Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I got Keylogged!!! Hijack this log included

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I got Keylogged!!! Hijack this log included

Unread postby Wingman » October 26th, 2009, 7:12 pm

Hi Jim,

Please do not run any "fix" programs and/or remove any files unless instructed to do so, by me.
I need to see what's present in order to properly diagnose the problem(s) and recommend corrective actions. Thanks.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
Reset Windows XP Firewall
We're going to reset Windows Firewall back to it's default settings, please do the following:
RESET
  1. Go to Start... then select Run... in the text entry box type or copy/paste:
    firewall.cpl
    The Windows XP Firewall interface window will open...
  2. Click the Advanced tab... then click the Restore Defaults button... in the bottom section (Default Settings).
  3. Click Yes to the "Do you want to continue" prompt dialog.
    Restoring the default settings will delete all settings of Windows Firewall that you have made since Windows was installed.
    This may cause some programs to stop working.
  4. Click Apply and OK as needed, then exit
The Windows Firewall is now turned ON, and set to factory default state.
DISABLE
Because you are using a 3rd party firewall (McAfee)... to avoid conflicts you need to disable the XP firewall.
  1. Go to Start... then select Run... in the text entry box type or copy/paste:
    firewall.cpl
    The Windows XP Firewall interface window will open...
  2. Check the circle button Off (not recommended) to turn OFF XP's firewall.
  3. Click Apply and OK as needed, then exit
The Windows Firewall is now OFF, offering NO protection! Make sure your 3rd party firewall is active!

Step 2.
ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

  1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
  3. Use the default install settings... say "NO" to the section that asks you to add ERUNT to the Start-Up folder. You can enable this later.
  4. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  5. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  6. Make sure the first two check boxes are selected.
  7. Click on OK ... then click on "YES" to create the folder.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 3.
OTM
You should still have this program on your desktop... If so please ignore the download instructions.
  1. Please download OTM.exe...by Old Timer. Save it to your desktop.
  2. Double click on OTM.exe to run it.
    If you receive the "Open File - Security Warning", please press Run.
  3. Please copy and paste the text in the Code box below, into OTM (1).
    Please refer to the OTM screen image below, for reference.
    Warning: Do not type it out... errors could damage your machine.
    Code: Select all
    :Processes
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77010da8-e30a-11dd-b257-0015f26067ca}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77010da9-e30a-11dd-b257-0015f26067ca}]
    :Files
    C:\WINDOWS\tasks\ldhpikfr.job
    C:\WINDOWS\system32\sysrest32.exe
    C:\DOCUME~1\Farhan\LOCALS~1\Temp\ugtdapod.sys
    C:\DOCUME~1\Farhan\LOCALS~1\Temp\11911750614mxx.dll
    C:\Documents and Settings\Farhan\Local Settings\Temp\.ttBB.tmp
    C:\Documents and Settings\Farhan\Desktop\2moons_downloader_us_8-28-2008.exe
    C:\Program Files\Azureus\
    C:\Program Files\LimeWire\
    C:\Program Files\DNA\
    C:\Wippien\
    :Commands
    [EmptyTemp]
    [Reboot]
    

    Please refer to this image to use OTM.exe

    Image
  4. Check the box "Unregister Dll's and OCX's ... if not checked.
  5. Click on MoveIt! (2)
  6. The end results of the processing will be in 2 places:
    • The Results window on the right side of the OTM screen.
    • A log (text) file created in "C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log"
  7. Copy all the text from the Results window... Open Notepad, paste the OTM results into the Notepad file, save it on your desktop.
  8. Click Exit (3) when done.
  9. Please paste the entire content from the OTM (Results) window (Notepad file) or the OTM log file, in your next reply.
NOTE: If your computer did not automatically reboot... please reboot it (normally) now!

Step 4.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.

In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Double click on RSIT.exe to run it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post 1 log per reply please.)

Step 5.
Command Line Search
I need you to perform a file search on your computer... please follow these steps:
  1. Press the Start button ...then press Run.
  2. Copy/paste the following command into the text entry box.
    cmd /c dir C:\*.* /L /A /B /S|Find "92mkot7q.exe" >> "%userprofile%\desktop\fileloc.txt"
  3. Press the "OK"...button
  4. A file called "fileloc.txt" will be on your Desktop. The command window will eventually close.
  5. Double click on this file... Notepad or Wordpad should open.
Please copy/paste the contents of the fileloc.txt file...in your next reply.

Step 6.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTM Results
  3. RSIT log.txt and info.txt file contents
  4. fileloc.txt file contents
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Re: I got Keylogged!!! Hijack this log included

Unread postby Jim » October 28th, 2009, 1:06 am

Hello Wingman,

1. The instructions were easy to follow and I did what you have asked.

2. All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77010da8-e30a-11dd-b257-0015f26067ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77010da8-e30a-11dd-b257-0015f26067ca}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77010da9-e30a-11dd-b257-0015f26067ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77010da9-e30a-11dd-b257-0015f26067ca}\ not found.
========== FILES ==========
C:\WINDOWS\tasks\ldhpikfr.job moved successfully.
File/Folder C:\WINDOWS\system32\sysrest32.exe not found.
File/Folder C:\DOCUME~1\Farhan\LOCALS~1\Temp\ugtdapod.sys not found.
File/Folder C:\DOCUME~1\Farhan\LOCALS~1\Temp\11911750614mxx.dll not found.
File/Folder C:\Documents and Settings\Farhan\Local Settings\Temp\.ttBB.tmp not found.
File/Folder C:\Documents and Settings\Farhan\Desktop\2moons_downloader_us_8-28-2008.exe not found.
Folder C:\Program Files\Azureus not found.
Folder C:\Program Files\LimeWire not found.
Folder C:\Program Files\DNA not found.
C:\Wippien\Language moved successfully.
C:\Wippien moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: Farhan
->Temp folder emptied: 42222303 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Java cache emptied: 27979994 bytes
->FireFox cache emptied: 72144839 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 65386 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 169558 bytes
RecycleBin emptied: 791393 bytes

Total Files Cleaned = 136.87 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10272009_222959

Files moved on Reboot...

Registry entries deleted on Reboot...
Jim
Regular Member
 
Posts: 35
Joined: September 21st, 2009, 5:20 pm

Log.TXT

Unread postby Jim » October 28th, 2009, 1:09 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by Farhan at 2009-10-27 23:08:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (22%) free of 114 GB
Total RAM: 1983 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:32 PM, on 10/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\Farhan\Desktop\Rizwans Files\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Farhan.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S392.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "f:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFC6111-E381-4DBC-9379-A73FBD8CDB10}: NameServer = 192.168.0.1
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11606 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Farhan.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Farhan.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (OHNV4-Owner).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
CKeyScramblerBHO Object - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2008-06-01 808936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-12-16 429816]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-07-15 32768]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-09 7561216]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-03-09 86016]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2005-01-24 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-02-01 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"EPSON Stylus CX5000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE [2006-02-14 131072]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-26 185896]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-11-10 406016]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-07-29 270336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Steam"=f:\steam\steam.exe [2009-10-25 1217808]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-12-16 3528440]

C:\Documents and Settings\Farhan\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d2a96e1-5f08-11dc-b01d-0015f26067ca}]
shell\AutoRun\command - I:\PortableVault.exe


======List of files/folders created in the last 1 months======

2009-10-27 23:08:19 ----D---- C:\rsit
2009-10-27 22:25:58 ----D---- C:\WINDOWS\ERDNT
2009-10-25 00:07:59 ----D---- C:\Program Files\NVIDIA Corporation
2009-10-24 18:42:46 ----D---- C:\Program Files\Belarc
2009-10-24 12:33:22 ----RA---- C:\WINDOWS\system32\mcgdmgr.dll
2009-10-24 12:33:21 ----RA---- C:\WINDOWS\system32\mcinsctl.dll
2009-10-21 17:15:47 ----D---- C:\Program Files\ESET
2009-10-20 18:21:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-20 18:16:24 ----SHD---- C:\Config.Msi
2009-10-20 18:15:40 ----D---- C:\Program Files\WhoCrashed
2009-10-17 21:44:17 ----D---- C:\Documents and Settings\Farhan\Application Data\Red Alert 3
2009-10-17 21:43:58 ----RHD---- C:\Documents and Settings\Farhan\Application Data\SecuROM
2009-10-17 21:43:56 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-10-17 21:41:43 ----D---- C:\Program Files\GameSpy
2009-10-17 20:46:05 ----D---- C:\Program Files\Electronic Arts
2009-10-17 20:46:03 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-10-17 20:46:03 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-10-17 20:46:03 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-10-17 20:46:02 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-10-17 20:46:02 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-10-17 20:45:52 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-10-17 20:45:42 ----D---- C:\WINDOWS\Logs
2009-10-17 17:54:50 ----D---- C:\Documents and Settings\Farhan\Application Data\Uniblue
2009-10-17 17:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-10-17 12:58:31 ----D---- C:\Documents and Settings\Farhan\Application Data\DriverCure
2009-10-17 12:57:47 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-10-17 12:57:47 ----D---- C:\Documents and Settings\All Users\Application Data\DriverCure
2009-10-13 21:00:23 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-10-13 17:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-13 17:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-13 17:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-13 17:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-13 17:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-13 17:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-13 17:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-13 17:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-13 17:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 15:46:04 ----D---- C:\WINDOWS\pss
2009-10-11 22:42:26 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-11 22:42:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-11 22:42:26 ----A---- C:\WINDOWS\system32\java.exe
2009-10-11 22:42:00 ----D---- C:\Program Files\Java
2009-10-02 17:15:14 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-10-02 12:56:11 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-10-02 12:56:05 ----D---- C:\_OTM
2009-09-30 17:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-09-30 17:00:31 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-09-30 14:21:10 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-30 14:21:10 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-29 18:02:56 ----D---- C:\Program Files\Microsoft
2009-09-29 18:02:37 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-29 18:02:07 ----D---- C:\Program Files\Windows Live
2009-09-29 15:50:48 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-09-29 15:50:48 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-09-29 15:50:48 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-09-29 15:50:48 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-09-29 15:50:48 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-09-29 15:50:48 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-09-29 15:50:48 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-09-29 15:50:48 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-09-29 15:50:48 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-09-29 15:50:48 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-09-29 15:50:47 ----A---- C:\WINDOWS\system32\swsc.exe
2009-09-29 15:50:47 ----A---- C:\WINDOWS\system32\swreg.exe
2009-09-29 15:50:47 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-09-29 15:50:47 ----A---- C:\WINDOWS\system32\Process.exe
2009-09-28 20:49:42 ----D---- C:\Documents and Settings\Farhan\Application Data\Wippien

======List of files/folders modified in the last 1 months======

2009-10-27 23:08:28 ----D---- C:\WINDOWS\Prefetch
2009-10-27 23:08:20 ----D---- C:\WINDOWS\temp
2009-10-27 22:34:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-27 22:34:34 ----SD---- C:\WINDOWS\Tasks
2009-10-27 22:33:53 ----D---- C:\Program Files\Mozilla Firefox
2009-10-27 22:32:07 ----D---- C:\WINDOWS\system32\drivers
2009-10-27 22:30:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-27 22:25:58 ----AD---- C:\WINDOWS
2009-10-25 17:48:44 ----D---- C:\WINDOWS\Minidump
2009-10-25 00:22:19 ----SHD---- C:\WINDOWS\Installer
2009-10-25 00:21:54 ----RD---- C:\Program Files
2009-10-25 00:21:48 ----AD---- C:\WINDOWS\system32
2009-10-25 00:21:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-25 00:09:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-25 00:06:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-25 00:06:30 ----HD---- C:\WINDOWS\inf
2009-10-24 11:46:30 ----D---- C:\Program Files\Cheat Engine
2009-10-21 21:33:39 ----D---- C:\Program Files\McAfee
2009-10-21 17:15:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-18 23:30:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-18 17:39:10 ----D---- C:\Documents and Settings\Farhan\Application Data\Apple Computer
2009-10-17 21:36:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-17 20:46:05 ----D---- C:\WINDOWS\system32\DirectX
2009-10-17 14:07:47 ----D---- C:\Program Files\Common Files
2009-10-17 13:10:56 ----D---- C:\Documents and Settings\Farhan\Application Data\Help
2009-10-16 16:56:26 ----A---- C:\WINDOWS\win.ini
2009-10-16 13:19:29 ----D---- C:\WINDOWS\system32\config
2009-10-13 17:28:50 ----RSD---- C:\WINDOWS\assembly
2009-10-13 17:26:11 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-13 17:06:57 ----D---- C:\WINDOWS\WinSxS
2009-10-13 17:03:14 ----A---- C:\WINDOWS\imsins.BAK
2009-10-13 17:03:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-13 17:02:40 ----D---- C:\WINDOWS\system32\en-us
2009-10-13 17:02:40 ----D---- C:\Program Files\Internet Explorer
2009-10-13 17:02:26 ----D---- C:\WINDOWS\ie7updates
2009-10-13 17:00:58 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-11 22:42:03 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-11 22:29:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-11 22:29:09 ----D---- C:\Program Files\Common Files\Adobe
2009-10-11 22:28:49 ----D---- C:\Program Files\Adobe
2009-10-02 13:26:10 ----D---- C:\Program Files\Wolfenstein - Enemy Territory
2009-10-02 12:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-29 18:02:43 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-29 18:02:14 ----RSD---- C:\WINDOWS\Fonts
2009-09-29 17:38:37 ----A---- C:\rapport.txt
2009-09-29 15:57:37 ----A---- C:\WINDOWS\system32\tmp.txt
2009-09-28 20:49:42 ----D---- C:\Documents and Settings\Farhan\Application Data\Hamachi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-03-06 3840]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R2 ppsio;PrmxPPDev; C:\WINDOWS\system32\drivers\ppsio.sys [1998-01-15 109824]
R2 VWavD32;VWavD32; C:\WINDOWS\system32\drivers\VWavD32.sys [1998-02-18 27520]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-02-23 11264]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-05-10 15440]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2008-03-22 113896]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-09 3650368]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 AX88772;ASIX AX88772/AX88772A USB2.0 to Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\ax88772.sys [2008-06-24 32384]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBLTN;M318B Digital Video Camera; C:\WINDOWS\system32\DRIVERS\vq318vid.sys [2002-04-22 113632]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-09-09 130309]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-07-13 33890]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 wip0204;Wippien Network Adapter 2.4; C:\WINDOWS\system32\DRIVERS\wip0204.sys [2008-12-31 23480]
S3 WISTechVIDCAP;Dazzle DVC170; C:\WINDOWS\system32\drivers\wisgostrm.sys [2006-02-07 197632]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 astcc;AST Service; C:\WINDOWS\system32\AstSrv.exe [2007-06-20 53248]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-07-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2005-07-07 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-07-29 118843]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-07-29 61503]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-09 143436]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
R3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-01-24 69632]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-09-04 72704]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Jim
Regular Member
 
Posts: 35
Joined: September 21st, 2009, 5:20 pm

INFO.TXT

Unread postby Jim » October 28th, 2009, 1:10 am

info.txt logfile of random's system information tool 1.06 2009-10-27 23:08:34

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->Dummy
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Camera Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE6F8DC5-8639-4E7F-A0FE-EEB0522FCAAC}\setup.exe" -l0x9
ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}\setup.exe" -l0x9
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
AT&T WorldNet Setup 1.2-->C:\PROGRA~1\WorldNet\wnun12.exe C:\PROGRA~1\WorldNet
BCL easyPDF Printer Driver 5.0-->MsiExec.exe /I{8D7574B1-49D7-41E6-9C2E-6B49A8619E64}
Belarc Advisor 8.1-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"
Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Clear Cache feature for Internet Explorer-->MsiExec.exe /I{4E901875-0F15-44BA-89DE-94AA41A7F507}
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DyynoPlayer 0.8.6f-->C:\Program Files\Dyyno\Dyyno Player\uninstall.exe
EasyPhoto Software-->C:\WINDOWS\uninst.exe -fC:\EasyPhoto\System\DeIsL1.isu
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\SETUP.EXE"
EPSON CX5000 Series User's Guide-->C:\Program Files\epson\guide\cx5000_e\uninstall.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX5000 Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\Setup.exe" -l0x9 -anything
ERUNT 1.1j-->F:\ERUNT\unins000.exe
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ET Patch Selector 1.3.4-->C:\WINDOWS\system32\ss2uinst.exe "C:\Program Files\ET Patch Selector\ss2uinst.dat"
Extreme Chess-->D:\Extreme\uninst.exe
Fast Blog Finder 2.50-->"C:\Program Files\G-Lock Software\Blog Finder\unins000.exe"
GameSpy Comrade-->MsiExec.exe /X{F3630894-093B-4E39-8491-97E0046839CC}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Half-Life(R) 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Hamachi 1.0.1.1-->C:\Program Files\Hamachi\uninstall.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Image To PDF v3.1.0-->"C:\Program Files\AdultPDF\Image To PDF\unins000.exe"
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Development Kit 5.0 Update 7-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150070}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
Left 4 Dead-->"F:\Steam\steam.exe" steam://uninstall/500
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
M318B Digital Video Camera-->C:\WINDOWS\system32\unM318B.exe
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{23AEBB83-CB47-4739-8A0C-92CC1E32AA2F}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 6.0 Professional Edition-->"C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
MyDSC2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Notepad++-->K:\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
OpenMG Limited Patch 4.1-05-13-31-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\Setup.exe" -l0x9 UNINSTALL
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shutterfly Plugin-->C:\PROGRA~1\SHUTTE~1\UNWISE.EXE C:\PROGRA~1\SHUTTE~1\INSTALL.LOG
SonicStage 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TextPad 4.7-->MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
UV Web Booster (1.0.0.1)-->MsiExec.exe /I{2067CC24-C5AC-4F34-B3BD-C302FE83E228}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
Warcraft II BNE-->C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat
WhoCrashed 1.01-->"C:\Program Files\WhoCrashed\unins000.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver-->F:\uninstall.exe
Wolfenstein - Enemy Territory-->C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O4 - HKUS\S-1-5-20\..\Run: [jakujagiwi] Rundll32.exe "C:\WINDOWS\system32\pijulofu.dll",s (User 'NETWORK SERVICE') [2009-10-01]
O4 - HKUS\S-1-5-19\..\Run: [jakujagiwi] Rundll32.exe "C:\WINDOWS\system32\pijulofu.dll",s (User 'LOCAL SERVICE') [2009-10-01]
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" [2009-10-01]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall
FW: NVIDIA Firewall (disabled)

======System event log======

Computer Name: OHNV4
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 596541
Source Name: Disk
Time Written: 20091027220250.000000-360
Event Type: error
User:

Computer Name: OHNV4
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 596540
Source Name: Disk
Time Written: 20091027220249.000000-360
Event Type: error
User:

Computer Name: OHNV4
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 596539
Source Name: Disk
Time Written: 20091027220248.000000-360
Event Type: error
User:

Computer Name: OHNV4
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 596538
Source Name: Disk
Time Written: 20091027220247.000000-360
Event Type: error
User:

Computer Name: OHNV4
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 596537
Source Name: Disk
Time Written: 20091027220246.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: OHNV4
Event Code: 63
Message: A provider, NPU Management Provider, has been registered in the WMI namespace, root\nVIDIA\NS_Eth\NS_EthConfig, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 65
Source Name: WinMgmt
Time Written: 20091025000819.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OHNV4
Event Code: 63
Message: A provider, NPU Management Provider, has been registered in the WMI namespace, root\nVIDIA\NS_UserLog, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 64
Source Name: WinMgmt
Time Written: 20091025000818.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OHNV4
Event Code: 63
Message: A provider, NPU Management Provider, has been registered in the WMI namespace, root\nVIDIA\NS_NvConfig\Web_Config, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 63
Source Name: WinMgmt
Time Written: 20091025000817.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OHNV4
Event Code: 5051
Message: A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 1920 (0x780)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.0.0.435 / 5301.4018
Object being scanned = \Device\HarddiskVolume1\DOCUMENTS AND SETTINGS\FARHAN\DESKTOP\ADBERDR910_EN_US.EXE
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


Record Number: 59
Source Name: McLogEvent
Time Written: 20091024204610.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: OHNV4
Event Code: 5051
Message: A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2904 (0xb58)

Thread address : 0x120ECB05

Thread message :

Build VSCORE.14.0.0.435 / 5301.4018
Object being scanned = \Device\HarddiskVolume1\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.8.game
by C:\DOCUME~1\Farhan\LOCALS~1\Temp\ElectronicArts_Patcher_000.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


Record Number: 57
Source Name: McLogEvent
Time Written: 20091024203424.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Java\jdk1.5.0_07\bin;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=2f02
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
Jim
Regular Member
 
Posts: 35
Joined: September 21st, 2009, 5:20 pm

Re: I got Keylogged!!! Hijack this log included

Unread postby Jim » October 28th, 2009, 1:17 am

c:\documents and settings\farhan\desktop\rizwans files\92mkot7q.exe

Thank you.

EDIT: The file 92mkot7q.exe is GMER
Jim
Regular Member
 
Posts: 35
Joined: September 21st, 2009, 5:20 pm

Re: I got Keylogged!!! Hijack this log included

Unread postby Wingman » October 29th, 2009, 10:01 am

Hello Jim,
Thanks for hanging in there. The latest logs look good, no signs of malware.
However, in good conscience, I must state that absence of symptoms, does not mean that your machine may not still be compromised as a result of your previous infection. As I indicated initially, the most secure method to ensure there are no remnants of the previous infection, is to reformat the hard drive and restore the operating system.

I noticed in your log, there were some controller errors on your hard drive. You may want to make sure there are current backups or images of your system. Having a good backup plan is essential, in the event of major problems.

There are a few things left to take care of so let's continue.
Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
OTC
Let's perform some housekeeping and cleanup some of the tools we used.
Please download OTC.exe... by OldTimer. Save it to your desktop.
  1. Double click on OTCl.exe.
    If you receive the "Open File - Security Warning" prompt, press "Run".
  2. Click on CleanUp!.
  3. Click "Yes" to the Begin cleanup process? prompt.
  4. Click "Yes" ... when prompted to reboot the computer to remove files.
Your computer should restart automatically. If it doesn't, please do so manually.

Step 2.
Create a new - clean SRP (System Restore Point)
Now that you're relatively clean, it's a great time to create a new, clean SRP and remove any old entries that may possibly be compromised.
Create a new SRP
  1. Go to Start > All Programs > Accessories > System Tools > System Restore
  2. Select Create a restore point... then press the Next...button.
  3. Type a name for the new SRP... like New Start... then press the Create... button.
  4. When finished... press the Close...button.
    Now you have a good clean SRP that can be used, if needed.
Remove old SRP entries
Only do this portion, if you successfully created a new System Restore Point above.
  1. Now... Go to Start > Run... type in: cleanmgr...press the OK...button.
    The Disk Cleanup window will show it is "calculating" the amount of space saved by compressing old files. This could take a few seconds, to minutes.
  2. When available... select the More Options... tab.
    In the System Restore section... at the bottom of the window...
  3. Press the Clean up...button. Reply Yes to the "Are you sure you want to delete all but the most recent restore point?" prompt.
  4. Press the X to close and exit.
    All existing restore points will be deleted... except the new one you just created.

You also have ERUNT installed. This is a good utility to use to create a backup of the registry as well. In the event XP's System Restore does not function properly, having a ERUNT backup can be a lifesaver.

Please follow these simple guidelines in order to help keep your computer more clean and secure:

Update your Antivirus programs and other security products regularly.
Avoid new threats that could infect your system. You can also check if any application updates are needed for your PC.
Secunia Software Inspector - Copyright © Secunia.
F-secure Health Check - Copyright © F-Secure Corporation.

Visit Microsoft often
Keep on top of critical updates , as well as other updates for your computer.
How to configure and use Automatic Updates in Windows XP
Using Windows Update for Windows XP
Microsoft Update Home

You can try...some free programs, that will help improve your computer's security.
These kinds of protection programs (adware, spyware, etc...) tend to overlap in coverages.
Many feel that having a "layered" protection scheme, is beneficial. Each individual has to decide what works best for their situation.
There are many available...here are a few you can look into, if you want. :)

Malwarebytes' Anti-Malware
This you have installed... this is a good scanner and should be updated and used on a regular basis.
Tutorials are available for installing and running, Malwarebytes' Anti-Malware.

Ad-Aware
You have this installed.
My recommendation for you is to uninstall this software. It does not provide the same kind of detections as it once did and it uses a lot of resources.

Spybot Search and Destroy
Download it from © Safer Networking Ltd. Just choose a mirror and off you go.
A Spybot tutorial can be found Here.
While it's detection ability is limited, it has other features that can provide additional levels of protection.

SpywareBlaster
Download it from © Javacool Software LLC.
A SpywareBlaster knowledgebase can be found Here.

WinPatrol
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here.

Firetrust SiteHound
You can find information and download it from © Firetrust Ltd


Read, stay informed.
Please check out these articles:
Tony Klein's "How did I get infected in the first place?"
How to prevent Malware:© miekiemoes - Microsoft MVP - Consumer Security .


Please let me know that you have performed the 2 steps above and read the recommendations, at which point, I will request that this topic be closed, as resolved.

Stay Safe!
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: I got Keylogged!!! Hijack this log included

Unread postby Wingman » October 31st, 2009, 10:27 am

3 Day Response
Hello...
It has been 2 days since my last post to you. It would be a shame to leave this thread now.
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: I got Keylogged!!! Hijack this log included

Unread postby Carolyn » November 3rd, 2009, 9:18 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware