ComputerForum.com ComputerForum.com  
TigerDirect
  
Go Back   Computer Forum > Computer Software > Computer Security
How to get rid of Vundo Infection? How to get rid of Vundo Infection?
Register FAQ Members List Calendar Mark Forums Read

Reply
Page 1 of 3 1 23 >
 
LinkBack Thread Tools Display Modes
Old 05-22-2008, 08:38 PM   #1 (permalink)
Diamond Member
 
g25racer's Avatar
 
Join Date: Feb 2008
Location: Hamilton, MI
Posts: 3,789
Default How to get rid of Vundo Infection?
So I just had avast pro pop-up two times with different .dll files in the system32 folder and avast is saying they are Vundo Infection. How to get rid of the rest of it? Much help is appreciated. Now all the sudden my pc is starting to lag alot and im not even running alot of apps and then it settles right down. Please help
__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --
g25racer is offline   Reply With Quote


Old 05-22-2008, 09:17 PM   #2 (permalink)
Diamond Member
 
g25racer's Avatar
 
Join Date: Feb 2008
Location: Hamilton, MI
Posts: 3,789
Default
It seems that my pc is running alright right now but I would still like to see if the infection is fully gone. Anyone? Would a combofix log help you guys?
__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --
g25racer is offline   Reply With Quote
Old 05-22-2008, 09:19 PM   #3 (permalink)
Diamond Member
 
GameMaster's Avatar
 
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 3,924
Default
Yes, post a ComboFix log.

And then run VundoFix.
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
__________________
dznutz:
Quote:
a firewall is like a gate. it keeps the bad people out and the dog in but it's not fool proof. but lets say you download and run an infected program. that will be like letting in a "friend." if it's infected you run that program you can get malware. that's like a friend raping your family and stealing your money.
GameMaster is offline   Reply With Quote
Old 05-22-2008, 09:51 PM   #4 (permalink)
Diamond Member
 
g25racer's Avatar
 
Join Date: Feb 2008
Location: Hamilton, MI
Posts: 3,789
Default
Vundo didnt find anything but combofix did. After Combofix was done and restarted it seems that my pc is running way better. This website wont let me attach the file for some reason. There is no "attach files" button.

ComboFix 08-05-21.3 - Spicka 2008-05-22 16:26:43.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1176 [GMT -4:00]
Running from: C:\Users\Spicka\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Spicka\AppData\Roaming\inst.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\kmd.exe
C:\Windows\system32\mlJDtTml.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-21 19:37 . 2008-05-21 19:37 <DIR> d--h----- C:\Windows\PIF
2008-05-19 16:30 . 2008-05-19 16:30 <DIR> dr------- C:\Users\Public\Videos
2008-05-19 16:30 . 2008-05-19 16:30 <DIR> dr------- C:\Users\Public\Pictures
2008-05-18 12:14 . 2008-05-18 12:14 <DIR> dr------- C:\Users\Public\Documents
2008-05-17 21:38 . 2008-05-17 21:38 <DIR> dr------- C:\Users\Public\Music
2008-05-10 21:33 . 2008-05-10 21:33 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\dvdcss
2008-05-10 18:49 . 2008-05-10 18:56 <DIR> d-------- C:\Program Files\DVDFab 5
2008-05-09 23:59 . 2008-05-09 23:59 <DIR> d-------- C:\Users\All Users\Codemasters
2008-05-09 23:59 . 2008-05-09 23:59 <DIR> d-------- C:\ProgramData\Codemasters
2008-05-09 23:57 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-05-09 23:57 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll
2008-05-09 23:57 . 2008-04-28 12:29 805,400 -ra------ C:\Windows\System32\tmpD523.tmp
2008-05-09 23:57 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll
2008-05-09 23:57 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll
2008-05-09 23:57 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll
2008-05-09 23:57 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll
2008-05-09 23:56 . 2008-04-28 12:29 805,400 -ra------ C:\Windows\System32\tmpD503.tmp
2008-05-09 19:19 . 2008-05-09 19:19 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2008-05-08 16:24 . 2008-05-08 16:25 <DIR> d-------- C:\Program Files\Clock Tray Skins
2008-05-07 21:28 . 2008-03-12 19:38 445,504 -ra------ C:\Windows\System32\vp6vfw.dll
2008-05-04 17:12 . 2008-05-04 17:13 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\Off Road
2008-05-04 17:03 . 2008-05-04 17:03 <DIR> d-------- C:\Program Files\Xplosiv
2008-05-04 00:06 . 2008-05-04 00:06 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\Ubisoft
2008-05-03 22:17 . 2008-05-03 22:17 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\THQ
2008-05-03 22:13 . 2008-05-03 22:13 <DIR> d-------- C:\Users\All Users\InstallShield
2008-05-03 22:13 . 2008-05-03 22:13 <DIR> d-------- C:\ProgramData\InstallShield
2008-05-03 22:02 . 2006-05-16 10:58 73,728 --a------ C:\Windows\System32\ISUSPM.cpl
2008-05-03 11:57 . 2008-05-07 21:28 <DIR> d-------- C:\Program Files\EA GAMES
2008-05-01 20:04 . 2008-05-01 20:04 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-30 19:12 . 2008-04-30 19:12 319 --a------ C:\Windows\game.ini
2008-04-30 18:46 . 2008-04-30 18:46 <DIR> d-------- C:\Program Files\Activision
2008-04-30 17:32 . 2008-05-03 22:02 <DIR> d-------- C:\Program Files\THQ
2008-04-29 16:46 . 2008-04-29 16:46 <DIR> dr-h----- C:\Users\Spicka\AppData\Roaming\SecuROM
2008-04-29 16:46 . 2008-04-29 16:46 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-04-28 19:52 . 2008-05-03 00:46 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\X-NetStat
2008-04-28 19:52 . 2008-04-28 19:52 <DIR> d-------- C:\Program Files\X-NetStat Professional
2008-04-28 17:00 . 2008-04-28 17:00 <DIR> d-------- C:\Program Files\AceLogix
2008-04-27 17:13 . 2008-05-19 15:14 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\VMware
2008-04-27 17:08 . 2008-04-27 17:08 <DIR> d-------- C:\Program Files\VMware
2008-04-27 17:08 . 2008-04-27 17:08 <DIR> d-------- C:\Program Files\Common Files\VMware
2008-04-26 00:15 . 2008-04-26 00:15 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-04-26 00:12 . 2008-04-26 00:12 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-04-26 00:12 . 2008-04-26 00:12 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-04-25 23:57 . 2008-04-25 23:57 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-04-25 23:57 . 2008-04-25 23:57 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-04-22 15:37 . 2008-05-22 16:24 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\uTorrent
2008-04-22 15:37 . 2008-04-22 15:37 <DIR> d-------- C:\Program Files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-21 23:18 --------- d---a-w C:\ProgramData\TEMP
2008-05-21 22:42 --------- d-----w C:\Users\Spicka\AppData\Roaming\Vso
2008-05-21 22:23 --------- d-----w C:\Users\Spicka\AppData\Roaming\Audacity
2008-05-21 22:20 --------- d-----w C:\Program Files\Trillian
2008-05-19 18:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-19 17:56 --------- d-----w C:\ProgramData\Autodesk
2008-05-17 23:25 --------- d-----w C:\ProgramData\VMware
2008-05-17 02:49 --------- d-----w C:\Program Files\GPU-Z
2008-05-14 22:24 --------- d-----w C:\Program Files\Windows Mail
2008-05-11 01:29 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-05-10 03:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 03:49 --------- d-----w C:\Program Files\Codemasters
2008-05-08 15:00 --------- d-----w C:\Program Files\GTR2
2008-05-07 14:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-07 14:12 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-05-04 04:04 --------- d-----w C:\ProgramData\Ubisoft
2008-05-04 03:50 --------- d-----w C:\Program Files\Ubisoft
2008-05-02 00:17 --------- d-----w C:\Program Files\Microsoft Games
2008-04-29 00:29 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-04-27 03:53 --------- d-----w C:\Program Files\Grand Theft Auto San Andreas
2008-04-26 03:46 --------- d-----w C:\Program Files\Electronic Arts
2008-04-23 00:41 --------- d-----w C:\Program Files\PowerISO
2008-04-21 20:02 --------- d-----w C:\Program Files\Atari
2008-04-21 00:21 --------- d-----w C:\Program Files\Easy Video Downloader
2008-04-15 22:48 --------- d-----w C:\Program Files\Fraps
2008-04-12 20:07 --------- d-----w C:\Program Files\VirtualDJ
2008-04-12 01:13 --------- d-----w C:\Program Files\DFX
2008-04-12 00:24 --------- d-----w C:\Users\Spicka\AppData\Roaming\Thinking Minds Budiling Bytes
2008-04-12 00:24 --------- d-----w C:\Program Files\CubeDesktop
2008-04-11 22:53 --------- d-----w C:\ProgramData\NVIDIA Corporation
2008-04-11 22:46 --------- d-----w C:\Program Files\Fast Explorer
2008-04-11 22:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-11 21:55 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-11 21:55 --------- d-----w C:\Program Files\Realtek
2008-04-11 02:04 --------- d-----w C:\ProgramData\Stardock
2008-04-11 01:38 --------- d-----w C:\Program Files\Foxit Software
2008-04-10 19:55 --------- d-----w C:\ProgramData\DFX
2008-04-10 19:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 18:19 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-10 06:22 --------- d-----w C:\Program Files\RocketDock
2008-04-10 03:18 --------- d-----w C:\Program Files\HyCam2
2008-04-10 01:03 --------- d-----w C:\Program Files\UltraISO
2008-04-10 01:02 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-04-07 03:07 --------- d-----w C:\ProgramData\vsosdk
2008-04-05 19:12 --------- d-----w C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-04-05 00:45 47,360 ----a-w C:\Users\Spicka\AppData\Roaming\pcouffin.sys
2008-04-05 00:45 --------- d-----w C:\Program Files\VSO
2008-04-04 04:52 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-04 04:51 --------- d-----w C:\ProgramData\Messenger Plus!
2008-04-04 02:58 --------- d-----w C:\Program Files\RivaTuner v2.06
2008-03-31 23:15 --------- d-----w C:\Program Files\Rainbow Six Vegas
2008-03-30 23:00 --------- d-----w C:\Program Files\MagicISO
2008-03-29 21:03 --------- d-----w C:\ProgramData\Nero
2008-03-29 18:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 16:19 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-29 15:42 --------- d-----w C:\Program Files\Java
2008-03-29 15:41 --------- d-----w C:\Program Files\Common Files\Java
2008-03-29 15:29 --------- d-----w C:\ProgramData\SlySoft
2008-03-28 23:28 --------- d-----w C:\Program Files\Trojan Remover
2008-03-28 23:27 --------- d-----w C:\Users\Spicka\AppData\Roaming\Simply Super Software
2008-03-28 23:27 --------- d-----w C:\ProgramData\Simply Super Software
2008-03-28 20:59 --------- d-----w C:\Users\Spicka\AppData\Roaming\InstallShield
2008-03-28 01:25 --------- d-----w C:\Users\Spicka\AppData\Roaming\Autodesk
2008-03-27 23:03 --------- d-----w C:\ProgramData\FLEXnet
2008-03-27 22:14 --------- d-----w C:\Program Files\Image-Line
2008-03-27 22:12 --------- d-----w C:\Program Files\Steinberg
2008-03-26 23:41 --------- d-----w C:\ProgramData\Corel
2008-03-25 23:03 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-03-22 05:56 --------- d-----w C:\Users\Spicka\AppData\Roaming\GetRightToGo
2008-03-20 00:34 174 --sha-w C:\Program Files\desktop.ini
2008-03-04 22:30 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-02-11 01:22 0 ----a-w C:\Users\Spicka\AppData\Roaming\wklnhst.dat
2008-02-14 21:50 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2008-02-14 21:50 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-14 21:50 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-09 15:23 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-09 15:23 8530464]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 14:05 2650112]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Gaming Software.lnk - C:\Windows\Installer\{C5961323-A2E5-4FAB-B92D-DBF6C282F0F5}\NewShortcut1_C5961323A2E54FABB92DDBF 6C282F0F5.exe [12/27/2007 8:25:16 PM 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^RivaTuner.exe]
backup=C:\Windows\pss\RivaTuner.exe.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Spicka^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\Windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Spicka^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Users\Spicka\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\Windows\pss\Microsoft Office Groove.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD_Display]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b44b5fc7]
C:\Users\Spicka\AppData\Local\Temp\iebemyiq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\Spicka\AppData\Local\Temp\mllkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dog about manager team]
--a------ 2008-01-06 15:13 114704 C:\ProgramData\META THIRD 4.l9q7bk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 03:33 125952 C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2007-04-18 11:01 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jumpsafe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2006-12-08 17:16 65536 C:\HP\KBD\KbdStub.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Juan]
C:\Users\Spicka\AppData\Local\Temp\mlhuacox.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\Spicka\AppData\Local\Temp\gebay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-01-09 15:23 8530464 C:\Windows\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-01-09 15:23 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2008-01-09 15:23 86016 C:\Windows\system32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 19:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
--a------ 2007-10-30 14:05 2650112 C:\Program Files\RivaTuner v2.06\RivaTuner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-10-25 05:52 4702208 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
--a------ 2007-09-25 02:11 54672 C:\Windows\system32\jureg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2007-10-08 09:26 55856 C:\Program Files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2007-10-08 09:27 72240 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 03:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 03:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --
g25racer is offline   Reply With Quote
Old 05-22-2008, 09:51 PM   #5 (permalink)
Diamond Member
 
g25racer's Avatar
 
Join Date: Feb 2008
Location: Hamilton, MI
Posts: 3,789
Default
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{975D25E8-9AEF-4CA4-88C9-964F4F41CB75}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2C49A7B7-AF9B-4BCC-B73D-6EC125D607EB}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A1EAF321-72CD-4CF8-8D7A-EC66C5B073C2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{25DF000C-8352-4C95-86BD-D90FA79DEA37}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{94EB73F5-6EEF-4872-ACBA-1BD7AC4B0C61}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9443997F-61F8-4B50-9E81-7E62EFE07763}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2A69A77A-B3FC-4DF6-BA92-990E4CE0DDFC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5616EC59-8AE2-4214-8AEE-043ACCE18F94}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{08987FB8-ADAE-485A-A6BC-59F05F6519B3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4B6C0C1F-85B6-4593-91EF-894A05AC700F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1EF3E671-0133-4C88-B8FC-BEC9504015E1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3DD27DF5-225B-4766-804B-C5493CA8BE80}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD4FEAF9-CEA4-460B-8E05-FF750C601DEF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CC12FA71-7BF3-44FA-9AD1-03B72EBA5F26}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6816305-2593-4DC5-86E5-F081DD403B3C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{13C6F9E0-7B7D-4B4A-AA53-DF03769FC00D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{87DED640-D588-4D97-9597-1C8AD56FD137}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4BDC332E-8CE9-4DA7-891A-33EEBCCE447A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F946592E-1A48-4CF1-82C4-EE516CB66CB0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{21B9F52C-F778-48E0-84E5-50F6A018AA96}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CFD818F1-7408-4B9D-BB98-47CD29501FA1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4A1D8D36-F329-443F-AACD-3734661BD4E9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{896CA9AD-F0F6-456E-9FD3-B9304D421016}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{30C4A9D0-25D6-4DAD-A740-159A95CEA79D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D52E4F47-F7E6-41D3-AA6A-409AA865CB80}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{39EB9547-9C61-41C8-852A-3E5BC1EE3FF0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{93E46397-6B63-41A8-B92C-33BBDDFD85B2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2A0CBEFB-938E-4A0A-B7F3-E84FF0579351}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E58B181F-0F76-4CEE-AB79-DCB7E98A7F28}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2AFB5296-CD03-4144-8F69-BEBDF0329601}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3638B0F-AE3E-4EC1-B0CD-5D4FDCD2A1DC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3D6EF208-490C-471F-B67A-142F05F7BFA5}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{8433419C-73CB-4F87-9A67-FDBA8D746699}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{FC768C72-E0B8-4292-9C3D-A78B44B5A71F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{16FB3309-E03A-4321-8BCB-013B221C21BF}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{8B58407E-4A8F-460D-9C33-9ECF1EE86A53}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{6C9BE14C-D0EE-43BB-87A4-14619DF705A2}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{8507D1FE-BD9D-48B7-950E-D27DA9FE42BC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B7F9196B-FD04-4E0A-B0B4-00212104D69B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8FE91FEF-0B98-40E3-AF22-9A209005B3EA}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{51D7C1C6-9068-48F9-9D13-08533B4C9DBA}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{80E2D77C-EB01-4B52-AB9F-D45DEE42E141}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile. exeMSRegisterFile
"{C24DACAE-D1A0-4CDD-9D57-9AD63F59F23D}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile. exeMSRegisterFile
"{BCD9027A-44A7-43AF-B8DD-BBD7E64BB9EA}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{596F12A5-9675-4F7A-9B09-740A8A1DD10A}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{D069F8B2-FF95-4549-AF34-8657E95CDF62}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exei nnacle VideoSpin
"{5F40ECED-9FFD-4013-83DE-E87D4E9EED48}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exei nnacle VideoSpin
"{A663D39E-8211-414D-896F-96894C84BED6}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire 4.13.4
"{EBD2CE39-BAEF-4448-ACC5-2843EB444229}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire 4.13.4
"{6AF8787F-3E24-42DE-BE07-FCDD15DC6391}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{FA98F451-8517-4050-B611-6075AA07D0C3}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{36134A4F-6FB9-44E3-902A-1F626EEC1C09}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{CE4C4C21-1242-47BB-A5A3-364E6DED1819}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E5BF9F35-884E-4F53-9CB7-D75533E2E251}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{D0BB6CD0-090A-4417-946A-C6EE9DC08976}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{A4593CFB-94E4-44F1-82F8-F9F9BA29C61C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{DA94BDC8-9072-41E2-A924-06A82845B830}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{9F3DF8BD-9279-46C5-A977-5D896343CDC1}"= UDP:61000:azur tcp
"{12580A29-83C7-467A-B34E-1B1EF4FC5A07}"= TCP:61000:azur udp
"TCP Query User{936E625E-0789-49D2-97D4-AFEDF2DB72FE}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{3A159CAB-1BFD-41F9-969C-6097D0B2B36A}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{3EC2ED0F-F6BC-48D7-BEB2-10E4048ED0AF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{748B11B9-994F-41E3-9843-64F920932927}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{71C29047-97DF-4D5C-B337-7A8EC70A32B5}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{EBBF3F17-FD7D-4557-AF4E-DAD83DF1AA7A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B6841BBB-BE5F-40D0-AA62-87B09215CE3E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E9E6347B-B128-4B95-9D3E-5DCD885110F7}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{23A25B22-9D4D-4A37-AD66-931C063A9258}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6E92C6AD-CD09-4DCC-9761-D5CAEF1235B1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{82AF9824-1AD9-46B3-8A1F-A4F7A0B5E07A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{B672BC09-4A65-48C6-BD25-7EDD1F015AFD}C:\\program files\\gtr2\\gtr2.exe"= UDP:C:\program files\gtr2\gtr2.exe:GTR2 - FIA GT Racing Game
"UDP Query User{76736A58-806D-4CCC-9387-FAABE72AAE02}C:\\program files\\gtr2\\gtr2.exe"= TCP:C:\program files\gtr2\gtr2.exe:GTR2 - FIA GT Racing Game
"TCP Query User{115221F7-CD22-4CEF-8DA9-7EAB981DEF14}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{04877AFC-A814-4048-A0A3-8B1E619B2B90}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{BC169CA5-AB94-4121-9F1D-D81F25BAA314}C:\\program files\\codemasters\\dirt demo\\dirtdemo.exe"= UDP:C:\program files\codemasters\dirt demo\dirtdemo.exeiRT Demo Executable
"UDP Query User{F3C7EB02-0009-40A0-BBC7-6B4581B73344}C:\\program files\\codemasters\\dirt demo\\dirtdemo.exe"= TCP:C:\program files\codemasters\dirt demo\dirtdemo.exeiRT Demo Executable
"TCP Query User{A9BE1CFF-F1B7-4F76-B682-2A445C9E9258}C:\\users\\spicka\\desktop\\tdu\\test driveunlimited.exe"= Disabled:UDP:C:\users\spicka\desktop\tdu\testdrive unlimited.exe:testdriveunlimited.exe
"UDP Query User{0A6995E1-0212-45EA-907A-17ADEEC6B13F}C:\\users\\spicka\\desktop\\tdu\\test driveunlimited.exe"= Disabled:TCP:C:\users\spicka\desktop\tdu\testdrive unlimited.exe:testdriveunlimited.exe
"TCP Query User{B33E8ACD-5CD5-4F42-B451-FDDFFDD8FDF9}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{EBF08DA9-D1D6-4138-A69A-72C2157CAA20}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{9203A471-ABBE-4104-9F8C-D9BE0A1B01C5}C:\\users\\spicka\\desktop\\lfs y\\lfs.exe"= Disabled:UDP:C:\users\spicka\desktop\lfs y\lfs.exe:lfs.exe
"UDP Query User{DE396891-084B-472C-A397-B4E56EE2F2E3}C:\\users\\spicka\\desktop\\lfs y\\lfs.exe"= Disabled:TCP:C:\users\spicka\desktop\lfs y\lfs.exe:lfs.exe
"TCP Query User{F2469FED-3642-4458-8178-D94F49C877BA}C:\\program files\\tdu\\testdriveunlimited.exe"= UDP:C:\program files\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{6625616D-3B40-4E99-B698-E0751E223EE4}C:\\program files\\tdu\\testdriveunlimited.exe"= TCP:C:\program files\tdu\testdriveunlimited.exe:Test Drive Unlimited
"{048FD200-9CBE-4A36-BE5E-7426340A1D2F}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{E1F69BD7-1482-41DE-AD91-1179FC6990B5}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{494565C2-5F52-45A6-90A8-095FD4A63599}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{994A1238-93F2-431A-83C9-5ED84A698E61}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{70A4146C-EA04-424D-BC9F-F244340A84C4}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{CBB29435-5EFF-4DB5-B5E7-741EFDEA9B03}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{D339B933-E9B5-47C0-824E-0C1E6BAD4443}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{D14E369D-75AB-4C74-8E38-A7B9FB640834}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{8E9928A1-8ED4-4709-BCBC-81829AF40E00}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{062CFA3E-0BC1-4BC9-AE0C-7F116723500D}C:\\program files\\rainbow six vegas\\binaries\\r6vegas_game.exe"= Disabled:UDP:C:\program files\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{EDBF6F3C-E5D9-476E-87C2-4F598CB26BC3}C:\\program files\\rainbow six vegas\\binaries\\r6vegas_game.exe"= Disabled:TCP:C:\program files\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"{60C9E504-7624-42F1-8CFB-6BBAC056C0B7}"= Disabled:UDP:C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid ConverterPDF.exe:SolidConverterPDF
"{0A447AD9-39F1-42A6-80F2-A98B0DAA6F2A}"= Disabled:TCP:C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid ConverterPDF.exe:SolidConverterPDF
"{FC05D4C0-5E54-4077-A757-D84B0A301D6D}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{079874E4-CB42-457D-BB28-4D774D5CA7F4}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{E7BD56B4-DC6A-407D-A90E-CDA13090D107}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{E00A0851-E50A-48F0-BC5E-ABEE035E2E38}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{B8CC3115-4307-432F-A84D-7198E6BAE199}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9B6C3B21-E205-4742-9B77-572CE354341C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A2F975E4-1C3D-4887-9F36-F617411B6C8E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{28151418-97DB-4540-9964-AB31CA061462}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2A7312A1-3BCB-442A-A7CA-D7EFB0B3D5C2}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{5278428F-60D2-4400-8509-735DFBBCBE36}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{1DD08392-C94D-419B-9173-77F7449C8D93}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe :CrysisDedicatedServer_32
"{8563DF07-539D-42BF-B480-08BCA7A5D829}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe :CrysisDedicatedServer_32
"{D79977BD-7BE7-4093-A9F0-F486AEA48141}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{0C584D01-2830-46D9-B29F-A996E9E4107E}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{424D2CC8-9F63-4D82-9AA6-221C1BF379E1}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{F7C6254C-C6AF-49A8-949D-89E6D2946F67}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"TCP Query User{20A5AFCE-4B4C-4A7B-8A87-E27D1FAEC377}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{7671FA25-2635-4EDB-B5EB-EE0E5011936D}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"{1C134B82-266B-4413-8DC7-961E0E2BCB23}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{57564181-8348-421D-8DFA-E1A433097D45}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{706CE38E-4671-40A3-B39C-569D20C4FCEC}C:\\users\\spicka\\desktop\\ratiomast er-1.7.5\\ratiomaster.exe"= UDP:C:\users\spicka\desktop\ratiomaster-1.7.5\ratiomaster.exe:ratiomaster.exe
"UDP Query User{FA096EAC-C19D-4F0C-AF0F-71CD27D01BC6}C:\\users\\spicka\\desktop\\ratiomast er-1.7.5\\ratiomaster.exe"= TCP:C:\users\spicka\desktop\ratiomaster-1.7.5\ratiomaster.exe:ratiomaster.exe
"TCP Query User{CD8F028D-0444-42D3-A09A-8F587951D2C8}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{49C5CF3E-D6B1-4D1C-9D32-A1735EDD5FC9}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{2D407F78-CDA7-4D7E-96E1-7A39A1B15A56}"= Disabled:UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{2CF1E04F-0A84-4E30-A3C8-DFCAB9910E15}"= Disabled:TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{51F88D5E-2A04-4BDC-A9B0-91794341DD8F}"= Disabled:UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{714EFAEB-AA6C-4F42-8315-6FCCB2EC9FEF}"= Disabled:TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{3523CE4E-F9AE-4DBB-8EED-5C7B6173592C}"= Disabled:UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{82F5929C-19D1-4AE7-95F5-44ECBFE88C29}"= Disabled:TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{5A48498A-8C49-426E-A619-1A9B10313F50}"= Disabled:UDP:C:\Program Files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{E0984E15-EFF3-496B-B728-260C7200BEED}"= Disabled:TCP:C:\Program Files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{3E312BCE-4479-41C6-AC46-6D36281FFD48}"= UDP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
"{4446BA8E-3F48-4392-8E7F-934C13541B21}"= TCP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswF sBlk.sys [2008-03-29 14:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\as wMonFlt.sys [2008-03-29 14:32]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 03:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys [2007-08-07 07:26]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-02-15 18:49]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 20:36:20 C:\Windows\Tasks\User_Feed_Synchronization-{BBF9C965-CADA-4F96-ADB5-83AC81BE0009}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 16:33:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\bthprops.cpl
-> ?:\Windows\system32\bthprops.cpl
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\ehome\mcupdate.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\hp\KBD\kbd.exe
C:\Windows\System32\dllhost.exe
C:\Windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Completion time: 2008-05-22 16:40:29 - machine was rebooted [Spicka]
ComboFix-quarantined-files.txt 2008-05-22 20:40:05

Pre-Run: 167,290,138,624 bytes free
Post-Run: 167,282,593,792 bytes free

426 --- E O F --- 2008-05-21 19:43:31
__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --
g25racer is offline   Reply With Quote


Old 05-22-2008, 09:56 PM   #6 (permalink)
Diamond Member
 
g25racer's Avatar
 
Join Date: Feb 2008
Location: Hamilton, MI
Posts: 3,789
Default
It seems that combofix has gotten rid of avast from my startup now.

EDIT: Srry for confusion. I guess it just got rid of the startup entry for the splash screen (icon on bottom right). Avast is running though. How can I put the entry back for the splash screen?
__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --
Last edited by g25racer; 05-22-2008 at 10:10 PM.
g25racer is offline   Reply With Quote
Old 05-23-2008, 10:43 AM   #7 (permalink)
Diamond Member
 
GameMaster's Avatar
 
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 3,924
Default
Hello!
Well I don't know how to put it back in tray but you could find it on google. I thought you read the instructions, you have to disable your antivirus, firewall and disconnect from Internet when running ComboFix.

ComboFix found some Trojans but I think it will be easy to remove it with Avenger.

Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.
  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Quote:
Drivers to unload:
C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf

Files to delete:
C:\Windows\System32\tmpD523.tmp
C:\Windows\System32tmpD503.tmp
C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
C:\Users\Spicka\AppData\Local\Temp\mlhuacox.dll
C:\Users\Spicka\AppData\Local\Temp\gebay.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.
__________________
dznutz:
Quote:
a firewall is like a gate. it keeps the bad people out and the dog in but it's not fool proof. but lets say you download and run an infected program. that will be like letting in a "friend." if it's infected you run that program you can get malware. that's like a friend raping your family and stealing your money.
GameMaster is offline   Reply With Quote
Old 05-23-2008, 08:23 PM   #8 (permalink)
Diamond Member
 
g25racer's Avatar
 
Join Date: Feb 2008
Location: Hamilton, MI
Posts: 3,789
Default
Im on vista so that wont work then, right?
__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --
g25racer is offline   Reply With Quote
Old 05-23-2008, 08:25 PM   #9 (permalink)
Diamond Member
 
g25racer's Avatar
 
Join Date: Feb 2008
Location: Hamilton, MI
Posts: 3,789
Default
Also, those bottom two temp files listed there are gone after running ccleaner unless they are hidden files.
__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --
g25racer is offline   Reply With Quote
Old 05-23-2008, 08:35 PM   #10 (permalink)
Diamond Member
 
GameMaster's Avatar
 
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 3,924
Default
No those are Trojans I doubt they're gone. Please when you get back on the infected computer, do as suggested.
__________________
dznutz:
Quote:
a firewall is like a gate. it keeps the bad people out and the dog in but it's not fool proof. but lets say you download and run an infected program. that will be like letting in a "friend." if it's infected you run that program you can get malware. that's like a friend raping your family and stealing your money.
GameMaster is offline   Reply With Quote
Reply
Page 1 of 3 1 23 >

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Scans clean, still saying 1 spyware infection. hijackthis log Washrag Computer Security 17 04-14-2008 11:51 AM
HJT Log (vundo) Ceewi1 please vroom_skies Computer Security 5 03-27-2008 07:47 AM
I cant seem to get rid of this virus! please help dwarfy.mafia Computer Security 14 10-17-2006 08:42 PM
how do i get rid of this at boot Jarbilong Operating Systems 2 06-21-2006 08:49 AM
cant get rid of work off line pop up? rhondas Operating Systems 6 01-28-2006 12:47 PM


All times are GMT +1. The time now is 11:21 AM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.1.0 ©2007, Crawlability, Inc.
Copyright © 2002-2007 Computer Forum and Web Design Forum