Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/vmalum.edhq and java/byteverify!exploit need help fixing these please


  • Please log in to reply
41 replies to this topic

#1 _Dangerous_

_Dangerous_

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 14 October 2008 - 06:33 PM

did a scan with my avg antivirus and it found two things

win32/vmalum.edhq
java/byteverify!exploit

cant cure the vmalum and the exploit one didnt gave me a cure option :thumbsup:

didnt know how to check the logfile on it so i just made a screenshot.

Posted Image

on adaware and spybot nothing found but some cookies...

please give me advice hwo to take care of this. thanx in advance..

heres my hjt log




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:37 AM, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\CA\eTrust Antivirus\InocIT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Gebruiker\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://zylom.midasplayer.com/ctl/kingcomie.cab
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://whisperedwithlove.spaces.live.com//...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://whisperedwithlove.spaces.live.com/P...ad/MsnPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.gamenext.nl/online2/gold_fever/goldfever.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong...ameLauncher.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 14533 bytes

------------

doing kaspersky online critical areas scan now.. will post results when done

kaspersky came back with this:

Wednesday, October 15, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 14, 2008 22:28:01
Records in database: 1312015


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Gebruiker\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics
Files scanned 153424
Threat name 3
Infected objects 15
Suspicious objects 0
Duration of the scan 02:12:08

File name Threat name Threats count
C:\Program Files\ezt\webhancer.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 4

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

The selected area was scanned.


---------------

i guess i definately need help here :)


cleaned up my temp files n more with: cleanup!

new and full kasparsky online scan:


Wednesday, October 15, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 15, 2008 00:05:37
Records in database: 1312160


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics
Files scanned 211843
Threat name 6
Infected objects 28
Suspicious objects 0
Duration of the scan 03:46:06

File name Threat name Threats count
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\3\3575d803-568b0dbc Infected: Trojan.Java.ClassLoader.ao 3

C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\58\2209797a-62a7770f Infected: Trojan.Java.ClassLoader.ao 3

C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4dca5941-5295232e.zip Infected: Trojan.Java.ClassLoader.ao 3

C:\Documents and Settings\Gebruiker\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Merel\Application Data\Sun\Java\Deployment\cache\6.0\10\69e501ca-7dc918ea Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Downloads\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Downloads\SmitfraudFix.zip Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Program Files\ezt\webhancer.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 4

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

The selected area was scanned.

I request assistance in removing these problems.

thnx in advance

Edited by _Dangerous_, 15 October 2008 - 09:34 AM.


BC AdBot (Login to Remove)

 


#2 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:54 PM

Posted 15 October 2008 - 09:36 AM

Hello ,

My name is Mas_pogi(mark,mp) and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you still need our help, please do the instructions below;
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
With Regards,
mas_pogi

#3 _Dangerous_

_Dangerous_
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 15 October 2008 - 10:36 AM

Hello ,

My name is Mas_pogi(mark,mp) and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you still need our help, please do the instructions below;

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
With Regards,
mas_pogi


Hello mas_pogi,

thank you so much for your help,

here are the requested logs:

log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Gebruiker at 2008-10-15 17:30:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (12%) free of 76 GB
Total RAM: 2047 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:20 PM, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gebruiker\Desktop\RSIT.exe
C:\Documents and Settings\Gebruiker\Desktop\Gebruiker.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://zylom.midasplayer.com/ctl/kingcomie.cab
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://whisperedwithlove.spaces.live.com//...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://whisperedwithlove.spaces.live.com/P...ad/MsnPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.gamenext.nl/online2/gold_fever/goldfever.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong...ameLauncher.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 14658 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
IE to GetRight Helper - C:\Program Files\GetRight\xx2gr.dll [2007-07-18 246848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-10-24 90112]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2004-04-06 504080]
""= []
"PC Alarm Clock"=C:\Program Files\PC Alarm Clock\pcalarmclock.exe [2006-02-02 1254400]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup []
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -scheduler []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2006-09-07 36864]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"MSMSGS"=C:\PROGRA~1\MESSEN~1\msmsgs.exe [2008-04-14 1695232]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-03-27 4670968]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-04 165784]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ICQ"=C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-10-04 289088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

C:\Documents and Settings\Gebruiker\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-08-03 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Astral Masters\masters.exe"="C:\Program Files\Astral Masters\masters.exe:*:Disabled:masters"
"C:\Program Files\The Times Testing Series\Brain Teasers - Volume I\brain teasers.exe"="C:\Program Files\The Times Testing Series\Brain Teasers - Volume I\brain teasers.exe:*:Enabled:Brain Teasers"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\CodiNET\El Kardian\Xe.dat"="C:\Program Files\CodiNET\El Kardian\Xe.dat:*:Enabled:Xe"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Softnyx\Rakion\Bin\rakion.bin"="C:\Program Files\Softnyx\Rakion\Bin\rakion.bin:*:Enabled:rakion"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Ankama Games\Dofus\Dofus.exe"="C:\Program Files\Ankama Games\Dofus\Dofus.exe:*:Enabled:Dofus Client"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Games\3D-BattleShip4\3D-BattleShip4.exe"="C:\Program Files\Games\3D-BattleShip4\3D-BattleShip4.exe:*:Enabled:3D-BattleShip"
"C:\Downloads\Puzzle Quest\Puzzle Quest.exe"="C:\Downloads\Puzzle Quest\Puzzle Quest.exe:*:Enabled:Puzzle Quest"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\pirch98\pirch98.exe"="C:\pirch98\pirch98.exe:*:Enabled:PIRCH98"
"C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno P2P Receiver"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Starcraft Shareware(ED)\Starcraft.exe"="C:\Program Files\Starcraft Shareware(ED)\Starcraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad091c8b-63b2-11dc-9661-00161719a3be}]
shell\AutoRun\command - L:\SETUP.EXE


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-10-15 17:30:15 ----D---- C:\rsit
2008-10-15 13:16:24 ----A---- C:\WINDOWS\Cake Mania 2 Uninstall Log.txt
2008-10-15 05:05:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 05:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 05:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 05:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 05:04:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 01:43:58 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-15 01:43:57 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2008-10-04 20:24:00 ----D---- C:\AeriaGames
2008-10-04 19:21:09 ----D---- C:\Program Files\DNA
2008-10-04 19:21:09 ----D---- C:\Documents and Settings\Gebruiker\Application Data\DNA
2008-09-28 15:24:51 ----D---- C:\Program Files\Belastingdienst
2008-09-22 19:21:46 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Home Sweet Home 2
2008-09-21 18:43:53 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Go-Go Gourmet Chef of the Year
2008-09-20 13:01:27 ----A---- C:\WINDOWS\ScUnin.exe
2008-09-20 12:05:34 ----D---- C:\Program Files\Starcraft
2008-09-20 11:21:27 ----D---- C:\Documents and Settings\Gebruiker\Application Data\BeachPartyCraze
2008-09-20 08:28:56 ----D---- C:\Program Files\War Chess
2008-09-20 08:19:16 ----D---- C:\Documents and Settings\Gebruiker\Application Data\SpinTop
2008-09-19 03:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-18 17:13:44 ----D---- C:\WINDOWS\Prefetch
2008-09-18 16:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-18 16:41:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-18 16:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-18 16:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-18 16:39:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-18 16:39:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-18 16:38:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-18 16:38:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-18 16:37:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-18 16:37:24 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-18 16:30:17 ----D---- C:\WINDOWS\system32\scripting
2008-09-18 16:30:16 ----D---- C:\WINDOWS\l2schemas
2008-09-18 16:30:15 ----D---- C:\WINDOWS\system32\en
2008-09-18 16:30:14 ----D---- C:\WINDOWS\system32\bits
2008-09-18 16:25:37 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-18 16:14:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-18 16:04:52 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-18 16:04:50 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-18 16:04:48 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-18 16:04:48 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-18 16:04:38 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-18 16:04:38 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-18 16:04:28 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-18 16:04:26 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-18 16:04:24 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-18 16:04:24 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-18 16:04:24 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-18 16:04:24 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-18 16:04:24 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-18 16:04:24 ----N---- C:\WINDOWS\slrundll.exe
2008-09-18 16:04:20 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-18 16:04:17 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-18 16:04:14 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-18 16:04:10 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-18 16:04:07 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-18 16:04:01 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-18 16:04:01 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-18 16:04:00 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-18 16:03:55 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-18 16:03:50 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-18 16:03:46 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-18 16:03:38 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-18 16:03:38 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-18 16:03:38 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-18 16:03:37 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-18 16:03:37 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-18 16:03:37 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-18 16:03:36 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-18 16:03:36 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-18 16:03:20 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-18 16:03:20 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-18 16:03:20 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-18 16:03:20 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-18 16:03:18 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-18 16:03:10 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-18 16:03:10 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-18 16:03:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-18 16:03:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-18 16:03:09 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-18 16:03:09 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-18 16:03:01 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-18 16:03:01 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-18 16:02:59 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-18 16:02:56 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-18 16:02:53 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-18 16:02:51 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-18 16:02:51 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-18 16:02:51 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-18 16:02:51 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-18 16:02:51 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-18 16:02:51 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-18 16:02:51 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-18 16:02:51 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-18 16:02:50 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-18 16:02:50 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-18 16:02:50 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-18 16:02:50 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-18 16:02:50 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-18 16:02:50 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-18 16:02:50 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-18 16:02:49 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-18 16:02:49 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-18 16:02:48 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-18 16:02:47 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-18 16:02:42 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-18 16:02:42 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-18 16:02:42 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-18 16:02:42 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-18 16:02:40 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-18 16:02:35 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-18 14:55:49 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

======List of files/folders modified in the last 1 months======

2008-10-15 13:25:51 ----D---- C:\WINDOWS\system32\drivers
2008-10-15 13:23:39 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-15 13:22:37 ----AD---- C:\Program Files
2008-10-15 13:22:19 ----D---- C:\Program Files\BurgerShop_at
2008-10-15 13:22:09 ----A---- C:\WINDOWS\Bigfish Games Miss Management Uninstall Log.txt
2008-10-15 13:20:40 ----D---- C:\Program Files\Outspark
2008-10-15 13:20:38 ----D---- C:\Documents and Settings\All Users\Application Data\Outspark
2008-10-15 13:20:21 ----D---- C:\Program Files\Common Files\Sandlot Shared
2008-10-15 13:16:24 ----D---- C:\WINDOWS
2008-10-15 13:05:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 11:34:36 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-10-15 11:34:13 ----D---- C:\WINDOWS\Temp
2008-10-15 11:27:56 ----D---- C:\WINDOWS\system32
2008-10-15 05:06:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-15 05:05:58 ----HD---- C:\WINDOWS\inf
2008-10-15 05:05:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-15 05:05:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 05:05:46 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 05:05:12 ----D---- C:\Program Files\Internet Explorer
2008-10-15 05:04:50 ----D---- C:\WINDOWS\ie7updates
2008-10-15 04:59:37 ----SHD---- C:\WINDOWS\Installer
2008-10-15 04:59:37 ----HD---- C:\Config.Msi
2008-10-15 03:07:27 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-15 01:43:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-12 23:45:47 ----A---- C:\WINDOWS\pirchutl.ini
2008-10-12 23:45:47 ----A---- C:\WINDOWS\pident.ini
2008-10-12 17:26:28 ----D---- C:\Downloads
2008-10-12 12:47:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-10 11:38:03 ----D---- C:\oldgdrive
2008-10-10 11:22:44 ----D---- C:\Documents and Settings\Gebruiker\Application Data\ICQ
2008-10-08 13:36:36 ----D---- C:\Documents and Settings\Gebruiker\Application Data\EleFun Games
2008-10-07 21:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-04 20:41:32 ----D---- C:\Program Files\Dofus
2008-10-04 20:37:52 ----D---- C:\Program Files\Gpotato
2008-10-04 20:36:58 ----D---- C:\Program Files\Pixel Mine
2008-10-04 20:23:59 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-03 19:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-30 22:43:14 ----D---- C:\Documents and Settings\All Users\Application Data\Gogii
2008-09-30 21:42:25 ----D---- C:\Documents and Settings\Gebruiker\Application Data\PlayFirst
2008-09-30 21:42:25 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-09-28 16:39:36 ----D---- C:\Bdienst
2008-09-24 17:10:21 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-24 14:58:03 ----D---- C:\Documents and Settings\Gebruiker\Application Data\funkitron
2008-09-24 07:41:54 ----D---- C:\Program Files\ICQ6
2008-09-20 11:07:50 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Pi Eye Games
2008-09-20 02:31:42 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Oberon Games
2008-09-20 02:31:42 ----D---- C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-09-19 07:09:11 ----D---- C:\Documents and Settings\All Users\Application Data\Intenium
2008-09-19 07:03:09 ----D---- C:\Program Files\bfgclient
2008-09-19 04:29:48 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-19 04:29:47 ----RSD---- C:\WINDOWS\assembly
2008-09-19 03:02:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-19 03:02:09 ----D---- C:\WINDOWS\WinSxS
2008-09-18 23:26:03 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-18 17:15:30 ----A---- C:\WINDOWS\setuplog.txt
2008-09-18 17:13:08 ----D---- C:\WINDOWS\system32\Setup
2008-09-18 17:13:08 ----D---- C:\WINDOWS\AppPatch
2008-09-18 17:13:08 ----D---- C:\Program Files\Messenger
2008-09-18 17:13:07 ----D---- C:\WINDOWS\system32\wbem
2008-09-18 17:13:06 ----RSD---- C:\WINDOWS\Fonts
2008-09-18 16:42:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-18 16:36:58 ----D---- C:\WINDOWS\security
2008-09-18 16:30:34 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-18 16:30:34 ----D---- C:\WINDOWS\network diagnostic
2008-09-18 16:30:34 ----D---- C:\WINDOWS\ime
2008-09-18 16:30:34 ----D---- C:\WINDOWS\Help
2008-09-18 16:30:17 ----D---- C:\WINDOWS\system32\usmt
2008-09-18 16:30:17 ----D---- C:\WINDOWS\system32\en-US
2008-09-18 16:30:14 ----D---- C:\WINDOWS\PeerNet
2008-09-18 16:30:14 ----D---- C:\Program Files\Movie Maker
2008-09-18 16:25:24 ----D---- C:\WINDOWS\system32\Restore
2008-09-18 16:25:23 ----D---- C:\WINDOWS\system32\npp
2008-09-18 16:25:23 ----D---- C:\WINDOWS\mui
2008-09-18 16:25:22 ----D---- C:\WINDOWS\msagent
2008-09-18 16:25:20 ----D---- C:\WINDOWS\srchasst
2008-09-18 16:25:19 ----D---- C:\Program Files\NetMeeting
2008-09-18 16:25:17 ----D---- C:\WINDOWS\system32\Com
2008-09-18 16:25:13 ----D---- C:\Program Files\Windows NT
2008-09-18 16:25:13 ----D---- C:\Program Files\Windows Media Player
2008-09-18 16:25:12 ----D---- C:\Program Files\Outlook Express
2008-09-18 16:25:07 ----D---- C:\Program Files\Common Files\System
2008-09-18 16:24:40 ----D---- C:\WINDOWS\system32\oobe
2008-09-18 16:24:37 ----D---- C:\WINDOWS\system
2008-09-18 16:19:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-18 16:14:19 ----D---- C:\WINDOWS\ehome
2008-09-18 15:43:32 ----D---- C:\WINDOWS\Debug
2008-09-18 14:56:08 ----D---- C:\WINDOWS\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-09-16 271360]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-09-16 18048]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-08-03 1681920]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\Mabinogi\npkcrypt.sys []
S3 auaarlh7;auaarlh7; C:\WINDOWS\system32\drivers\auaarlh7.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\I:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva004;XDva004; \??\C:\WINDOWS\system32\XDva004.sys []
S3 XDva005;XDva005; \??\C:\WINDOWS\system32\XDva005.sys []
S3 XDva007;XDva007; \??\C:\WINDOWS\system32\XDva007.sys []
S3 XDva076;XDva076; \??\C:\WINDOWS\system32\XDva076.sys []
S3 XDva092;XDva092; \??\C:\WINDOWS\system32\XDva092.sys []
S3 XDva098;XDva098; \??\C:\WINDOWS\system32\XDva098.sys []
S3 XDva143;XDva143; \??\C:\WINDOWS\system32\XDva143.sys []
S3 XDva189;XDva189; \??\C:\WINDOWS\system32\XDva189.sys []
S3 XDva195;XDva195; \??\C:\WINDOWS\system32\XDva195.sys []
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\system32\XTrapD12.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-06 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-08-03 401408]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 InoRPC;eTrust Antivirus RPC Server; C:\Program Files\CA\eTrust Antivirus\InoRpc.exe [2004-04-06 139536]
R2 InoRT;eTrust Antivirus Realtime Server; C:\Program Files\CA\eTrust Antivirus\InoRT.exe [2004-04-06 241936]
R2 InoTask;eTrust Antivirus Job Server; C:\Program Files\CA\eTrust Antivirus\InoTask.exe [2004-04-06 254224]
R2 npkcmsvc;npkcmsvc; C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-08-02 520192]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-11-15 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2007-08-04 69120]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-19 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2006-11-15 68096]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------






info.txt

info.txt logfile of random's system information tool 1.04 2008-10-15 17:30:24

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D-BattleShip-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Games\3D-BattleShip4\Uninst.isu"
Aangifte inkomstenbelasting 2007-->C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 7.0.9 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A70900000002}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alien Skin Eye Candy 5 Impact-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\INSTALL.LOG
Alien Skin Eye Candy 5 Nature-->C:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~1\EYECAN~3\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~1\EYECAN~3\INSTALL.LOG
Alien Skin Eye Candy 5 Textures-->C:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~1\EYECAN~2\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~1\EYECAN~2\INSTALL.LOG
AMP Font Viewer-->"C:\Program Files\AMP Font Viewer\uninstall.exe"
Ashen Empires 4.00-->"C:\Program Files\Iron Will Games\Ashen Empires\unins000.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
BitComet 1.03-->C:\Program Files\BitComet\uninst.exe
BRATZ - Rock Angelz-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C92937F-7E79-4A32-AB80-BD7637146308}\setup.exe" -l0x9 -uninst
Bratz Babyz-->"C:\Program Files\THQ\MGA\Bratz Babyz\Uninstall_Bratz Babyz\Uninstall Bratz Babyz.exe"
CA eTrust Antivirus-->MsiExec.exe /X{99747F0D-D4F8-4877-9CA0-4AE96D963633}
Camtasia Studio 4-->MsiExec.exe /I{1BA16E5A-72B9-44B7-9FDA-FB6CE7FF6C0C}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Catan (remove only)-->C:\Program Files\Catan\Uninstall.exe
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Digital Element Aurora-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC4ECCC8-11CE-4542-A3DB-78947BC11D1D}\Setup.exe"
DynGate-->"C:\Program Files\DynGate\uninstall.exe"
DyynoPlayer 0.8.6f-->C:\Program Files\Dyyno\Dyyno Player\uninstall.exe
Eye Candy 3-->C:\UNWISE.EXE C:\INSTALL.LOG
Eye Candy 4000-->C:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\EYECAN~1\INSTALL.LOG
Fiesta-->MsiExec.exe /X{41340E1A-6849-4A27-A9A5-AA37300C76FE}
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
GetRight-->"C:\Program Files\GetRight\unins000.exe"
Hero_Online-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7595CCFC-953D-4EF3-896F-6993A4013C60}\setup.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Gebruiker\Desktop\HijackThis.exe" /uninstall
HolicUSA-->C:\Program Files\InstallShield Installation Information\{E12E647D-864B-4505-BFA7-03EFC1F3364F}\setup.exe -runfromtemp -l0x0009 -removeonly
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IGN Download Manager 2.3.2-->C:\Program Files\IGN\Download Manager\uninst.exe
Install(US)2-->C:\Program Files\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
Iron Will Games Launcher 1.00-->"C:\Program Files\Iron Will Games\unins000.exe"
iWin Games (remove only)-->"C:\Program Files\iWin Games\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jewel Quest 2-->"C:\Program Files\Jewel Quest 2\ReflexiveArcade\unins000.exe"
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Lottso! de Luxe-->C:\Program Files\Lottso! de Luxe\Uninstal.exe
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Macromedia FreeHand MXa-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Magic ISO Maker v5.4 (build 0248)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.5.79-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
MP3 Player Utilities 3.68-->MsiExec.exe /I{D98BFAD2-0C90-47F4-9D69-2EFF21631884}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 7 Premium-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Opinionbar 1.0-->C:\Program Files\Opinionbar\Uninst.exe
Outspark Launcher-->C:\Program Files\Outspark\Launcher\uninstall.exe
Outspark Sharp Launcher-->MsiExec.exe /X{B5560986-7A6A-4CCA-A808-853D2CED3796}
PC Alarm Clock-->C:\PROGRA~1\PCALAR~1\UNWISE.EXE C:\PROGRA~1\PCALAR~1\INSTALL.LOG
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
RarZilla Free Unrar 1.00-->C:\Program Files\RarZilla Free Unrar\Uninstall.exe
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamViewer-->C:\Program Files\TeamViewer\uninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"AVENGINE"=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
"INOCULAN"=C:\PROGRA~1\CA\ETRUST~1
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#4 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:54 PM

Posted 17 October 2008 - 05:48 AM

hi dangerous.

Sorry for the delay.

Please bear with me as we clean your computer. Please follow the instructions below;
  • Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Bittorent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

    Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

  • Please uninstall the following. Using windows ADD/REMOVE program at the control panel.

    GetRight if this is a license/registered version then it has no adware otherwise please uninstall it.

    Outdated java runtimes:

    Java? 6 Update 2
    Java? 6 Update 3
    Java? 6 Update 5
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 9


  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Mark

Edited by mas_pogi, 17 October 2008 - 05:50 AM.


#5 _Dangerous_

_Dangerous_
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 17 October 2008 - 09:06 AM

Hi mark, here is the log you asked for, i have turned back on my antivirus, (avg) not sure if i was suposed to but that seem like a logical thing to do.
ComboFix 08-10-16.08 - Gebruiker 2008-10-17 15:44:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1422 [GMT 2:00]
Running from: C:\Documents and Settings\Gebruiker\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_TDSSSERV
-------\Service_Boonty Games
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
.

2008-10-16 22:40 . 2008-10-16 22:40 <DIR> d-------- C:\Program Files\MSBuild
2008-10-16 22:37 . 2008-10-16 22:45 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-10-16 22:36 . 2008-10-16 22:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-10-16 22:13 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-10-15 17:30 . 2008-10-15 17:30 <DIR> d-------- C:\rsit
2008-10-15 03:07 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:06 . 2008-08-14 12:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 03:06 . 2008-08-14 11:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:06 . 2008-08-14 11:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 03:06 . 2008-09-15 14:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 02:23 . 2008-10-15 02:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-15 02:23 . 2008-10-15 02:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-15 01:43 . 2008-10-15 01:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-10-15 01:43 . 2008-10-15 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-04 20:24 . 2008-10-04 20:24 <DIR> d-------- C:\AeriaGames
2008-10-04 19:21 . 2008-10-04 19:21 <DIR> d-------- C:\Program Files\DNA
2008-10-04 19:21 . 2008-10-17 15:46 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\DNA
2008-09-28 15:24 . 2008-09-28 15:24 <DIR> d-------- C:\Program Files\Belastingdienst
2008-09-22 19:21 . 2008-09-22 19:21 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Home Sweet Home 2
2008-09-21 18:43 . 2008-09-21 18:44 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Go-Go Gourmet Chef of the Year
2008-09-20 13:01 . 2008-09-20 15:45 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-09-20 13:01 . 2008-09-20 15:45 34,602 --a------ C:\WINDOWS\scunin.dat
2008-09-20 13:01 . 2008-09-20 15:45 967 --a------ C:\WINDOWS\ScUnin.pif
2008-09-20 12:05 . 2008-09-21 05:26 <DIR> d-------- C:\Program Files\Starcraft
2008-09-20 11:21 . 2008-09-20 11:22 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\BeachPartyCraze
2008-09-20 08:28 . 2008-09-20 10:30 <DIR> d-------- C:\Program Files\War Chess
2008-09-20 08:19 . 2008-09-20 08:19 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\SpinTop
2008-09-18 16:30 . 2008-09-18 16:30 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-18 16:30 . 2008-09-18 16:30 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-18 16:30 . 2008-09-18 16:30 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-18 16:30 . 2008-09-18 16:30 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-18 16:25 . 2008-09-18 16:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-18 16:03 . 2008-04-14 02:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-18 16:02 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-18 14:55 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 13:34 --------- d-----w C:\Program Files\Java
2008-10-17 13:28 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\GetRight Pro
2008-10-17 11:09 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\ICQ
2008-10-15 11:22 --------- d-----w C:\Program Files\BurgerShop_at
2008-10-15 11:20 --------- d-----w C:\Program Files\Outspark
2008-10-15 11:20 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-10-15 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark
2008-10-15 11:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-10-12 10:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-08 11:36 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\EleFun Games
2008-10-04 18:41 --------- d-----w C:\Program Files\Dofus
2008-10-04 18:37 --------- d-----w C:\Program Files\Gpotato
2008-10-04 18:36 --------- d-----w C:\Program Files\Pixel Mine
2008-10-04 18:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-30 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-09-30 19:42 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\PlayFirst
2008-09-30 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-09-24 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-24 12:58 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\funkitron
2008-09-24 05:41 --------- d-----w C:\Program Files\ICQ6
2008-09-20 09:07 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Pi Eye Games
2008-09-20 00:31 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Oberon Games
2008-09-20 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-09-19 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intenium
2008-09-19 05:03 --------- d-----w C:\Program Files\bfgclient
2008-09-14 13:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2008-09-10 03:33 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\BFG_JanesRealty
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-08 01:29 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Sudden Games
2008-09-07 02:45 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 02:45 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Malwarebytes
2008-09-07 02:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 02:07 --------- d-----w C:\Program Files\Lavasoft
2008-09-06 02:07 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Lavasoft
2008-09-06 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-06 02:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-06 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-06 01:29 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-05 12:19 --------- d-----w C:\Program Files\StepMania
2008-09-03 16:52 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Meridian93
2008-09-02 20:29 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Realore_DressUpRush
2008-09-01 22:16 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 22:16 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 21:37 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Ancient Quest of Saqqarah__bfg
2008-08-30 20:19 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-08-30 20:19 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\teamspeak2
2008-08-29 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fitn17
2008-08-20 08:13 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\dyyno-vlc
2008-08-20 06:58 --------- d-----w C:\Program Files\Dyyno
2008-06-13 20:35 0 ----a-w C:\Program Files\temp01
2007-01-06 01:57 758 ----a-w C:\Program Files\Dransik.ini
2007-01-06 01:56 656 ----a-w C:\Program Files\Dransik.checksum
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-09-07 36864]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2008-04-14 1695232]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 165784]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-04 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
"PC Alarm Clock"="C:\Program Files\PC Alarm Clock\pcalarmclock.exe" [2006-02-02 1254400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 282624]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 C:\WINDOWS\soundman.exe]

C:\Documents and Settings\Gebruiker\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-09-16 557568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-09-07 196608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Games\\3D-BattleShip4\\3D-BattleShip4.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\pirch98\\pirch98.exe"=
"C:\\Documents and Settings\\Gebruiker\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9415:TCP"= 9415:TCP:BitComet 9415 TCP
"9415:UDP"= 9415:UDP:BitComet 9415 UDP

R2 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
S3 XDva005;XDva005;C:\WINDOWS\system32\XDva005.sys [ ]
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys [ ]
S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys [ ]
S3 XDva092;XDva092;C:\WINDOWS\system32\XDva092.sys [ ]
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys [ ]
S3 XDva143;XDva143;C:\WINDOWS\system32\XDva143.sys [ ]
S3 XDva189;XDva189;C:\WINDOWS\system32\XDva189.sys [ ]
S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
HKLM-Run-ISUSPM - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
HKLM-Run-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.

O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
C:\WINDOWS\Downloaded Program Files\stg_drm.ocx

O16 -: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://zylom.midasplayer.com/ctl/kingcomie.cab
C:\WINDOWS\Downloaded Program Files\KingComIE.inf
C:\WINDOWS\KingComIE.dll

O16 -: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} - hxxp://mp1.mplay.oberon-media.com/client/flashnet.cab
C:\WINDOWS\Downloaded Program Files\flashnet.inf
C:\WINDOWS\Downloaded Program Files\FlashNet.dll

O16 -: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
C:\WINDOWS\Downloaded Program Files\DyynoCAB.inf
C:\WINDOWS\Downloaded Program Files\DyynoX.dll

O16 -: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://ares.netgame.com/download/mglaunch_USAv1002.cab
C:\WINDOWS\Downloaded Program Files\mglaunch_USAv1002.inf
C:\WINDOWS\Downloaded Program Files\mglaunch_USAv1002.exe
C:\WINDOWS\Downloaded Program Files\mglaunch_USAv1002.dll

O16 -: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab
C:\WINDOWS\Downloaded Program Files\centrinodetect.inf
C:\WINDOWS\system32\cpucheck.ocx

O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
C:\WINDOWS\Downloaded Program Files\armhelper.ocx

O16 -: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
C:\WINDOWS\Downloaded Program Files\MediaSphere.inf

O16 -: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
C:\WINDOWS\Downloaded Program Files\MediaSphere.inf

O16 -: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
C:\WINDOWS\Downloaded Program Files\gopets.inf
C:\WINDOWS\Downloaded Program Files\gopets.ocx
C:\WINDOWS\Downloaded Program Files\gopets.inf

O16 -: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
C:\WINDOWS\Downloaded Program Files\PTGameLauncher.inf
C:\WINDOWS\Downloaded Program Files\PTGameLauncher.dll

O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
C:\WINDOWS\Downloaded Program Files\GoPetsWeb.inf
C:\WINDOWS\Downloaded Program Files\GoPetsWeb.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 15:49:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-10-17 15:58:42 - machine was rebooted [Gebruiker]
ComboFix-quarantined-files.txt 2008-10-17 13:58:37

Pre-Run: 7,106,015,232 bytes free
Post-Run: 7,230,472,192 bytes free

269 --- E O F --- 2008-10-15 03:05:59

Edited by _Dangerous_, 17 October 2008 - 09:10 AM.


#6 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:54 PM

Posted 17 October 2008 - 10:48 AM

hi.

Hi mark, here is the log you asked for, i have turned back on my antivirus, (avg) not sure if i was suposed to but that seem like a logical thing to do.

OK. NP :thumbsup:
Just remember to disable them every time we do some fixing.

Please follow the instructions below;

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

EXTRA::

FILE::
C:\WINDOWS\Downloaded Program Files\KingComIE.inf
C:\WINDOWS\KingComIE.dll
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4dca5941-5295232e.zip
C:\Program Files\ezt\webhancer.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[10].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[2].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[3].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[4].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[5].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[6].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[7].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[8].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[9].htm

FOLDER::
C:\pirch98
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\3\3575d803-568b0dbc
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\58\2209797a-62a7770f
C:\Documents and Settings\Merel\Application Data\Sun\Java\Deployment\cache\6.0\10\69e501ca-7dc918ea

REGISTRY::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\pirch98\\pirch98.exe"=-
O16 -: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://zylom.midasplayer.com/ctl/kingcomie.cab


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Run ESET Online Scan

Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.
  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
How's your computer now?

Please post the C:\ComboFix.txt and result of ESET scanner.

Mark

#7 _Dangerous_

_Dangerous_
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 17 October 2008 - 11:38 AM

rehi again.. folowing the combofix log and now im goign to scan with ESET like you instructed :thumbsup: will get backto you again after i get those results too.

ComboFix 08-10-16.08 - Gebruiker 2008-10-17 18:31:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1484 [GMT 2:00]
Running from: C:\Documents and Settings\Gebruiker\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gebruiker\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4dca5941-5295232e.zip
C:\Program Files\ezt\webhancer.exe
C:\WINDOWS\Downloaded Program Files\KingComIE.inf
C:\WINDOWS\KingComIE.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[10].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[2].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[3].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[4].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[5].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[6].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[7].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[8].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[9].htm
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\3\3575d803-568b0dbc\
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\58\2209797a-62a7770f\
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4dca5941-5295232e.zip
C:\Documents and Settings\Merel\Application Data\Sun\Java\Deployment\cache\6.0\10\69e501ca-7dc918ea\
C:\pirch98
C:\pirch98\Aliases.paf
C:\pirch98\Bugs.txt
C:\pirch98\channels.ini
C:\pirch98\chanpop.irc
C:\pirch98\Copy of LLchanpops.irc
C:\pirch98\Copy of LLfluisterpops.irc
C:\pirch98\Copy of LLserverpops.irc
C:\pirch98\Count.pil
C:\pirch98\downloads\mistermonty.quakenet.20080201.log
C:\pirch98\events.bak
C:\pirch98\events.ini
C:\pirch98\fserver.txt
C:\pirch98\Fshelp.txt
C:\pirch98\Help.cnt
C:\pirch98\Help.GID
C:\pirch98\logs\#pst.log
C:\pirch98\logs\#pstmod.log
C:\pirch98\logs\#pstmods.log
C:\pirch98\logs\_mrm.log
C:\pirch98\logs\anon823.log
C:\pirch98\logs\arielnine.log
C:\pirch98\logs\claudiolky.log
C:\pirch98\logs\eladine.log
C:\pirch98\logs\f2ne.log
C:\pirch98\logs\fairygardens.log
C:\pirch98\logs\guest99.log
C:\pirch98\logs\hilleke.log
C:\pirch98\logs\hyperorbit.log
C:\pirch98\logs\jezalmaarzoweze.log
C:\pirch98\logs\mistermonty.log
C:\pirch98\logs\off_tortuletz.log
C:\pirch98\logs\randoo53.log
C:\pirch98\logs\reaprevenge.log
C:\pirch98\logs\ricklamesa.log
C:\pirch98\logs\s1nnnn.log
C:\pirch98\logs\saurabn.log
C:\pirch98\logs\sirchatsalot.log
C:\pirch98\logs\sirchopsalot.log
C:\pirch98\logs\sirmodsalot.log
C:\pirch98\logs\smartguy.log
C:\pirch98\logs\solkee.log
C:\pirch98\logs\supersharky.log
C:\pirch98\logs\xtee.log
C:\pirch98\logs\yournamehere.log
C:\pirch98\mainmenu.irc
C:\pirch98\msgpop.irc
C:\pirch98\P98.logo
C:\pirch98\Piglatin.pil
C:\pirch98\Pil.gid
C:\pirch98\Pil.hlp
C:\pirch98\Pilgames.dll
C:\pirch98\Pirch.gid
C:\pirch98\pirch98.exe
C:\pirch98\pirch98.hlp
C:\pirch98\pirch98.ini
C:\pirch98\Pirchutl.ini
C:\pirch98\pirchvdo.exe
C:\pirch98\pirchwin.ini
C:\pirch98\Popups.irc
C:\pirch98\ptb_clip.bmp
C:\pirch98\ptb_clr1.bmp
C:\pirch98\ptb_colr.bmp
C:\pirch98\ptb_disk.bmp
C:\pirch98\ptb_kill.bmp
C:\pirch98\ptb_mail.bmp
C:\pirch98\ptb_news.bmp
C:\pirch98\ptb_prn1.bmp
C:\pirch98\ptb_pvdo.bmp
C:\pirch98\Register.txt
C:\pirch98\servers.ini
C:\pirch98\servpop.irc
C:\pirch98\Speak.txt
C:\pirch98\Thumbs.db
C:\pirch98\tips.bin
C:\pirch98\toolbar.irc
C:\pirch98\updates.txt
C:\Program Files\ezt\webhancer.exe
C:\WINDOWS\Downloaded Program Files\KingComIE.inf
C:\WINDOWS\KingComIE.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[10].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[2].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[3].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[4].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[5].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[6].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[7].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[8].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ4PW90N\ac[9].htm

.
((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
.

2008-10-16 22:40 . 2008-10-16 22:40 <DIR> d-------- C:\Program Files\MSBuild
2008-10-16 22:37 . 2008-10-16 22:45 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-10-16 22:36 . 2008-10-16 22:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-10-16 22:13 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-10-15 17:30 . 2008-10-15 17:30 <DIR> d-------- C:\rsit
2008-10-15 03:07 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:06 . 2008-08-14 12:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 03:06 . 2008-08-14 11:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:06 . 2008-08-14 11:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 03:06 . 2008-09-15 14:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 02:23 . 2008-10-15 02:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-15 02:23 . 2008-10-15 02:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-15 01:43 . 2008-10-15 01:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-10-15 01:43 . 2008-10-15 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-04 20:24 . 2008-10-04 20:24 <DIR> d-------- C:\AeriaGames
2008-10-04 19:21 . 2008-10-04 19:21 <DIR> d-------- C:\Program Files\DNA
2008-10-04 19:21 . 2008-10-17 18:29 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\DNA
2008-09-28 15:24 . 2008-09-28 15:24 <DIR> d-------- C:\Program Files\Belastingdienst
2008-09-22 19:21 . 2008-09-22 19:21 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Home Sweet Home 2
2008-09-21 18:43 . 2008-09-21 18:44 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Go-Go Gourmet Chef of the Year
2008-09-20 13:01 . 2008-09-20 15:45 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-09-20 13:01 . 2008-09-20 15:45 34,602 --a------ C:\WINDOWS\scunin.dat
2008-09-20 13:01 . 2008-09-20 15:45 967 --a------ C:\WINDOWS\ScUnin.pif
2008-09-20 12:05 . 2008-09-21 05:26 <DIR> d-------- C:\Program Files\Starcraft
2008-09-20 11:21 . 2008-09-20 11:22 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\BeachPartyCraze
2008-09-20 08:28 . 2008-09-20 10:30 <DIR> d-------- C:\Program Files\War Chess
2008-09-20 08:19 . 2008-09-20 08:19 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\SpinTop
2008-09-18 16:30 . 2008-09-18 16:30 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-18 16:30 . 2008-09-18 16:30 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-18 16:30 . 2008-09-18 16:30 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-18 16:30 . 2008-09-18 16:30 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-18 16:25 . 2008-09-18 16:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-18 16:03 . 2008-04-14 02:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-18 16:02 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-18 14:55 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 16:31 --------- d-----w C:\Program Files\ezt
2008-10-17 13:34 --------- d-----w C:\Program Files\Java
2008-10-17 13:28 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\GetRight Pro
2008-10-17 11:09 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\ICQ
2008-10-15 11:22 --------- d-----w C:\Program Files\BurgerShop_at
2008-10-15 11:20 --------- d-----w C:\Program Files\Outspark
2008-10-15 11:20 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-10-15 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark
2008-10-15 11:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-10-12 10:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-08 11:36 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\EleFun Games
2008-10-04 18:41 --------- d-----w C:\Program Files\Dofus
2008-10-04 18:37 --------- d-----w C:\Program Files\Gpotato
2008-10-04 18:36 --------- d-----w C:\Program Files\Pixel Mine
2008-10-04 18:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-30 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-09-30 19:42 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\PlayFirst
2008-09-30 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-09-24 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-24 12:58 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\funkitron
2008-09-24 05:41 --------- d-----w C:\Program Files\ICQ6
2008-09-20 09:07 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Pi Eye Games
2008-09-20 00:31 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Oberon Games
2008-09-20 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-09-19 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intenium
2008-09-19 05:03 --------- d-----w C:\Program Files\bfgclient
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 13:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2008-09-10 03:33 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\BFG_JanesRealty
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-08 01:29 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Sudden Games
2008-09-07 02:45 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 02:45 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Malwarebytes
2008-09-07 02:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 03:59 3,084 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-06 02:07 --------- d-----w C:\Program Files\Lavasoft
2008-09-06 02:07 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Lavasoft
2008-09-06 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-06 02:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-06 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-06 01:29 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-05 12:19 --------- d-----w C:\Program Files\StepMania
2008-09-03 16:52 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Meridian93
2008-09-02 20:29 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Realore_DressUpRush
2008-09-01 22:16 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 22:16 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 21:37 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Ancient Quest of Saqqarah__bfg
2008-08-30 20:19 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-08-30 20:19 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\teamspeak2
2008-08-29 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fitn17
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-20 08:13 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\dyyno-vlc
2008-08-20 06:58 --------- d-----w C:\Program Files\Dyyno
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-06-13 20:35 0 ----a-w C:\Program Files\temp01
2007-01-06 01:57 758 ----a-w C:\Program Files\Dransik.ini
2007-01-06 01:56 656 ----a-w C:\Program Files\Dransik.checksum
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-09-07 36864]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2008-04-14 1695232]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 165784]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-04 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
"PC Alarm Clock"="C:\Program Files\PC Alarm Clock\pcalarmclock.exe" [2006-02-02 1254400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 282624]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 C:\WINDOWS\soundman.exe]

C:\Documents and Settings\Gebruiker\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-09-16 557568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-09-07 196608]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Games\\3D-BattleShip4\\3D-BattleShip4.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Documents and Settings\\Gebruiker\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9415:TCP"= 9415:TCP:BitComet 9415 TCP
"9415:UDP"= 9415:UDP:BitComet 9415 UDP

R2 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ]
S3 XDva005;XDva005;C:\WINDOWS\system32\XDva005.sys [ ]
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys [ ]
S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys [ ]
S3 XDva092;XDva092;C:\WINDOWS\system32\XDva092.sys [ ]
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys [ ]
S3 XDva143;XDva143;C:\WINDOWS\system32\XDva143.sys [ ]
S3 XDva189;XDva189;C:\WINDOWS\system32\XDva189.sys [ ]

*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.

O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
C:\WINDOWS\Downloaded Program Files\stg_drm.ocx

O16 -: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} - hxxp://mp1.mplay.oberon-media.com/client/flashnet.cab
C:\WINDOWS\Downloaded Program Files\flashnet.inf
C:\WINDOWS\Downloaded Program Files\FlashNet.dll

O16 -: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
C:\WINDOWS\Downloaded Program Files\DyynoCAB.inf
C:\WINDOWS\Downloaded Program Files\DyynoX.dll

O16 -: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://ares.netgame.com/download/mglaunch_USAv1002.cab
C:\WINDOWS\Downloaded Program Files\mglaunch_USAv1002.inf
C:\WINDOWS\Downloaded Program Files\mglaunch_USAv1002.exe
C:\WINDOWS\Downloaded Program Files\mglaunch_USAv1002.dll

O16 -: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab
C:\WINDOWS\Downloaded Program Files\centrinodetect.inf
C:\WINDOWS\system32\cpucheck.ocx

O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
C:\WINDOWS\Downloaded Program Files\armhelper.ocx

O16 -: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
C:\WINDOWS\Downloaded Program Files\MediaSphere.inf

O16 -: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
C:\WINDOWS\Downloaded Program Files\MediaSphere.inf

O16 -: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
C:\WINDOWS\Downloaded Program Files\gopets.inf
C:\WINDOWS\Downloaded Program Files\gopets.ocx
C:\WINDOWS\Downloaded Program Files\gopets.inf

O16 -: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
C:\WINDOWS\Downloaded Program Files\PTGameLauncher.inf
C:\WINDOWS\Downloaded Program Files\PTGameLauncher.dll

O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
C:\WINDOWS\Downloaded Program Files\GoPetsWeb.inf
C:\WINDOWS\Downloaded Program Files\GoPetsWeb.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 18:33:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-17 18:34:40
ComboFix-quarantined-files.txt 2008-10-17 16:33:55
ComboFix2.txt 2008-10-17 13:58:43

Pre-Run: 7,203,594,240 bytes free
Post-Run: 7,192,633,344 bytes free

363 --- E O F --- 2008-10-15 03:05:59

#8 _Dangerous_

_Dangerous_
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 17 October 2008 - 11:57 AM

just a quick question i have really no idea what excactly was done :thumbsup: but it seems my pirch has been removed including the logfiles. :) I can reintsall the program.. I hope, because it was a personalized script. But i actualy need those logs :/

#9 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:54 PM

Posted 17 October 2008 - 12:08 PM

hi.

Don't worry. We will handle it later. :thumbsup:

Just post back the ESET result.

Mark

#10 _Dangerous_

_Dangerous_
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 17 October 2008 - 01:59 PM

and here is the other log you asked for


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3532 (20081017)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=efa1fc4b6226f64ca20d22dd6760964d
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-10-17 06:52:56
# local_time=2008-10-17 08:52:56 (+0100, W. Europe Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=491980
# found=36
# scan_time=6881
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\3\3575d803-568b0dbc multiple infiltrations 875155A089FA8C58F46250A070EA3A40
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\3\3575d803-568b0dbc »ZIP »BaaaaBaa.class a variant of Java/ClassLoader trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\3\3575d803-568b0dbc »ZIP »VaaaaaaaBaa.class a variant of Java/ClassLoader trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\3\3575d803-568b0dbc »ZIP »Dvnny.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\3\3575d803-568b0dbc »ZIP »Baaaaa.class Java/ClassLoader.AO trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\3\3575d803-568b0dbc »ZIP »Dex.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\3\3575d803-568b0dbc »ZIP »Dix.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\3\3575d803-568b0dbc »ZIP »Dux.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\58\2209797a-62a7770f multiple infiltrations 08DB9AB85FB3E264230FC6E606433FE0
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\58\2209797a-62a7770f »ZIP »BaaaaBaa.class a variant of Java/ClassLoader trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\58\2209797a-62a7770f »ZIP »VaaaaaaaBaa.class a variant of Java/ClassLoader trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\58\2209797a-62a7770f »ZIP »Dvnny.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\58\2209797a-62a7770f »ZIP »Baaaaa.class Java/ClassLoader.AO trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\58\2209797a-62a7770f »ZIP »Dex.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\58\2209797a-62a7770f »ZIP »Dix.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\58\2209797a-62a7770f »ZIP »Dux.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Merel\Application Data\Sun\Java\Deployment\cache\6.0\10\69e501ca-7dc918ea Java/TrojanDownloader.OpenStream.NAB trojan CEC0DD504B18CCC2D97A22CECE9C96E7
C:\Documents and Settings\Merel\Application Data\Sun\Java\Deployment\cache\6.0\10\69e501ca-7dc918ea »ZIP »OP.class Java/TrojanDownloader.OpenStream.NAB trojan 00000000000000000000000000000000
C:\HJT\backups\backup-20070909-020858-819.dll probably a variant of Win32/Agent trojan 36027ED95C170905076A0E2ACC227507
C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4dca5941-5295232e.zip.vir multiple infiltrations 875155A089FA8C58F46250A070EA3A40
C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4dca5941-5295232e.zip.vir »ZIP »BaaaaBaa.class a variant of Java/ClassLoader trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4dca5941-5295232e.zip.vir »ZIP »VaaaaaaaBaa.class a variant of Java/ClassLoader trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4dca5941-5295232e.zip.vir »ZIP »Dvnny.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4dca5941-5295232e.zip.vir »ZIP »Baaaaa.class Java/ClassLoader.AO trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4dca5941-5295232e.zip.vir »ZIP »Dex.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4dca5941-5295232e.zip.vir »ZIP »Dix.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4dca5941-5295232e.zip.vir »ZIP »Dux.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\ezt\webhancer.exe.vir multiple infiltrations 0DE2BADB40740D82C348B083BB836B5E
C:\Qoobox\Quarantine\C\Program Files\ezt\webhancer.exe.vir »RAR »whAgent.exe probably a variant of Win32/Adware.Webhancer.A application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\ezt\webhancer.exe.vir »RAR »whInstaller.exe Win32/Adware.Webhancer.401 application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\ezt\webhancer.exe.vir »RAR »whiehlpr.dll Win32/Adware.Webhancer.390 application 00000000000000000000000000000000
G:\Downloads\GetRight.Pro.v6.3c.WinAll.Incl.Patch-CU.rar Win32/Agent.OBH trojan 08AD17CF4710F59D396E254CCE15B389
G:\Downloads\GetRight.Pro.v6.3c.WinAll.Incl.Patch-CU.rar »RAR »GetRight.Pro.v6.3c.WinAll.Incl.Patch-CU\patch.exe Win32/Agent.OBH trojan 00000000000000000000000000000000
G:\Downloads\GetRight.Pro.v6.3c.WinAll.Incl.Patch-CU.rar »RAR »GetRight.Pro.v6.3c.WinAll.Incl.Patch-CU\patch.exe »PECompact v2.xx Win32/Agent.OBH trojan 00000000000000000000000000000000
G:\Downloads\GetRight.Pro.v6.3c.WinAll.Incl.Patch-CU\patch.exe Win32/Agent.OBH trojan 330888263109D67DAE7216F789DC682F
G:\Downloads\GetRight.Pro.v6.3c.WinAll.Incl.Patch-CU\patch.exe »PECompact v2.xx Win32/Agent.OBH trojan 00000000000000000000000000000000

#11 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:54 PM

Posted 17 October 2008 - 06:39 PM

hi.

Lets restore your pirch.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DeQuarantine::
C:\Qoobox\Quarantine\C\pirch98

Quit::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, a log will open "Dequarantine". PLease post back the result in your next reply.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\-
Copy and paste the following text into Notepad:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\pirch98\pirch98.exe"="C:\pirch98\pirch98.exe:*:Enabled:PIRCH98"


Save this as "fixme.reg" . Choose to save as *all files and place it on your Desktop.
Double-click fixme.reg


Let me know in your next reply.

Thanks.

Mark

Edited by mas_pogi, 17 October 2008 - 09:29 PM.


#12 _Dangerous_

_Dangerous_
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 17 October 2008 - 09:51 PM

Ooooook folowed all istructions closely ran into a lil problem that fixed itself i think...
the log file came up... then i run the reg file and that look succesfull too..

then i wanted to post the log file here.. but my exp;orer wouldnt load any pages... O.o

so i just rebooted my comp and see what that gives... well it worked i can load pages again whew so heres the log

C:\Qoobox\Quarantine\C\pirch98\Aliases.paf -> C:\pirch98\Aliases.paf
C:\Qoobox\Quarantine\C\pirch98\Bugs.txt -> C:\pirch98\Bugs.txt
C:\Qoobox\Quarantine\C\pirch98\channels.ini -> C:\pirch98\channels.ini
C:\Qoobox\Quarantine\C\pirch98\chanpop.irc -> C:\pirch98\chanpop.irc
C:\Qoobox\Quarantine\C\pirch98\Copy of LLchanpops.irc -> C:\pirch98\Copy of LLchanpops.irc
C:\Qoobox\Quarantine\C\pirch98\Copy of LLfluisterpops.irc -> C:\pirch98\Copy of LLfluisterpops.irc
C:\Qoobox\Quarantine\C\pirch98\Copy of LLserverpops.irc -> C:\pirch98\Copy of LLserverpops.irc
C:\Qoobox\Quarantine\C\pirch98\Count.pil -> C:\pirch98\Count.pil
C:\Qoobox\Quarantine\C\pirch98\events.bak -> C:\pirch98\events.bak
C:\Qoobox\Quarantine\C\pirch98\events.ini -> C:\pirch98\events.ini
C:\Qoobox\Quarantine\C\pirch98\fserver.txt -> C:\pirch98\fserver.txt
C:\Qoobox\Quarantine\C\pirch98\Fshelp.txt -> C:\pirch98\Fshelp.txt
C:\Qoobox\Quarantine\C\pirch98\Help.cnt -> C:\pirch98\Help.cnt
C:\Qoobox\Quarantine\C\pirch98\Help.GID -> C:\pirch98\Help.GID
C:\Qoobox\Quarantine\C\pirch98\mainmenu.irc -> C:\pirch98\mainmenu.irc
C:\Qoobox\Quarantine\C\pirch98\msgpop.irc -> C:\pirch98\msgpop.irc
C:\Qoobox\Quarantine\C\pirch98\P98.logo -> C:\pirch98\P98.logo
C:\Qoobox\Quarantine\C\pirch98\Piglatin.pil -> C:\pirch98\Piglatin.pil
C:\Qoobox\Quarantine\C\pirch98\Pil.gid -> C:\pirch98\Pil.gid
C:\Qoobox\Quarantine\C\pirch98\Pil.hlp -> C:\pirch98\Pil.hlp
C:\Qoobox\Quarantine\C\pirch98\Pilgames.dll -> C:\pirch98\Pilgames.dll
C:\Qoobox\Quarantine\C\pirch98\Pirch.gid -> C:\pirch98\Pirch.gid
C:\Qoobox\Quarantine\C\pirch98\pirch98.exe -> C:\pirch98\pirch98.exe
C:\Qoobox\Quarantine\C\pirch98\pirch98.hlp -> C:\pirch98\pirch98.hlp
C:\Qoobox\Quarantine\C\pirch98\pirch98.ini -> C:\pirch98\pirch98.ini
C:\Qoobox\Quarantine\C\pirch98\Pirchutl.ini -> C:\pirch98\Pirchutl.ini
C:\Qoobox\Quarantine\C\pirch98\pirchvdo.exe -> C:\pirch98\pirchvdo.exe
C:\Qoobox\Quarantine\C\pirch98\pirchwin.ini -> C:\pirch98\pirchwin.ini
C:\Qoobox\Quarantine\C\pirch98\Popups.irc -> C:\pirch98\Popups.irc
C:\Qoobox\Quarantine\C\pirch98\ptb_clip.bmp -> C:\pirch98\ptb_clip.bmp
C:\Qoobox\Quarantine\C\pirch98\ptb_clr1.bmp -> C:\pirch98\ptb_clr1.bmp
C:\Qoobox\Quarantine\C\pirch98\ptb_colr.bmp -> C:\pirch98\ptb_colr.bmp
C:\Qoobox\Quarantine\C\pirch98\ptb_disk.bmp -> C:\pirch98\ptb_disk.bmp
C:\Qoobox\Quarantine\C\pirch98\ptb_kill.bmp -> C:\pirch98\ptb_kill.bmp
C:\Qoobox\Quarantine\C\pirch98\ptb_mail.bmp -> C:\pirch98\ptb_mail.bmp
C:\Qoobox\Quarantine\C\pirch98\ptb_news.bmp -> C:\pirch98\ptb_news.bmp
C:\Qoobox\Quarantine\C\pirch98\ptb_prn1.bmp -> C:\pirch98\ptb_prn1.bmp
C:\Qoobox\Quarantine\C\pirch98\ptb_pvdo.bmp -> C:\pirch98\ptb_pvdo.bmp
C:\Qoobox\Quarantine\C\pirch98\Register.txt -> C:\pirch98\Register.txt
C:\Qoobox\Quarantine\C\pirch98\servers.ini -> C:\pirch98\servers.ini
C:\Qoobox\Quarantine\C\pirch98\servpop.irc -> C:\pirch98\servpop.irc
C:\Qoobox\Quarantine\C\pirch98\Speak.txt -> C:\pirch98\Speak.txt
C:\Qoobox\Quarantine\C\pirch98\Thumbs.db -> C:\pirch98\Thumbs.db
C:\Qoobox\Quarantine\C\pirch98\tips.bin -> C:\pirch98\tips.bin
C:\Qoobox\Quarantine\C\pirch98\toolbar.irc -> C:\pirch98\toolbar.irc
C:\Qoobox\Quarantine\C\pirch98\updates.txt -> C:\pirch98\updates.txt
C:\Qoobox\Quarantine\C\pirch98\downloads\mistermonty.quakenet.20080201.log -> C:\pirch98\downloads\mistermonty.quakenet.20080201.log
C:\Qoobox\Quarantine\C\pirch98\logs\#pst.log -> C:\pirch98\logs\#pst.log
C:\Qoobox\Quarantine\C\pirch98\logs\#pstmod.log -> C:\pirch98\logs\#pstmod.log
C:\Qoobox\Quarantine\C\pirch98\logs\#pstmods.log -> C:\pirch98\logs\#pstmods.log
C:\Qoobox\Quarantine\C\pirch98\logs\anon823.log -> C:\pirch98\logs\anon823.log
C:\Qoobox\Quarantine\C\pirch98\logs\arielnine.log -> C:\pirch98\logs\arielnine.log
C:\Qoobox\Quarantine\C\pirch98\logs\claudiolky.log -> C:\pirch98\logs\claudiolky.log
C:\Qoobox\Quarantine\C\pirch98\logs\eladine.log -> C:\pirch98\logs\eladine.log
C:\Qoobox\Quarantine\C\pirch98\logs\f2ne.log -> C:\pirch98\logs\f2ne.log
C:\Qoobox\Quarantine\C\pirch98\logs\fairygardens.log -> C:\pirch98\logs\fairygardens.log
C:\Qoobox\Quarantine\C\pirch98\logs\guest99.log -> C:\pirch98\logs\guest99.log
C:\Qoobox\Quarantine\C\pirch98\logs\hilleke.log -> C:\pirch98\logs\hilleke.log
C:\Qoobox\Quarantine\C\pirch98\logs\hyperorbit.log -> C:\pirch98\logs\hyperorbit.log
C:\Qoobox\Quarantine\C\pirch98\logs\jezalmaarzoweze.log -> C:\pirch98\logs\jezalmaarzoweze.log
C:\Qoobox\Quarantine\C\pirch98\logs\mistermonty.log -> C:\pirch98\logs\mistermonty.log
C:\Qoobox\Quarantine\C\pirch98\logs\off_tortuletz.log -> C:\pirch98\logs\off_tortuletz.log
C:\Qoobox\Quarantine\C\pirch98\logs\randoo53.log -> C:\pirch98\logs\randoo53.log
C:\Qoobox\Quarantine\C\pirch98\logs\reaprevenge.log -> C:\pirch98\logs\reaprevenge.log
C:\Qoobox\Quarantine\C\pirch98\logs\ricklamesa.log -> C:\pirch98\logs\ricklamesa.log
C:\Qoobox\Quarantine\C\pirch98\logs\s1nnnn.log -> C:\pirch98\logs\s1nnnn.log
C:\Qoobox\Quarantine\C\pirch98\logs\saurabn.log -> C:\pirch98\logs\saurabn.log
C:\Qoobox\Quarantine\C\pirch98\logs\sirchatsalot.log -> C:\pirch98\logs\sirchatsalot.log
C:\Qoobox\Quarantine\C\pirch98\logs\sirchopsalot.log -> C:\pirch98\logs\sirchopsalot.log
C:\Qoobox\Quarantine\C\pirch98\logs\sirmodsalot.log -> C:\pirch98\logs\sirmodsalot.log
C:\Qoobox\Quarantine\C\pirch98\logs\smartguy.log -> C:\pirch98\logs\smartguy.log
C:\Qoobox\Quarantine\C\pirch98\logs\solkee.log -> C:\pirch98\logs\solkee.log
C:\Qoobox\Quarantine\C\pirch98\logs\supersharky.log -> C:\pirch98\logs\supersharky.log
C:\Qoobox\Quarantine\C\pirch98\logs\xtee.log -> C:\pirch98\logs\xtee.log
C:\Qoobox\Quarantine\C\pirch98\logs\yournamehere.log -> C:\pirch98\logs\yournamehere.log
C:\Qoobox\Quarantine\C\pirch98\logs\_mrm.log -> C:\pirch98\logs\_mrm.log
76 File(s) copied

#13 _Dangerous_

_Dangerous_
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 17 October 2008 - 09:53 PM

I tried to run pirch next but got an error, please instruct how to fix :thumbsup:

Attached File  pircherror.jpg   75.64KB   18 downloads

#14 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:54 PM

Posted 17 October 2008 - 09:54 PM

hi.


Seems we save your pirch log.

I already processed your next fix. Please wait for further instructions.

Mark

#15 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:54 PM

Posted 17 October 2008 - 09:57 PM

hi.

Look for that file in C:\pirch98

and rename pirch98.exe.vir to pirch98.exe

Mark

Edited by mas_pogi, 17 October 2008 - 09:59 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users