Rats,trojans and :: freedomlist.com

	Advanced Search

Welcome to Omgili,
Omgili (Oh My God I Love It ;) is a search engine for discussions. With Omgili you can find answers and solutions, debates, discussions, personal experiences, opinions and more... To learn more about Omgili click here.

This is a complete preview of the discussion as it was indexed by Omgili crawlers. Use this preview if the original discussion is unavailable.
Click here to view the original discussion.


	Rats,trojans and :: freedomlist.com Hi, I was gone to holidays and this pc was used by my friends.HE had installed all types of RATS,keyloggers and crypter etc etc. I took help from shadowputerdude and after some cleaning he declared my pc clean.But still my friend still controls my pc.He can even open my cd-rom or delete anything from my pc :S.Please help


	Start here. http://www.freedomlist.com/forum/viewtopic.php?t=33557 And follow the instructions and post the logs. Paddy..


	If you were still having the problems on October 20, why didn't you tell shadowputerdude? Http://www.malwareteks.com/e107_plugins/fo...c.php?1879


	Hi, Well after 20 October I thought my pc was fine.But from 26 october my pc was again being controlled :S .So I thought of starting a new topic and this time in a new forum. RSS LOG LOG Logfile of random's system information tool 1.06 (written by random/random) Run by Hassaan at 2009-11-01 11:02:59 Microsoft Windows XP Professional Service Pack 3 System drive C: has 2 GB (10%) free of 19 GB Total RAM: 478 MB (27% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:03:03 AM, on 11/1/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\vsnpstd3.exe C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Hassaan\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Hassaan.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Quikc\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sdfsdf] C:\WINDOWS\yahoo~.scr O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\dir\install\install\server.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\dir\install\install\server.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted IP range: http://192.168.1.1 O15 - ESC Trusted IP range: http://192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{FE599F74-F910-4848-B0CE-55AB947D45D6}: NameServer = 203.99.163.240,202.125.132.12 O23 - Service: DriveHQ FileManagerFun - Drive Headquarter - C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 5604 bytes Scheduled tasks folder C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-20 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-20 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-27 13684736] "nwiz"=nwiz.exe /install [] "SW20"=C:\WINDOWS\system32\sw20.exe [2006-09-07 208896] "SW24"=C:\WINDOWS\system32\sw24.exe [2006-09-07 69632] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-10-15 14864384] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-27 86016] "snpstd3"=C:\WINDOWS\vsnpstd3.exe [2004-07-30 286720] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "QuickTime Task"=D:\Quikc\qttask.exe [2009-09-05 417792] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-20 149280] "sdfsdf"=C:\WINDOWS\yahoo~.scr [2009-10-31 53248] [HKEY_LOCAL_MACHINE\Software \Microsoft\Windows\CurrentV ersion\Policies\Explorer\Ru n ] "Policies"=c:\dir\install\install\server.exe [2009-10-30 283648] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVe rsion\Policies\Explorer\Run ] "Policies"=c:\dir\install\install\server.exe [2009-10-30 283648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveHQ FileManager] C:\Program Files\DriveHQ\DriveHQ FileManager\DriveHQClient.exe [2009-07-06 1898496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent] C:\Program Files\HTV\HTV.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2009-07-10 160592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-20 149280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-09-19 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hassaan^Start Menu^Programs^Startup^FIFA 09 Registration.lnk] D:\fifa09\Support\EAREGI~1.EXE /remind /language=ENB /PRID=ODS:15373.110.Base Product /WHPR=FIFA 09 /PRNM=Electronic Arts Product [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\current controlset\services\sharedaccess\ parameters\firewallpolicy\standar dprofile\authorizedapplications\l ist ] "%windir%\system32\sessmgr.exe" ="%windir%\system32\sessmgr.exe ::enabled:@xpsp2res.dll,-22019 " "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe::Enabled:µTorrent" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe::Enabled:EasyShare" "C:\WINDOWS\system32\PnkBstrA .exe"="C:\WINDOWS\system32\Pn kBstrA.exe::Enabled:PnkBstrA " "C:\WINDOWS\system32\PnkBstrB .exe"="C:\WINDOWS\system32\Pn kBstrB.exe::Enabled:PnkBstrB " "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe::Enabled:Call of Duty(R) 4 - Modern Warfare(TM) " "C:\WINDOWS\system32\dpvsetup .exe"="C:\WINDOWS\system32\dp vsetup.exe::Enabled:Microsof t DirectPlay Voice Test" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\WINDOWS\pchealth\helpctr\binaries\h elpctr.exe"="C:\WINDOWS\pchealth\helpct r\binaries\helpctr.exe::Enabled:Remote Assistance - Windows Messenger and Voice" "C:\WINDOWS\system32\rtcsha re.exe"="C:\WINDOWS\system3 2\rtcshare.exe::Enabled:RT C App Sharing" "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe::Disabled:Windows® NetMeeting®" "C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe::Enabled:Xfire" "C:\Documents and Settings\Hassaan\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\Hassaan\temp\TeamViewer\Version4\TeamViewer.exe::Enabled:TeamViewer Remote Control Application" "D:\dghdg\MOHAA.exe"="D:\dghdg\MOHAA.exe::Enabled:Medal of Honor Allied Assault(tm)" "D:\Counter Strike 1.6 version 3147\cstrike.exe"="D:\Counter Strike 1.6 version 3147\cstrike.exe::Enabled:Half-Life Launcher" "D:\Counter Strike 1.6 version 3147\hl.exe"="D:\Counter Strike 1.6 version 3147\hl.exe::Enabled:Half-Life Launcher" "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe::Enabled:Java(TM) Platform SE binary" "C:\Documents and Settings\Hassaan\Desktop\Bifrost1.2 d_cryptcrew.com\Bifrost1.2d_cryptcr ew.com\Bifrost1.2d.exe"="C:\Documen ts and Settings\Hassaan\Desktop\Bifrost1.2d _cryptcrew.com\Bifrost1.2d_cryptcrew .com\Bifrost1.2d.exe::Enabled:Bifro st 1.2.1" "C:\Documents and Settings\Hassaan\Desktop\Cerberus RAT 1_03_4 BETA\Cerberus RAT 1_03_4 BETA\Cerberus.exe"="C:\Documents and Settings\Hassaan\Desktop\Cerberus RAT 1_03_4 BETA\Cerberus RAT 1_03_4 BETA\Cerberus.exe::Enabled:Cerberus" "C:\Documents and Settings\Hassaan\Desktop\PI2.3.2\Poison Ivy 2.3.2.exe"="C:\Documents and Settings\Hassaan\Desktop\PI2.3.2\Poison Ivy 2.3.2.exe::Enabled:Poison Ivy Remote Administration" "C:\Program Files\Port Forwarding Wizard\bin\Port Forwarding Wizard.exe"="C:\Program Files\Port Forwarding Wizard\bin\Port Forwarding Wizard.exe::Enabled:Port Forwarding Wizard" "C:\Documents and Settings\Hassaan\Desktop\Lost_Door_V4.1_Fix\Lost Door V4.1 Fix\Lost door V4.1 Fix.exe"="C:\Documents and Settings\Hassaan\Desktop\Lost_Door_V4.1_Fix\Lost Door V4.1 Fix\Lost door V4.1 Fix.exe::Enabled:By OussamiO" "C:\Documents and Settings\Hassaan\Desktop\asas\Poison Ivy 2.3.2.exe"="C:\Documents and Settings\Hassaan\Desktop\asas\Poison Ivy 2.3.2.exe::Enabled:Poison Ivy Remote Administration" "C:\Documents and Settings\Hassaan\Desktop\Remote_Access_ Shell_v1.07__Public_\t3c4i3_s_FUD_Remot e_Access_Shell_v1.07__Public_\t3c4i3\'s FUD Remote Access Shell v1.07 [Public].exe"="C:\Documents and Settings\Hassaan\Desktop\Remote_Access_ Shell_v1.07__Public_\t3c4i3_s_FUD_Remot e_Access_Shell_v1.07__Public_\t3c4i3\'s FUD Remote Access Shell v1.07 [Public].exe::Enabled:t3c4i3's FUD Remote Access Shell v1.07 [Public]" "C:\Documents and Settings\Hassaan\Desktop\Pmaster1.0fix\Client.exe"="C:\Documents and Settings\Hassaan\Desktop\Pmaster1.0fix\Client.exe::Enabled:Client" "C:\Documents and Settings\Hassaan\Desktop\Spy-Net_v2.2\SpyNet.exe"="C:\Documents and Settings\Hassaan\Desktop\Spy-Net_v2.2\SpyNet.exe::Enabled:SpyNet" [HKEY_LOCAL_MACHINE\system\current controlset\services\sharedaccess\ parameters\firewallpolicy\domainp rofile\authorizedapplications\lis t ] "%windir%\system32\sessmgr.exe" ="%windir%\system32\sessmgr.exe ::enabled:@xpsp2res.dll,-22019 " "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\win dows\currentversion\explorer\mountpoints 2\{00c2473a-581f-11de-92ca-00167686fd59} ] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\server.exe shell\Open\command - I:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\server.exe List of files/folders created in the last 1 months 2009-11-01 11:02:59 ----D---- C:\rsit 2009-10-31 16:07:13 ----A---- C:\WINDOWS\wplog.txt 2009-10-31 16:07:11 ----D---- C:\Program Files\Web Publish 2009-10-31 16:06:41 ----D---- C:\Program Files\Microsoft Visual Studio 2009-10-31 11:33:52 ----A---- C:\WINDOWS\system32\scrrnfr.dll 2009-10-31 10:52:27 ----D---- C:\Program Files\Port Forwarding Wizard 2009-10-31 10:49:04 ----D---- C:\Program Files\PFConfig 2009-10-31 10:48:40 ----A---- C:\WINDOWS\Simple Port Forwarding Uninstall Log.txt 2009-10-31 10:38:59 ----A---- C:\WINDOWS\Simple Port Forwarding Setup Log.txt 2009-10-31 09:28:06 ----D---- C:\Program Files\No-IP 2009-10-30 19:23:16 ----D---- C:\dir 2009-10-30 12:54:24 ----D---- C:\WINDOWS\system32\28463 2009-10-27 21:59:13 ----D---- C:\Documents and Settings\Hassaan\Application Data\Samsung 2009-10-27 21:56:39 ----A---- C:\WINDOWS\system32\framedyn.dll 2009-10-27 21:56:18 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers 2009-10-27 21:55:43 ----D---- C:\Program Files\Samsung 2009-10-22 14:30:18 ----D---- C:\Program Files\IObit 2009-10-20 13:41:46 ----D---- C:\WINDOWS\temp 2009-10-20 13:35:31 ----A---- C:\WINDOWS\system32\javaws.exe 2009-10-20 13:35:31 ----A---- C:\WINDOWS\system32\javaw.exe 2009-10-20 13:35:31 ----A---- C:\WINDOWS\system32\java.exe 2009-10-20 09:11:39 ----D---- C:\Program Files\CodeHook 2009-10-19 19:45:05 ----D---- C:\Program Files\SBP 2009-10-19 15:16:50 ----D---- C:\Documents and Settings\All Users\Application Data\DriveHQ 2009-10-19 13:35:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-10-18 10:14:44 ----D---- C:\Program Files\DAMN NFO Viewer 2009-10-17 21:13:11 ----A---- C:\WINDOWS\system32\WgaTray.exe 2009-10-17 21:13:11 ----A---- C:\WINDOWS\system32\WgaLogon.dll 2009-10-17 21:08:13 ----D---- C:\WINDOWS\system32\URTTEMP 2009-10-17 21:07:08 ----D---- C:\Program Files\Common Files\BitDefender 2009-10-16 13:48:15 ----D---- C:\Program Files\OpenVPN 2009-10-15 04:58:06 ----A---- C:\WINDOWS\system32\xfcodec.dll 2009-10-14 19:41:58 ----D---- C:\WINDOWS\Logs 2009-10-10 15:45:23 ----D---- C:\Documents and Settings\Hassaan\Application Data\nHancer 2009-10-10 15:45:12 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA 2009-10-10 15:44:57 ----D---- C:\Documents and Settings\All Users\Application Data\nHancer List of files/folders modified in the last 1 months 2009-11-01 10:59:07 ----D---- C:\Program Files\Mozilla Firefox 2009-11-01 10:55:42 ----D---- C:\WINDOWS\system32\Lang 2009-10-31 21:01:02 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-10-31 20:08:35 ----D---- C:\WINDOWS\Prefetch 2009-10-31 16:36:55 ----A---- C:\WINDOWS\vbaddin.ini 2009-10-31 16:35:41 ----RD---- C:\Program Files 2009-10-31 16:22:46 ----D---- C:\WINDOWS 2009-10-31 16:07:24 ----A---- C:\WINDOWS\vb.ini 2009-10-31 16:07:11 ----HD---- C:\WINDOWS\inf 2009-10-31 16:07:11 ----D---- C:\WINDOWS\system32 2009-10-31 16:07:11 ----D---- C:\WINDOWS\Help 2009-10-31 16:07:05 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-10-31 16:06:53 ----D---- C:\Program Files\Common Files\DESIGNER 2009-10-31 15:16:57 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2009-10-31 11:55:52 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-10-31 11:25:01 ----D---- C:\Documents and Settings\Hassaan\Application Data\uTorrent 2009-10-31 10:49:06 ----D---- C:\WINDOWS\system32\CatRoot2 2009-10-31 10:49:03 ----SHD---- C:\WINDOWS\Installer 2009-10-31 10:49:02 ----D---- C:\Config.Msi 2009-10-28 09:40:55 ----D---- C:\Program Files\Common Files 2009-10-27 21:58:46 ----D---- C:\WINDOWS\system32\drivers 2009-10-27 21:55:42 ----HD---- C:\Program Files\InstallShield Installation Information 2009-10-27 21:16:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-10-27 21:14:20 ----D---- C:\Program Files\Common Files\InstallShield 2009-10-22 09:26:33 ----D---- C:\Program Files\Xfire 2009-10-21 19:58:02 ----D---- C:\Documents and Settings\Hassaan\Application Data\Xfire 2009-10-21 09:19:56 ----D---- C:\WINDOWS\system32\Restore 2009-10-21 09:19:44 ----SHD---- C:\System Volume Information 2009-10-21 09:18:02 ----D---- C:\WINDOWS\ERDNT 2009-10-20 13:44:35 ----A---- C:\WINDOWS\system.ini 2009-10-20 13:40:30 ----D---- C:\WINDOWS\AppPatch 2009-10-20 13:35:14 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-10-19 20:57:29 ----D---- C:\WINDOWS\system32\config 2009-10-19 19:47:02 ----SD---- C:\Documents and Settings\Hassaan\Application Data\Microsoft 2009-10-19 15:16:40 ----D---- C:\Documents and Settings\Hassaan\Application Data\DriveHQHOOK 2009-10-19 14:38:48 ----D---- C:\WINDOWS\WinSxS 2009-10-19 13:26:51 ----SD---- C:\WINDOWS\Tasks 2009-10-17 21:09:05 ----D---- C:\WINDOWS\Registration 2009-10-17 21:08:45 ----RSD---- C:\WINDOWS\assembly 2009-10-17 21:08:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-17 21:01:39 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-10-14 15:58:13 ----D---- C:\Program Files\DivX 2009-10-10 15:37:06 ----D---- C:\Program Files\Google List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-10-19 4034048] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-27 6280416] R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-07-16 25984] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152] S2 AKEProtect;AKEProtect; \??\C:\Program Files\Anti Keylogger Elite\AKEProtect.sys [] S3 aui7mhha;aui7mhha; C:\WINDOWS\system32\drivers\aui7mhha.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 ddsxeiservice;ddsxeiservice2; \??\C:\Program Files\sXe Injected\ddsxei.sys [] S3 GMSIPCI;GMSIPCI; \??\E:\vga\G71-VN31020 (G)\INSTALL\GMSIPCI.SYS [] S3 MSICPL;MSICPL; \??\E:\vga\G71-VN31020 (G)\install4\MSICPL.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 NTACCESS;NTACCESS; \??\E:\vga\G71-VN31020 (G)\NTACCESS.sys [] S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\vga\G71-VN31020 (G)\NTGLM7X.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2004-11-25 419200] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032] List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) R2 DriveHQ FileManagerFun;DriveHQ FileManagerFun; C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe [2009-07-07 46080] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-20 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-27 163908] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-12 75064] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-10-31 215104] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-13 133104] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2009-07-16 36352] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] EOF INFO info.txt logfile of random's system information tool 1.06 2009-11-01 11:03:05 Uninstall list -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf A4 TECH USB PC Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\R unTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9 Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91 1} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe" Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} BPP i-Pass ACCA Paper F1-->C:\PROGRA~1\i-assess\..\BPPI-P~1\ACCAF1\UNWISE.EXE C:\PROGRA~1\i-assess\..\BPPI-P~1\ACCAF1\INSTALL.LOG BPP i-Pass ACCA Paper F2-->C:\PROGRA~1\i-assess\..\BPPI-P~1\ACCAF2\UNWISE.EXE C:\PROGRA~1\i-assess\..\BPPI-P~1\ACCAF2\INSTALL.LOG BPP i-Pass ACCA Paper F3 INT-->C:\PROGRA~1\i-assess\..\BPPI-P~1\ACCAF3I0\UNWISE.EXE C:\PROGRA~1\i-assess\..\BPPI-P~1\ACCAF3I0\INSTALL.LOG Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409 CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} CodeHook CMS 0.33b-->C:\Program Files\CodeHook\Uninstall.exe Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000- FF1CE} DriveHQ FileManager 4.5-->"C:\Program Files\InstallShield Installation Information\{F8AD7E02-21AC-4057-95F9-7DB59FF57FC8}\setup.exe" -runfromtemp -l0x0009 -removeonly ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A} ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34} ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB} Fraps-->"C:\Fraps\uninstall.exe" Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe" Google Earth Plug-in-->MsiExec.exe /X{FE24D361-A3E8-11DE-88F3-005056806466} Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" i-assess runtime utilities Version 3-->C:\PROGRA~1\i-assess\UNWISE.EXE C:\PROGRA~1\i-assess\INSTALL.LOG Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE} K-Lite Mega Codec Pack 4.9.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_246978\Setup.exe /APR-REMOVE Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual Studio 6.0 Enterprise Edition-->"C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe" Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1} No-IP.com DUC (remove only)-->"C:\Program Files\No-IP\DUC20.exe" -uninstall NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} OpenVPN 2.1_rc19-->C:\Program Files\OpenVPN\Uninstall.exe PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL ~1\PROFES~1\RunTime\11\00\I ntel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210} SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2} Technitium MAC Address Changer v5.0 Release 3-->C:\Program Files\Technitium\TMACv5.0R3\Installer.exe tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A} Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536} Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C} Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F} Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" HijackThis Backups O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\scvhost.exe [2009-05-28] O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe [2009-05-28] F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe [2009-05-28] O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-07-15] O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-07-15] System event log Computer Name: HASSAAN-0F6E133 Event Code: 1002 Message: The IP address lease 192.168.7.83 for the Network Card with network address 00FF84B57D3B has been denied by the DHCP server 192.168.7.126 (The DHCP Server sent a DHCPNACK message). Record Number: 28580 Source Name: Dhcp Time Written: 20091023091641. +300 Event Type: error User: Computer Name: HASSAAN-0F6E133 Event Code: 1002 Message: The IP address lease 192.168.7.83 for the Network Card with network address 00FF84B57D3B has been denied by the DHCP server 192.168.7.126 (The DHCP Server sent a DHCPNACK message). Record Number: 28484 Source Name: Dhcp Time Written: 20091022183447. +300 Event Type: error User: Computer Name: HASSAAN-0F6E133 Event Code: 1002 Message: The IP address lease 192.168.7.83 for the Network Card with network address 00FF84B57D3B has been denied by the DHCP server 192.168.7.126 (The DHCP Server sent a DHCPNACK message). Record Number: 28386 Source Name: Dhcp Time Written: 20091022162454. +300 Event Type: error User: Computer Name: HASSAAN-0F6E133 Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 28299 Source Name: Tcpip Time Written: 20091022150416. +300 Event Type: warning User: Computer Name: HASSAAN-0F6E133 Event Code: 1002 Message: The IP address lease 192.168.7.83 for the Network Card with network address 00FF84B57D3B has been denied by the DHCP server 192.168.7.126 (The DHCP Server sent a DHCPNACK message). Record Number: 28281 Source Name: Dhcp Time Written: 20091022143212. +300 Event Type: error User: Application event log Computer Name: HASSAAN-0F6E133 Event Code: 0 Message: Record Number: 376 Source Name: Avira Firewall Time Written: 20090606162132. +300 Event Type: User: Computer Name: HASSAAN-0F6E133 Event Code: 1000 Message: Faulting application hpzsetup.exe, version 7.0.0.71, faulting module hpzsetup.exe, version 7.0.0.71, fault address 0x00059231. Record Number: 375 Source Name: Application Error Time Written: 20090606123352. +300 Event Type: error User: Computer Name: HASSAAN-0F6E133 Event Code: 1015 Message: Failed to connect to server. Error: 0x800401F0 Record Number: 373 Source Name: MsiInstaller Time Written: 20090606123324. +300 Event Type: warning User: HASSAAN-0F6E133\Hassaan Computer Name: HASSAAN-0F6E133 Event Code: 1015 Message: Failed to connect to server. Error: 0x800401F0 Record Number: 371 Source Name: MsiInstaller Time Written: 20090606123315. +300 Event Type: warning User: HASSAAN-0F6E133\Hassaan Computer Name: HASSAAN-0F6E133 Event Code: 1015 Message: Failed to connect to server. Error: 0x800401F0 Record Number: 369 Source Name: MsiInstaller Time Written: 20090606123302. +300 Event Type: warning User: HASSAAN-0F6E133\Hassaan Environment variables "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\DivX Shared;D:\Quikc\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0409 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip EOF ROOTREPEAL REPORT ROOTREPEAL (c) AD, 2007-2009 Scan Start Time: 2009/11/01 11:10 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 Drivers Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF3CB1000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7A72000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP8294 Image Path: \Driver\PCI_PNP8294 Address: 0x Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xBA630000 Size: 49152 File Visible: No Signed: - Status: - Name: spnx.sys Image Path: spnx.sys Address: 0xF732A000 Size: 1052672 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x Size: 0 File Visible: No Signed: - Status: - SSDT


	Your computer was infected the beginning of May , the end of May . It was infected again in October and reinfected in less than two weeks. What I am seeing in the logs was not on the computer on October 20. You continue to use file-sharing software. There is no evidence of an antivirus software. One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and Download and Execute files I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. -- TeamViewer is a computer software package for remote control, desktop sharing, and file transfer between computers ("C:\Documents and Settings\Hassaan\temp\TeamViewer\Version4\TeamViewer.exe") -- Bifrost1.2d.exe is a backdoor trojan ("C:\Documents and Settings\Hassaan\Desktop\Bifrost1.2d_cryptcrew.com\Bifrost1.2d_cryptcrew.com\Bifrost1.2d.exe") -- scrrnfr.dll appears to be a worm, with aliases W32/Amca-A, Trojan-Dropper.Win32.VB.pt, Win32/VB.NLK Because of the backdoor and repeated infections, there is no way to be sure your computer can ever again be trusted or cleaned. The best course of action would be a reformat and reinstall of the OS. Please read these for more information: Malware Removal -- Where to Draw the Line When Should I Reformat? How Should I Reinstall? How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Discussion Title: Rats,trojans and
Title Keywords: Rats,trojans freedomlist.com

Omgili Home

About

FAQ

Plugins

Usenet