Jump to content

Virtumundo Issues.


kokujin

Recommended Posts

I've been wrestling with this Virtumundo virus for 2 days now.I decided to try and get some help here.I hope I followed the rules correctly, I will now post the three required logs.First is the mbam log.

Malwarebytes' Anti-Malware 1.30

Database version: 1433

Windows 5.1.2600 Service Pack 2

11/28/2008 3:31:49 PM

mbam-log-2008-11-28 (15-31-49).txt

Scan type: Quick Scan

Objects scanned: 49051

Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 7

Registry Values Infected: 4

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\gewapaba.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0c4b26af-c0de-4492-90bb-66b5ea822d7a} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c4b26af-c0de-4492-90bb-66b5ea822d7a} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c4b26af-c0de-4492-90bb-66b5ea822d7a} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm63c97dfe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yiyoyoyema (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\gewapaba.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\gewapaba.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\gewapaba.dll -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\nifarake.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ekarafin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gewapaba.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\beholeho.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sesanujo.dll (Trojan.Vundo) -> Delete on reboot.

C:\Documents and Settings\Chattur'gha\Local Settings\Temporary Internet Files\Content.IE5\KB888BF0\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSdxcp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSkkai.log (Trojan.TDSS) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Here's the Active Scan log.

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-28 16:57:24

PROTECTIONS: 1

MALWARE: 3

SUSPECTS: 8

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

avast! antivirus 4.8.1290 [VPS 081128-0] 4.8.1290 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Chattur'gha\Cookies\chattur'gha@atwola[2].txt

00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Chattur'gha\Desktop\VirtumundoBeGone.exe

03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{FC30FD93-2B54-4510-AC8D-628ADE1AB33A}\RP381\A0145240.sys

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

No C:\Documents and Settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.017\DFX Audio Enhancer 8.017\Musicmatch Jukebox\dfxInstall-Musicmatch.exe

No C:\Documents and Settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.017.rar[DFX Audio Enhancer 8.017\Musicmatch Jukebox\dfxInstall-Musicmatch.exe]

No C:\Documents and Settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.350\DFX Audio Enhancer 8.350\dfxInstall-JRiver.exe

No C:\Documents and Settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.350\DFX Audio Enhancer 8.350\dfxInstall-Musicmatch.exe

No C:\Documents and Settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.350\DFX Audio Enhancer 8.350\dfxInstall-Real.exe

No C:\Documents and Settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.350\DFX Audio Enhancer 8.350.rar[dfxInstall-Real.exe]

No C:\Documents and Settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.350\DFX Audio Enhancer 8.350.rar[dfxInstall-Musicmatch.exe]

No C:\Documents and Settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.350\DFX Audio Enhancer 8.350.rar[dfxInstall-JRiver.exe]

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

170904 HIGH MS07-043

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

Here's the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:00:55 PM, on 11/28/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Nero\Nero8\InCD\InCD.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\nHancer\nHancer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKUS\S-1-5-19\..\Run: [yiyoyoyema] Rundll32.exe "C:\WINDOWS\system32\dotuluje.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [yiyoyoyema] Rundll32.exe "C:\WINDOWS\system32\dotuluje.dll",s (User 'NETWORK SERVICE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O20 - AppInit_DLLs: c:\windows\system32\beholeho.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8638 bytes

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  1. Please Read All Instructions Carefully

  2. If you don't understand something, stop and ask! Don't keep going on.

  3. Please do not run any other tools or scans whilst I am helping you

  4. Please continue to respond until I give you the "All Clear"

    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly laechel.gif

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

Download and Run RSIT

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.

  • Click Continue at the disclaimer screen.

  • Once it has finished, two logs will open:

    • log.txt will be opened maximized.

    • info.txt will be opened minimized.

    [*]Please post the contents of both log.txt and info.txt.

Link to post
Share on other sites

Info.txt

info.txt logfile of random's system information tool 1.04 2008-12-02 03:17:49

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\NuNInst.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"

ABL 2.1.0-->"C:\Program Files\VstPlugins\AudioRealism\ABL2\unins000.exe"

Ad-Aware SE Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}

Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}

Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

Age of Chivalry-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17510

AIM 6-->C:\Program Files\AIM6\uninst.exe

AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"

AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=

Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

Audiosurf-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12900

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

BitPim 1.0.6-->"C:\Program Files\BitPim\unins000.exe"

blueMSX-->MsiExec.exe /I{393B6840-C846-4B8D-9D5C-4D6E20BACDC8}

CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"

COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u

D.I.P.R.I.P. Warm Up-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17530

dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat

DC++ 0.707-->"C:\Program Files\DC++\uninstall.exe"

DFX 8 for Winamp-->"C:\Program Files\Winamp\uninstall_dfx.exe"

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

EncVorbis 1.1-->"C:\Program Files\Winamp\EncVorbis-Uninstall.exe"

ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe

Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly

FL Studio v7.0-->"C:\Program Files\Image-Line\FL Studio 7\unins000.exe"

FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe

FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe

Fraps (remove only)-->"C:\Fraps\uninstall.exe"

Grand Theft Auto Vice City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9

Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320

Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380

Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420

Half-Life 2: Lost Coast-->"C:\Program Files\Steam\steam.exe" steam://uninstall/340

Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220

Half-Life-->"C:\Program Files\Steam\steam.exe" steam://uninstall/70

Hex Workshop v5-->MsiExec.exe /I{26A373DB-162B-4B6E-A488-0BED0F0FB227}

HexDump plug-in for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\hexdump\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG

Hide IP Platinum 3.5-->"C:\Program Files\Hide IP Platinum\unins000.exe"

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Insurgency-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17700

Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Knuckles in China Land-->MsiExec.exe /I{059EAEBE-4BC8-403C-9210-B6C1FCB9FAB9}

LimeWire PRO 4.17.1-->"C:\Program Files\LimeWire\uninstall.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe

Max Payne 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\Setup.exe" -l0x9

Max Payne-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39930321-4C58-4B8B-BCBF-342698C9801D}\setup.exe" uninstall uninstall

MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft Application Compatibility Toolkit 5.0-->MsiExec.exe /X{BBB3F622-D848-4CDA-B282-CC53627432F0}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}

Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

My Game Fixes-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{2361d390-f11f-4e4c-836e-d6003f8625ab}.sdb"

Native Instruments FM8-->C:\PROGRA~1\NATIVE~1\FM8\UNWISE.EXE C:\PROGRA~1\NATIVE~1\FM8\INSTALL.LOG

Native Instruments Service Center-->C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG

Nero 8-->MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}

Neverwinter Nights-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe" -l0x9

nHancer-->MsiExec.exe /X{C0E1794E-2BF0-4A17-A70D-CB8B2ADD1F39}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA ForceWare Network Access Manager-->"C:\Program Files\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0409 -removeonly

NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}

NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}

OpenDNS Updater 1.3.0.161-->"C:\Program Files\OpenDNS Updater\Uninstall.exe"

OutRun2006 Coast 2 Coast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{839911F0-D9CB-400F-AE78-5D8264F38C42}\setup.exe" -l0x9 -removeonly

Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe

Peggle Extreme-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3483

Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400

Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}

QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}

Real Alternative 1.7.5-->"C:\Program Files\Real Alternative\unins000.exe"

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"

Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

sfArk-->C:\Program Files\sfArk\uninstall.exe

Source SDK Base - Orange Box-->"C:\Program Files\Steam\steam.exe" steam://uninstall/218

Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215

Source SDK-->"C:\Program Files\Steam\steam.exe" steam://uninstall/211

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

StepMania (remove only)-->"C:\Program Files\StepMania\uninstall.exe"

Swiff Player 1.5-->"C:\Program Files\GlobFX\Swiff Player\unins000.exe"

Synergy Dedicated Server-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17525

Synergy-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17520

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

Team Fortress 2 Dedicated Server-->"C:\Program Files\Steam\steam.exe" steam://uninstall/310

Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440

The Witcher-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly

Tomb Raider: Anniversary 1.0-->C:\Program Files\Tomb Raider - Anniversary\uninsttra.exe

Tony Hawk's Pro Skater 3

Link to post
Share on other sites

Log.txt

Logfile of random's system information tool 1.04 (written by random/random)

Run by Chattur'gha at 2008-12-02 03:17:37

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 67 GB (22%) free of 305 GB

Total RAM: 2046 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:17:47 AM, on 12/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Nero\Nero8\InCD\InCD.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\nHancer\nHancer.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Chattur'gha\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Chattur'gha.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKUS\S-1-5-19\..\Run: [yiyoyoyema] Rundll32.exe "C:\WINDOWS\system32\dotuluje.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [yiyoyoyema] Rundll32.exe "C:\WINDOWS\system32\dotuluje.dll",s (User 'NETWORK SERVICE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O20 - AppInit_DLLs: c:\windows\system32\beholeho.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8579 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-11-12 13672448]

"nwiz"=nwiz.exe /install []

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-19 16858112]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"WinampAgent"=C:\Program Files\Winamp\winampa.exe []

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-28 136600]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

"SecurDisc"=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe [2007-08-04 2043688]

"InCD"=C:\Program Files\Nero\Nero8\InCD\InCD.exe [2007-08-04 1056552]

"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-11-19 1796856]

"OpenDNS Update"=C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe [2008-11-19 281088]

"COMODO Internet Security"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-11-19 1796856]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-11-12 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-03-14 486856]

"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-02-22 217544]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

"nHancer"=C:\Program Files\nHancer\nHancer.exe [2008-05-07 1302528]

"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"vsmon"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\Chattur'gha\Start Menu\Programs\Startup

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="c:\windows\system32\beholeho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

Information

LimeWire PRO 4.17.1

uTorrent I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

List programs here

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please note: you must NOT use this whilst we are cleaning your machine.

----------------------------------------------------------- -----------------------------------------------------------

Step 1

Upload a File

Please open >> THIS << page.

Click the Browse button next to File 1

Copy/paste the following file name into the new window next to File Name

  • c:\windows\system32\beholeho.dll

Now click Upload

----------------------------------------------------------- -----------------------------------------------------------

Step 2

Malwarebytes' Anti-Malware

I notice that you have MBAM installed, please do the following

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform full scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------- -----------------------------------------------------------

Step 3

OTMoveIt

Please download OTMoveIt3 by OldTimer and save it to your desktop

  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processesexplorer:Servicesa39cgmcaaj7mai4e:Reg[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1aceacf-ee4a-11dc-b45a-806d6172696f}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec9f58c7-f402-11dc-bbb3-00044b14e49e}]:Filesc:\windows\system32\beholeho.dllC:\WINDOWS\system32\drivers\a39cgmca.sysC:\WINDOWS\system32\drivers\aj7mai4e.sysC:\VundoFix BackupsC:\VundoFix.txtC:\WINDOWS\wininit.ini:Commands[Purity][EmptyTemp][start Explorer][Reboot]
  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

----------------------------------------------------------- -----------------------------------------------------------

Step 4

Remove Programs

Older versions of some programs have vulnerabilities that malware can use to infect your system.

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,

click on the program to highlight it, and click on remove.

[*]Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Reader 8.1.2 << See below for updating Adobe

[*]Java

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.30

Database version: 1450

Windows 5.1.2600 Service Pack 2

12/2/2008 6:06:10 PM

mbam-log-2008-12-02 (18-06-10).txt

Scan type: Full Scan (C:\|)

Objects scanned: 195669

Time elapsed: 54 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fdoduy (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gvifudiv (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Trend Micro\HijackThis\backups\backup-20081128-040441-359.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program Files\Trend Micro\HijackThis\backups\backup-20081128-140305-799.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\Aziguyi.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\asiruzifu.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Link to post
Share on other sites

========== PROCESSES ==========

Unable to kill process: explorer

========== SERVICES/DRIVERS ==========

Unable to stop service a39cgmca .

Unable to stop service aj7mai4e .

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1aceacf-ee4a-11dc-b45a-806d6172696f}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec9f58c7-f402-11dc-bbb3-00044b14e49e}\\ deleted successfully.

========== FILES ==========

File/Folder c:\windows\system32\beholeho.dll not found.

File/Folder C:\WINDOWS\system32\drivers\a39cgmca.sys not found.

File/Folder C:\WINDOWS\system32\drivers\aj7mai4e.sys not found.

C:\VundoFix Backups moved successfully.

C:\VundoFix.txt moved successfully.

C:\WINDOWS\wininit.ini moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a8.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Chattur'gha\Local Settings\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chattur'gha\Local Settings\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chattur'gha\Local Settings\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chattur'gha\Local Settings\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12022008_181547

Link to post
Share on other sites

Disregard the previous log, this is the log after I restarted my computer.

========== PROCESSES ==========

Unable to kill process: explorer

========== SERVICES/DRIVERS ==========

Unable to stop service a39cgmca .

Unable to stop service aj7mai4e .

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1aceacf-ee4a-11dc-b45a-806d6172696f}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec9f58c7-f402-11dc-bbb3-00044b14e49e}\\ deleted successfully.

========== FILES ==========

File/Folder c:\windows\system32\beholeho.dll not found.

File/Folder C:\WINDOWS\system32\drivers\a39cgmca.sys not found.

File/Folder C:\WINDOWS\system32\drivers\aj7mai4e.sys not found.

C:\VundoFix Backups moved successfully.

C:\VundoFix.txt moved successfully.

C:\WINDOWS\wininit.ini moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a8.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Chattur'gha\Local Settings\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chattur'gha\Local Settings\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chattur'gha\Local Settings\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Chattur'gha\Local Settings\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12022008_181547

Files moved on Reboot...

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat moved successfully.

File C:\WINDOWS\temp\Perflib_Perfdata_a8.dat not found!

C:\Documents and Settings\Chattur'gha\Local Settings\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Chattur'gha\Local Settings\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Chattur'gha\Local Settings\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Chattur'gha\Local Settings\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\Cache\_CACHE_MAP_ moved successfully.

Link to post
Share on other sites

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Wednesday, December 3, 2008

Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, December 02, 2008 20:35:17

Records in database: 1432531

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

F:\

Scan statistics:

Files scanned: 154257

Threat name: 1

Infected objects: 2

Suspicious objects: 0

Duration of the scan: 07:00:17

File name / Threat name / Threats count

C:\Documents and Settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.017\DFX Audio Enhancer 8.017\Musicmatch Jukebox\dfxInstall-Musicmatch.exe Infected: Trojan-PSW.Win32.LdPinch.abgq 1

C:\Documents and Settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.017.rar Infected: Trojan-PSW.Win32.LdPinch.abgq 1

The selected area was scanned.

Link to post
Share on other sites

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

Link to post
Share on other sites

ComboFix 08-12-02.02 - Chattur'gha 2008-12-03 14:42:54.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1442 [GMT -5:00]

Running from: c:\documents and settings\Chattur'gha\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Chattur'gha\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\npf.sys

c:\windows\system32\nvrszhte.dll

c:\windows\system32\nvwrsitx.dll

c:\windows\system32\packet.dll

c:\windows\system32\TDSSmtve.dat

c:\windows\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Legacy_TDSSSERV.SYS

-------\Service_NPF

-------\Service_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))

.

2008-12-03 01:56 . 2008-12-03 01:56 <DIR> d-------- c:\program files\Foxit Software

2008-12-03 01:56 . 2008-12-03 01:56 <DIR> d-------- c:\documents and settings\Chattur'gha\Application Data\Foxit

2008-12-02 18:19 . 2008-12-03 13:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\OpenDNS Updater

2008-12-02 18:15 . 2008-12-02 18:15 <DIR> d-------- C:\_OTMoveIt

2008-12-02 03:17 . 2008-12-02 03:17 <DIR> d-------- C:\rsit

2008-11-28 15:47 . 2008-11-28 15:47 <DIR> d-------- c:\program files\Panda Security

2008-11-28 15:47 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-11-28 15:45 . 2008-11-28 15:46 <DIR> d-------- c:\program files\EsetOnlineScanner

2008-11-28 15:27 . 2008-11-28 15:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-28 15:27 . 2008-11-28 15:27 <DIR> d-------- c:\documents and settings\Chattur'gha\Application Data\Malwarebytes

2008-11-28 15:27 . 2008-11-28 15:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-28 15:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-28 15:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-28 05:48 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll

2008-11-27 00:29 . 2008-11-27 00:54 <DIR> d-------- c:\program files\DC++

2008-11-24 17:48 . 2005-11-02 10:54 11,596 --a------ c:\windows\system32\drivers\copperhd.sys

2008-11-20 20:10 . 2008-10-25 13:27 360,320 --a------ c:\windows\system32\drivers\tcpip.copy

2008-11-20 18:13 . 2008-11-20 18:23 <DIR> d-------- c:\windows\NV30801256.TMP

2008-11-19 15:34 . 2004-04-03 03:26 28,640 -ra------ c:\windows\system32\drivers\OmniUsb.sys

2008-11-19 15:34 . 2004-04-03 03:26 8,160 -ra------ c:\windows\system32\drivers\OmniUsbl.sys

2008-11-18 21:52 . 2004-01-05 06:57 30,976 -ra------ c:\windows\system32\drivers\OmniDrv.sys

2008-11-18 19:10 . 2001-01-04 10:12 162,900 --------- c:\windows\system32\drivers\USBICP.sys

2008-11-18 19:10 . 2005-08-12 10:11 19,020 --------- c:\windows\system32\drivers\razerlow.sys

2008-11-18 19:08 . 2004-08-03 22:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys

2008-11-18 19:08 . 2004-08-03 22:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys

2008-11-17 01:22 . 2008-11-17 01:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd

2008-11-17 01:21 . 2008-11-17 01:21 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-11-17 01:21 . 2008-11-17 01:21 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-11-17 01:20 . 2008-11-18 19:02 <DIR> d-------- c:\program files\Common Files\Logishrd

2008-11-16 21:57 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll

2008-11-16 21:57 . 2004-08-04 00:56 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll

2008-11-11 18:27 . 2008-11-11 18:30 <DIR> d-------- c:\windows\NV23044028.TMP

2008-11-10 21:57 . 2008-11-10 21:57 <DIR> d-------- c:\program files\BitPim

2008-11-10 21:29 . 2005-08-18 11:44 49,867 --a------ c:\windows\system32\drivers\mardp2k.sys

2008-11-10 21:29 . 2005-08-18 11:44 49,484 --a------ c:\windows\system32\drivers\mardpnp.sys

2008-11-10 21:29 . 2005-07-27 18:47 49,382 --a------ c:\windows\system32\drivers\MA8032U.sys

2008-11-10 21:29 . 2004-11-11 13:55 25,300 --a------ c:\windows\system32\drivers\MA8032M.sys

2008-11-10 21:29 . 2004-11-11 14:04 25,040 --a------ c:\windows\system32\drivers\MA8032C.sys

2008-11-10 21:29 . 2005-08-18 11:44 24,789 --a------ c:\windows\system32\drivers\MaVctrl.sys

2008-11-10 21:29 . 2005-08-18 11:44 11,473 --a------ c:\windows\system32\drivers\MaVc2K.sys

2008-11-10 21:28 . 2008-11-10 21:28 <DIR> d-------- c:\windows\Application Data

2008-11-06 17:35 . 2008-11-06 17:35 <DIR> d-------- c:\program files\MSXML 6.0

2008-11-05 15:21 . 2008-11-05 15:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3

2008-11-05 15:20 . 2008-11-05 15:20 <DIR> d-------- c:\program files\MSBuild

2008-11-05 15:19 . 2008-11-06 17:36 <DIR> d-------- c:\windows\system32\XPSViewer

2008-11-05 15:18 . 2008-11-05 15:18 <DIR> d-------- c:\program files\Reference Assemblies

2008-11-05 15:18 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-03 18:47 --------- d-----w c:\program files\OpenDNS Updater

2008-12-03 17:29 --------- d-----w c:\documents and settings\Chattur'gha\Application Data\uTorrent

2008-12-02 23:40 --------- d-----w c:\program files\Java

2008-12-02 23:29 --------- d-----w c:\program files\Common Files\Adobe

2008-12-02 18:48 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-02 01:31 --------- d-----w c:\program files\Steam

2008-11-27 05:57 --------- d-----w c:\documents and settings\Chattur'gha\Application Data\U3

2008-11-27 05:18 --------- d-----w c:\documents and settings\Chattur'gha\Application Data\LimeWire

2008-11-22 19:05 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-22 01:37 --------- d-----w c:\program files\DAEMON Tools Lite

2008-11-21 01:10 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys

2008-11-21 00:50 --------- d-----w c:\program files\Activision

2008-11-20 23:36 --------- d-----w c:\program files\NVIDIA Corporation

2008-11-20 23:24 --------- d-----w c:\documents and settings\All Users\Application Data\nHancer

2008-11-20 23:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-11-20 23:14 --------- d-----w c:\program files\AGEIA Technologies

2008-11-20 01:33 --------- d-----w c:\program files\SystemRequirementsLab

2008-11-20 01:33 --------- d-----w c:\documents and settings\Chattur'gha\Application Data\SystemRequirementsLab

2008-11-19 19:03 99,216 ----a-w c:\windows\system32\drivers\cmdguard.sys

2008-11-19 19:03 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys

2008-11-12 19:54 6,188,320 ----a-w c:\windows\system32\drivers\nv4_mini.sys

2008-11-05 20:21 --------- d-----w c:\program files\Bethesda Softworks

2008-11-05 05:51 --------- d-----w c:\documents and settings\Chattur'gha\Application Data\Bioshock

2008-11-05 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania

2008-11-04 14:07 --------- d-----w c:\program files\LucasArts

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 16:37 --------- d-----w c:\program files\FlashGet

2008-10-16 05:19 --------- d-----w c:\program files\Rockstar Games

2008-10-15 11:03 --------- d-----w c:\program files\Sega

2008-10-12 20:05 --------- d-----w c:\program files\Winamp

2008-10-09 21:44 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-10-07 08:29 --------- d-----w c:\program files\Audacity

2008-10-04 21:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-10-03 10:17 --------- d-----w c:\program files\Hide IP Platinum

2008-09-18 17:30 784 ----a-w c:\documents and settings\Chattur'gha\Application Data\mpauth.dat

2008-05-25 02:03 13,195 ----a-w c:\documents and settings\Chattur'gha\zguicfgw.dat

2008-05-25 01:11 40 ----a-w c:\documents and settings\Chattur'gha\language.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

"nHancer"="c:\program files\nHancer\nHancer.exe" [2008-05-07 1302528]

"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-08-04 2043688]

"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2007-08-04 1056552]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-19 1796856]

"OpenDNS Update"="c:\program files\OpenDNS Updater\OpenDNS Updater.exe" [2008-12-03 316416]

"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-19 1796856]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 c:\windows\RTHDCPL.exe]

c:\documents and settings\Chattur'gha\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\beholeho.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"vsmon"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=

"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\FlashGet\\FlashGet.exe"=

"c:\\Program Files\\COMODO\\Firewall\\cmdagent.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-28 28544]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 111184]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-09-20 99216]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-09-20 31504]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-06 20560]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-09-05 24652]

S3 MA8032C;MA8032C;c:\windows\system32\DRIVERS\MA8032C.sys [2008-11-10 25040]

S3 MA8032M;MA8032M;c:\windows\system32\DRIVERS\MA8032M.sys [2008-11-10 25300]

S3 MA8032U;MA8032U;c:\windows\system32\DRIVERS\MA8032U.sys [2008-11-10 49382]

S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\Drivers\Razerlow.sys [2008-11-18 19020]

S3 uisp;Freescale USB JW32 driver;c:\windows\system32\Drivers\usbicp.sys [2008-11-18 162900]

S3 XBAudio;XBox Audio Module;c:\windows\system32\drivers\xbaudio.sys [2004-05-16 8844]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b5a7ad0-80ab-11dd-bf79-00044b14e49e}]

\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89cf9183-b1bd-11dd-bfae-00044b14e49e}]

\Shell\AutoRun\command - PCConnect.exe

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\documents and settings\Chattur'gha\Application Data\Mozilla\Firefox\Profiles\4bpvu6jb.new\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-03 14:46:03

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\_avast4_\Webshlock.txt 0 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(852)

c:\windows\system32\nvappfilter.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\COMODO\Firewall\cmdagent.exe

c:\program files\Nero\Nero8\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-12-03 14:53:06 - machine was rebooted [Chattur'gha]

ComboFix-quarantined-files.txt 2008-12-03 19:53:04

Pre-Run: 83,453,771,776 bytes free

Post-Run: 83,479,646,208 bytes free

230 --- E O F --- 2008-11-18 07:36:08

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:58:44 PM, on 12/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Nero\Nero8\InCD\InCD.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\nHancer\nHancer.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O20 - AppInit_DLLs: c:\windows\system32\beholeho.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8105 bytes

Link to post
Share on other sites

Custom CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    File::c:\windows\system32\beholeho.dllC:\Documents and Settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.017\DFX Audio Enhancer 8.017\Musicmatch Jukebox\dfxInstall-Musicmatch.exeC:\Documents and Settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.017.rarRegistry::[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=""ADS::


  • Save this as CFScript.txt and place it on your desktop.
    CFScriptb.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

Link to post
Share on other sites

ComboFix 08-12-02.02 - Chattur'gha 2008-12-04 6:58:38.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1554 [GMT -5:00]

Running from: c:\documents and settings\Chattur'gha\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Chattur'gha\Desktop\CFScript.txt

* Created a new restore point

FILE ::

c:\documents and settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.017.rar

c:\documents and settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.017\DFX Audio Enhancer 8.017\Musicmatch Jukebox\dfxInstall-Musicmatch.exe

c:\windows\system32\beholeho.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.017.rar

c:\documents and settings\Chattur'gha\Desktop\Desktop\uTorrent\Downloads\DFX Audio Enhancer 8.017\DFX Audio Enhancer 8.017\Musicmatch Jukebox\dfxInstall-Musicmatch.exe

.

((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))

.

2008-12-03 22:48 . 2008-12-03 22:48 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE

2008-12-03 01:56 . 2008-12-03 01:56 <DIR> d-------- c:\program files\Foxit Software

2008-12-03 01:56 . 2008-12-03 01:56 <DIR> d-------- c:\documents and settings\Chattur'gha\Application Data\Foxit

2008-12-02 18:19 . 2008-12-03 13:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\OpenDNS Updater

2008-12-02 18:15 . 2008-12-02 18:15 <DIR> d-------- C:\_OTMoveIt

2008-12-02 03:17 . 2008-12-02 03:17 <DIR> d-------- C:\rsit

2008-11-28 15:47 . 2008-11-28 15:47 <DIR> d-------- c:\program files\Panda Security

2008-11-28 15:47 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-11-28 15:45 . 2008-11-28 15:46 <DIR> d-------- c:\program files\EsetOnlineScanner

2008-11-28 15:27 . 2008-11-28 15:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-28 15:27 . 2008-11-28 15:27 <DIR> d-------- c:\documents and settings\Chattur'gha\Application Data\Malwarebytes

2008-11-28 15:27 . 2008-11-28 15:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-28 15:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-28 15:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-28 05:48 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll

2008-11-27 00:29 . 2008-11-27 00:54 <DIR> d-------- c:\program files\DC++

2008-11-24 17:48 . 2005-11-02 10:54 11,596 --a------ c:\windows\system32\drivers\copperhd.sys

2008-11-21 16:46 . 2008-11-21 16:46 1,044,480 --a------ c:\windows\system32\libdivx.dll

2008-11-21 16:46 . 2008-11-21 16:46 200,704 --a------ c:\windows\system32\ssldivx.dll

2008-11-20 20:10 . 2008-10-25 13:27 360,320 --a------ c:\windows\system32\drivers\tcpip.copy

2008-11-20 18:13 . 2008-11-20 18:23 <DIR> d-------- c:\windows\NV30801256.TMP

2008-11-19 15:34 . 2004-04-03 03:26 28,640 -ra------ c:\windows\system32\drivers\OmniUsb.sys

2008-11-19 15:34 . 2004-04-03 03:26 8,160 -ra------ c:\windows\system32\drivers\OmniUsbl.sys

2008-11-18 21:52 . 2004-01-05 06:57 30,976 -ra------ c:\windows\system32\drivers\OmniDrv.sys

2008-11-18 19:10 . 2001-01-04 10:12 162,900 --------- c:\windows\system32\drivers\USBICP.sys

2008-11-18 19:10 . 2005-08-12 10:11 19,020 --------- c:\windows\system32\drivers\razerlow.sys

2008-11-18 19:08 . 2004-08-03 22:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys

2008-11-18 19:08 . 2004-08-03 22:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys

2008-11-17 01:22 . 2008-11-17 01:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd

2008-11-17 01:21 . 2008-11-17 01:21 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-11-17 01:21 . 2008-11-17 01:21 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-11-17 01:20 . 2008-11-18 19:02 <DIR> d-------- c:\program files\Common Files\Logishrd

2008-11-16 21:57 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll

2008-11-16 21:57 . 2004-08-04 00:56 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll

2008-11-11 18:27 . 2008-11-11 18:30 <DIR> d-------- c:\windows\NV23044028.TMP

2008-11-10 21:57 . 2008-11-10 21:57 <DIR> d-------- c:\program files\BitPim

2008-11-10 21:29 . 2005-08-18 11:44 49,867 --a------ c:\windows\system32\drivers\mardp2k.sys

2008-11-10 21:29 . 2005-08-18 11:44 49,484 --a------ c:\windows\system32\drivers\mardpnp.sys

2008-11-10 21:29 . 2005-07-27 18:47 49,382 --a------ c:\windows\system32\drivers\MA8032U.sys

2008-11-10 21:29 . 2004-11-11 13:55 25,300 --a------ c:\windows\system32\drivers\MA8032M.sys

2008-11-10 21:29 . 2004-11-11 14:04 25,040 --a------ c:\windows\system32\drivers\MA8032C.sys

2008-11-10 21:29 . 2005-08-18 11:44 24,789 --a------ c:\windows\system32\drivers\MaVctrl.sys

2008-11-10 21:29 . 2005-08-18 11:44 11,473 --a------ c:\windows\system32\drivers\MaVc2K.sys

2008-11-10 21:28 . 2008-11-10 21:28 <DIR> d-------- c:\windows\Application Data

2008-11-06 17:35 . 2008-11-06 17:35 <DIR> d-------- c:\program files\MSXML 6.0

2008-11-05 15:21 . 2008-11-05 15:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3

2008-11-05 15:20 . 2008-11-05 15:20 <DIR> d-------- c:\program files\MSBuild

2008-11-05 15:19 . 2008-11-06 17:36 <DIR> d-------- c:\windows\system32\XPSViewer

2008-11-05 15:18 . 2008-11-05 15:18 <DIR> d-------- c:\program files\Reference Assemblies

2008-11-05 15:18 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-04 03:32 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-04 03:32 --------- d-----w c:\program files\Rockstar Games

2008-12-04 02:33 --------- d-----w c:\documents and settings\Chattur'gha\Application Data\uTorrent

2008-12-03 22:34 --------- d-----w c:\program files\DivX

2008-12-03 20:06 147,192 ----a-w c:\windows\system32\guard32.dll

2008-12-03 20:06 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys

2008-12-03 18:47 --------- d-----w c:\program files\OpenDNS Updater

2008-12-02 23:40 --------- d-----w c:\program files\Java

2008-12-02 23:29 --------- d-----w c:\program files\Common Files\Adobe

2008-12-02 01:31 --------- d-----w c:\program files\Steam

2008-11-27 05:57 --------- d-----w c:\documents and settings\Chattur'gha\Application Data\U3

2008-11-27 05:18 --------- d-----w c:\documents and settings\Chattur'gha\Application Data\LimeWire

2008-11-22 19:05 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-22 01:37 --------- d-----w c:\program files\DAEMON Tools Lite

2008-11-21 01:10 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys

2008-11-21 00:50 --------- d-----w c:\program files\Activision

2008-11-20 23:36 --------- d-----w c:\program files\NVIDIA Corporation

2008-11-20 23:24 --------- d-----w c:\documents and settings\All Users\Application Data\nHancer

2008-11-20 23:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-11-20 23:14 --------- d-----w c:\program files\AGEIA Technologies

2008-11-20 01:33 --------- d-----w c:\program files\SystemRequirementsLab

2008-11-20 01:33 --------- d-----w c:\documents and settings\Chattur'gha\Application Data\SystemRequirementsLab

2008-11-19 19:03 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys

2008-11-12 18:45 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2008-11-05 20:21 --------- d-----w c:\program files\Bethesda Softworks

2008-11-05 05:51 --------- d-----w c:\documents and settings\Chattur'gha\Application Data\Bioshock

2008-11-05 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania

2008-11-04 14:07 --------- d-----w c:\program files\LucasArts

2008-10-26 20:26 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 16:37 --------- d-----w c:\program files\FlashGet

2008-10-22 10:29 14,303,392 ----a-w c:\windows\system32\xlive.dll

2008-10-22 10:29 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll

2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-15 11:03 --------- d-----w c:\program files\Sega

2008-10-13 14:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll

2008-10-12 20:05 --------- d-----w c:\program files\Winamp

2008-10-09 21:44 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-10-07 18:33 286,720 ----a-w c:\windows\system32\nvnt4cpl.dll

2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll

2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll

2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll

2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll

2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll

2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll

2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll

2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll

2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll

2008-10-07 14:13 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe

2008-10-07 14:13 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe

2008-10-07 14:13 23,320 ----a-w c:\windows\system32\PhysXDevice.dll

2008-10-07 08:29 --------- d-----w c:\program files\Audacity

2008-10-04 21:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-18 17:30 784 ----a-w c:\documents and settings\Chattur'gha\Application Data\mpauth.dat

2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys

2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-05-25 02:03 13,195 ----a-w c:\documents and settings\Chattur'gha\zguicfgw.dat

2008-05-25 01:11 40 ----a-w c:\documents and settings\Chattur'gha\language.dat

.

((((((((((((((((((((((((((((( snapshot@2008-12-03_14.52.44.59 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-01 15:26:25 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2008-12-04 03:49:44 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

- 2008-12-01 15:26:26 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

+ 2008-12-04 03:49:44 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2008-12-01 15:26:26 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2008-12-04 03:49:45 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

- 2008-12-01 15:26:21 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-12-04 03:49:39 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-12-01 15:26:21 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-12-04 03:49:40 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-12-01 15:26:22 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-12-04 03:49:41 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-12-01 15:26:22 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-12-04 03:49:41 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-12-01 15:26:23 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-12-04 03:49:41 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-12-01 15:26:23 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-12-04 03:49:42 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-12-01 15:26:24 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-12-04 03:49:42 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-12-01 15:26:24 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-12-04 03:49:42 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-12-01 15:26:24 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-12-04 03:49:43 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-12-01 15:26:26 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-12-04 03:49:45 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-12-01 15:26:27 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2008-12-04 03:49:46 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

- 2008-12-01 15:26:27 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2008-12-04 03:49:46 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2008-12-01 15:26:27 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2008-12-04 03:49:47 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

- 2008-12-01 15:26:28 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2008-12-04 03:49:47 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2008-12-01 15:26:25 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2008-12-04 03:49:44 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

- 2007-04-30 20:50:50 903,072 -c--a-w c:\windows\system32\msidcrl40.dll

+ 2007-08-27 20:41:22 1,089,440 ----a-w c:\windows\system32\msidcrl40.dll

- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll

+ 2005-10-12 23:12:25 14,048 ------w c:\windows\system32\spmsg.dll

- 2006-10-19 01:47:22 38,400 ------w c:\windows\system32\wpdshextres.dll

+ 2006-10-19 02:47:22 38,400 ------w c:\windows\system32\wpdshextres.dll

+ 2008-12-04 11:45:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_354.dat

+ 2008-12-04 11:45:44 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5d8.dat

+ 2007-11-07 01:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2007-11-07 06:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-07 06:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

"nHancer"="c:\program files\nHancer\nHancer.exe" [2008-05-07 1302528]

"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-08-04 2043688]

"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2007-08-04 1056552]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-03 1797880]

"OpenDNS Update"="c:\program files\OpenDNS Updater\OpenDNS Updater.exe" [2008-12-03 316416]

"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-03 1797880]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 c:\windows\RTHDCPL.exe]

c:\documents and settings\Chattur'gha\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"vsmon"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=

"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\FlashGet\\FlashGet.exe"=

"c:\\Program Files\\COMODO\\Firewall\\cmdagent.exe"=

"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-28 28544]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 111184]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-09-20 101776]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-09-20 31504]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-06 20560]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-09-05 24652]

S3 MA8032C;MA8032C;c:\windows\system32\DRIVERS\MA8032C.sys [2008-11-10 25040]

S3 MA8032M;MA8032M;c:\windows\system32\DRIVERS\MA8032M.sys [2008-11-10 25300]

S3 MA8032U;MA8032U;c:\windows\system32\DRIVERS\MA8032U.sys [2008-11-10 49382]

S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\Drivers\Razerlow.sys [2008-11-18 19020]

S3 uisp;Freescale USB JW32 driver;c:\windows\system32\Drivers\usbicp.sys [2008-11-18 162900]

S3 XBAudio;XBox Audio Module;c:\windows\system32\drivers\xbaudio.sys [2004-05-16 8844]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b5a7ad0-80ab-11dd-bf79-00044b14e49e}]

\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89cf9183-b1bd-11dd-bfae-00044b14e49e}]

\Shell\AutoRun\command - PCConnect.exe

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-04 07:02:17

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(848)

c:\windows\system32\nvappfilter.dll

.

Completion time: 2008-12-04 7:04:19

ComboFix-quarantined-files.txt 2008-12-04 12:03:13

ComboFix2.txt 2008-12-03 19:53:07

Pre-Run: 66,600,849,408 bytes free

Post-Run: 66,585,878,528 bytes free

279 --- E O F --- 2008-11-18 07:36:08

Link to post
Share on other sites

Congratulations your logs look clean :D

Let's see if I can help you keep it that way

First lets tidy up

  • Uninstall Combofix
  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • (XP) Click START then RUN
  • Click START, type RUN into the search box, then click Enter
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • CF_Cleanup.png

Open OTMoveIt Click Cleanup,

it will now connect to the internet and get a list of files to delete.

When a box pops up click YES.

You can also delete any logs we have produced, and empty your Recycle bin.

The following is some info to help you stay safe and clean.

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners

I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan

http://www.kaspersky.com/kos/eng/partner/7...kavwebscan.html

!!! Make sure that all your programs are updated !!!

Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

    [*] MalwareBytes Anti-malware <<< A New and effective program

    [*]a-squared Free <<< A good "realtime" or "on demand" scanner

    [*]superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

  • These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition

    [*]SpywareBlaster 4.0

    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.

    [*]SpywareGuard 2.2

    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol

    [*]ZonedOut

    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.

    [*]MVPS HOSTS

    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers

  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.

      [*]Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.

  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential

    [*]Opera

    • Another popular alternative

    [*]Netscape

    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.
    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use

    [*]CCleaner

    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.

If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.

Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :)

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

Link to post
Share on other sites

DNSCheck v.0.8.3

Checking No-Exist Redirector

Fake name: awuwhwworofnxdpdxwrk.com

207.69.131.9: resolves to cisco-1-h4-1-0.ston.mindspring.net -- HIJACKED!

207.69.131.10:

NSLOOKUP.EXE reverse resolution failed. Failing over to local DNS.

Local DNS (DNSAPI) reverse resolution failed with the following error:Fails to reverse resolve. -- WARNING!

DNS name does not exist.

Checking site: google.com

DNSAPI and NSLOOKUP are in agreement. -- OK!

209.85.171.100: resolves to cg-in-f100.google.com -- OK!

72.14.205.100: resolves to qb-in-f100.google.com -- OK!

74.125.45.100: resolves to yx-in-f100.google.com -- OK!

Checking site: yahoo.com

DNSAPI and NSLOOKUP are in agreement. -- OK!

206.190.60.37: resolves to w2.rc.vip.re4.yahoo.com -- OK!

68.180.206.184: resolves to w2.rc.vip.sp1.yahoo.com -- OK!

Checking site: bleepingcomputer.com

DNSAPI and NSLOOKUP are in agreement. -- OK!

208.43.87.2: resolves to www.bleepingcomputer.com -- OK!

Checking site: geekstogo.com

DNSAPI and NSLOOKUP are in agreement. -- OK!

208.43.44.138: resolves to geek15.geekstogo.com -- OK!

Checking site: malwarebytes.org

DNSAPI and NSLOOKUP are in agreement. -- OK!

69.162.79.74: resolves to alpha.malwarebytes.org -- OK!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.