Trojan vundo.jz help?

View previous topic View next topic Go down

Solved Trojan vundo.jz help?

Post by jydthump on 22nd January 2010, 6:32 am

Hey there. Looks as if I've acquired the vundo virus. Here are my hijack this and malwarebytes logs...any help is greatly appreciated Smile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:00 AM, on 1/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 8924 bytes


.....................................................

Malwarebytes' Anti-Malware 1.44
Database version: 3612
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1/22/2010 12:29:58 AM
mbam-log-2010-01-22 (00-29-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 234331
Time elapsed: 1 hour(s), 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.

jydthump
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-10
Gender Gender : Male
OS OS : Windows XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Trojan vundo.jz help?

Post by Belahzur on 22nd January 2010, 10:29 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Trojan vundo.jz help?

Post by jydthump on 23rd January 2010, 2:10 am

ComboFix 10-01-21.08 - Samuel Jay Wilk 01/22/2010 19:49:47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.591 [GMT -6:00]
Running from: c:\documents and settings\Samuel Jay Wilk\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Samuel Jay Wilk\Application Data\inst.exe
c:\documents and settings\Samuel Jay Wilk\nah_log.dat
c:\temp\iee
c:\windows\cs_cache.ini
c:\windows\system32\42KJE738.ocx
c:\windows\system32\Data
c:\windows\system32\Data\CTP0358W.DAT
c:\windows\system32\ipanolet.ini

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-14 18:59 . 2010-01-22 22:37 0 ----a-w- c:\documents and settings\Samuel Jay Wilk\Local Settings\Application Data\prvlcl.dat
2010-01-07 18:44 . 2010-01-07 18:44 -------- d-----w- c:\program files\Common Files\Vbox
2010-01-07 03:17 . 2010-01-07 03:17 -------- d-----w- C:\$AVG
2010-01-07 03:17 . 2010-01-07 03:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-07 03:17 . 2010-01-07 03:17 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-07 03:17 . 2010-01-07 03:17 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-07 03:17 . 2010-01-07 03:17 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-07 03:17 . 2010-01-22 23:59 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-07 03:17 . 2010-01-07 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-06 21:43 . 2010-01-06 21:50 -------- d-----w- c:\documents and settings\Samuel Jay Wilk\Application Data\QuickScan
2010-01-06 21:21 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-06 10:12 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-06 10:12 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-06 01:40 . 2009-11-03 02:42 195456 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 01:57 . 2005-03-25 01:02 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2010-01-23 01:57 . 2005-03-25 01:02 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2010-01-22 19:34 . 2005-04-05 01:19 -------- d-----w- c:\program files\Dl_cats
2010-01-22 06:33 . 2008-06-05 04:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 05:23 . 2009-03-27 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 05:22 . 2010-01-22 05:22 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-19 21:22 . 2004-03-23 18:13 467200 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-01-15 00:35 . 2006-02-14 18:35 -------- d-----w- c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus
2010-01-09 22:23 . 2005-03-25 00:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-09 22:21 . 2005-03-28 22:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-09 21:41 . 2009-10-30 01:51 -------- d-----w- c:\program files\VS Revo Group
2010-01-07 22:07 . 2009-03-27 15:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-03-27 15:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 15:04 . 2010-01-18 14:25 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-07 15:04 . 2010-01-18 14:25 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-07 03:36 . 2009-01-30 04:08 -------- d-----w- c:\documents and settings\Samuel Jay Wilk\Application Data\Vso
2010-01-07 03:17 . 2010-01-18 14:25 1260312 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-07 03:17 . 2009-04-14 16:23 -------- d-----w- c:\program files\AVG
2010-01-07 02:38 . 2005-08-23 17:04 -------- d-----w- c:\program files\Lavasoft
2010-01-07 02:38 . 2008-03-06 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-07 01:33 . 2005-03-29 06:33 72296 -c--a-w- c:\documents and settings\Samuel Jay Wilk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 19:45 . 2005-03-25 01:04 -------- d-----w- c:\program files\Microsoft Works
2010-01-05 19:24 . 2009-01-30 04:07 -------- d-----w- c:\program files\VSO
2010-01-05 10:00 . 2004-08-10 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-10 19:06 . 2005-09-14 15:18 -------- d-----w- c:\program files\DivX
2009-12-10 19:06 . 2009-08-06 12:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-03 03:46 . 2009-12-03 03:45 -------- d-----w- c:\program files\iTunes
2009-12-03 03:46 . 2009-12-03 03:46 -------- d-----w- c:\program files\iPod
2009-12-03 03:46 . 2007-07-11 03:18 -------- d-----w- c:\program files\Common Files\Apple
2009-12-03 03:39 . 2005-03-25 01:17 -------- d-----w- c:\program files\QuickTime
2009-12-03 03:32 . 2009-12-03 03:32 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-21 15:51 . 2004-08-10 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 21:23 . 2006-05-04 05:07 1277 -c--a-w- c:\windows\checkip.dat
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-31 19:01 . 2009-10-23 17:19 53940 ---ha-w- c:\windows\system32\mlfcache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-11-17 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"MplSetUp"="c:\program files\RMClient\MplSetUp.exe" [2000-11-05 40960]
"JobHisInit"="c:\program files\RMClient\JobHisInit.exe" [2001-11-17 135168]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-07 2033432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-07 03:17 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Samuel Jay Wilk^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 22:54 57344 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-03-25 01:17 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [3/27/2009 9:07 AM 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [1/6/2010 9:17 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [1/6/2010 9:17 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/6/2010 9:17 PM 285392]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 2:22 PM 102400]
S2 SVKP;SVKP; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Samuel Jay Wilk\Application Data\Mozilla\Firefox\Profiles\5y059lwj.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Samuel Jay Wilk\Application Data\Mozilla\Firefox\Profiles\5y059lwj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-22 19:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SVKP]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3236)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2010-01-22 20:05:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-23 02:05

Pre-Run: 119,725,109,248 bytes free
Post-Run: 119,856,648,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 86F4E7A0519C92DF787AE6EBFA00B785

jydthump
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-10
Gender Gender : Male
OS OS : Windows XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Trojan vundo.jz help?

Post by Belahzur on 23rd January 2010, 11:44 pm

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Trojan vundo.jz help?

Post by jydthump on 24th January 2010, 12:59 am

Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Reader 7.0
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Avery® Wizard 2.1 for Microsoft® Office Word 2003
AVG Free 9.0
AviSynth 2.5
BDE Paradox Only
Bonjour
Broadcom Advanced Control Suite 2
Business Contact Manager for Outlook 2003
CCleaner
ConvertXtoDVD 4.0.9.322
Creative MediaSource
Defraggler
Dell Driver Reset Tool
Dell File Manager
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support Center
DellSupport
DivX Codec
DivX Web Player
DreamStation DXi2
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
GemMaster Mystic
Handbrake 0.9.2
hȋdden Expedition Devils Triangle 1.00
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LAN-Fax Utilities
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
OpenAL
Otto
Podcast Station 2.1
PowerDVD 5.3
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
QuickTime Alternative 1.52
Real Alternative 1.46
RealPlayer Basic
Registry Mechanic 5.0
Samson SoftPre
Security Task Manager 1.7e
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SmartNetMonitor for Client
Sound Blaster Audigy 2 ZS
SupportSoft Assisted Service
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
WD Diagnostics
WD Drive Manager (x86)
Winamp (remove only)
WinAVI VideoConverter
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
XviD MPEG-4 Codec

jydthump
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-10
Gender Gender : Male
OS OS : Windows XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Trojan vundo.jz help?

Post by Belahzur on 24th January 2010, 1:14 am

Hello.

I see that you are running Frostwire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 11
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\documents and settings\Samuel Jay Wilk\Local Settings\Application Data\prvlcl.dat

    Folder::
    c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus

    DDS::
    uStart Page =

    Driver::
    SVKP
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Trojan vundo.jz help?

Post by jydthump on 24th January 2010, 2:21 am

ComboFix 10-01-21.08 - Samuel Jay Wilk 01/23/2010 19:58:09.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.568 [GMT -6:00]
Running from: c:\documents and settings\Samuel Jay Wilk\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Samuel Jay Wilk\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\documents and settings\Samuel Jay Wilk\Local Settings\Application Data\prvlcl.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\.certs
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\.keystore
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\.lock
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\active\074E04D1A0E33BCA1E8700C6E9877F1B69B4A679.dat
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\active\cache.dat
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\azureus.config
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\azureus.statistics
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\banips.config
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\dht\general.dat
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\dht\version.dat
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\downloads.config
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\tmp\AZU2364621877537907179.tmp
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\tmp\AZU3006079678046143977.tmp
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\tmp\AZU436694459920193433.tmp
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\tmp\AZU5568679398113547929.tmp
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\tmp\AZU6378680582166913742.tmp
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\tmp\AZU9131319883293128064.tmp
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\-_mininova.org_-_Chuck.S01E01.Plot.PROPER.HDTV.XviD-FQM.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\-~mininova.org~-_Chuck.S01E04.HDTV.NOT.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\((Demonoid.com))-Adobe_Illustrator_10_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\(Demonoid.com)-CHARTBUSTERS_CB_30100_KARAOKE_JUNE_2009_.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\(Demonoid.com)-Pop_Hits_Monthly_July_2009_PHM0907_PHN0907_PHU0907_Karaoke_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[[Demonoid.com]]-Kenny_Chesney_4_Album_Collection_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[[Demonoid.com]]-vso_ConvertX2DVD_4_0_9_322_with_working_keygen_fubar67_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[]Demonoid.com[]-Several_Female_Karaoke_Songs.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[btdig.com] Miley Cyrus Leaked Pics.rar.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] 0a97f16e4868ef39db92ac2c23920e97cfbe1b3f.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] 233eb6c84a6bf89e7e78dea5dc7328e5765b8307.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] 8cdb4c5aab60519bcca2864e884015757d5d902a.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] 90210.S01E09.HDTV.XviD-LOL.avi.4488137.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] 90210.S02E01.To.New.Beginnings.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] 90210.S02E02.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] 90210.S02E03.HDTV.XviD-LOL.avi.5097236.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] 90210.S02E04.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] 90210.S02E05.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] 90210.S02E06.Wild.Alaskan.Salmon.HDTV.XviD-FQM.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] a6559953fbff61c8494344d12bc3a006246f3fdd.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Ace Utilities 4.1.1 Build 4053.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Atomix_Virtual_DJ_Professional_v5.2___serial.4447520.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Breaking Benjamin - Dear Agony [CD] [320K].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Buckcherry - 15 [2006].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] cashflow_101_202___for_kids.4099505.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] df759e2b022747933f460fd31711488d3f01e79a.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] download.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] edc65fe3c8aac512a93a3ccd1c60ce5599e352c9.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Eli Stone S01E12 HDTV XviD-0TV [eztv] [smaragdtorrent.to].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Get_Crazy-1983.avi.1297324.SN.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Hinder - Extreme Behavior.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] IGT Slots Texas Tea [English][PC][[You must be registered and logged in to see this link.]
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] IGT.Slots.Texas.Tea.CkY2Kdunn.5100309.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Kenny Chesney.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Miley Cyrus Leaked Pics.rar.1374168.SN.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Native Instruments Traktor DJ Studio 3.4.1.040.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail-1.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Paranormal Activity {2009} DVDRIP. Jaybob.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] PP_Best_Design_100.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Season 1.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] The_Black_Maria_-_A_Shared_History_Of_Tragedy.4084442.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt] Traktor DJ Studio 3 Update.rar.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_1366383-Teach_Yourself_Macromedia_Flash_8_In_24_Hours.rar.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_3a69a4d75541018b0a3a22b397723c7bf922b7ca.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_A_Christmas_Carol_(Patrick_Stewart).avi.1305353.SN.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_Adobe_Encore_DVD_2.0_Classroom_In_A_Book.3738776.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_Adobe_Encore_DVD_v2_0.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_Amazing_Adventures_-_The_Lost_Tomb_-_Reseed.3878874.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_Billboard_Top_100_Hits_of_1990-.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_Billboard_Top_100_of_1991.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_d7b8bdb6e44e7804c35b01ce9251894f69d4b105.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_download.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_Elf.2003.DVDRip.XViD-BRUTUS.avi.3543577.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_eureka_S2.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_LimeWire_PRO_4.14.12_-_hmj.exe.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_LimeWire_Pro_4.14.3_Final.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_Macromedia_Studio_8_Training_from_the_Source_CD_ROM.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_MAGIC_DVD_RIPPER_5.1.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_Magic_DVD_Ripper_v5.0.1.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_New_Found_Glory_-_From_The_Screen_To_Your_Stereo_Part_II_(Proper.1162456.SN.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_No_Retreat_No_Surrender(Van_Damme)[1986]DvDrip[Eng]-prithwi.avi.3907301.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_Serj_Tankian_(2007)_Elect_The_Dead_(incl._Bonus_CD)@VBR.1340034.SN.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_The.Simpsons.Movie.DVDSCR.XViD-mVs.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_The_90's.1301470.SN.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_The_Perfect_Weapon.avi.1336089.SN.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_They're_All_Gonna_Laugh_at_You.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[isoHunt]_Under_The_Influence_Of_Giants_-_Under_The_Influence_Of_Giants_[2006].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[NEW]_Hanson_-_The_Best_Of_Hanson_-_Live_And_Electric_(2005)_-_P.3395532.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[newNova] Lost[1].S02E16.[HDTV].[[You must be registered and logged in to see this link.]
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[newNova] Lost[1].S02E17.HDTV.XviD-XOR-avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\[newNova] Lost[1].S02E18.HDTV-avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\^mininova.org^_Pinnacle_Studio_Plus_11.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_-Demonoid.com-_Race_To_Witch_Mountain_(2009)_[DvdRip]_[Xvid]_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_[[Demonoid.com]]-Kenny_Chesney_4_Album_Collection_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_[isoHunt] Ace Utilities 4.1.1 Build 4053.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_[isoHunt] Kenny Chesney.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_[isoHunt]_Adobe_Encore_DVD_v2_0.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\__WWE.MSG.Classics.EP.01-SER.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_=Demonoid.com=_-Quickbooks_2009_Premier_Crack_(Tested_100_working)_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_Bart Gunn Shoot Interview.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_Deadwood[1].S03E05.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_Deadwood[1].S03E06.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_Deadwood[1].S03E07.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_Deadwood[1].S03E08.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_DVDFab[1].Platinum.v2.9.6.9.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_ECW.10.10.06.DSR.XviD-KYR.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_IYH19.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_Lost[1].S02E15.HDTV.XviD-LOL.[eztv].-[mininova.org]-.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_primetime aug 18th 1986.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_WWE Wreckless Intent (2006)_.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_WWE.MSG.Classics.EP.01-SER.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_WWE.MSG.Classics.EP.08-SER.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_WWE.Raw.10.16.06.TOBY-XVID.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\_WWE.Smackdown.10.06.06.DSR.XViD-MoRPH.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\+-Demonoid.com-+_Chris_Young_Self_Titled_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\++Demonoid.com++-Pop_Hits_Monthly_August_2009_PHM0908_PHN0908_PHU0908_Karaoke_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\++Demonoid.com++-Pop_Hits_Monthly_May_2009_Karaoke_All_3.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\101 Reasons Not To Be A Pro Wrestler.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\1992-01-21 Clash of the Champion 18.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\1994 Super J Cup.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\2002.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\90210.S01E12.HDTV.XviD-LOL.avi.4628520.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\90210.S01E17.Lifes.a.Drag.HDTV.XviD-2HD.[eztv] [mininova].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\90210.S01E18.Off.the.Rails.HDTV.XviD-FQM.[eztv] [mininova].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\90210.S01E19.HDTV.XviD.REPACK-2HD.[eztv] [mininova].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\90210.S01E20.HDTV.XviD-LOL.[eztv] [mininova].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\All Japan Pro vs. WWF-90-04-13.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\All.Star.Wrestling.6-85.and.bonus.match[1].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\American[1].Pie.The.Naked.Mile.2006.STV.DVDRiP.XViD-BOLOX.[[You must be registered and logged in to see this link.]
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Audio Shoot Pack.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\b-mininova.org-d__Cool+Edit+Pro+2_1.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Baby_Boy_Da_Prince_-_Across_The_Water_(2007)_-_Rap.3642729.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\badnews.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Bart Gunn Shoot Interview.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Batman[1].Begins.(2005).ENG.NTSC.Full.DVD.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Behind The Bash.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Best.of.the.WWF.Vol.13.Krip.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.1996.Top.100.Hits_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.1997.Top.100.Hits_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.Hits.of.1982-_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.Hits.of.1984-_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.Hits.of.1985-_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.Hits.of.1986-_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.Hits.of.1988-_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.Hits.of.1989-_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.Hits.of.1992-_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.Hits.of.1994-_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.Hits.of.1995-_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.Hits.of.1998-_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.Hits.of.1999-_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.of.1980_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.of.1981_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.of.1983_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.of.1987_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billboard.Top.100.of.1989_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Billy Gunn Shoot interview.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\BitLet-6789b6cc61869a1b9df65fbabc6bae2cb2d6aa28_[mininova].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Bobby Heenan.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Breaking[1].Benjamin.-.Phobia.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Breaking_Benjamin-Saturate-2002.4253415.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Bret Hart Wrestling With Shadows 10th Year Anniversary Collectors Edition 2009.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Burn_the_Fat__Feed_the_Muscle_-_Tom_Venuto.pdf.3574370.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\CHARTBUSTERS_CB_30100_KARAOKE_JUNE_2009_-[[Demonoid.com]].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Chris[1].Daughtry-Daughtry(uploaded.by.PJ).torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Daft[1].Punk.-.Discovery.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Dan Spivey Shoot Interview.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Dane[1].Cooks.Tourgasm.S01E01.WS.DSR.XviD-UMD.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Dane[1].Cooks.Tourgasm.S01E02.HDTV.XviD-SAiNTS.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Dane[1].Cooks.Vicious.Circle.HBO.Special.DSR.XviD-THOR.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Deadwood[1].S03E05.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Deadwood[1].S03E06.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Deadwood[1].S03E07.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Deadwood[1].S03E08.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Deadwood[1].S03E09.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Deadwood[1].S03E10.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Deadwood[1].S03E11.HDTV.XviD-LOL.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Deadwood[1].S03E12.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Deep[1].Inside.Sky.Lopez[DVDrip][[You must be registered and logged in to see this link.]
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Def[1].Leppard.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Demolition Shoot Interview.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Dirty[1].Jobs.S05E10.Salt.Miner.iNTERNAL.READNFO.WS.DSR.XviD-2SD.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\DVDFab[1].Platinum.v2.9.6.9.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\ECW.10.10.06.DSR.XviD-KYR.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Eureka.S02E01.DSR.XviD-NoTV_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\GB009.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Greys[1].Anatomy.S03E12.PROPER.HDTV.XviD-XOR.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Greys[1].Anatomy.S03E13.HDTV.XviD-XOR.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Greys[1].Anatomy.S03E14.HDTV.XviD-NoTV.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\hebners.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Iron Sheik.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\IYH19.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\J&M Productions 'Ricky Steamboat' The Legacy Collection Disc 1.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\J&M Productions The Legacy Collection 'Ricky Steamboat' Disc 2 of 2.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\James[1].Blunt.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Just[1][1].Friends.DVDR-Replica.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Kimberley Page Shoot Interview.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Knocked.Up.UNRATED.PROPER.DVDR-Replica.3799522.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\LimeWireWin_4[1].10.9_Pro.exe.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Lost.S02E17.HDTV.XviD-XOR.3463918.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Lost.S02E18.HDTV.LOL.3467896.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Lost[1].S02E14.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Lost[1].S02E15.HDTV.XviD-LOL.[eztv].-[mininova.org]-.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Lost[1].S02E16.PROPER.HDTV.XviD-XOR.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Lost[1].S02E17.HDTV.XviD-XOR.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Lost[1].S02E18.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Lost[1].S02E21.HDTV.XviD-XOR.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Lost[1].S03E01.HDTV.XviD-XOR.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Lost[1].S03E02.HDTV.XviD-XOR.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Lost[1].S03E03.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Lost[1].S03E05.HDTV.XviD-LOL.[eztv].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Mean Gene Okerlund Shoot Interview.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\msg112486.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Nero Micro 8[1].3.6.0.exe [mininova].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Norbit.(2007).DVD-R.NTSC.WS.{FadeD}.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\NWA Worldwide - 5-88.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\On The Road With The Iron Sheik.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Pinnacle_Studio_Plus_v11_MultiLanguage_Bonus_DVD_-[mininova.org]-.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\pirates[1][1].avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Pop_Hits_Monthly_June_2009_Pop_Urban_Nashville_Karaoke_-Demonoid.com-_.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\PPV collection.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Pride.FC.33.The.Second.Coming.PPV.DSR.XviD-OMiCRON.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\primetime aug 18th 1986.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Red[1].Hot.Chilli.Peppers.-.Stadium.Arcadium.(with.Covers).a.DHZ.Inc.Release.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Rey vs Condor.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\rf.ontheroad.honkytonkman.pwt.emuunlim.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\rfv tammy shoot 2006.mpg.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Ring of Honor - Man Up.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Roddy Piper's Greatest Hits.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\ROH.2009.12.07.HDTV.XviD-WB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\ROH.2009.12.14.1080i.HDTV.x264.mkv-PWT.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\ROH.2009.12.21.720p.HDTV.x264-WB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\ROH.2010.01.04.HDTV.XviD-WB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\ROH.Wrestling.2009.01.11.HDTV.XviD-WB.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Romy.And.Micheless.High.School.Reunion.DVDrip.(Eng).[1997].Mish_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Rosetta.Stone.Application.v2.0.8.1_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\RR1988.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\serj.tankian.-.elect.the.dead_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Snow[1].Patrol.-.Eyes.Open.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Soundtrack_Rocky_1_5-(Demonoid.com)_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Sunshine.2007.CUSTOM.NORDiCSUB.NTSC.DVDR-SFB.3782346.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Superman.Returns.2006.CUSTOM.DVDSCR.DVDR-peterking.3531744.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\The Midnight Express Shoot Interview.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\The.Spill.Canvas.-.No.Really.Im.Fine_[myBittorrent.com].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\The_Black_Eyed_Peas_-_Elephunk.3986086.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\The_Hangover_(2009)_DVDSCR_MAX-(Demonoid.com)_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\The_Mist_(In_3D_Sound)_Stephen_King_-Demonoid.com-__8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\TheOffspring-GreatestHits-(Advance)-2005.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Tito.Santana.Shoot.Interview.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\TMPGEnc[1].Software.Suite.2005.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\TNA Bound For Glory 2007.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\TNA.Bound.For.Glory.2006.PPV.DSRip.XviD-KYR.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\TNA.Bound.Of.Glory.NSV.tar.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\TNA.Impact.04.20.06.TOBY-XVID.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\TNA.Impact.10.19.06.TOBY-XVID.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\TNA.Impact.11.23.06.XviD-MDE..torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\TNA.iMPACT.2010.01.04.HDTV.XviD-WB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\TNA.Lockdown.2006.PPV.DSRip.XviD-KYR.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\UFC66.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\VA-WWE-Wreckless_Intent-2006-RNS.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\VA_-_Now_Thats_What_I_Call_Music_28_(US_Retail)_[2008]_-_Top_40_.4218054.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Virtual.Dj.v4.3_Crack.-_Dj_Nilo.3700585.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Voices_WWE_The_Music__Vol._9.4676032.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\VSO_ConvertXtoDVD_3.4.7.121_keygen.4686148.TPB.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\War To Settle The Score Disc 1.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\War To Settle The Score Disc 2.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WCW Beach Blast '92.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WCW Capitol Combat 1990 VCD.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WCW Halloween Havoc 92.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WCW Uncensored 1997.mpg.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Wrestlecrap By Request.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\wrestlecrap.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Wrestling Themes.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE The Music Vol. 7.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE Wreckless Intent - 192kbps.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE.24-7.Razor.Ramon.Special.DSR.XviD-Hype.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE.Friday.Night.Smackdown.07.13.07.SDTV.XviD-BTZonE.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE.Monday.Night.Raw.4th.Jan.2010.HDTV.XviD-FreaK (FWG).torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE.MSG.Classics.EP.01-SER.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE.MSG.Classics.EP.08-SER.avi.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\Wwe.Raw.02.13.06.Vcd-G2[1].torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE.Raw.02.20.06.TOBY-VCD.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE.Raw.03.13.06.XviD.MDE.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE.Raw.10.16.06.TOBY-XVID.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE.Smackdown.10.06.06.DSR.XViD-MoRPH.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE.Smackdown.10.27.06.DSR.XViD-MoRPH.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWE.WrestleMania.22.PPV.DSRip.XviD-KYR.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWF @ MSG 3.19.1990.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWF In Your House 3.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWF Piledriver Music Videos.wmv.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWF Piledriver The Wrestling Album - Volume 2.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWF Prime Time Wrestling 12.11.1986.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWF Summerslam 1988.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWF.Championship.Wrestling.04.27.85.VHSRip.XviD-KYR.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWF.Piledriver.The.Music.Videos.1987.VHSRip.XviD-CLASSiCW4F.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWF.The.Bobby.Heenan.Show.07.23.89-UWH.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\WWF.Tuesday.Night.Titans.02.08.85-UWH.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\x-Demonoid.com-x_Ghost_Whisperer_Season4_(XviD_asd)_EnglishV_NapisyPL_www_xvidasd_com_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\x-Demonoid.com-x_Now_Thats_What_I_Call_Xmas_3CDs_(2009)_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\torrents\x-Demonoid.com-x_Vacency_2_The_First_Cut_(xvid_By_Danny09)_8022878.9226.torrent
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\tracker.config
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Samuel Jay Wilk\Application Data\Azureus\update.properties
c:\documents and settings\Samuel Jay Wilk\Local Settings\Application Data\prvlcl.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVKP
-------\Service_SVKP


((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
.

2010-01-07 18:44 . 2010-01-07 18:44 -------- d-----w- c:\program files\Common Files\Vbox
2010-01-07 03:17 . 2010-01-07 03:17 -------- d-----w- C:\$AVG
2010-01-07 03:17 . 2010-01-07 03:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-07 03:17 . 2010-01-07 03:17 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-07 03:17 . 2010-01-07 03:17 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-07 03:17 . 2010-01-07 03:17 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-07 03:17 . 2010-01-23 23:47 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-07 03:17 . 2010-01-07 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-06 21:43 . 2010-01-06 21:50 -------- d-----w- c:\documents and settings\Samuel Jay Wilk\Application Data\QuickScan
2010-01-06 21:21 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-06 10:12 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-06 10:12 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-06 01:40 . 2009-11-03 02:42 195456 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 02:09 . 2005-03-25 01:02 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2010-01-24 02:09 . 2005-03-25 01:02 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2010-01-24 01:50 . 2005-03-25 00:58 -------- d-----w- c:\program files\Java
2010-01-24 01:44 . 2008-03-06 03:58 -------- d-----w- c:\program files\FrostWire
2010-01-24 01:43 . 2007-10-13 22:46 -------- d-----w- c:\program files\PeerGuardian2
2010-01-22 19:34 . 2005-04-05 01:19 -------- d-----w- c:\program files\Dl_cats
2010-01-22 06:33 . 2008-06-05 04:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 05:23 . 2009-03-27 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 05:22 . 2010-01-22 05:22 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-19 21:22 . 2004-03-23 18:13 467200 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-01-09 22:23 . 2005-03-25 00:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-09 22:21 . 2005-03-28 22:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-09 21:41 . 2009-10-30 01:51 -------- d-----w- c:\program files\VS Revo Group
2010-01-07 22:07 . 2009-03-27 15:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-03-27 15:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 15:04 . 2010-01-18 14:25 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-07 15:04 . 2010-01-18 14:25 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-07 03:36 . 2009-01-30 04:08 -------- d-----w- c:\documents and settings\Samuel Jay Wilk\Application Data\Vso
2010-01-07 03:17 . 2010-01-18 14:25 1260312 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-07 03:17 . 2009-04-14 16:23 -------- d-----w- c:\program files\AVG
2010-01-07 02:38 . 2005-08-23 17:04 -------- d-----w- c:\program files\Lavasoft
2010-01-07 02:38 . 2008-03-06 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-07 01:33 . 2005-03-29 06:33 72296 -c--a-w- c:\documents and settings\Samuel Jay Wilk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 19:45 . 2005-03-25 01:04 -------- d-----w- c:\program files\Microsoft Works
2010-01-05 19:24 . 2009-01-30 04:07 -------- d-----w- c:\program files\VSO
2010-01-05 10:00 . 2004-08-10 11:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-10 19:06 . 2005-09-14 15:18 -------- d-----w- c:\program files\DivX
2009-12-10 19:06 . 2009-08-06 12:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-03 03:46 . 2009-12-03 03:45 -------- d-----w- c:\program files\iTunes
2009-12-03 03:46 . 2009-12-03 03:46 -------- d-----w- c:\program files\iPod
2009-12-03 03:46 . 2007-07-11 03:18 -------- d-----w- c:\program files\Common Files\Apple
2009-12-03 03:39 . 2005-03-25 01:17 -------- d-----w- c:\program files\QuickTime
2009-12-03 03:32 . 2009-12-03 03:32 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-21 15:51 . 2004-08-10 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 21:23 . 2006-05-04 05:07 1277 -c--a-w- c:\windows\checkip.dat
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-31 19:01 . 2009-10-23 17:19 53940 ---ha-w- c:\windows\system32\mlfcache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-11-17 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"MplSetUp"="c:\program files\RMClient\MplSetUp.exe" [2000-11-05 40960]
"JobHisInit"="c:\program files\RMClient\JobHisInit.exe" [2001-11-17 135168]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-07 2033432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-07 03:17 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Samuel Jay Wilk^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 22:54 57344 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-03-25 01:17 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [3/27/2009 9:07 AM 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [1/6/2010 9:17 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [1/6/2010 9:17 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/6/2010 9:17 PM 285392]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 2:22 PM 102400]
.
Contents of the 'Scheduled Tasks' folder

2010-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Samuel Jay Wilk\Application Data\Mozilla\Firefox\Profiles\5y059lwj.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Samuel Jay Wilk\Application Data\Mozilla\Firefox\Profiles\5y059lwj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-23 20:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1884)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Dell\Dell File Manager\CTDFM.DLL
c:\program files\Dell\Dell File Manager\DFMHK.dll
c:\program files\Dell\Dell File Manager\CTDFMRES.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2010-01-23 20:16:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-24 02:16

Pre-Run: 119,883,722,752 bytes free
Post-Run: 119,846,174,720 bytes free

- - End Of File - - 6F6E87EC7A3434787ED0B5DD7198FD24

jydthump
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-10
Gender Gender : Male
OS OS : Windows XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Trojan vundo.jz help?

Post by Belahzur on 24th January 2010, 2:22 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Trojan vundo.jz help?

Post by jydthump on 24th January 2010, 2:30 am

Tremendous! Thank you very much for your help!

Thank You! Hooray!

jydthump
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-10
Gender Gender : Male
OS OS : Windows XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum