Cannot open certain webpages

Computing.Net > Forums > Security and Virus > Cannot open certain webpages

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Cannot open certain webpages

Name: ajjekko
Date: May 15, 2008 at 03:55:33 Pacific
OS: Vista Premium
CPU/Ram: E6550/2GB 800mhz
Product: Custom

Comment:

Hi, recently I've been infected with a virtumonde virus, I've tried my best to get rid of it and used multiple programs to dispose of it, such as Trojan Remover and Spyware Doctor. They said they removed virtumonde, but Firefox randomly crashes on me, and I can't open webpages like Myspace or meebo. Certain google searches don't work, but some do.. pages just stay loading and never open up. I've tried System Restore as well to no avail, so does anyone know the problem here?

Sponsored Link

Ads by Google

Response Number 1

Name: Adii
Date: May 15, 2008 at 04:19:35 Pacific

Reply:

I think there might be infection, Lets have a look!
Download the "HijackThis" Installer from this link:
http://www.trendsecure.com/portal/e...

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Post Hijackthis Log in your next reply.

Response Number 2

Name: ajjekko
Date: May 15, 2008 at 17:51:42 Pacific

Reply:

Thanks for the reply, the log is as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:57 PM, on 5/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {6052016D-3940-41B9-ABDC-EF4007D94018} - C:\Windows\system32\opnklkkj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CmUCRRun] C:\Windows\system32\CmUCReye.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.exe C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmiboot] C:\Windows\cmiboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkLCvvv.dll,#1
O4 - HKLM\..\Run: [0c19d325] rundll32.exe "C:\Windows\system32\hjbxnsdv.dll",b
O4 - HKLM\..\Run: [BM0f2ae0b9] Rundll32.exe "C:\Windows\system32\gjvvebey.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.co...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 6924 bytes

Response Number 3

Name: Adii
Date: May 15, 2008 at 21:25:33 Pacific

Reply:

Hello ajjekko,
You still have Virtumonde infection on your computer, and you did scan with Hijackthis into safe mode so please run and scan into normal mode again and paste log in your next reply. Thanks!
-----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks

Response Number 4

Name: ajjekko
Date: May 15, 2008 at 21:33:48 Pacific

Reply:

Okay, thank you Adii. This is the normal mode log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:07 AM, on 5/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Windows\CmUCReye.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d29f7c58-2033-9a4b-09d4-5112f628763a} - {a367826f-2115-4d90-b4a9-330285c7f92d} - C:\Windows\system32\atigdavn.dll
O2 - BHO: (no name) - {A963659F-AFF9-4D01-9A4B-8E9455AFDA0C} - C:\Windows\system32\opnklkkj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CmUCRRun] C:\Windows\system32\CmUCReye.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.exe C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmiboot] C:\Windows\cmiboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqOFWnN.dll,#1
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM0f2ae0b9] Rundll32.exe "C:\Windows\system32\gjvvebey.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.co...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 9448 bytes

Response Number 5

Name: Adii
Date: May 15, 2008 at 22:06:36 Pacific

Reply:

Please take note of the following:
1. Please do not make any system changes yet. as any changes you make may well alter your log.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.
-----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks

audiodg.exe cannot open google webpage rainbow six vegas 2 system link	setup rsrc cod2.exe TITAN QUEST HAMACHI halo udp 13625
See More

Response Number 6

Name: Adii
Date: May 15, 2008 at 22:32:36 Pacific

Reply:

Please Disable Real Time Monitoring Programs, click here to see: http://spywaredetail.com/forum/show...

Ad-Aware 2007
Spyware Doctor
Windows Defender
Spybot - Search & Destroy\TeaTimer.exe
Please run HijackThis again! and click "Scan." Place checks next to the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: {d29f7c58-2033-9a4b-09d4-5112f628763a} - {a367826f-2115-4d90-b4a9-330285c7f92d} - C:\Windows\system32\atigdavn.dll
O2 - BHO: (no name) - {A963659F-AFF9-4D01-9A4B-8E9455AFDA0C} - C:\Windows\system32\opnklkkj.dll (file missing)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqOFWnN.dll,#1
O4 - HKLM\..\Run: [BM0f2ae0b9] Rundll32.exe "C:\Windows\system32\gjvvebey.dll",s
Close all browsers and other windows except for HijackThis!, and click "Fix checked".
--
Download Combofix by sUBs and save to your desktop.
(If you have previously downloaded ComboFix,please delete that version now.)

download link HERE:
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
Also post a new Hijackthis log.
-----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks

Response Number 7

Name: ajjekko
Date: May 16, 2008 at 16:03:14 Pacific

Reply:

Hi, here's the Combofix log. ComboFix 08-05-15.3 - Administrator 2008-05-16 16:18:47.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1311 [GMT -4:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\ehglbxsq.exe
C:\Windows\System32\HkQYJRqr.ini
C:\Windows\System32\HkQYJRqr.ini2
C:\Windows\System32\jkklknpo.ini
C:\Windows\System32\jkklknpo.ini2
C:\Windows\system32\ktectmbi.exe
C:\Windows\System32\OpYJQXyb.ini
C:\Windows\System32\OpYJQXyb.ini2
C:\Windows\system32\pmlvojhf.ini
C:\Windows\system32\tencqykl.exe
C:\Windows\system32\vdsnxbjh.ini
C:\Windows\System32\xaIkQqss.ini
C:\Windows\System32\xaIkQqss.ini2
C:\Windows\System32\xbLSvuvw.ini
C:\Windows\System32\xbLSvuvw.ini2
.
---- Previous Run -------
.
C:\Windows\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
2008-05-16 16:22 . 2008-05-12 21:23 59,904 --a------ C:\Windows\System32\vtUklKAR.dll
2008-05-16 16:09 . 2008-05-16 16:09 125,952 --a------ C:\Windows\System32\pgqevkhi.dll
2008-05-16 16:08 . 2008-05-16 16:08 370,688 --a------ C:\Windows\System32\wvuvSLbx.dll
2008-05-16 00:38 . 2008-05-16 00:38 125,952 --a------ C:\Windows\System32\orgtofbj.dll
2008-05-16 00:37 . 2008-05-16 00:37 370,176 --a------ C:\Windows\System32\byXQJYpO.dll
2008-05-15 21:03 . 2008-05-15 21:03 116,800 --a------ C:\Windows\System32\fhjovlmp.dll
2008-05-15 20:53 . 2008-05-15 20:54 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-15 20:53 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-05-15 20:53 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-05-15 20:53 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-05-15 20:53 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-05-15 20:50 . 2008-05-15 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 06:17 . 2008-05-15 06:18 <DIR> d-------- C:\Users\Administrator\.housecall6.6
2008-05-15 06:17 . 2008-05-15 06:17 125,504 --a------ C:\Windows\System32\gjvvebey.dll
2008-05-15 06:15 . 2008-05-15 06:15 125,504 --a------ C:\Windows\System32\hpsfouxp.dll
2008-05-14 22:06 . 2008-05-14 22:06 126,464 --a------ C:\Windows\System32\rptsifhn.dll
2008-05-14 22:05 . 2008-05-14 22:05 369,664 --a------ C:\Windows\System32\rqRJYQkH.dll
2008-05-14 21:59 . 2008-05-14 22:59 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{26845d01-2220-11dd-9715-001e8c489889}.TMContainer00000000000000000002.regtrans-ms
2008-05-14 21:59 . 2008-05-14 22:59 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{26845d01-2220-11dd-9715-001e8c489889}.TMContainer00000000000000000001.regtrans-ms
2008-05-14 21:59 . 2008-05-14 22:59 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{26845d01-2220-11dd-9715-001e8c489889}.TM.blf
2008-05-14 21:34 . 2008-05-14 21:34 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\PC Tools
2008-05-14 19:02 . 2008-05-14 19:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-14 18:55 . 2008-05-14 18:55 <DIR> d-------- C:\VundoFix Backups
2008-05-14 17:33 . 2008-05-14 17:33 369,664 --a------ C:\Windows\System32\ssqQkIax.dll
2008-05-14 16:47 . 2008-05-14 17:27 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{12296b20-21f2-11dd-a891-001e8c489889}.TMContainer00000000000000000002.regtrans-ms
2008-05-14 16:47 . 2008-05-14 17:27 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{12296b20-21f2-11dd-a891-001e8c489889}.TMContainer00000000000000000001.regtrans-ms
2008-05-14 16:47 . 2008-05-14 17:27 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{12296b20-21f2-11dd-a891-001e8c489889}.TM.blf
2008-05-13 23:33 . 2008-05-13 23:33 <DIR> d-------- C:\Users\All Users\Simply Super Software
2008-05-13 23:33 . 2008-05-13 23:33 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Simply Super Software
2008-05-13 23:33 . 2008-05-14 21:04 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-13 23:33 . 2008-05-13 23:33 <DIR> d-------- C:\PROGRA~2\Simply Super Software
2008-05-13 20:57 . 2008-05-13 20:57 <DIR> d-------- C:\Program Files\Bullfrog
2008-05-12 21:23 . 2008-05-12 21:24 <DIR> d-------- C:\Program Files\Water in Fire 2
2008-05-11 02:30 . 2008-05-11 02:44 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Folder Guard
2008-05-11 02:30 . 2008-05-11 12:26 <DIR> d-------- C:\severance fax 9
2008-05-11 02:21 . 2008-05-11 02:44 <DIR> d-------- C:\Program Files\Folder Guard Pro
2008-05-11 01:28 . 2008-05-11 01:28 <DIR> d-------- C:\Neoretix
2008-05-11 01:09 . 2008-05-11 01:27 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-09 00:46 . 2008-05-09 00:46 <DIR> d-------- C:\Users\All Users\Fugazo
2008-05-09 00:46 . 2008-05-09 00:46 <DIR> d-------- C:\PROGRA~2\Fugazo
2008-05-09 00:45 . 2008-05-09 00:46 <DIR> d-------- C:\Program Files\Cooking Academy
2008-05-08 23:23 . 2008-05-08 23:24 <DIR> d-------- C:\Program Files\Zombie Shooter
2008-05-08 23:23 . 2008-05-08 23:23 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-08 21:08 . 2008-05-08 21:08 <DIR> d-------- C:\Games
2008-05-08 01:36 . 2008-05-10 10:57 10 --a------ C:\Windows\popcinfo.dat
2008-05-08 01:17 . 2008-05-08 01:17 <DIR> d-------- C:\Program Files\Zuma Deluxe
2008-05-08 00:34 . 2008-05-08 00:34 <DIR> d-------- C:\Program Files\NaturalMotion
2008-05-08 00:34 . 2002-01-01 03:28 860,211 --a-s---- C:\Windows\System32\XSIFtk-3.6.2.1.dll
2008-04-28 00:35 . 2008-04-28 00:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-27 02:14 . 2008-04-27 02:14 <DIR> d-------- C:\DVDVideoSoft
2008-04-27 02:13 . 2008-04-27 02:13 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-04-27 02:13 . 2008-04-27 02:13 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-04-27 00:32 . 2008-04-27 00:36 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-04-26 19:48 . 2008-04-26 21:29 <DIR> d-------- C:\Program Files\JFK Reloaded
2008-04-26 15:18 . 2006-11-23 05:55 73,728 --a------ C:\Windows\System32\DeathAdder.cpl
2008-04-26 02:27 . 2008-04-26 02:27 <DIR> d-------- C:\Users\All Users\Gamespot
2008-04-26 02:27 . 2008-04-26 02:27 <DIR> d-------- C:\PROGRA~2\Gamespot
2008-04-25 20:06 . 2008-04-25 20:06 <DIR> d-------- C:\Program Files\Terminal Reality
2008-04-25 02:16 . 2008-05-01 16:42 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-04-25 02:16 . 2008-04-25 02:16 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Ubisoft
2008-04-25 02:16 . 2008-05-01 16:42 <DIR> d-------- C:\PROGRA~2\Ubisoft
2008-04-17 09:08 . 2008-04-17 09:08 <DIR> d-------- C:\razer
2008-04-17 08:25 . 2008-04-17 08:25 <DIR> d-------- C:\Program Files\Razer
2008-04-17 08:25 . 2005-03-03 19:47 31,104 --a------ C:\Windows\System32\drivers\CYUSB.sys
2008-04-17 08:25 . 2007-04-12 06:46 10,880 --a------ C:\Windows\System32\drivers\dadder.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 12:12 --------- d---a-w C:\PROGRA~2\TEMP
2008-05-15 01:57 --------- d-----w C:\Users\Administrator\AppData\Roaming\Winamp
2008-05-15 01:57 --------- d-----w C:\Program Files\FlashGet
2008-05-15 01:57 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-05-14 20:46 --------- d-----w C:\Users\Administrator\AppData\Roaming\uTorrent
2008-05-14 20:46 --------- d-----w C:\Users\Administrator\AppData\Roaming\DAEMON Tools
2008-05-12 00:12 --------- d-----w C:\Program Files\SpeedFan
2008-05-11 06:44 --------- d-----w C:\Program Files\Steam
2008-05-11 04:44 --------- d-----w C:\PROGRA~2\WinZip
2008-05-11 04:34 --------- d-----w C:\Users\Administrator\AppData\Roaming\U3
2008-05-10 19:55 --------- d-----w C:\Users\Administrator\AppData\Roaming\LimeWire
2008-05-10 17:10 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-08 19:17 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-02 00:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 06:27 7,039 ----a-w C:\Program Files\install.log
2008-04-26 00:13 --------- d-----w C:\Program Files\Activision
2008-04-25 19:47 --------- d-----w C:\Program Files\EA GAMES
2008-04-25 19:38 --------- d-----w C:\Program Files\Ubisoft
2008-04-25 05:32 --------- d-----w C:\Program Files\uTorrent
2008-04-12 20:02 --------- d-----w C:\Users\Administrator\AppData\Roaming\Bioshock
2008-04-12 17:22 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-04-10 21:35 --------- d-----w C:\Program Files\Eidos
2008-04-09 07:10 --------- d-----w C:\Program Files\Windows Mail
2008-04-06 18:45 --------- d-----w C:\Program Files\Trials 2 Second Edition
2008-04-06 18:11 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-04-03 20:45 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-02 19:20 --------- d-----w C:\Program Files\Starcraft
2008-04-02 02:01 70,656 ----a-w C:\Windows\ScUnin.exe
2008-03-31 19:43 --------- d-----w C:\Program Files\Microsoft Games
2008-03-30 15:20 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-26 19:34 --------- d-----w C:\Program Files\Windows Live
2008-03-26 19:31 --------- d-----w C:\PROGRA~2\Xfire
2008-03-26 02:01 --------- d-----w C:\Users\Administrator\AppData\Roaming\Apple Computer
2008-03-26 00:44 --------- d-----w C:\Program Files\Bethesda Softworks
2008-03-26 00:15 --------- d-----w C:\PROGRA~2\Trymedia
2008-03-25 22:35 --------- d-----w C:\Program Files\Sierra
2008-03-25 03:44 --------- d-----w C:\Users\Administrator\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2008-03-25 03:44 --------- d-----w C:\Program Files\Electronic Arts
2008-03-25 00:08 --------- d-----w C:\Users\Administrator\AppData\Roaming\Xfire
2008-03-24 20:54 --------- d-----w C:\Program Files\Xfire
2008-03-24 20:28 --------- d-----w C:\Program Files\AGEIA Technologies
2008-03-24 20:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-24 18:11 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-24 18:01 --------- d-----w C:\PROGRA~2\Microsoft Games
2008-03-24 17:31 --------- d-----w C:\Program Files\Bioshock
2008-03-19 21:21 720,896 ----a-w C:\Windows\iun6002.exe
2008-03-19 03:38 --------- d-----w C:\Program Files\Windows Media Components
2008-03-19 03:23 --------- d-----w C:\Users\Administrator\AppData\Roaming\DivX
2008-03-19 01:47 --------- d-----w C:\Program Files\ffdshow
2008-03-18 03:35 --------- d-----w C:\Program Files\SuperGOO
2008-03-17 05:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-17 05:23 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-12 02:29 82,774 ----a-w C:\Windows\Uninstall Jade Empire.exe
2008-03-07 02:32 184 ----a-w C:\Users\Administrator\AppData\Roaming\wklnhst.dat
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-19 02:20 22,328 ----a-w C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
2008-02-19 01:50 174 --sha-w C:\Program Files\desktop.ini
2008-02-19 01:43 2,923,520 ----a-w C:\Windows\explorer.exe
2008-02-19 01:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-19 01:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-19 01:33 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-19 01:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-19 01:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFA142CE-1470-493E-B7C3-1441F8AE117C}]
2008-05-16 00:37 370176 --a------ C:\Windows\system32\byXQJYpO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-18 21:32 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-18 21:17 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-18 21:41 1006264]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-02-28 18:50 180224]
"P17RunE"="P17RunE.dll" [2007-04-08 21:40 14848 C:\Windows\System32\P17RunE.dll]
"UpdReg"="C:\Windows\UpdReg.exe" [2000-05-11 02:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"CmUCRRun"="C:\Windows\system32\CmUCReye.exe" [2005-10-12 16:44 241664]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"Cmiboot"="C:\Windows\cmiboot.exe" [2007-02-12 07:08 65536]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 18:54 37376]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-05-07 17:40 159744]
"MSServer"="C:\Windows\system32\vtUklKAR.dll" [2008-05-12 21:23 59904]
"BM0f2ae0b9"="C:\Windows\system32\pgqevkhi.dll" [2008-05-16 16:09 125952]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F1B2B165-FBF2-4EB3-98FF-9CF5506062B5}"= C:\Windows\system32\vtUklKAR.dll [2008-05-12 21:23 59904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\byXQJYpO
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8DD5A636-E2E4-4519-96C2-8D4CCBE43691}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{6535DEF9-691A-498D-822E-AB3F4E6F486A}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{653C4FB8-FAE2-4A07-B3DF-F72D29EE84A5}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{BCC6F69C-5C8E-48EC-8BA9-004A70AD3B1F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F6A06291-2C05-4515-A493-41896CB3D33A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{39813665-E398-43D6-A993-03F03C338722}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{5EEF25A7-91D9-4A26-8EBE-D390E44E2294}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{89931083-30D2-457A-955C-5EBF33E4B1B6}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{DB7ADF7E-E835-4192-BA8C-706936B0A9AE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{1AC22381-2D8B-4F1C-9BF5-DEA1DD02A94A}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{1F7EAC1F-EF72-409A-BCAC-B0D24823B989}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7BCAF730-0262-49A4-882C-6E54552C80D3}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{D2491436-2C8D-49F2-8EE4-C4A4A0519FD4}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{8A2B54F3-7999-4E90-90EE-9D39B4203146}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{CC691980-A9A8-4B09-B035-AF8C3FC18C0D}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{535B1370-D063-421E-8897-34DF97D0A663}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{FC90BB85-B9E4-4258-8CD7-DDCD4814CB95}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{88C57D02-AE7D-4A1C-B53E-C2E83CDE507D}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{6A7A4909-BB3F-4598-8C88-9195DF975F96}C:\\program files\\quake iii arena\\quake3real.exe"= UDP:C:\program files\quake iii arena\quake3real.exe:quake3real
"UDP Query User{FDAD0295-BC3F-498C-9CF9-A7D0586BEC3B}C:\\program files\\quake iii arena\\quake3real.exe"= TCP:C:\program files\quake iii arena\quake3real.exe:quake3real
"TCP Query User{FFCFA2C9-BF40-45E9-9E4B-23067E56FB08}C:\\program files\\quake iii arena\\quake3.exe"= UDP:C:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{E9084991-9095-48E5-A056-0CFA3EF42E1C}C:\\program files\\quake iii arena\\quake3.exe"= TCP:C:\program files\quake iii arena\quake3.exe:quake3
"TCP Query User{E3C39A9C-6888-479E-903F-7616FD7D5E28}C:\\program files\\quake iii arena\\quake3.exe"= UDP:C:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{D2E910D2-2B0D-4A5E-B0F8-610477963BBD}C:\\program files\\quake iii arena\\quake3.exe"= TCP:C:\program files\quake iii arena\quake3.exe:quake3
"TCP Query User{D4A21BE0-1138-4E38-A38B-D141D06359ED}C:\\program files\\steam\\steamapps\\common\\company of heroes\\reliccoh.exe"= UDP:C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{CCA7D62E-8495-431C-B5CC-67A21D3E5B81}C:\\program files\\steam\\steamapps\\common\\company of heroes\\reliccoh.exe"= TCP:C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe:RelicCOH
"{84198DA5-995C-42D4-B03F-4AEC04BA1590}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{876F64AC-767A-45A7-98E3-9E42013BE60D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{3642FDDC-C430-47F0-AE0E-3B3761DAD52B}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{405128F6-2D43-4E6B-98E3-05AB1D97D7DB}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{3D8C1CA7-AB1F-4FD5-A228-96470984932C}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{8340D640-B23A-4253-81B0-B8A0DC25C1F2}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{32D9AFB9-29D9-4B98-94DB-00AE0F7E9870}C:\\program files\\steam\\steamapps\\pancakeman933\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\team fortress 2\hl2.exe:hl2
"UDP Query User{0FA0B734-F4B3-4F8D-B98D-AE2A50775DF3}C:\\program files\\steam\\steamapps\\pancakeman933\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\team fortress 2\hl2.exe:hl2
"TCP Query User{9DE64D41-8C0B-4A71-B8DA-A4724C1038B3}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{FFC32805-918B-4395-91BC-85C30291F237}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{5F427A19-D9CA-4F7E-951A-222D46E045A2}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{76A59605-4485-4FA5-887B-814372E7F164}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{1791A4AD-27F7-40AC-91BA-9159AF69C67A}C:\\program files\\steam\\steamapps\\pancakeman933\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\garrysmod\hl2.exe:hl2
"UDP Query User{33BBD488-4365-42F8-8610-44D05C6806C4}C:\\program files\\steam\\steamapps\\pancakeman933\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\garrysmod\hl2.exe:hl2
"TCP Query User{D0C87D9D-8CC2-4508-B8F9-5150BEC42849}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{AE5C5E49-572B-49B9-A4C0-4113CEC4196E}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"{7F83A7ED-9F7F-4293-B9FF-42C73E8E4717}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{C61FE7B0-ADA6-486E-BB68-DD59922CA9D6}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{882133BF-3F99-41C8-8FE9-BCB9481CA361}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{22772860-F195-48B0-B5D1-91C9FBA994D9}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{9C5EB6F7-C6D0-41C7-80D0-FD0FC205C497}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{0B5A36B7-FC44-4342-B536-E402191446EC}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{E890D67D-08F0-4D9B-ADD5-49431120D8C3}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{BF52E9B8-2F00-40FF-9404-7DFEA89045EF}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{91CCA73B-6EF1-40A7-A277-519945EC38D7}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{7A4C92BF-204F-4794-9B08-338863BD6098}C:\\program files\\ubisoft\\faces of war\\facesofwar.exe"= UDP:C:\program files\ubisoft\faces of war\facesofwar.exe:FOW Application
"UDP Query User{55F84A32-95E3-45FC-8667-4E47B1A65BD4}C:\\program files\\ubisoft\\faces of war\\facesofwar.exe"= TCP:C:\program files\ubisoft\faces of war\facesofwar.exe:FOW Application
"TCP Query User{A7F8612C-75EF-4606-8837-F0F72FA20CB6}C:\\program files\\thq\\titan quest\\titan quest.exe"= UDP:C:\program files\thq\titan quest\titan quest.exe:Titan Quest
"UDP Query User{8B285D02-23A7-40C0-9847-FF5834F0C784}C:\\program files\\thq\\titan quest\\titan quest.exe"= TCP:C:\program files\thq\titan quest\titan quest.exe:Titan Quest
"{DF172F19-59F7-4311-830C-5F17BCAB5CC3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{517EA390-2EB6-4BDE-9080-780446362150}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C766B89D-A171-4913-B67E-C479D03B2489}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{770CEB61-5FD7-4EBF-97D0-8EE7019FF143}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7278897F-CE65-45C0-8899-230F447158C5}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{66BCE69E-B5CE-4F32-9D86-3C9167E2874E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{8A572F65-31B2-48AB-86D0-4932B57A3537}K:\\quake iii arena\\quake3.exe"= UDP:K:\quake iii arena\quake3.exe:quake3
"UDP Query User{7291EB0C-BB27-4D40-B7AF-0FC7EF327CCD}K:\\quake iii arena\\quake3.exe"= TCP:K:\quake iii arena\quake3.exe:quake3
"{72CE2609-E9B4-4CDA-948F-58060241EF76}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{597A12C1-966E-43B0-8F94-B8F6A2BE2C0A}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{26DD48BD-DFF2-41FF-A3DD-8885A29E5B40}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{DC9E0631-3C1A-47A2-859E-609E742226F6}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{62FE5B82-E96D-45E5-8186-DE4A78E7C51C}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{9370053B-8626-4FEE-A73E-58DF7F24E55C}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"TCP Query User{48A6DC00-35D8-4A49-84AA-F721240B81BC}C:\\program files\\postal2stp\\eternal damnation\\system\\eternaldamnation.exe"= UDP:C:\program files\postal2stp\eternal damnation\system\eternaldamnation.exe:EternalDamnation
"UDP Query User{286F6E0F-C060-4ACF-BE00-68DDC0CD025F}C:\\program files\\postal2stp\\eternal damnation\\system\\eternaldamnation.exe"= TCP:C:\program files\postal2stp\eternal damnation\system\eternaldamnation.exe:EternalDamnation
"{298628C4-0A71-49B2-A2F7-C0411BA8C76C}"= UDP:C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{EB94092B-E0A1-4454-BB94-DAFE567D8C36}"= TCP:C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{C161744B-7D37-4CED-B246-DBFD87FBA305}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{5BE30873-8638-4EA2-AD67-3725C40F21AB}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{57D76C4A-97E1-4200-B192-BE2A22F2BC14}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP
"{95A4CE41-4BC8-4E8E-9FD4-DC2E5C7E5F2B}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP
"{E99ABB0E-A9C5-45C9-A29D-4C7931267158}"= UDP:C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:FEARXP
"{387A3FB8-569D-4AE5-AB6A-8E422454AAC3}"= TCP:C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:FEARXP
"TCP Query User{AE7FFA4E-E61F-4EF7-A9A7-0FB0248A434D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B17D4E14-5A4F-4282-B8D9-895549693F1D}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{F1B0209E-0564-41EA-864A-A3865ED6BF7F}"= UDP:C:\Program Files\Flagship Studios\Mythos\bin\Mythos.exe:Mythos
"{86DBCF80-F7C0-4585-A9B7-9EA8F12F0AC3}"= TCP:C:\Program Files\Flagship Studios\Mythos\bin\Mythos.exe:Mythos
"TCP Query User{1E5F646E-94E1-4B09-99B4-4FCCC8147DFD}C:\\users\\administrator\\desktop\\skies\\skies.exe"= UDP:C:\users\administrator\desktop\skies\skies.exe:skies.exe
"UDP Query User{4D8DC167-84E2-4883-81D6-5B008D765111}C:\\users\\administrator\\desktop\\skies\\skies.exe"= TCP:C:\users\administrator\desktop\skies\skies.exe:skies.exe
"TCP Query User{01BE47AF-E497-4C38-AF89-56CF1D2D6C06}C:\\program files\\steam\\steamapps\\pancakeman933\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\team fortress 2\hl2.exe:hl2
"UDP Query User{6F354D3F-6708-403F-8DF1-5FF954170C70}C:\\program files\\steam\\steamapps\\pancakeman933\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\team fortress 2\hl2.exe:hl2
"TCP Query User{7E4D1D8F-66E2-4C7C-8245-254F1D43C430}K:\\alien shooter - vengeance\\alienshooter.exe"= UDP:K:\alien shooter - vengeance\alienshooter.exe:AlienShooter Application
"UDP Query User{DEA1A140-88BD-41B9-8DC7-FE92D294878D}K:\\alien shooter - vengeance\\alienshooter.exe"= TCP:K:\alien shooter - vengeance\alienshooter.exe:AlienShooter Application
"TCP Query User{3740C81F-198D-48A3-8F27-6672B6C9E3F7}C:\\program files\\microsoft games\\halo\\halo.exe"= UDP:C:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{2C27C0AF-93E1-428D-9288-6E11528568EF}C:\\program files\\microsoft games\\halo\\halo.exe"= TCP:C:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{19AAA380-5418-4046-B6B0-8EB48FD16A6B}C:\\program files\\steam\\steamapps\\pancakeman933\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\garrysmod\hl2.exe:hl2
"UDP Query User{9BB16B39-8341-4B0E-A0D6-B22DA24324C1}C:\\program files\\steam\\steamapps\\pancakeman933\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\garrysmod\hl2.exe:hl2
"{13E2D46F-CD5F-4AFA-B7B9-42CF608E26F9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{25782DDD-EF66-4B34-90AC-F6D43555F10B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{2C4A6943-21EA-4D35-ADD6-1CC4BE036230}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{DB36CFD3-972C-4C2C-AC87-4FB2F6147F0F}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{C880749D-C871-442A-BC6F-41DEAC16EBA4}C:\\program files\\starcraft\\starcraft.exe"= UDP:C:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{CF62AC82-5441-4190-998A-1545D56E9448}C:\\program files\\starcraft\\starcraft.exe"= TCP:C:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{506F1525-4AF1-4DBA-B166-22CA63875814}C:\\program files\\steam\\steamapps\\pancakeman933\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\counter-strike source\hl2.exe:hl2
"UDP Query User{20E156E3-DC0D-48B9-A299-9F00A1220D3E}C:\\program files\\steam\\steamapps\\pancakeman933\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\counter-strike source\hl2.exe:hl2
"{01E80EE0-250F-4B1D-8675-144A8EF0DBD5}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{124769E2-B578-4FCB-B3E8-2B1269BEE639}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"TCP Query User{9D347ED6-2EC2-4187-BA0C-953182226706}K:\\exercise\\games\\counter-strike\\counter-strike 1.6 + half-life\\hl.exe"= UDP:K:\exercise\games\counter-strike\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"UDP Query User{F5CCAA9C-FE82-414F-980F-BEC826F64513}K:\\exercise\\games\\counter-strike\\counter-strike 1.6 + half-life\\hl.exe"= TCP:K:\exercise\games\counter-strike\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"TCP Query User{6E6A34A2-3379-4D3F-B940-FBA559FB538F}C:\\program files\\microsoft games\\gears of war\\binaries\\wargame-g4wlive.exe"= UDP:C:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"UDP Query User{68E1A856-6EBD-40EE-8CFC-2CB3CD6D09D8}C:\\program files\\microsoft games\\gears of war\\binaries\\wargame-g4wlive.exe"= TCP:C:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"{9A13A11A-1640-45F9-BB69-8618E7D7AF60}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C81FD484-D687-46CD-A628-76BAE29338C4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{95827CC6-0EF8-4890-BE79-010C3D4E89C4}C:\\users\\administrator\\desktop\\nexuiz\\nexuiz\\nexuiz.exe"= UDP:C:\users\administrator\desktop\nexuiz\nexuiz\nexuiz.exe:Nexuiz
"UDP Query User{CE8E60A1-62F3-4844-BB15-14EA211ED16C}C:\\users\\administrator\\desktop\\nexuiz\\nexuiz\\nexuiz.exe"= TCP:C:\users\administrator\desktop\nexuiz\nexuiz\nexuiz.exe:Nexuiz
"TCP Query User{20FD41C9-CFAD-468D-A648-54D618997946}C:\\program files\\steam\\steamapps\\pancakeman933\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\source sdk base\hl2.exe:hl2
"UDP Query User{63DE7CA7-8084-4585-ACA5-BF0442293238}C:\\program files\\steam\\steamapps\\pancakeman933\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\source sdk base\hl2.exe:hl2
"TCP Query User{D1B87957-580B-47A2-B9D6-49512D5F23BF}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{6B58A1AD-C4AB-4823-A870-7203655BD9CB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B6328E19-DFFA-48FF-A8CA-DEC583CC17DA}C:\\users\\administrator\\documents\\downloads\\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\\rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= UDP:C:\users\administrator\documents\downloads\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\rainbow six vegas 2\binaries\r6vegas2_game.exe:R6Vegas2_Game
"UDP Query User{A386CC0A-0F4E-4026-BEC6-02633711A342}C:\\users\\administrator\\documents\\downloads\\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\\rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= TCP:C:\users\administrator\documents\downloads\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\rainbow six vegas 2\binaries\r6vegas2_game.exe:R6Vegas2_Game
"TCP Query User{741BDCA2-CD1E-4FDD-8985-20E54C06D77B}C:\\program files\\sierra entertainment\\world in conflict\\wic.exe"= UDP:C:\program files\sierra entertainment\world in conflict\wic.exe:World in Conflict
"UDP Query User{913AE7F4-5578-4EA8-8979-D3E1EBF938B4}C:\\program files\\sierra entertainment\\world in conflict\\wic.exe"= TCP:C:\program files\sierra entertainment\world in conflict\wic.exe:World in Conflict
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 FGUARD32;FGUARD32;C:\Program Files\Folder Guard Pro\FGUARD32.SYS [2007-02-25 00:00]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;C:\Windows\system32\DRIVERS\cmiucr.SYS [2007-09-10 04:49]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys [2007-04-12 06:46]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-10 09:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\Setup\rsrc\autorun.exe
\shell\dinstall\command - J:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554a3a47-f556-11dc-b603-001e8c489889}]
\shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a66893-e469-11dc-a9dc-001e8c489889}]
\shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afb62058-de8c-11dc-b801-001e8c489889}]
\shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
\shell\dinstall\command - J:\Directx\dxsetup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 16:22:23
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\vtUklKAR.dll
PROCESS: C:\Windows\system32\lsass.exe
-> C:\Windows\system32\byXQJYpO.dll
PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\pgqevkhi.dll
.
r Running Proce
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-16 17:21:25 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-05-16 21:21:19
Pre-Run: 60,234,846,208 bytes free
Post-Run: 59,045,093,376 bytes free
383 --- E O F --- 2008-05-16 20:35:
However, every 5 seconds it kept saying it had no Administrator privileges, while it actually did and I was running as an administrator. Also, it kept saying Windows Command Prompt has crashed or something like that, and the same with Hijack This when the scan ended. I could still get the log for HJT, this is it :

Response Number 8

Name: ajjekko
Date: May 16, 2008 at 16:03:32 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:57 PM, on 5/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\CmUCREye.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CFA142CE-1470-493E-B7C3-1441F8AE117C} - C:\Windows\system32\byXQJYpO.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CmUCRRun] C:\Windows\system32\CmUCReye.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.exe C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmiboot] C:\Windows\cmiboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUklKAR.dll,#1
O4 - HKLM\..\Run: [BM0f2ae0b9] Rundll32.exe "C:\Windows\system32\pgqevkhi.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.co...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 7362 bytes

Response Number 9

Name: Adii
Date: May 17, 2008 at 03:48:16 Pacific

Reply:

Open notepad, Don't use any other texteditor than notepad or the script will fail.
Copy/paste the bold text below into notepad:

File::
C:\Windows\System32\vtUklKAR.dll
C:\Windows\System32\wvuvSLbx.dll
C:\Windows\System32\pgqevkhi.dll
C:\Windows\System32\orgtofbj.dll
C:\Windows\System32\byXQJYpO.dll
C:\Windows\System32\fhjovlmp.dll
C:\Windows\System32\rqRJYQkH.dll
C:\Windows\System32\ssqQkIax.dll
C:\Windows\system32\atigdavn.dll
C:\Windows\system32\ssqOFWnN.dll
C:\Windows\system32\gjvvebey.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a367826f-2115-4d90-b4a9-330285c7f92d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d29f7c58-2033-9a4b-09d4-5112f628763a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFA142CE-1470-493E-B7C3-1441F8AE117C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F1B2B165-FBF2-4EB3-98FF-9CF5506062B5}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
"BM0f2ae0b9"=-
Save this as text file with name of CFScript. Select "All files" from Save as Type.
Then drag the CFScript file into ComboFix.exe icon.
This will start ComboFix again.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
--
Clean UP:
* Clean your Cache and Cookies in IE:
Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Under Browsing History, click Delete.
Click Delete Files, Delete cookies and Delete history
Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
Go to Tools > Options.
Click Privacy in the menu..
Click the Clear now button below.. A new window will popup what to clear.
Select all and click the Clear button again.
Click OK to close the Options window
* Clean other Temporary files + Recycle bin
Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.
--
Please download Malwarebytes' Anti-Malware to your desktop. This is an Free Antimalware Application tool.
Download link: http://www.malwarebytes.org/mbam/pr...
>DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
>Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
>If an update is found, it will download and install the latest database updates.
>Once the program has loaded, select Perform full scan, then click Scan.
>When the scan is complete, click OK, then Show Results to view the results.
>Be sure that everything is checked, and click Remove Selected.
>When MBAM finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post its Log in your next reply along with HJT log.
--
Please do an online scan with Kaspersky WebScanner.
online scanner: http://www.kaspersky.com/virusscanner

1.Click on "Kaspersky Online Scanner".
2.You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
3.The program will launch and then begin downloading the latest definition files.
4.Once the files have been downloaded click on "NEXT".
5.Now click on "Scan Settings".
6.In the scan settings make that the following are selected:
7.Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
8.Scan Options:
Scan Archives
Scan Mail Bases
9.Click OK.
10.Under select a target to scan, select "My Computer".
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Upon completion, click on the "Save as Text" button.
Save the file to your desktop.
Copy and paste that information in your next reply.
-----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks

Response Number 10

Name: ajjekko
Date: May 17, 2008 at 14:00:26 Pacific

Reply:

Yay, thanks. That new combofix worked. Here's the log
ComboFix 08-05-15.3 - Administrator 2008-05-17 16:51:46.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1047 [GMT -4:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Users\Administrator\Desktop\CFSCRIPT.txt
* Created a new restore point
FILE ::
C:\Windows\system32\atigdavn.dll
C:\Windows\System32\byXQJYpO.dll
C:\Windows\System32\fhjovlmp.dll
C:\Windows\system32\gjvvebey.dll
C:\Windows\System32\orgtofbj.dll
C:\Windows\System32\pgqevkhi.dll
C:\Windows\System32\rqRJYQkH.dll
C:\Windows\system32\ssqOFWnN.dll
C:\Windows\System32\ssqQkIax.dll
C:\Windows\System32\vtUklKAR.dll
C:\Windows\System32\wvuvSLbx.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\byXQJYpO.dll
C:\Windows\System32\fhjovlmp.dll
C:\Windows\system32\gjvvebey.dll
C:\Windows\system32\gqthjkah.exe
C:\Windows\System32\ifeegcek.ini
C:\Windows\system32\OpYJQXyb.ini
C:\Windows\System32\OpYJQXyb.ini2
C:\Windows\System32\orgtofbj.dll
C:\Windows\System32\pgqevkhi.dll
C:\Windows\System32\rqRJYQkH.dll
C:\Windows\System32\ssqQkIax.dll
C:\Windows\System32\vtUklKAR.dll
C:\Windows\System32\wvuvSLbx.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.
2008-05-16 19:03 . 2008-05-16 19:03 116,736 --a------ C:\Windows\System32\kecgeefi.dll
2008-05-16 19:00 . 2008-05-16 19:00 125,952 --a------ C:\Windows\System32\mfwlkehl.dll
2008-05-15 20:53 . 2008-05-15 20:54 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-15 20:53 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-05-15 20:53 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-05-15 20:53 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-05-15 20:53 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-05-15 20:50 . 2008-05-15 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 06:17 . 2008-05-15 06:18 <DIR> d-------- C:\Users\Administrator\.housecall6.6
2008-05-15 06:15 . 2008-05-15 06:15 125,504 --a------ C:\Windows\System32\hpsfouxp.dll
2008-05-14 22:06 . 2008-05-14 22:06 126,464 --a------ C:\Windows\System32\rptsifhn.dll
2008-05-14 21:59 . 2008-05-14 22:59 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{26845d01-2220-11dd-9715-001e8c489889}.TMContainer00000000000000000002.regtrans-ms
2008-05-14 21:59 . 2008-05-14 22:59 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{26845d01-2220-11dd-9715-001e8c489889}.TMContainer00000000000000000001.regtrans-ms
2008-05-14 21:59 . 2008-05-14 22:59 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{26845d01-2220-11dd-9715-001e8c489889}.TM.blf
2008-05-14 21:34 . 2008-05-14 21:34 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\PC Tools
2008-05-14 19:02 . 2008-05-14 19:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-14 18:55 . 2008-05-14 18:55 <DIR> d-------- C:\VundoFix Backups
2008-05-14 16:47 . 2008-05-14 17:27 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{12296b20-21f2-11dd-a891-001e8c489889}.TMContainer00000000000000000002.regtrans-ms
2008-05-14 16:47 . 2008-05-14 17:27 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{12296b20-21f2-11dd-a891-001e8c489889}.TMContainer00000000000000000001.regtrans-ms
2008-05-14 16:47 . 2008-05-14 17:27 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{12296b20-21f2-11dd-a891-001e8c489889}.TM.blf
2008-05-13 23:33 . 2008-05-13 23:33 <DIR> d-------- C:\Users\All Users\Simply Super Software
2008-05-13 23:33 . 2008-05-13 23:33 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Simply Super Software
2008-05-13 23:33 . 2008-05-14 21:04 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-13 23:33 . 2008-05-13 23:33 <DIR> d-------- C:\PROGRA~2\Simply Super Software
2008-05-13 20:57 . 2008-05-13 20:57 <DIR> d-------- C:\Program Files\Bullfrog
2008-05-12 21:23 . 2008-05-12 21:24 <DIR> d-------- C:\Program Files\Water in Fire 2
2008-05-11 02:30 . 2008-05-11 02:44 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Folder Guard
2008-05-11 02:30 . 2008-05-11 12:26 <DIR> d-------- C:\severance fax 9
2008-05-11 02:21 . 2008-05-11 02:44 <DIR> d-------- C:\Program Files\Folder Guard Pro
2008-05-11 01:28 . 2008-05-11 01:28 <DIR> d-------- C:\Neoretix
2008-05-11 01:09 . 2008-05-11 01:27 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-09 00:46 . 2008-05-09 00:46 <DIR> d-------- C:\Users\All Users\Fugazo
2008-05-09 00:46 . 2008-05-09 00:46 <DIR> d-------- C:\PROGRA~2\Fugazo
2008-05-09 00:45 . 2008-05-09 00:46 <DIR> d-------- C:\Program Files\Cooking Academy
2008-05-08 23:23 . 2008-05-08 23:24 <DIR> d-------- C:\Program Files\Zombie Shooter
2008-05-08 23:23 . 2008-05-08 23:23 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-08 21:08 . 2008-05-08 21:08 <DIR> d-------- C:\Games
2008-05-08 01:36 . 2008-05-10 10:57 10 --a------ C:\Windows\popcinfo.dat
2008-05-08 01:17 . 2008-05-08 01:17 <DIR> d-------- C:\Program Files\Zuma Deluxe
2008-05-08 00:34 . 2008-05-08 00:34 <DIR> d-------- C:\Program Files\NaturalMotion
2008-05-08 00:34 . 2002-01-01 03:28 860,211 --a-s---- C:\Windows\System32\XSIFtk-3.6.2.1.dll
2008-04-28 00:35 . 2008-04-28 00:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-27 02:14 . 2008-04-27 02:14 <DIR> d-------- C:\DVDVideoSoft
2008-04-27 02:13 . 2008-04-27 02:13 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-04-27 02:13 . 2008-04-27 02:13 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-04-27 00:32 . 2008-04-27 00:36 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-04-26 19:48 . 2008-04-26 21:29 <DIR> d-------- C:\Program Files\JFK Reloaded
2008-04-26 15:18 . 2006-11-23 05:55 73,728 --a------ C:\Windows\System32\DeathAdder.cpl
2008-04-26 02:27 . 2008-04-26 02:27 <DIR> d-------- C:\Users\All Users\Gamespot
2008-04-26 02:27 . 2008-04-26 02:27 <DIR> d-------- C:\PROGRA~2\Gamespot
2008-04-25 20:06 . 2008-04-25 20:06 <DIR> d-------- C:\Program Files\Terminal Reality
2008-04-25 02:16 . 2008-05-01 16:42 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-04-25 02:16 . 2008-04-25 02:16 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Ubisoft
2008-04-25 02:16 . 2008-05-01 16:42 <DIR> d-------- C:\PROGRA~2\Ubisoft
2008-04-17 09:08 . 2008-04-17 09:08 <DIR> d-------- C:\razer
2008-04-17 08:25 . 2008-04-17 08:25 <DIR> d-------- C:\Program Files\Razer
2008-04-17 08:25 . 2005-03-03 19:47 31,104 --a------ C:\Windows\System32\drivers\CYUSB.sys
2008-04-17 08:25 . 2007-04-12 06:46 10,880 --a------ C:\Windows\System32\drivers\dadder.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 12:12 --------- d---a-w C:\PROGRA~2\TEMP
2008-05-15 01:57 --------- d-----w C:\Users\Administrator\AppData\Roaming\Winamp
2008-05-15 01:57 --------- d-----w C:\Program Files\FlashGet
2008-05-15 01:57 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-05-14 20:46 --------- d-----w C:\Users\Administrator\AppData\Roaming\uTorrent
2008-05-14 20:46 --------- d-----w C:\Users\Administrator\AppData\Roaming\DAEMON Tools
2008-05-12 00:12 --------- d-----w C:\Program Files\SpeedFan
2008-05-11 06:44 --------- d-----w C:\Program Files\Steam
2008-05-11 04:44 --------- d-----w C:\PROGRA~2\WinZip
2008-05-11 04:34 --------- d-----w C:\Users\Administrator\AppData\Roaming\U3
2008-05-10 19:55 --------- d-----w C:\Users\Administrator\AppData\Roaming\LimeWire
2008-05-10 17:10 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-08 19:17 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-02 00:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 06:27 7,039 ----a-w C:\Program Files\install.log
2008-04-26 00:13 --------- d-----w C:\Program Files\Activision
2008-04-25 19:47 --------- d-----w C:\Program Files\EA GAMES
2008-04-25 19:38 --------- d-----w C:\Program Files\Ubisoft
2008-04-25 05:32 --------- d-----w C:\Program Files\uTorrent
2008-04-12 20:02 --------- d-----w C:\Users\Administrator\AppData\Roaming\Bioshock
2008-04-12 17:22 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-04-10 21:35 --------- d-----w C:\Program Files\Eidos
2008-04-09 07:10 --------- d-----w C:\Program Files\Windows Mail
2008-04-06 18:45 --------- d-----w C:\Program Files\Trials 2 Second Edition
2008-04-06 18:11 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-04-03 20:45 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-02 19:20 --------- d-----w C:\Program Files\Starcraft
2008-04-02 02:01 70,656 ----a-w C:\Windows\ScUnin.exe
2008-03-31 19:43 --------- d-----w C:\Program Files\Microsoft Games
2008-03-30 15:20 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-26 19:34 --------- d-----w C:\Program Files\Windows Live
2008-03-26 19:31 --------- d-----w C:\PROGRA~2\Xfire
2008-03-26 02:01 --------- d-----w C:\Users\Administrator\AppData\Roaming\Apple Computer
2008-03-26 00:44 --------- d-----w C:\Program Files\Bethesda Softworks
2008-03-26 00:15 --------- d-----w C:\PROGRA~2\Trymedia
2008-03-25 22:35 --------- d-----w C:\Program Files\Sierra
2008-03-25 03:44 --------- d-----w C:\Users\Administrator\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2008-03-25 03:44 --------- d-----w C:\Program Files\Electronic Arts
2008-03-25 00:08 --------- d-----w C:\Users\Administrator\AppData\Roaming\Xfire
2008-03-24 20:54 --------- d-----w C:\Program Files\Xfire
2008-03-24 20:28 --------- d-----w C:\Program Files\AGEIA Technologies
2008-03-24 20:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-24 18:11 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-24 18:01 --------- d-----w C:\PROGRA~2\Microsoft Games
2008-03-24 17:31 --------- d-----w C:\Program Files\Bioshock
2008-03-19 21:21 720,896 ----a-w C:\Windows\iun6002.exe
2008-03-19 03:38 --------- d-----w C:\Program Files\Windows Media Components
2008-03-19 03:23 --------- d-----w C:\Users\Administrator\AppData\Roaming\DivX
2008-03-19 01:47 --------- d-----w C:\Program Files\ffdshow
2008-03-18 03:35 --------- d-----w C:\Program Files\SuperGOO
2008-03-17 05:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-17 05:23 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-12 02:29 82,774 ----a-w C:\Windows\Uninstall Jade Empire.exe
2008-03-07 02:32 184 ----a-w C:\Users\Administrator\AppData\Roaming\wklnhst.dat
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-19 02:20 22,328 ----a-w C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
2008-02-19 01:50 174 --sha-w C:\Program Files\desktop.ini
2008-02-19 01:43 2,923,520 ----a-w C:\Windows\explorer.exe
2008-02-19 01:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-19 01:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-19 01:33 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-19 01:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-19 01:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-18 21:32 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-18 21:17 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-18 21:41 1006264]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-02-28 18:50 180224]
"P17RunE"="P17RunE.dll" [2007-04-08 21:40 14848 C:\Windows\System32\P17RunE.dll]
"UpdReg"="C:\Windows\UpdReg.exe" [2000-05-11 02:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"CmUCRRun"="C:\Windows\system32\CmUCReye.exe" [2005-10-12 16:44 241664]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"Cmiboot"="C:\Windows\cmiboot.exe" [2007-02-12 07:08 65536]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 18:54 37376]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-05-07 17:40 159744]
"0c19d325"="C:\Windows\system32\kecgeefi.dll" [2008-05-16 19:03 116736]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\byXQJYpO
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8DD5A636-E2E4-4519-96C2-8D4CCBE43691}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{6535DEF9-691A-498D-822E-AB3F4E6F486A}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{653C4FB8-FAE2-4A07-B3DF-F72D29EE84A5}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{BCC6F69C-5C8E-48EC-8BA9-004A70AD3B1F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F6A06291-2C05-4515-A493-41896CB3D33A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{39813665-E398-43D6-A993-03F03C338722}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{5EEF25A7-91D9-4A26-8EBE-D390E44E2294}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{89931083-30D2-457A-955C-5EBF33E4B1B6}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{DB7ADF7E-E835-4192-BA8C-706936B0A9AE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{1AC22381-2D8B-4F1C-9BF5-DEA1DD02A94A}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{1F7EAC1F-EF72-409A-BCAC-B0D24823B989}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7BCAF730-0262-49A4-882C-6E54552C80D3}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{D2491436-2C8D-49F2-8EE4-C4A4A0519FD4}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{8A2B54F3-7999-4E90-90EE-9D39B4203146}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{CC691980-A9A8-4B09-B035-AF8C3FC18C0D}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{535B1370-D063-421E-8897-34DF97D0A663}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{FC90BB85-B9E4-4258-8CD7-DDCD4814CB95}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{88C57D02-AE7D-4A1C-B53E-C2E83CDE507D}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{6A7A4909-BB3F-4598-8C88-9195DF975F96}C:\\program files\\quake iii arena\\quake3real.exe"= UDP:C:\program files\quake iii arena\quake3real.exe:quake3real
"UDP Query User{FDAD0295-BC3F-498C-9CF9-A7D0586BEC3B}C:\\program files\\quake iii arena\\quake3real.exe"= TCP:C:\program files\quake iii arena\quake3real.exe:quake3real
"TCP Query User{FFCFA2C9-BF40-45E9-9E4B-23067E56FB08}C:\\program files\\quake iii arena\\quake3.exe"= UDP:C:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{E9084991-9095-48E5-A056-0CFA3EF42E1C}C:\\program files\\quake iii arena\\quake3.exe"= TCP:C:\program files\quake iii arena\quake3.exe:quake3
"TCP Query User{E3C39A9C-6888-479E-903F-7616FD7D5E28}C:\\program files\\quake iii arena\\quake3.exe"= UDP:C:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{D2E910D2-2B0D-4A5E-B0F8-610477963BBD}C:\\program files\\quake iii arena\\quake3.exe"= TCP:C:\program files\quake iii arena\quake3.exe:quake3
"TCP Query User{D4A21BE0-1138-4E38-A38B-D141D06359ED}C:\\program files\\steam\\steamapps\\common\\company of heroes\\reliccoh.exe"= UDP:C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{CCA7D62E-8495-431C-B5CC-67A21D3E5B81}C:\\program files\\steam\\steamapps\\common\\company of heroes\\reliccoh.exe"= TCP:C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe:RelicCOH
"{84198DA5-995C-42D4-B03F-4AEC04BA1590}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{876F64AC-767A-45A7-98E3-9E42013BE60D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{3642FDDC-C430-47F0-AE0E-3B3761DAD52B}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{405128F6-2D43-4E6B-98E3-05AB1D97D7DB}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{3D8C1CA7-AB1F-4FD5-A228-96470984932C}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{8340D640-B23A-4253-81B0-B8A0DC25C1F2}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{32D9AFB9-29D9-4B98-94DB-00AE0F7E9870}C:\\program files\\steam\\steamapps\\pancakeman933\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\team fortress 2\hl2.exe:hl2
"UDP Query User{0FA0B734-F4B3-4F8D-B98D-AE2A50775DF3}C:\\program files\\steam\\steamapps\\pancakeman933\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\team fortress 2\hl2.exe:hl2
"TCP Query User{9DE64D41-8C0B-4A71-B8DA-A4724C1038B3}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{FFC32805-918B-4395-91BC-85C30291F237}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{5F427A19-D9CA-4F7E-951A-222D46E045A2}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{76A59605-4485-4FA5-887B-814372E7F164}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{1791A4AD-27F7-40AC-91BA-9159AF69C67A}C:\\program files\\steam\\steamapps\\pancakeman933\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\garrysmod\hl2.exe:hl2
"UDP Query User{33BBD488-4365-42F8-8610-44D05C6806C4}C:\\program files\\steam\\steamapps\\pancakeman933\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\garrysmod\hl2.exe:hl2
"TCP Query User{D0C87D9D-8CC2-4508-B8F9-5150BEC42849}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{AE5C5E49-572B-49B9-A4C0-4113CEC4196E}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"{7F83A7ED-9F7F-4293-B9FF-42C73E8E4717}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{C61FE7B0-ADA6-486E-BB68-DD59922CA9D6}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{882133BF-3F99-41C8-8FE9-BCB9481CA361}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{22772860-F195-48B0-B5D1-91C9FBA994D9}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{9C5EB6F7-C6D0-41C7-80D0-FD0FC205C497}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{0B5A36B7-FC44-4342-B536-E402191446EC}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{E890D67D-08F0-4D9B-ADD5-49431120D8C3}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{BF52E9B8-2F00-40FF-9404-7DFEA89045EF}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{91CCA73B-6EF1-40A7-A277-519945EC38D7}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{7A4C92BF-204F-4794-9B08-338863BD6098}C:\\program files\\ubisoft\\faces of war\\facesofwar.exe"= UDP:C:\program files\ubisoft\faces of war\facesofwar.exe:FOW Application
"UDP Query User{55F84A32-95E3-45FC-8667-4E47B1A65BD4}C:\\program files\\ubisoft\\faces of war\\facesofwar.exe"= TCP:C:\program files\ubisoft\faces of war\facesofwar.exe:FOW Application
"TCP Query User{A7F8612C-75EF-4606-8837-F0F72FA20CB6}C:\\program files\\thq\\titan quest\\titan quest.exe"= UDP:C:\program files\thq\titan quest\titan quest.exe:Titan Quest
"UDP Query User{8B285D02-23A7-40C0-9847-FF5834F0C784}C:\\program files\\thq\\titan quest\\titan quest.exe"= TCP:C:\program files\thq\titan quest\titan quest.exe:Titan Quest
"{DF172F19-59F7-4311-830C-5F17BCAB5CC3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{517EA390-2EB6-4BDE-9080-780446362150}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C766B89D-A171-4913-B67E-C479D03B2489}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{770CEB61-5FD7-4EBF-97D0-8EE7019FF143}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7278897F-CE65-45C0-8899-230F447158C5}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{66BCE69E-B5CE-4F32-9D86-3C9167E2874E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{8A572F65-31B2-48AB-86D0-4932B57A3537}K:\\quake iii arena\\quake3.exe"= UDP:K:\quake iii arena\quake3.exe:quake3
"UDP Query User{7291EB0C-BB27-4D40-B7AF-0FC7EF327CCD}K:\\quake iii arena\\quake3.exe"= TCP:K:\quake iii arena\quake3.exe:quake3
"{72CE2609-E9B4-4CDA-948F-58060241EF76}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{597A12C1-966E-43B0-8F94-B8F6A2BE2C0A}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{26DD48BD-DFF2-41FF-A3DD-8885A29E5B40}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{DC9E0631-3C1A-47A2-859E-609E742226F6}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{62FE5B82-E96D-45E5-8186-DE4A78E7C51C}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{9370053B-8626-4FEE-A73E-58DF7F24E55C}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"TCP Query User{48A6DC00-35D8-4A49-84AA-F721240B81BC}C:\\program files\\postal2stp\\eternal damnation\\system\\eternaldamnation.exe"= UDP:C:\program files\postal2stp\eternal damnation\system\eternaldamnation.exe:EternalDamnation
"UDP Query User{286F6E0F-C060-4ACF-BE00-68DDC0CD025F}C:\\program files\\postal2stp\\eternal damnation\\system\\eternaldamnation.exe"= TCP:C:\program files\postal2stp\eternal damnation\system\eternaldamnation.exe:EternalDamnation
"{298628C4-0A71-49B2-A2F7-C0411BA8C76C}"= UDP:C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{EB94092B-E0A1-4454-BB94-DAFE567D8C36}"= TCP:C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{C161744B-7D37-4CED-B246-DBFD87FBA305}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{5BE30873-8638-4EA2-AD67-3725C40F21AB}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{57D76C4A-97E1-4200-B192-BE2A22F2BC14}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP
"{95A4CE41-4BC8-4E8E-9FD4-DC2E5C7E5F2B}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP
"{E99ABB0E-A9C5-45C9-A29D-4C7931267158}"= UDP:C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:FEARXP
"{387A3FB8-569D-4AE5-AB6A-8E422454AAC3}"= TCP:C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:FEARXP
"TCP Query User{AE7FFA4E-E61F-4EF7-A9A7-0FB0248A434D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B17D4E14-5A4F-4282-B8D9-895549693F1D}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{F1B0209E-0564-41EA-864A-A3865ED6BF7F}"= UDP:C:\Program Files\Flagship Studios\Mythos\bin\Mythos.exe:Mythos
"{86DBCF80-F7C0-4585-A9B7-9EA8F12F0AC3}"= TCP:C:\Program Files\Flagship Studios\Mythos\bin\Mythos.exe:Mythos
"TCP Query User{1E5F646E-94E1-4B09-99B4-4FCCC8147DFD}C:\\users\\administrator\\desktop\\skies\\skies.exe"= UDP:C:\users\administrator\desktop\skies\skies.exe:skies.exe
"UDP Query User{4D8DC167-84E2-4883-81D6-5B008D765111}C:\\users\\administrator\\desktop\\skies\\skies.exe"= TCP:C:\users\administrator\desktop\skies\skies.exe:skies.exe
"TCP Query User{01BE47AF-E497-4C38-AF89-56CF1D2D6C06}C:\\program files\\steam\\steamapps\\pancakeman933\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\team fortress 2\hl2.exe:hl2
"UDP Query User{6F354D3F-6708-403F-8DF1-5FF954170C70}C:\\program files\\steam\\steamapps\\pancakeman933\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\team fortress 2\hl2.exe:hl2
"TCP Query User{7E4D1D8F-66E2-4C7C-8245-254F1D43C430}K:\\alien shooter - vengeance\\alienshooter.exe"= UDP:K:\alien shooter - vengeance\alienshooter.exe:AlienShooter Application
"UDP Query User{DEA1A140-88BD-41B9-8DC7-FE92D294878D}K:\\alien shooter - vengeance\\alienshooter.exe"= TCP:K:\alien shooter - vengeance\alienshooter.exe:AlienShooter Application
"TCP Query User{3740C81F-198D-48A3-8F27-6672B6C9E3F7}C:\\program files\\microsoft games\\halo\\halo.exe"= UDP:C:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{2C27C0AF-93E1-428D-9288-6E11528568EF}C:\\program files\\microsoft games\\halo\\halo.exe"= TCP:C:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{19AAA380-5418-4046-B6B0-8EB48FD16A6B}C:\\program files\\steam\\steamapps\\pancakeman933\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\garrysmod\hl2.exe:hl2
"UDP Query User{9BB16B39-8341-4B0E-A0D6-B22DA24324C1}C:\\program files\\steam\\steamapps\\pancakeman933\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\garrysmod\hl2.exe:hl2
"{13E2D46F-CD5F-4AFA-B7B9-42CF608E26F9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{25782DDD-EF66-4B34-90AC-F6D43555F10B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{2C4A6943-21EA-4D35-ADD6-1CC4BE036230}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{DB36CFD3-972C-4C2C-AC87-4FB2F6147F0F}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{C880749D-C871-442A-BC6F-41DEAC16EBA4}C:\\program files\\starcraft\\starcraft.exe"= UDP:C:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{CF62AC82-5441-4190-998A-1545D56E9448}C:\\program files\\starcraft\\starcraft.exe"= TCP:C:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{506F1525-4AF1-4DBA-B166-22CA63875814}C:\\program files\\steam\\steamapps\\pancakeman933\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\counter-strike source\hl2.exe:hl2
"UDP Query User{20E156E3-DC0D-48B9-A299-9F00A1220D3E}C:\\program files\\steam\\steamapps\\pancakeman933\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\counter-strike source\hl2.exe:hl2
"{01E80EE0-250F-4B1D-8675-144A8EF0DBD5}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{124769E2-B578-4FCB-B3E8-2B1269BEE639}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"TCP Query User{9D347ED6-2EC2-4187-BA0C-953182226706}K:\\exercise\\games\\counter-strike\\counter-strike 1.6 + half-life\\hl.exe"= UDP:K:\exercise\games\counter-strike\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"UDP Query User{F5CCAA9C-FE82-414F-980F-BEC826F64513}K:\\exercise\\games\\counter-strike\\counter-strike 1.6 + half-life\\hl.exe"= TCP:K:\exercise\games\counter-strike\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"TCP Query User{6E6A34A2-3379-4D3F-B940-FBA559FB538F}C:\\program files\\microsoft games\\gears of war\\binaries\\wargame-g4wlive.exe"= UDP:C:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"UDP Query User{68E1A856-6EBD-40EE-8CFC-2CB3CD6D09D8}C:\\program files\\microsoft games\\gears of war\\binaries\\wargame-g4wlive.exe"= TCP:C:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"{9A13A11A-1640-45F9-BB69-8618E7D7AF60}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C81FD484-D687-46CD-A628-76BAE29338C4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{95827CC6-0EF8-4890-BE79-010C3D4E89C4}C:\\users\\administrator\\desktop\\nexuiz\\nexuiz\\nexuiz.exe"= UDP:C:\users\administrator\desktop\nexuiz\nexuiz\nexuiz.exe:Nexuiz
"UDP Query User{CE8E60A1-62F3-4844-BB15-14EA211ED16C}C:\\users\\administrator\\desktop\\nexuiz\\nexuiz\\nexuiz.exe"= TCP:C:\users\administrator\desktop\nexuiz\nexuiz\nexuiz.exe:Nexuiz
"TCP Query User{20FD41C9-CFAD-468D-A648-54D618997946}C:\\program files\\steam\\steamapps\\pancakeman933\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\source sdk base\hl2.exe:hl2
"UDP Query User{63DE7CA7-8084-4585-ACA5-BF0442293238}C:\\program files\\steam\\steamapps\\pancakeman933\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\source sdk base\hl2.exe:hl2
"TCP Query User{D1B87957-580B-47A2-B9D6-49512D5F23BF}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{6B58A1AD-C4AB-4823-A870-7203655BD9CB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B6328E19-DFFA-48FF-A8CA-DEC583CC17DA}C:\\users\\administrator\\documents\\downloads\\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\\rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= UDP:C:\users\administrator\documents\downloads\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\rainbow six vegas 2\binaries\r6vegas2_game.exe:R6Vegas2_Game
"UDP Query User{A386CC0A-0F4E-4026-BEC6-02633711A342}C:\\users\\administrator\\documents\\downloads\\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\\rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= TCP:C:\users\administrator\documents\downloads\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\rainbow six vegas 2\binaries\r6vegas2_game.exe:R6Vegas2_Game
"TCP Query User{741BDCA2-CD1E-4FDD-8985-20E54C06D77B}C:\\program files\\sierra entertainment\\world in conflict\\wic.exe"= UDP:C:\program files\sierra entertainment\world in conflict\wic.exe:World in Conflict
"UDP Query User{913AE7F4-5578-4EA8-8979-D3E1EBF938B4}C:\\program files\\sierra entertainment\\world in conflict\\wic.exe"= TCP:C:\program files\sierra entertainment\world in conflict\wic.exe:World in Conflict
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 FGUARD32;FGUARD32;C:\Program Files\Folder Guard Pro\FGUARD32.SYS [2007-02-25 00:00]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;C:\Windows\system32\DRIVERS\cmiucr.SYS [2007-09-10 04:49]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys [2007-04-12 06:46]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-10 09:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\Setup\rsrc\autorun.exe
\shell\dinstall\command - J:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554a3a47-f556-11dc-b603-001e8c489889}]
\shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a66893-e469-11dc-a9dc-001e8c489889}]
\shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afb62058-de8c-11dc-b801-001e8c489889}]
\shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
\shell\dinstall\command - J:\Directx\dxsetup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 16:55:03
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\kecgeefi.dll
.
r Running Proce
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-17 16:59:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-17 20:59:19
ComboFix2.txt 2008-05-16 21:21:26
Pre-Run: 65,477,476,352 bytes free
Post-Run: 65,562,525,696 bytes free
374 --- E O F --- 2008-05-16 20:35:33

Response Number 11

Name: Adii
Date: May 18, 2008 at 11:10:21 Pacific

Reply:

Good work.
Need to repeat combofix step again to remove another infection.

Open notepad, Don't use any other texteditor than notepad or the script will fail.
Copy/paste the bold text below into notepad:

File::
C:\Windows\System32\kecgeefi.dll
C:\Windows\System32\mfwlkehl.dll
C:\Windows\System32\rptsifhn.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0c19d325"=-

Save this as text file with name of CFScript. Select "All files" from Save as Type.
Then drag the CFScript file into ComboFix.exe icon.
This will start ComboFix again.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
-----
You are missing some of the following imported logs which i requested in the previous post?

HJT log
Kaspersky WebScanner.
Malwarebytes' Anti-Malware
So Scan your system with Malwarebytes Anti-malware, Kaspersky webscanner and HJT to post their logs.
-----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks

Response Number 12

Name: ajjekko
Date: May 18, 2008 at 13:06:58 Pacific

Reply:

Sorry, here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:22 PM, on 5/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\CmUCReye.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Folder Guard Pro\FGKey.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Gravity\Requiem\Launcher2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CmUCRRun] C:\Windows\system32\CmUCReye.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.exe C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmiboot] C:\Windows\cmiboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.co...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 7362 bytes

Response Number 13

Name: ajjekko
Date: May 18, 2008 at 13:09:53 Pacific

Reply:

I tried to use the Kaspersky scanner, but whenever I clicked accept or decline at the popup screen, nothing happened.. so here is that anti-malware log: Malwarebytes' Anti-Malware 1.12
Database version: 759
Scan type: Quick Scan
Objects scanned: 34484
Time elapsed: 3 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
It detected nothing.

Response Number 14

Name: ajjekko
Date: May 18, 2008 at 13:24:22 Pacific

Reply:

and here is the combofix log, adii:
ComboFix 08-05-15.3 - Administrator 2008-05-18 16:11:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1077 [GMT -4:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Users\Administrator\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Windows\System32\kecgeefi.dll
C:\Windows\System32\mfwlkehl.dll
C:\Windows\System32\rptsifhn.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\mfwlkehl.dll
C:\Windows\System32\rptsifhn.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-18 15:52 . 2004-08-09 05:04 73,728 --a------ C:\Windows\System32\ISUSPM.cpl
2008-05-18 12:24 . 2008-05-18 12:24 <DIR> d-------- C:\Users\All Users\InstallShield
2008-05-18 12:24 . 2008-05-18 12:24 <DIR> d-------- C:\PROGRA~2\InstallShield
2008-05-18 12:18 . 2008-05-18 15:52 <DIR> d-------- C:\Program Files\Gravity
2008-05-17 17:02 . 2008-05-17 17:02 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-17 17:02 . 2008-05-17 17:02 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2008-05-17 17:02 . 2008-05-17 17:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 17:02 . 2008-05-17 17:02 <DIR> d-------- C:\PROGRA~2\Malwarebytes
2008-05-17 17:02 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-17 17:02 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-15 20:53 . 2008-05-15 20:54 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-15 20:53 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-05-15 20:53 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-05-15 20:53 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-05-15 20:53 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-05-15 20:50 . 2008-05-15 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 06:17 . 2008-05-15 06:18 <DIR> d-------- C:\Users\Administrator\.housecall6.6
2008-05-15 06:15 . 2008-05-15 06:15 125,504 --a------ C:\Windows\System32\hpsfouxp.dll
2008-05-14 21:59 . 2008-05-14 22:59 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{26845d01-2220-11dd-9715-001e8c489889}.TMContainer00000000000000000002.regtrans-ms
2008-05-14 21:59 . 2008-05-14 22:59 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{26845d01-2220-11dd-9715-001e8c489889}.TMContainer00000000000000000001.regtrans-ms
2008-05-14 21:59 . 2008-05-14 22:59 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{26845d01-2220-11dd-9715-001e8c489889}.TM.blf
2008-05-14 21:34 . 2008-05-14 21:34 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\PC Tools
2008-05-14 19:02 . 2008-05-14 19:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-14 18:55 . 2008-05-14 18:55 <DIR> d-------- C:\VundoFix Backups
2008-05-14 16:47 . 2008-05-14 17:27 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{12296b20-21f2-11dd-a891-001e8c489889}.TMContainer00000000000000000002.regtrans-ms
2008-05-14 16:47 . 2008-05-14 17:27 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{12296b20-21f2-11dd-a891-001e8c489889}.TMContainer00000000000000000001.regtrans-ms
2008-05-14 16:47 . 2008-05-14 17:27 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{12296b20-21f2-11dd-a891-001e8c489889}.TM.blf
2008-05-13 23:33 . 2008-05-13 23:33 <DIR> d-------- C:\Users\All Users\Simply Super Software
2008-05-13 23:33 . 2008-05-13 23:33 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Simply Super Software
2008-05-13 23:33 . 2008-05-14 21:04 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-13 23:33 . 2008-05-13 23:33 <DIR> d-------- C:\PROGRA~2\Simply Super Software
2008-05-13 20:57 . 2008-05-13 20:57 <DIR> d-------- C:\Program Files\Bullfrog
2008-05-12 21:23 . 2008-05-12 21:24 <DIR> d-------- C:\Program Files\Water in Fire 2
2008-05-11 02:30 . 2008-05-11 02:44 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Folder Guard
2008-05-11 02:30 . 2008-05-11 12:26 <DIR> d-------- C:\severance fax 9
2008-05-11 02:21 . 2008-05-11 02:44 <DIR> d-------- C:\Program Files\Folder Guard Pro
2008-05-11 01:28 . 2008-05-11 01:28 <DIR> d-------- C:\Neoretix
2008-05-11 01:09 . 2008-05-11 01:27 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-09 00:46 . 2008-05-09 00:46 <DIR> d-------- C:\Users\All Users\Fugazo
2008-05-09 00:46 . 2008-05-09 00:46 <DIR> d-------- C:\PROGRA~2\Fugazo
2008-05-09 00:45 . 2008-05-17 17:05 <DIR> d-------- C:\Program Files\Cooking Academy
2008-05-08 23:23 . 2008-05-08 23:24 <DIR> d-------- C:\Program Files\Zombie Shooter
2008-05-08 23:23 . 2008-05-08 23:23 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-08 21:08 . 2008-05-18 14:47 <DIR> d-------- C:\Games
2008-05-08 01:36 . 2008-05-10 10:57 10 --a------ C:\Windows\popcinfo.dat
2008-05-08 01:17 . 2008-05-08 01:17 <DIR> d-------- C:\Program Files\Zuma Deluxe
2008-05-08 00:34 . 2002-01-01 03:28 860,211 --a-s---- C:\Windows\System32\XSIFtk-3.6.2.1.dll
2008-04-28 00:35 . 2008-04-28 00:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-27 02:14 . 2008-04-27 02:14 <DIR> d-------- C:\DVDVideoSoft
2008-04-27 02:13 . 2008-04-27 02:13 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-04-27 00:32 . 2008-04-27 00:36 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-04-26 19:48 . 2008-05-17 17:25 <DIR> d-------- C:\Program Files\JFK Reloaded
2008-04-26 15:18 . 2006-11-23 05:55 73,728 --a------ C:\Windows\System32\DeathAdder.cpl
2008-04-26 02:27 . 2008-04-26 02:27 <DIR> d-------- C:\Users\All Users\Gamespot
2008-04-26 02:27 . 2008-04-26 02:27 <DIR> d-------- C:\PROGRA~2\Gamespot
2008-04-25 20:06 . 2008-04-25 20:06 <DIR> d-------- C:\Program Files\Terminal Reality
2008-04-25 02:16 . 2008-05-01 16:42 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-04-25 02:16 . 2008-04-25 02:16 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Ubisoft
2008-04-25 02:16 . 2008-05-01 16:42 <DIR> d-------- C:\PROGRA~2\Ubisoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 20:15 --------- d-----w C:\Users\Administrator\AppData\Roaming\uTorrent
2008-05-18 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 17:36 --------- d-----w C:\Program Files\Steam
2008-05-18 17:36 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-18 16:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-17 21:38 --------- d-----w C:\Program Files\FlashGet
2008-05-17 21:27 --------- d-----w C:\Program Files\RivaTuner v2.06
2008-05-17 21:19 --------- d---a-w C:\PROGRA~2\TEMP
2008-05-15 01:57 --------- d-----w C:\Users\Administrator\AppData\Roaming\Winamp
2008-05-15 01:57 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-05-14 20:46 --------- d-----w C:\Users\Administrator\AppData\Roaming\DAEMON Tools
2008-05-12 00:12 --------- d-----w C:\Program Files\SpeedFan
2008-05-11 04:44 --------- d-----w C:\PROGRA~2\WinZip
2008-05-11 04:34 --------- d-----w C:\Users\Administrator\AppData\Roaming\U3
2008-05-10 19:55 --------- d-----w C:\Users\Administrator\AppData\Roaming\LimeWire
2008-05-08 19:17 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-26 06:27 7,039 ----a-w C:\Program Files\install.log
2008-04-26 00:13 --------- d-----w C:\Program Files\Activision
2008-04-25 19:47 --------- d-----w C:\Program Files\EA GAMES
2008-04-25 19:38 --------- d-----w C:\Program Files\Ubisoft
2008-04-25 05:32 --------- d-----w C:\Program Files\uTorrent
2008-04-17 12:25 --------- d-----w C:\Program Files\Razer
2008-04-12 20:02 --------- d-----w C:\Users\Administrator\AppData\Roaming\Bioshock
2008-04-12 17:22 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-04-10 21:35 --------- d-----w C:\Program Files\Eidos
2008-04-09 07:10 --------- d-----w C:\Program Files\Windows Mail
2008-04-06 18:45 --------- d-----w C:\Program Files\Trials 2 Second Edition
2008-04-06 18:11 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-04-03 20:45 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-02 19:20 --------- d-----w C:\Program Files\Starcraft
2008-04-02 02:01 70,656 ----a-w C:\Windows\ScUnin.exe
2008-03-31 19:43 --------- d-----w C:\Program Files\Microsoft Games
2008-03-30 15:20 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-26 19:34 --------- d-----w C:\Program Files\Windows Live
2008-03-26 19:31 --------- d-----w C:\PROGRA~2\Xfire
2008-03-26 02:01 --------- d-----w C:\Users\Administrator\AppData\Roaming\Apple Computer
2008-03-26 00:44 --------- d-----w C:\Program Files\Bethesda Softworks
2008-03-26 00:15 --------- d-----w C:\PROGRA~2\Trymedia
2008-03-25 22:35 --------- d-----w C:\Program Files\Sierra
2008-03-25 03:44 --------- d-----w C:\Users\Administrator\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2008-03-25 03:44 --------- d-----w C:\Program Files\Electronic Arts
2008-03-25 00:08 --------- d-----w C:\Users\Administrator\AppData\Roaming\Xfire
2008-03-24 20:54 --------- d-----w C:\Program Files\Xfire
2008-03-24 20:28 --------- d-----w C:\Program Files\AGEIA Technologies
2008-03-24 20:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-24 18:11 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-24 18:01 --------- d-----w C:\PROGRA~2\Microsoft Games
2008-03-24 17:31 --------- d-----w C:\Program Files\Bioshock
2008-03-19 21:21 720,896 ----a-w C:\Windows\iun6002.exe
2008-03-19 03:38 --------- d-----w C:\Program Files\Windows Media Components
2008-03-19 03:23 --------- d-----w C:\Users\Administrator\AppData\Roaming\DivX
2008-03-19 01:47 --------- d-----w C:\Program Files\ffdshow
2008-03-18 03:35 --------- d-----w C:\Program Files\SuperGOO
2008-03-12 02:29 82,774 ----a-w C:\Windows\Uninstall Jade Empire.exe
2008-03-07 02:32 184 ----a-w C:\Users\Administrator\AppData\Roaming\wklnhst.dat
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-19 02:20 22,328 ----a-w C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
2008-02-19 01:50 174 --sha-w C:\Program Files\desktop.ini
2008-02-19 01:43 2,923,520 ----a-w C:\Windows\explorer.exe
2008-02-19 01:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-19 01:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-19 01:33 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-19 01:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-19 01:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-18 21:32 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-18 21:17 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-18 21:41 1006264]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-02-28 18:50 180224]
"P17RunE"="P17RunE.dll" [2007-04-08 21:40 14848 C:\Windows\System32\P17RunE.dll]
"UpdReg"="C:\Windows\UpdReg.exe" [2000-05-11 02:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"CmUCRRun"="C:\Windows\system32\CmUCReye.exe" [2005-10-12 16:44 241664]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"Cmiboot"="C:\Windows\cmiboot.exe" [2007-02-12 07:08 65536]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 18:54 37376]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-05-07 17:40 159744]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\byXQJYpO
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8DD5A636-E2E4-4519-96C2-8D4CCBE43691}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{6535DEF9-691A-498D-822E-AB3F4E6F486A}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{653C4FB8-FAE2-4A07-B3DF-F72D29EE84A5}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{BCC6F69C-5C8E-48EC-8BA9-004A70AD3B1F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F6A06291-2C05-4515-A493-41896CB3D33A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{39813665-E398-43D6-A993-03F03C338722}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{5EEF25A7-91D9-4A26-8EBE-D390E44E2294}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{89931083-30D2-457A-955C-5EBF33E4B1B6}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{DB7ADF7E-E835-4192-BA8C-706936B0A9AE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{1AC22381-2D8B-4F1C-9BF5-DEA1DD02A94A}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{1F7EAC1F-EF72-409A-BCAC-B0D24823B989}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7BCAF730-0262-49A4-882C-6E54552C80D3}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{D2491436-2C8D-49F2-8EE4-C4A4A0519FD4}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{8A2B54F3-7999-4E90-90EE-9D39B4203146}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{CC691980-A9A8-4B09-B035-AF8C3FC18C0D}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{535B1370-D063-421E-8897-34DF97D0A663}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{FC90BB85-B9E4-4258-8CD7-DDCD4814CB95}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{88C57D02-AE7D-4A1C-B53E-C2E83CDE507D}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{6A7A4909-BB3F-4598-8C88-9195DF975F96}C:\\program files\\quake iii arena\\quake3real.exe"= UDP:C:\program files\quake iii arena\quake3real.exe:quake3real
"UDP Query User{FDAD0295-BC3F-498C-9CF9-A7D0586BEC3B}C:\\program files\\quake iii arena\\quake3real.exe"= TCP:C:\program files\quake iii arena\quake3real.exe:quake3real
"TCP Query User{FFCFA2C9-BF40-45E9-9E4B-23067E56FB08}C:\\program files\\quake iii arena\\quake3.exe"= UDP:C:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{E9084991-9095-48E5-A056-0CFA3EF42E1C}C:\\program files\\quake iii arena\\quake3.exe"= TCP:C:\program files\quake iii arena\quake3.exe:quake3
"TCP Query User{E3C39A9C-6888-479E-903F-7616FD7D5E28}C:\\program files\\quake iii arena\\quake3.exe"= UDP:C:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{D2E910D2-2B0D-4A5E-B0F8-610477963BBD}C:\\program files\\quake iii arena\\quake3.exe"= TCP:C:\program files\quake iii arena\quake3.exe:quake3
"TCP Query User{D4A21BE0-1138-4E38-A38B-D141D06359ED}C:\\program files\\steam\\steamapps\\common\\company of heroes\\reliccoh.exe"= UDP:C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{CCA7D62E-8495-431C-B5CC-67A21D3E5B81}C:\\program files\\steam\\steamapps\\common\\company of heroes\\reliccoh.exe"= TCP:C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe:RelicCOH
"{84198DA5-995C-42D4-B03F-4AEC04BA1590}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{876F64AC-767A-45A7-98E3-9E42013BE60D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{3642FDDC-C430-47F0-AE0E-3B3761DAD52B}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{405128F6-2D43-4E6B-98E3-05AB1D97D7DB}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{3D8C1CA7-AB1F-4FD5-A228-96470984932C}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{8340D640-B23A-4253-81B0-B8A0DC25C1F2}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{32D9AFB9-29D9-4B98-94DB-00AE0F7E9870}C:\\program files\\steam\\steamapps\\pancakeman933\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\team fortress 2\hl2.exe:hl2
"UDP Query User{0FA0B734-F4B3-4F8D-B98D-AE2A50775DF3}C:\\program files\\steam\\steamapps\\pancakeman933\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\team fortress 2\hl2.exe:hl2
"TCP Query User{9DE64D41-8C0B-4A71-B8DA-A4724C1038B3}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{FFC32805-918B-4395-91BC-85C30291F237}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{5F427A19-D9CA-4F7E-951A-222D46E045A2}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{76A59605-4485-4FA5-887B-814372E7F164}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{1791A4AD-27F7-40AC-91BA-9159AF69C67A}C:\\program files\\steam\\steamapps\\pancakeman933\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\garrysmod\hl2.exe:hl2
"UDP Query User{33BBD488-4365-42F8-8610-44D05C6806C4}C:\\program files\\steam\\steamapps\\pancakeman933\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\garrysmod\hl2.exe:hl2
"TCP Query User{D0C87D9D-8CC2-4508-B8F9-5150BEC42849}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{AE5C5E49-572B-49B9-A4C0-4113CEC4196E}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"{7F83A7ED-9F7F-4293-B9FF-42C73E8E4717}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{C61FE7B0-ADA6-486E-BB68-DD59922CA9D6}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{882133BF-3F99-41C8-8FE9-BCB9481CA361}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{22772860-F195-48B0-B5D1-91C9FBA994D9}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{9C5EB6F7-C6D0-41C7-80D0-FD0FC205C497}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{0B5A36B7-FC44-4342-B536-E402191446EC}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{E890D67D-08F0-4D9B-ADD5-49431120D8C3}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{BF52E9B8-2F00-40FF-9404-7DFEA89045EF}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{91CCA73B-6EF1-40A7-A277-519945EC38D7}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{7A4C92BF-204F-4794-9B08-338863BD6098}C:\\program files\\ubisoft\\faces of war\\facesofwar.exe"= UDP:C:\program files\ubisoft\faces of war\facesofwar.exe:FOW Application
"UDP Query User{55F84A32-95E3-45FC-8667-4E47B1A65BD4}C:\\program files\\ubisoft\\faces of war\\facesofwar.exe"= TCP:C:\program files\ubisoft\faces of war\facesofwar.exe:FOW Application
"TCP Query User{A7F8612C-75EF-4606-8837-F0F72FA20CB6}C:\\program files\\thq\\titan quest\\titan quest.exe"= UDP:C:\program files\thq\titan quest\titan quest.exe:Titan Quest
"UDP Query User{8B285D02-23A7-40C0-9847-FF5834F0C784}C:\\program files\\thq\\titan quest\\titan quest.exe"= TCP:C:\program files\thq\titan quest\titan quest.exe:Titan Quest
"{DF172F19-59F7-4311-830C-5F17BCAB5CC3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{517EA390-2EB6-4BDE-9080-780446362150}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C766B89D-A171-4913-B67E-C479D03B2489}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{770CEB61-5FD7-4EBF-97D0-8EE7019FF143}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7278897F-CE65-45C0-8899-230F447158C5}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{66BCE69E-B5CE-4F32-9D86-3C9167E2874E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{8A572F65-31B2-48AB-86D0-4932B57A3537}K:\\quake iii arena\\quake3.exe"= UDP:K:\quake iii arena\quake3.exe:quake3
"UDP Query User{7291EB0C-BB27-4D40-B7AF-0FC7EF327CCD}K:\\quake iii arena\\quake3.exe"= TCP:K:\quake iii arena\quake3.exe:quake3
"{72CE2609-E9B4-4CDA-948F-58060241EF76}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{597A12C1-966E-43B0-8F94-B8F6A2BE2C0A}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{26DD48BD-DFF2-41FF-A3DD-8885A29E5B40}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{DC9E0631-3C1A-47A2-859E-609E742226F6}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{62FE5B82-E96D-45E5-8186-DE4A78E7C51C}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{9370053B-8626-4FEE-A73E-58DF7F24E55C}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"TCP Query User{48A6DC00-35D8-4A49-84AA-F721240B81BC}C:\\program files\\postal2stp\\eternal damnation\\system\\eternaldamnation.exe"= UDP:C:\program files\postal2stp\eternal damnation\system\eternaldamnation.exe:EternalDamnation
"UDP Query User{286F6E0F-C060-4ACF-BE00-68DDC0CD025F}C:\\program files\\postal2stp\\eternal damnation\\system\\eternaldamnation.exe"= TCP:C:\program files\postal2stp\eternal damnation\system\eternaldamnation.exe:EternalDamnation
"{298628C4-0A71-49B2-A2F7-C0411BA8C76C}"= UDP:C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{EB94092B-E0A1-4454-BB94-DAFE567D8C36}"= TCP:C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{C161744B-7D37-4CED-B246-DBFD87FBA305}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{5BE30873-8638-4EA2-AD67-3725C40F21AB}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{57D76C4A-97E1-4200-B192-BE2A22F2BC14}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP
"{95A4CE41-4BC8-4E8E-9FD4-DC2E5C7E5F2B}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP
"{E99ABB0E-A9C5-45C9-A29D-4C7931267158}"= UDP:C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:FEARXP
"{387A3FB8-569D-4AE5-AB6A-8E422454AAC3}"= TCP:C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:FEARXP
"TCP Query User{AE7FFA4E-E61F-4EF7-A9A7-0FB0248A434D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B17D4E14-5A4F-4282-B8D9-895549693F1D}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{F1B0209E-0564-41EA-864A-A3865ED6BF7F}"= UDP:C:\Program Files\Flagship Studios\Mythos\bin\Mythos.exe:Mythos
"{86DBCF80-F7C0-4585-A9B7-9EA8F12F0AC3}"= TCP:C:\Program Files\Flagship Studios\Mythos\bin\Mythos.exe:Mythos
"TCP Query User{1E5F646E-94E1-4B09-99B4-4FCCC8147DFD}C:\\users\\administrator\\desktop\\skies\\skies.exe"= UDP:C:\users\administrator\desktop\skies\skies.exe:skies.exe
"UDP Query User{4D8DC167-84E2-4883-81D6-5B008D765111}C:\\users\\administrator\\desktop\\skies\\skies.exe"= TCP:C:\users\administrator\desktop\skies\skies.exe:skies.exe
"TCP Query User{01BE47AF-E497-4C38-AF89-56CF1D2D6C06}C:\\program files\\steam\\steamapps\\pancakeman933\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\team fortress 2\hl2.exe:hl2
"UDP Query User{6F354D3F-6708-403F-8DF1-5FF954170C70}C:\\program files\\steam\\steamapps\\pancakeman933\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\team fortress 2\hl2.exe:hl2
"TCP Query User{7E4D1D8F-66E2-4C7C-8245-254F1D43C430}K:\\alien shooter - vengeance\\alienshooter.exe"= UDP:K:\alien shooter - vengeance\alienshooter.exe:AlienShooter Application
"UDP Query User{DEA1A140-88BD-41B9-8DC7-FE92D294878D}K:\\alien shooter - vengeance\\alienshooter.exe"= TCP:K:\alien shooter - vengeance\alienshooter.exe:AlienShooter Application
"TCP Query User{3740C81F-198D-48A3-8F27-6672B6C9E3F7}C:\\program files\\microsoft games\\halo\\halo.exe"= UDP:C:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{2C27C0AF-93E1-428D-9288-6E11528568EF}C:\\program files\\microsoft games\\halo\\halo.exe"= TCP:C:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{19AAA380-5418-4046-B6B0-8EB48FD16A6B}C:\\program files\\steam\\steamapps\\pancakeman933\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\garrysmod\hl2.exe:hl2
"UDP Query User{9BB16B39-8341-4B0E-A0D6-B22DA24324C1}C:\\program files\\steam\\steamapps\\pancakeman933\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\garrysmod\hl2.exe:hl2
"{13E2D46F-CD5F-4AFA-B7B9-42CF608E26F9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{25782DDD-EF66-4B34-90AC-F6D43555F10B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{2C4A6943-21EA-4D35-ADD6-1CC4BE036230}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{DB36CFD3-972C-4C2C-AC87-4FB2F6147F0F}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{C880749D-C871-442A-BC6F-41DEAC16EBA4}C:\\program files\\starcraft\\starcraft.exe"= UDP:C:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{CF62AC82-5441-4190-998A-1545D56E9448}C:\\program files\\starcraft\\starcraft.exe"= TCP:C:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{506F1525-4AF1-4DBA-B166-22CA63875814}C:\\program files\\steam\\steamapps\\pancakeman933\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\counter-strike source\hl2.exe:hl2
"UDP Query User{20E156E3-DC0D-48B9-A299-9F00A1220D3E}C:\\program files\\steam\\steamapps\\pancakeman933\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\counter-strike source\hl2.exe:hl2
"{01E80EE0-250F-4B1D-8675-144A8EF0DBD5}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{124769E2-B578-4FCB-B3E8-2B1269BEE639}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"TCP Query User{9D347ED6-2EC2-4187-BA0C-953182226706}K:\\exercise\\games\\counter-strike\\counter-strike 1.6 + half-life\\hl.exe"= UDP:K:\exercise\games\counter-strike\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"UDP Query User{F5CCAA9C-FE82-414F-980F-BEC826F64513}K:\\exercise\\games\\counter-strike\\counter-strike 1.6 + half-life\\hl.exe"= TCP:K:\exercise\games\counter-strike\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"TCP Query User{6E6A34A2-3379-4D3F-B940-FBA559FB538F}C:\\program files\\microsoft games\\gears of war\\binaries\\wargame-g4wlive.exe"= UDP:C:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"UDP Query User{68E1A856-6EBD-40EE-8CFC-2CB3CD6D09D8}C:\\program files\\microsoft games\\gears of war\\binaries\\wargame-g4wlive.exe"= TCP:C:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"{9A13A11A-1640-45F9-BB69-8618E7D7AF60}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C81FD484-D687-46CD-A628-76BAE29338C4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{95827CC6-0EF8-4890-BE79-010C3D4E89C4}C:\\users\\administrator\\desktop\\nexuiz\\nexuiz\\nexuiz.exe"= UDP:C:\users\administrator\desktop\nexuiz\nexuiz\nexuiz.exe:Nexuiz
"UDP Query User{CE8E60A1-62F3-4844-BB15-14EA211ED16C}C:\\users\\administrator\\desktop\\nexuiz\\nexuiz\\nexuiz.exe"= TCP:C:\users\administrator\desktop\nexuiz\nexuiz\nexuiz.exe:Nexuiz
"TCP Query User{20FD41C9-CFAD-468D-A648-54D618997946}C:\\program files\\steam\\steamapps\\pancakeman933\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\pancakeman933\source sdk base\hl2.exe:hl2
"UDP Query User{63DE7CA7-8084-4585-ACA5-BF0442293238}C:\\program files\\steam\\steamapps\\pancakeman933\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\pancakeman933\source sdk base\hl2.exe:hl2
"TCP Query User{D1B87957-580B-47A2-B9D6-49512D5F23BF}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{6B58A1AD-C4AB-4823-A870-7203655BD9CB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B6328E19-DFFA-48FF-A8CA-DEC583CC17DA}C:\\users\\administrator\\documents\\downloads\\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\\rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= UDP:C:\users\administrator\documents\downloads\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\rainbow six vegas 2\binaries\r6vegas2_game.exe:R6Vegas2_Game
"UDP Query User{A386CC0A-0F4E-4026-BEC6-02633711A342}C:\\users\\administrator\\documents\\downloads\\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\\rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= TCP:C:\users\administrator\documents\downloads\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\rainbow six vegas 2\binaries\r6vegas2_game.exe:R6Vegas2_Game
"TCP Query User{741BDCA2-CD1E-4FDD-8985-20E54C06D77B}C:\\program files\\sierra entertainment\\world in conflict\\wic.exe"= UDP:C:\program files\sierra entertainment\world in conflict\wic.exe:World in Conflict
"UDP Query User{913AE7F4-5578-4EA8-8979-D3E1EBF938B4}C:\\program files\\sierra entertainment\\world in conflict\\wic.exe"= TCP:C:\program files\sierra entertainment\world in conflict\wic.exe:World in Conflict
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;C:\Windows\system32\DRIVERS\cmiucr.SYS [2007-09-10 04:49]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys [2007-04-12 06:46]
S3 FGUARD32;FGUARD32;C:\Program Files\Folder Guard Pro\FGUARD32.SYS [2007-02-25 00:00]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-10 09:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\Setup\rsrc\autorun.exe
\shell\dinstall\command - J:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554a3a47-f556-11dc-b603-001e8c489889}]
\shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a66893-e469-11dc-a9dc-001e8c489889}]
\shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afb62058-de8c-11dc-b801-001e8c489889}]
\shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
\shell\dinstall\command - J:\Directx\dxsetup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 16:18:32
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
r Running Proce
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\CmUCREye.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-18 16:23:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 20:23:34
ComboFix2.txt 2008-05-17 20:59:25
ComboFix3.txt 2008-05-16 21:21:26
Pre-Run: 37,071,736,832 bytes free
Post-Run: 37,712,396,288 bytes free
353 --- E O F --- 2008-05-17 21:02:15

Response Number 15

Name: Adii
Date: May 19, 2008 at 08:45:33 Pacific

Reply:

Logs looking much better now. Please post Hijackthis log finally to see your system.
By the way can you tell me how your computer is running now??
-----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks

Response Number 16

Name: ajjekko
Date: May 19, 2008 at 12:29:48 Pacific

Reply:

It's running fine, much faster.. I've gotten a good FPS increase in games like Crysis. All my internet sites work now. Thanks for all the help, I was really happy to see my system running again, so here is the final Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:38 PM, on 5/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\CmUCReye.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Windows\Explorer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Folder Guard Pro\FGKey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CmUCRRun] C:\Windows\system32\CmUCReye.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.exe C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmiboot] C:\Windows\cmiboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.co...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 7144 bytes

Response Number 17

Name: Adii
Date: May 19, 2008 at 19:10:39 Pacific

Reply:

Nice to hear..!
Glad i could help!
-----
Please remove Combofix and related files/folders:
You can remove all used tools and folders created in the process except MBAM.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
-----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks

Response Number 18

Name: Adii
Date: May 19, 2008 at 19:12:28 Pacific

Reply:

Make your Internet Explorer More Secure:
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
FEW THINGS TO DO FOR YOUR FURTHER PC PROTECTION.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

How to prevent further spyware/virus infection:
read here:
http://spywaredetail.com/malware_pr...

Visit Microsoft's Windows Update Site Frequently:
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install AVG Anti-Virus Free Edition:
AVG Free Edition is the well known antivirus protection tool and provides the high level of detection capability.
Download: http://free.grisoft.com

Install Ad-Aware 2007:
Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
Download: http://www.lavasoftusa.com/products...
Install Spybot Search and Destroy:
Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software.
Download: http://www.safer-networking.org/en/...
Install SpywareBlaster:
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
Download: http://www.javacoolsoftware.com/spy...
Install SpywareGuard:
SpywareGuard provides a real-time protection solution against spyware.
Download: http://www.javacoolsoftware.com/spy...
Install IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
Download: http://www.spywarewarrior.com/uiuc/...

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

NOTE:Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.
-----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks

Sponsored Link

Ads by Google

How to port linux on flop...

Windows Antivirus Popup

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Cannot open certain webpages

Cannot open .exe files on Vista

Summary

www.computing.net/answers/security/cannot-open-exe-files-on-vista/21789.html

Windows cannot open file tftp3486

Summary

www.computing.net/answers/security/windows-cannot-open-file-tftp3486/6336.html

'cannot open nail.exe' on startup..

Summary

www.computing.net/answers/security/cannot-open-nailexe-on-startup/17544.html

From the Geek Dictionary
80211 - 802.11 is a set of wireless standards that allow for WLAN (wireless local...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
i removed

XD card recovery

XP stuck in a loop will not boot to desktop

disc disappeared inside Sony Vaio

Linux os

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE