How to get rid of Vundo Infection?

[G25r8cer]

So I just had avast pro pop-up two times with different .dll files in the system32 folder and avast is saying they are Vundo Infection. How to get rid of the rest of it? Much help is appreciated. Now all the sudden my pc is starting to lag alot and im not even running alot of apps and then it settles right down. Please help

 

[G25r8cer]

It seems that my pc is running alright right now but I would still like to see if the infection is fully gone. Anyone? Would a combofix log help you guys?

 

[GameMaster]

Yes, post a ComboFix log.

And then run VundoFix.
Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

 

[G25r8cer]

Vundo didnt find anything but combofix did. After Combofix was done and restarted it seems that my pc is running way better. This website wont let me attach the file for some reason. There is no "attach files" button.

ComboFix 08-05-21.3 - Spicka 2008-05-22 16:26:43.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1176 [GMT -4:00]
Running from: C:\Users\Spicka\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Spicka\AppData\Roaming\inst.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\kmd.exe
C:\Windows\system32\mlJDtTml.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-21 19:37 . 2008-05-21 19:37 <DIR> d--h----- C:\Windows\PIF
2008-05-19 16:30 . 2008-05-19 16:30 <DIR> dr------- C:\Users\Public\Videos
2008-05-19 16:30 . 2008-05-19 16:30 <DIR> dr------- C:\Users\Public\Pictures
2008-05-18 12:14 . 2008-05-18 12:14 <DIR> dr------- C:\Users\Public\Documents
2008-05-17 21:38 . 2008-05-17 21:38 <DIR> dr------- C:\Users\Public\Music
2008-05-10 21:33 . 2008-05-10 21:33 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\dvdcss
2008-05-10 18:49 . 2008-05-10 18:56 <DIR> d-------- C:\Program Files\DVDFab 5
2008-05-09 23:59 . 2008-05-09 23:59 <DIR> d-------- C:\Users\All Users\Codemasters
2008-05-09 23:59 . 2008-05-09 23:59 <DIR> d-------- C:\ProgramData\Codemasters
2008-05-09 23:57 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-05-09 23:57 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll
2008-05-09 23:57 . 2008-04-28 12:29 805,400 -ra------ C:\Windows\System32\tmpD523.tmp
2008-05-09 23:57 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll
2008-05-09 23:57 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll
2008-05-09 23:57 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll
2008-05-09 23:57 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll
2008-05-09 23:56 . 2008-04-28 12:29 805,400 -ra------ C:\Windows\System32\tmpD503.tmp
2008-05-09 19:19 . 2008-05-09 19:19 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-08 16:24 . 2008-05-08 16:25 <DIR> d-------- C:\Program Files\Clock Tray Skins
2008-05-07 21:28 . 2008-03-12 19:38 445,504 -ra------ C:\Windows\System32\vp6vfw.dll
2008-05-04 17:12 . 2008-05-04 17:13 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\Off Road
2008-05-04 17:03 . 2008-05-04 17:03 <DIR> d-------- C:\Program Files\Xplosiv
2008-05-04 00:06 . 2008-05-04 00:06 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\Ubisoft
2008-05-03 22:17 . 2008-05-03 22:17 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\THQ
2008-05-03 22:13 . 2008-05-03 22:13 <DIR> d-------- C:\Users\All Users\InstallShield
2008-05-03 22:13 . 2008-05-03 22:13 <DIR> d-------- C:\ProgramData\InstallShield
2008-05-03 22:02 . 2006-05-16 10:58 73,728 --a------ C:\Windows\System32\ISUSPM.cpl
2008-05-03 11:57 . 2008-05-07 21:28 <DIR> d-------- C:\Program Files\EA GAMES
2008-05-01 20:04 . 2008-05-01 20:04 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-30 19:12 . 2008-04-30 19:12 319 --a------ C:\Windows\game.ini
2008-04-30 18:46 . 2008-04-30 18:46 <DIR> d-------- C:\Program Files\Activision
2008-04-30 17:32 . 2008-05-03 22:02 <DIR> d-------- C:\Program Files\THQ
2008-04-29 16:46 . 2008-04-29 16:46 <DIR> dr-h----- C:\Users\Spicka\AppData\Roaming\SecuROM
2008-04-29 16:46 . 2008-04-29 16:46 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-04-28 19:52 . 2008-05-03 00:46 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\X-NetStat
2008-04-28 19:52 . 2008-04-28 19:52 <DIR> d-------- C:\Program Files\X-NetStat Professional
2008-04-28 17:00 . 2008-04-28 17:00 <DIR> d-------- C:\Program Files\AceLogix
2008-04-27 17:13 . 2008-05-19 15:14 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\VMware
2008-04-27 17:08 . 2008-04-27 17:08 <DIR> d-------- C:\Program Files\VMware
2008-04-27 17:08 . 2008-04-27 17:08 <DIR> d-------- C:\Program Files\Common Files\VMware
2008-04-26 00:15 . 2008-04-26 00:15 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-04-26 00:12 . 2008-04-26 00:12 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-04-26 00:12 . 2008-04-26 00:12 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-04-25 23:57 . 2008-04-25 23:57 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-04-25 23:57 . 2008-04-25 23:57 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-04-22 15:37 . 2008-05-22 16:24 <DIR> d-------- C:\Users\Spicka\AppData\Roaming\uTorrent
2008-04-22 15:37 . 2008-04-22 15:37 <DIR> d-------- C:\Program Files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 23:18 --------- d---a-w C:\ProgramData\TEMP
2008-05-21 22:42 --------- d-----w C:\Users\Spicka\AppData\Roaming\Vso
2008-05-21 22:23 --------- d-----w C:\Users\Spicka\AppData\Roaming\Audacity
2008-05-21 22:20 --------- d-----w C:\Program Files\Trillian
2008-05-19 18:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-19 17:56 --------- d-----w C:\ProgramData\Autodesk
2008-05-17 23:25 --------- d-----w C:\ProgramData\VMware
2008-05-17 02:49 --------- d-----w C:\Program Files\GPU-Z
2008-05-14 22:24 --------- d-----w C:\Program Files\Windows Mail
2008-05-11 01:29 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-05-10 03:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 03:49 --------- d-----w C:\Program Files\Codemasters
2008-05-08 15:00 --------- d-----w C:\Program Files\GTR2
2008-05-07 14:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-07 14:12 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-05-04 04:04 --------- d-----w C:\ProgramData\Ubisoft
2008-05-04 03:50 --------- d-----w C:\Program Files\Ubisoft
2008-05-02 00:17 --------- d-----w C:\Program Files\Microsoft Games
2008-04-29 00:29 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-04-27 03:53 --------- d-----w C:\Program Files\Grand Theft Auto San Andreas
2008-04-26 03:46 --------- d-----w C:\Program Files\Electronic Arts
2008-04-23 00:41 --------- d-----w C:\Program Files\PowerISO
2008-04-21 20:02 --------- d-----w C:\Program Files\Atari
2008-04-21 00:21 --------- d-----w C:\Program Files\Easy Video Downloader
2008-04-15 22:48 --------- d-----w C:\Program Files\Fraps
2008-04-12 20:07 --------- d-----w C:\Program Files\VirtualDJ
2008-04-12 01:13 --------- d-----w C:\Program Files\DFX
2008-04-12 00:24 --------- d-----w C:\Users\Spicka\AppData\Roaming\Thinking Minds Budiling Bytes
2008-04-12 00:24 --------- d-----w C:\Program Files\CubeDesktop
2008-04-11 22:53 --------- d-----w C:\ProgramData\NVIDIA Corporation
2008-04-11 22:46 --------- d-----w C:\Program Files\Fast Explorer
2008-04-11 22:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-11 21:55 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-11 21:55 --------- d-----w C:\Program Files\Realtek
2008-04-11 02:04 --------- d-----w C:\ProgramData\Stardock
2008-04-11 01:38 --------- d-----w C:\Program Files\Foxit Software
2008-04-10 19:55 --------- d-----w C:\ProgramData\DFX
2008-04-10 19:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 18:19 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-10 06:22 --------- d-----w C:\Program Files\RocketDock
2008-04-10 03:18 --------- d-----w C:\Program Files\HyCam2
2008-04-10 01:03 --------- d-----w C:\Program Files\UltraISO
2008-04-10 01:02 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-04-07 03:07 --------- d-----w C:\ProgramData\vsosdk
2008-04-05 19:12 --------- d-----w C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-04-05 00:45 47,360 ----a-w C:\Users\Spicka\AppData\Roaming\pcouffin.sys
2008-04-05 00:45 --------- d-----w C:\Program Files\VSO
2008-04-04 04:52 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-04 04:51 --------- d-----w C:\ProgramData\Messenger Plus!
2008-04-04 02:58 --------- d-----w C:\Program Files\RivaTuner v2.06
2008-03-31 23:15 --------- d-----w C:\Program Files\Rainbow Six Vegas
2008-03-30 23:00 --------- d-----w C:\Program Files\MagicISO
2008-03-29 21:03 --------- d-----w C:\ProgramData\Nero
2008-03-29 18:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 16:19 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-29 15:42 --------- d-----w C:\Program Files\Java
2008-03-29 15:41 --------- d-----w C:\Program Files\Common Files\Java
2008-03-29 15:29 --------- d-----w C:\ProgramData\SlySoft
2008-03-28 23:28 --------- d-----w C:\Program Files\Trojan Remover
2008-03-28 23:27 --------- d-----w C:\Users\Spicka\AppData\Roaming\Simply Super Software
2008-03-28 23:27 --------- d-----w C:\ProgramData\Simply Super Software
2008-03-28 20:59 --------- d-----w C:\Users\Spicka\AppData\Roaming\InstallShield
2008-03-28 01:25 --------- d-----w C:\Users\Spicka\AppData\Roaming\Autodesk
2008-03-27 23:03 --------- d-----w C:\ProgramData\FLEXnet
2008-03-27 22:14 --------- d-----w C:\Program Files\Image-Line
2008-03-27 22:12 --------- d-----w C:\Program Files\Steinberg
2008-03-26 23:41 --------- d-----w C:\ProgramData\Corel
2008-03-25 23:03 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-22 05:56 --------- d-----w C:\Users\Spicka\AppData\Roaming\GetRightToGo
2008-03-20 00:34 174 --sha-w C:\Program Files\desktop.ini
2008-03-04 22:30 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-02-11 01:22 0 ----a-w C:\Users\Spicka\AppData\Roaming\wklnhst.dat
2008-02-14 21:50 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-14 21:50 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-14 21:50 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-09 15:23 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-09 15:23 8530464]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 14:05 2650112]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Gaming Software.lnk - C:\Windows\Installer\{C5961323-A2E5-4FAB-B92D-DBF6C282F0F5}\NewShortcut1_C5961323A2E54FABB92DDBF6C282F0F5.exe [12/27/2007 8:25:16 PM 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RivaTuner.exe]
backup=C:\Windows\pss\RivaTuner.exe.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Spicka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\Windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Spicka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Users\Spicka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\Windows\pss\Microsoft Office Groove.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD_Display]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b44b5fc7]
C:\Users\Spicka\AppData\Local\Temp\iebemyiq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\Spicka\AppData\Local\Temp\mllkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dog about manager team]
--a------ 2008-01-06 15:13 114704 C:\ProgramData\META THIRD 4.l9q7bk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 03:33 125952 C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2007-04-18 11:01 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jumpsafe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2006-12-08 17:16 65536 C:\HP\KBD\KbdStub.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Juan]
C:\Users\Spicka\AppData\Local\Temp\mlhuacox.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\Spicka\AppData\Local\Temp\gebay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-01-09 15:23 8530464 C:\Windows\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-01-09 15:23 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2008-01-09 15:23 86016 C:\Windows\system32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 19:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
--a------ 2007-10-30 14:05 2650112 C:\Program Files\RivaTuner v2.06\RivaTuner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-10-25 05:52 4702208 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
--a------ 2007-09-25 02:11 54672 C:\Windows\system32\jureg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2007-10-08 09:26 55856 C:\Program Files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2007-10-08 09:27 72240 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 03:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 03:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

 

[G25r8cer]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{975D25E8-9AEF-4CA4-88C9-964F4F41CB75}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2C49A7B7-AF9B-4BCC-B73D-6EC125D607EB}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A1EAF321-72CD-4CF8-8D7A-EC66C5B073C2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{25DF000C-8352-4C95-86BD-D90FA79DEA37}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{94EB73F5-6EEF-4872-ACBA-1BD7AC4B0C61}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9443997F-61F8-4B50-9E81-7E62EFE07763}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2A69A77A-B3FC-4DF6-BA92-990E4CE0DDFC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5616EC59-8AE2-4214-8AEE-043ACCE18F94}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{08987FB8-ADAE-485A-A6BC-59F05F6519B3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4B6C0C1F-85B6-4593-91EF-894A05AC700F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1EF3E671-0133-4C88-B8FC-BEC9504015E1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3DD27DF5-225B-4766-804B-C5493CA8BE80}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD4FEAF9-CEA4-460B-8E05-FF750C601DEF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CC12FA71-7BF3-44FA-9AD1-03B72EBA5F26}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6816305-2593-4DC5-86E5-F081DD403B3C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{13C6F9E0-7B7D-4B4A-AA53-DF03769FC00D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{87DED640-D588-4D97-9597-1C8AD56FD137}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4BDC332E-8CE9-4DA7-891A-33EEBCCE447A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F946592E-1A48-4CF1-82C4-EE516CB66CB0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{21B9F52C-F778-48E0-84E5-50F6A018AA96}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CFD818F1-7408-4B9D-BB98-47CD29501FA1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4A1D8D36-F329-443F-AACD-3734661BD4E9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{896CA9AD-F0F6-456E-9FD3-B9304D421016}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{30C4A9D0-25D6-4DAD-A740-159A95CEA79D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D52E4F47-F7E6-41D3-AA6A-409AA865CB80}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{39EB9547-9C61-41C8-852A-3E5BC1EE3FF0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{93E46397-6B63-41A8-B92C-33BBDDFD85B2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2A0CBEFB-938E-4A0A-B7F3-E84FF0579351}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E58B181F-0F76-4CEE-AB79-DCB7E98A7F28}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2AFB5296-CD03-4144-8F69-BEBDF0329601}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3638B0F-AE3E-4EC1-B0CD-5D4FDCD2A1DC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3D6EF208-490C-471F-B67A-142F05F7BFA5}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{8433419C-73CB-4F87-9A67-FDBA8D746699}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{FC768C72-E0B8-4292-9C3D-A78B44B5A71F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{16FB3309-E03A-4321-8BCB-013B221C21BF}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{8B58407E-4A8F-460D-9C33-9ECF1EE86A53}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{6C9BE14C-D0EE-43BB-87A4-14619DF705A2}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{8507D1FE-BD9D-48B7-950E-D27DA9FE42BC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B7F9196B-FD04-4E0A-B0B4-00212104D69B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8FE91FEF-0B98-40E3-AF22-9A209005B3EA}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{51D7C1C6-9068-48F9-9D13-08533B4C9DBA}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{80E2D77C-EB01-4B52-AB9F-D45DEE42E141}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exeMSRegisterFile
"{C24DACAE-D1A0-4CDD-9D57-9AD63F59F23D}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exeMSRegisterFile
"{BCD9027A-44A7-43AF-B8DD-BBD7E64BB9EA}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{596F12A5-9675-4F7A-9B09-740A8A1DD10A}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{D069F8B2-FF95-4549-AF34-8657E95CDF62}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exeinnacle VideoSpin
"{5F40ECED-9FFD-4013-83DE-E87D4E9EED48}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exeinnacle VideoSpin
"{A663D39E-8211-414D-896F-96894C84BED6}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire 4.13.4
"{EBD2CE39-BAEF-4448-ACC5-2843EB444229}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire 4.13.4
"{6AF8787F-3E24-42DE-BE07-FCDD15DC6391}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{FA98F451-8517-4050-B611-6075AA07D0C3}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{36134A4F-6FB9-44E3-902A-1F626EEC1C09}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{CE4C4C21-1242-47BB-A5A3-364E6DED1819}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E5BF9F35-884E-4F53-9CB7-D75533E2E251}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{D0BB6CD0-090A-4417-946A-C6EE9DC08976}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{A4593CFB-94E4-44F1-82F8-F9F9BA29C61C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{DA94BDC8-9072-41E2-A924-06A82845B830}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{9F3DF8BD-9279-46C5-A977-5D896343CDC1}"= UDP:61000:azur tcp
"{12580A29-83C7-467A-B34E-1B1EF4FC5A07}"= TCP:61000:azur udp
"TCP Query User{936E625E-0789-49D2-97D4-AFEDF2DB72FE}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{3A159CAB-1BFD-41F9-969C-6097D0B2B36A}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{3EC2ED0F-F6BC-48D7-BEB2-10E4048ED0AF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{748B11B9-994F-41E3-9843-64F920932927}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{71C29047-97DF-4D5C-B337-7A8EC70A32B5}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{EBBF3F17-FD7D-4557-AF4E-DAD83DF1AA7A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B6841BBB-BE5F-40D0-AA62-87B09215CE3E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E9E6347B-B128-4B95-9D3E-5DCD885110F7}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{23A25B22-9D4D-4A37-AD66-931C063A9258}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6E92C6AD-CD09-4DCC-9761-D5CAEF1235B1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{82AF9824-1AD9-46B3-8A1F-A4F7A0B5E07A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{B672BC09-4A65-48C6-BD25-7EDD1F015AFD}C:\\program files\\gtr2\\gtr2.exe"= UDP:C:\program files\gtr2\gtr2.exe:GTR2 - FIA GT Racing Game
"UDP Query User{76736A58-806D-4CCC-9387-FAABE72AAE02}C:\\program files\\gtr2\\gtr2.exe"= TCP:C:\program files\gtr2\gtr2.exe:GTR2 - FIA GT Racing Game
"TCP Query User{115221F7-CD22-4CEF-8DA9-7EAB981DEF14}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{04877AFC-A814-4048-A0A3-8B1E619B2B90}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{BC169CA5-AB94-4121-9F1D-D81F25BAA314}C:\\program files\\codemasters\\dirt demo\\dirtdemo.exe"= UDP:C:\program files\codemasters\dirt demo\dirtdemo.exeiRT Demo Executable
"UDP Query User{F3C7EB02-0009-40A0-BBC7-6B4581B73344}C:\\program files\\codemasters\\dirt demo\\dirtdemo.exe"= TCP:C:\program files\codemasters\dirt demo\dirtdemo.exeiRT Demo Executable
"TCP Query User{A9BE1CFF-F1B7-4F76-B682-2A445C9E9258}C:\\users\\spicka\\desktop\\tdu\\testdriveunlimited.exe"= Disabled:UDP:C:\users\spicka\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{0A6995E1-0212-45EA-907A-17ADEEC6B13F}C:\\users\\spicka\\desktop\\tdu\\testdriveunlimited.exe"= Disabled:TCP:C:\users\spicka\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{B33E8ACD-5CD5-4F42-B451-FDDFFDD8FDF9}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{EBF08DA9-D1D6-4138-A69A-72C2157CAA20}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{9203A471-ABBE-4104-9F8C-D9BE0A1B01C5}C:\\users\\spicka\\desktop\\lfs y\\lfs.exe"= Disabled:UDP:C:\users\spicka\desktop\lfs y\lfs.exe:lfs.exe
"UDP Query User{DE396891-084B-472C-A397-B4E56EE2F2E3}C:\\users\\spicka\\desktop\\lfs y\\lfs.exe"= Disabled:TCP:C:\users\spicka\desktop\lfs y\lfs.exe:lfs.exe
"TCP Query User{F2469FED-3642-4458-8178-D94F49C877BA}C:\\program files\\tdu\\testdriveunlimited.exe"= UDP:C:\program files\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{6625616D-3B40-4E99-B698-E0751E223EE4}C:\\program files\\tdu\\testdriveunlimited.exe"= TCP:C:\program files\tdu\testdriveunlimited.exe:Test Drive Unlimited
"{048FD200-9CBE-4A36-BE5E-7426340A1D2F}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{E1F69BD7-1482-41DE-AD91-1179FC6990B5}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{494565C2-5F52-45A6-90A8-095FD4A63599}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{994A1238-93F2-431A-83C9-5ED84A698E61}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{70A4146C-EA04-424D-BC9F-F244340A84C4}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{CBB29435-5EFF-4DB5-B5E7-741EFDEA9B03}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{D339B933-E9B5-47C0-824E-0C1E6BAD4443}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{D14E369D-75AB-4C74-8E38-A7B9FB640834}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{8E9928A1-8ED4-4709-BCBC-81829AF40E00}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{062CFA3E-0BC1-4BC9-AE0C-7F116723500D}C:\\program files\\rainbow six vegas\\binaries\\r6vegas_game.exe"= Disabled:UDP:C:\program files\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{EDBF6F3C-E5D9-476E-87C2-4F598CB26BC3}C:\\program files\\rainbow six vegas\\binaries\\r6vegas_game.exe"= Disabled:TCP:C:\program files\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"{60C9E504-7624-42F1-8CFB-6BBAC056C0B7}"= Disabled:UDP:C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidConverterPDF.exe:SolidConverterPDF
"{0A447AD9-39F1-42A6-80F2-A98B0DAA6F2A}"= Disabled:TCP:C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidConverterPDF.exe:SolidConverterPDF
"{FC05D4C0-5E54-4077-A757-D84B0A301D6D}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{079874E4-CB42-457D-BB28-4D774D5CA7F4}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{E7BD56B4-DC6A-407D-A90E-CDA13090D107}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{E00A0851-E50A-48F0-BC5E-ABEE035E2E38}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{B8CC3115-4307-432F-A84D-7198E6BAE199}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9B6C3B21-E205-4742-9B77-572CE354341C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A2F975E4-1C3D-4887-9F36-F617411B6C8E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{28151418-97DB-4540-9964-AB31CA061462}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2A7312A1-3BCB-442A-A7CA-D7EFB0B3D5C2}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{5278428F-60D2-4400-8509-735DFBBCBE36}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{1DD08392-C94D-419B-9173-77F7449C8D93}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{8563DF07-539D-42BF-B480-08BCA7A5D829}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{D79977BD-7BE7-4093-A9F0-F486AEA48141}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{0C584D01-2830-46D9-B29F-A996E9E4107E}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{424D2CC8-9F63-4D82-9AA6-221C1BF379E1}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{F7C6254C-C6AF-49A8-949D-89E6D2946F67}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"TCP Query User{20A5AFCE-4B4C-4A7B-8A87-E27D1FAEC377}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{7671FA25-2635-4EDB-B5EB-EE0E5011936D}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"{1C134B82-266B-4413-8DC7-961E0E2BCB23}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{57564181-8348-421D-8DFA-E1A433097D45}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{706CE38E-4671-40A3-B39C-569D20C4FCEC}C:\\users\\spicka\\desktop\\ratiomaster-1.7.5\\ratiomaster.exe"= UDP:C:\users\spicka\desktop\ratiomaster-1.7.5\ratiomaster.exe:ratiomaster.exe
"UDP Query User{FA096EAC-C19D-4F0C-AF0F-71CD27D01BC6}C:\\users\\spicka\\desktop\\ratiomaster-1.7.5\\ratiomaster.exe"= TCP:C:\users\spicka\desktop\ratiomaster-1.7.5\ratiomaster.exe:ratiomaster.exe
"TCP Query User{CD8F028D-0444-42D3-A09A-8F587951D2C8}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{49C5CF3E-D6B1-4D1C-9D32-A1735EDD5FC9}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{2D407F78-CDA7-4D7E-96E1-7A39A1B15A56}"= Disabled:UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{2CF1E04F-0A84-4E30-A3C8-DFCAB9910E15}"= Disabled:TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{51F88D5E-2A04-4BDC-A9B0-91794341DD8F}"= Disabled:UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{714EFAEB-AA6C-4F42-8315-6FCCB2EC9FEF}"= Disabled:TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{3523CE4E-F9AE-4DBB-8EED-5C7B6173592C}"= Disabled:UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{82F5929C-19D1-4AE7-95F5-44ECBFE88C29}"= Disabled:TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{5A48498A-8C49-426E-A619-1A9B10313F50}"= Disabled:UDP:C:\Program Files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{E0984E15-EFF3-496B-B728-260C7200BEED}"= Disabled:TCP:C:\Program Files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{3E312BCE-4479-41C6-AC46-6D36281FFD48}"= UDP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
"{4446BA8E-3F48-4392-8E7F-934C13541B21}"= TCP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 14:32]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 03:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-07 07:26]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-02-15 18:49]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 20:36:20 C:\Windows\Tasks\User_Feed_Synchronization-{BBF9C965-CADA-4F96-ADB5-83AC81BE0009}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 16:33:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\bthprops.cpl
-> ?:\Windows\system32\bthprops.cpl
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\ehome\mcupdate.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\hp\KBD\kbd.exe
C:\Windows\System32\dllhost.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-05-22 16:40:29 - machine was rebooted [Spicka]
ComboFix-quarantined-files.txt 2008-05-22 20:40:05

Pre-Run: 167,290,138,624 bytes free
Post-Run: 167,282,593,792 bytes free

426 --- E O F --- 2008-05-21 19:43:31

 

[G25r8cer]

It seems that combofix has gotten rid of avast from my startup now.

EDIT: Srry for confusion. I guess it just got rid of the startup entry for the splash screen (icon on bottom right). Avast is running though. How can I put the entry back for the splash screen?

 

[GameMaster]

Hello!
Well I don't know how to put it back in tray but you could find it on google. I thought you read the instructions, you have to disable your antivirus, firewall and disconnect from Internet when running ComboFix.

ComboFix found some Trojans but I think it will be easy to remove it with Avenger.

Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

• Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
• Click Format, and ensure Word Wrap is unchecked.
• Copy and Paste the text in the box below into Notepad.
• Now save the file as RemoveFiles.txt in a location where you can find it.

Drivers to unload:
C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf

Files to delete:
C:\Windows\System32\tmpD523.tmp
C:\Windows\System32tmpD503.tmp
C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
C:\Users\Spicka\AppData\Local\Temp\mlhuacox.dll
C:\Users\Spicka\AppData\Local\Temp\gebay.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.

• Check Load script from file:
• Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
• Double click it to enter it into Avenger.
• Click the green traffic light symbol.
• You will be asked if you want to execute the script, answer Yes.
• At this point you may get prompts from your protection systems, allow them please.
• Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
• Answer Yes, and allow your computer to re-boot.
• Upon re-boot a command window will briefly appear on screen (this is normal).
• A Notepad text file will be created C:\avenger.txt.
• Copy and Paste it into your next post please.

 

[G25r8cer]

Im on vista so that wont work then, right?

 

[G25r8cer]

Also, those bottom two temp files listed there are gone after running ccleaner unless they are hidden files.

 

[GameMaster]

No those are Trojans I doubt they're gone. Please when you get back on the infected computer, do as suggested.

 

[Punk]

No those are Trojans I doubt they're gone. Please when you get back on the infected computer, do as suggested.

Avenger doesn't work on Vista...

Windows XP 32 bit systems only

 

[G25r8cer]

Im on vista though! Can I still use Avenger?

Edit: Srry missed that comment. So what should I do now?

 

[GameMaster]

Lol ComboFix Script would be a great idea...too bad it can't be used

Pocket Killbox deletes files that cannot be erased from Windows Explorer. Get rid of files that stubbornly refuse to allow you to delete them. Usage Information: Download this file, extract it, and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.

Download it here and delete those files].

 

[G25r8cer]

What about the drivers?

 

[G25r8cer]

So all of those files I was able to delete just by right clicking them and deleting except for the driver. I didnt attempt to delete it yet so what shall i do with it?

 

[GameMaster]

Killbox doesn't make a difference, don't worry. That driver is also a file to get deleted.

 

[G25r8cer]

Killbox says the driver file does not exist so I guess its already gone.

 

[GameMaster]

Yeah! Only how...? Lol, I guess it's not important anymore.
Would you post a HijackThis log so I can see if it's all fixed?
Also, how is your computer running now? Any lags or virus notices?

 

[G25r8cer]

No lags or virus notices so far and I left my pc on all night last night to see if a avast would warn me. Thanks for the help once again. I am fairly good at diagnosing with hijackthis but heres my clean log anyway.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:51 PM, on 5/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Gaming Software.lnk = ?
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 3356 bytes

 

[GameMaster]

Yeah lol, clean. Get back if you get some virus warning.