opeN\CoMmaNd - E:\kvogm.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36473822-6a1b-11dd-b085-806d6172696f}] \Shell\AutoRun\command - D:\kn6jhgc.cmd \Shell\explore\Command - D:\kn6jhgc.cmd \Shell\open\Command - D:\kn6jhgc.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36473823-6a1b-11dd-b085-806d6172696f}] \Shell\AutoRun\command - E:\kn6jhgc.cmd \Shell\explore\Command - E:\kn6jhgc.cmd \Shell\open\Command - E:\kn6jhgc.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{477bb646-e04e-11dd-81dd-00e0b0f957ac}] \Shell\AutoRun\command - E:\winlogon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b1e782-b387-11dd-8199-00e0b0f957ac}] \Shell\AutoRun\command - e:\.system\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe \Shell\open\command - e:\.system\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e0629d7-65b2-11dd-a7b4-806d6172696f}] \Shell\AutoRun\command - D:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ee969d9-c8ba-11dd-81be-00e0b0f957ac}] \Shell\AutoRun\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe \Shell\open\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51b6d3aa-c656-11dd-81ba-00e0b0f957ac}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e07fc2-34f0-11dd-b63e-806d6172696f}] \Shell\AutoRun\command - H:\Install.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57eaa3d3-fe28-11dd-821b-00e0b0f957ac}] \Shell\AutoRun\command - E:\2fiy.bat \Shell\open\Command - E:\2fiy.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7da315e3-df84-11dd-81dc-00e0b0f957ac}] \Shell\AutoRun\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe \Shell\open\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7da315e4-df84-11dd-81dc-00e0b0f957ac}] \Shell\AutoRun\command - F:\USBNB.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80dbea98-aece-11dd-8192-00e0b0f957ac}] \Shell\AutoRun\command - E:\r.bat \Shell\explore\Command - E:\r.bat \Shell\open\Command - E:\r.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8abae87e-becc-11dd-81ae-00e0b0f957ac}] \Shell\AutoRun\command - wscript.exe sowar.vbs \Shell\Open\Command - wscript.exe sowar.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bb81788-c71b-11dd-81bb-00e0b0f957ac}] \Shell\AutoRun\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe \Shell\open\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bb81789-c71b-11dd-81bb-00e0b0f957ac}] \Shell\AutoRun\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe \Shell\open\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a34bc7e-eaab-11dd-81f8-00e0b0f957ac}] \Shell\AutoRun\command - E:\no.com \Shell\explore\Command - E:\no.com \Shell\open\Command - E:\no.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba1d3903-e4ec-11dd-81e8-00e0b0f957ac}] \shell\explore\Command - E:\boot.exe \shell\open\Command - E:\boot.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb00885a-e769-11dd-81f3-00e0b0f957ac}] \Shell\AutoRun\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe \Shell\open\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d10dfa20-b05f-11dd-8195-00e0b0f957ac}] \Shell\AutoRun\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe \Shell\open\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73e907d-ca93-11dd-81c0-00e0b0f957ac}] \Shell\AutoRun\command - wscript.exe sowar.vbs \Shell\Open\Command - wscript.exe sowar.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed044562-bd38-11dd-81ab-00e0b0f957ac}] \Shell\AutoRun\command - E:\r.bat \Shell\explore\Command - E:\r.bat \Shell\open\Command - E:\r.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1a41060-e174-11dd-81df-00e0b0f957ac}] \Shell\AutoRun\command - E:\password_viewer.exe %1 \Shell\Explore\command - E:\password_viewer.exe %1 \Shell\Open\command - E:\password_viewer.exe %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8a47035-07ba-11de-822d-00e0b0f957ac}] \Shell\AutoRun\command - wscript.exe sowar.vbs \Shell\Open\Command - wscript.exe sowar.vbs . Contents of the 'Scheduled Tasks' folder 2009-03-13 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:09] 2009-03-13 c:\windows\Tasks\At1.job - c:\windows\system32\RVHOST.exe [] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Caffe-ICUpdater - c:\program files\Caffe\ICUpdater.exe HKCU-Run-InternetCaffeUpdater - ICUpdater.exe HKLM-Run-CafeClient - c:\progra~1\CAFEMA~1\CafeClient.exe HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE Notify-DfLogon - LogonDll.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyServer = 10.0.0.1:5555 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: avsda.dll TCP: {34D74BE8-0ABF-4AA5-809D-9DFF6D85E8DC} = 58.69.254.4,58.69.254.7 TCP: {34DC6105-39F8-4225-998B-C64886AB860D} = 58.69.254.4,58.69.254.7 DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-14 08:36:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gqpwn] "ServiceDll"="c:\program files\Movie Maker\zdljjssh.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mdrmsozkk] "ServiceDll"="c:\windows\system32\zdljjssh.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sfosk] "ServiceDll"="c:\program files\Internet Explorer\zdljjssh.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(856) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(912) c:\windows\system32\relog_ap.dll c:\windows\system32\avsda.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe c:\windows\password_viewer.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Avira\AntiVir PersonalEdition Premium\avguard.exe c:\windows\system32\PnkBstrA.exe c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe c:\windows\system32\wscntfy.exe c:\program files\Avira\AntiVir PersonalEdition Premium\guardgui.exe . ************************************************************************** . Completion time: 2009-03-14 8:39:09 - machine was rebooted [Administrator] ComboFix-quarantined-files.txt 2009-03-14 00:39:07 Pre-Run: 78,200,942,592 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 1272