Unsure of Name, Lethality, or Source

View previous topic View next topic Go down

Unsure of Name, Lethality, or Source

Post by Gracker on Wed Mar 03, 2010 8:17 pm

I'm first going to say thank you, after reading the 'Read This Before Posting' thread, I feel very comforted to know some of you actually care <3

Anyway, last night I was streaming (the pilot episode, I was curious -_-) Jersey Shore on MTV's website when I got a popup in my bottom-right toolbar saying that I was being 'attacked' by a threat, it gave me an IP address, and description on the virus. Now, I spend a lot of time on the computer, so I know my way around folders, system tools, terms, etc, but when it comes to the in-depth programming of it, I'm pretty much clueless, but this popup looked legit, enough that I didn't think twice about saying 'yes' to blocking the threat without looking into it more thoroughly, and lo and behold, I got a popup that was a terrible immitation of virus scanning software, and I unplugged my LAN cable immediately to not risk any of my personal information getting out, but I was already slammed by this virus. I started getting warnings from Window's security center that a threat was detected (one after another, the red shield icons would form in my toolbar, ultimately making an infinite amount until I would hover over them and they would disappear), and it completely paralyzed my Avast Home Edition (which is now updated fully), and rendered all of its on-access scanners useless. I first noticed I was unable to stop a lot of the foreign processes in my task manager (Not that I know all of my processes by heart, but I can usually spot one out of place). Then, once the virus took full control, I was unable to start any .exe files, for they were 'infected'. Since then, I've done a boot scan with avast with no luck, but it has put about 5 new files into the chest today (AppletPanel.class; jar_cache1097431872840393306.tmp; myf\y\LoaderX.class;myf\y\Applet.class; myf\y\PayloadX.class). The virus made my version of avast appear like it was unregistered, but through my phone I registered for a new code, entered it, and everything in avast appears to be working correctly. In total I've done a boot, quick, and specific folder scan, with no luck. On this boot, I ended a lot of the foreign processes at the beginning, ultimately stopping the fake virus software from opening and starting the chain reaction, however I started up good ol' WoW and it was running pretty slow, in a bogged down way. Right now, I have Avast up and running, my network up, and my computer is running seemingly fine, but I'm pretty certain that this virus isn't removed..merely stopped. I just downloaded IceSword and HijackThis (will post log in next post, I have a feeling there isn't enough room), and I am having no problems operating my computer, so installing new programs shouldn't be an issue. A huge thanks for any help at all.

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Wed Mar 03, 2010 8:18 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:09 PM, on 3/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\bmwebcfg.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\Documents and Settings\Graham\My Documents\Downloads\stinger1001688.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Graham\My Documents\Downloads\winlogon.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - D:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - D:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - D:\WINDOWS\mplayerplgn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - D:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - D:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [AT&T Communication Manager] "D:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [IJNetworkScanUtility] D:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [oxsphtwo] D:\Documents and Settings\Graham\Local Settings\Application Data\jjschb\ujrysftav.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [oxsphtwo] D:\Documents and Settings\Graham\Local Settings\Application Data\jjschb\ujrysftav.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Air Mouse.lnk = D:\Documents and Settings\Graham\Desktop\Air Mouse.exe
O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - D:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - D:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Unknown owner - D:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9484 bytes

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Wed Mar 03, 2010 8:48 pm

(aware of triple posting, I'm sorry Honored )
[You must be registered and logged in to see this link.]

The way he describes the initial attack is EXACTLY on par with what I experienced

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Wed Mar 03, 2010 9:18 pm

Quad-Bumping for updates - I really hope you guys don't mind

I just ran Malwarebytes' Anti-Malware and it picked up about 12 problems, fixed that
Also, out of curiousity I ran a registry cleaner and found about 15 thousand errors, mainly because I deleted the adobe suite off my computer in a very sloppy way, but I thought that number was amusing (I usually score ~150)
And lastly, I wanted to point out that I notice Avast's shields get shut down, in a pretty subtly way, and when I click the Fix Now button to, well, fix it, it says that all of the (8?) shield can't be started...but after about 5-10 seconds, everythings back up

Malwarebytes' log:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/3/2010 4:12:25 PM
mbam-log-2010-03-03 (16-12-25).txt

Scan type: Quick Scan
Objects scanned: 115194
Time elapsed: 20 minute(s), 2 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
D:\Documents and Settings\Graham\My Documents\Downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\dnscache.dnscacheobj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1fd79a59-37b1-459b-9097-09f9fab8a523} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b97f9125-71a1-48d0-b920-f140ef8de809} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dnscache.dnscacheobj.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\WINDOWS\mplayerplgn.dll (Trojan.BHO) -> Quarantined and deleted successfully.
D:\Documents and Settings\Graham\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Thu Mar 04, 2010 12:42 am

Hello.

Please update MBAM, then run a new scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Thu Mar 04, 2010 1:10 am

Heading to update right now, but I'm having new problems. I was running on a regular boot just fine for a few hours, then all of a sudden, everything was bogged down, but my pc didn't go over 50% CPU usage. I tried rebooting and it was still extremely slow. Right now I'm in a safe mode boot with networking, running a deep VIPRE scan

I just downloaded MBAM today, and it updated upon the download, but to my surprise it did have about 4.1mb in updates, and it changed from DB 3510 to 3823

Should I do a quick or full scan

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Thu Mar 04, 2010 1:11 am

Quick, full is no better, it only detects items I know are there but aren't active.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Thu Mar 04, 2010 1:15 am

I appreciate the quick responses, and also your effort going into this, I can assume a lot of people come here and take advantage of you, without even a simple thank-you

Also, should I cancel and restart the VIPRE scan since I set it to deep?

Malwarebytes' Anti-Malware 1.44
Database version: 3823
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

3/3/2010 8:15:41 PM
mbam-log-2010-03-03 (20-15-41).txt

Scan type: Quick Scan
Objects scanned: 123329
Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxsphtwo (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rupojmbn (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


well then Big Grin

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Thu Mar 04, 2010 1:18 am

This is one of the processes that I ended when I first started on a regular boot that I have a feeling is part of the problem

urjryav.exe

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Thu Mar 04, 2010 1:19 am

Hello.

No problem, that was the bad malicious process anyway. Smile

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll


  • Press "Fix Checked"
  • Close Hijack This.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Thu Mar 04, 2010 1:27 am

Doing as you said, R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 was not listed in HijackThis but the other 4 were

As it goes for restarting in normal mode, I'm not sure how that will go over considering my last 2 normal boots have failed, and I've been having these recent issues.

Do I need to disable the proxy servers in both firefox and internet explorer? I checked in firefox and it was already checked off. Also, is there any way I could get a core list of processes that are solely from windows, so I can end the virus ultimately even though I'm closing other programs?

I might not have a reply for a bit, so I apologize if there's a delay

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Thu Mar 04, 2010 1:30 am

Yes - make sure there is no proxy in BOTH browsers, otherwise one browser will work, the other wont.

I doubt closing down processes will help if there is a rootkit here, you can't just close that, they are stubborn little things that have to be forced out.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Thu Mar 04, 2010 1:54 am

Just tried a normal boot but about 30 seconds into it, everything went to hell and slowed just as it did the previous two times, so I'm calling that consistent

another process I just remembered was tvbustav.exe or something along those lines.

But, I'm back in safe mode logged in as admin opposed to my normal user

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Thu Mar 04, 2010 2:02 am

OTL logfile created on: 3/3/2010 8:57:50 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = D:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
C: Drive not present or media not loaded
Drive D: | 232.88 Gb Total Space | 63.78 Gb Free Space | 27.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 3.72 Gb Total Space | 3.60 Gb Free Space | 96.72% Space Free | Partition Type: FAT32

Computer Name: GRAHAMFUSSELL
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/03 20:57:18 | 000,551,424 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/02/21 21:40:06 | 002,726,000 | ---- | M] (Sunbelt Software) -- D:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2010/02/21 21:39:04 | 000,181,584 | ---- | M] (Sunbelt Software) -- D:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/03 20:57:18 | 000,551,424 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
SRV - [2010/02/21 21:40:06 | 002,726,000 | ---- | M] (Sunbelt Software) [Auto | Running] -- D:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/02/21 21:39:04 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- D:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/20 23:18:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/29 15:21:52 | 003,110,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- D:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Stopped] -- D:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/10/15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- D:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () [Auto | Stopped] -- D:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/12/21 09:42:28 | 000,113,176 | ---- | M] (PCTEL) [On_Demand | Stopped] -- D:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2007/12/21 09:31:06 | 000,118,784 | ---- | M] (Bytemobile, Inc.) [Auto | Stopped] -- D:\WINDOWS\System32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/02/21 20:30:04 | 000,204,632 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/02/21 20:30:04 | 000,085,080 | ---- | M] (Sunbelt Software, Inc.) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 13:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- D:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- D:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 13:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/01/11 23:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/01/05 04:40:38 | 000,069,720 | ---- | M] (Sunbelt Software) [File_System | Auto | Stopped] -- D:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/01/05 04:40:38 | 000,013,400 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2009/12/07 19:10:25 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Documents and Settings\Graham\Local Settings\Temp\UXGCF.tmp -- (GarenaPEngine)
DRV - [2009/10/14 03:39:40 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/17 04:35:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/06/24 23:45:34 | 000,037,376 | ---- | M] () [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\WMDrive.sys -- (WMDrive)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/28 15:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/03/31 17:30:08 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/11/02 03:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/05/23 22:23:56 | 000,039,552 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\mr7911.sys -- (mr7911)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/21 09:31:06 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007/12/21 09:27:10 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007/09/25 09:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/06/27 08:42:34 | 000,073,856 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 08:41:48 | 000,101,248 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/06/15 12:25:46 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/18 09:24:58 | 000,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/08 02:02:34 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- D:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/04/24 04:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/02/28 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/02/28 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2005/03/30 07:24:00 | 000,230,400 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/10/27 14:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 12:11:42 | 000,039,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\cnxt1803.sys -- (cnxt1803)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - D:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/03/03 20:03:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/02/17 22:45:47 | 000,000,000 | ---D | M]

[2010/03/03 20:03:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/03 20:53:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0pb0gaig.default\extensions
[2010/03/03 20:53:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0pb0gaig.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/03 19:13:16 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2009/07/20 23:31:22 | 000,001,216 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - D:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - D:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AT&T Communication Manager] D:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [IJNetworkScanUtility] D:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SBAMTray] D:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - D:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/03 20:21:58 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2010/03/03 20:21:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\Downloads
[2010/03/03 20:07:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/03/03 20:05:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/03/03 20:03:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/03/03 20:03:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/03/03 20:03:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Sunbelt
[2010/03/03 19:37:23 | 000,069,720 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\drivers\sbapifs.sys
[2010/03/03 19:37:23 | 000,013,400 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\drivers\sbaphd.sys
[2010/03/03 19:31:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/03/03 19:06:57 | 000,204,632 | ---- | C] (Sunbelt Software, Inc.) -- D:\WINDOWS\System32\drivers\sbtis.sys
[2010/03/03 19:06:57 | 000,085,080 | ---- | C] (Sunbelt Software, Inc.) -- D:\WINDOWS\System32\drivers\sbhips.sys
[2010/03/03 19:06:49 | 000,000,000 | ---D | C] -- D:\Program Files\Sunbelt Software
[2010/03/03 15:51:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/03 15:51:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/03 15:51:01 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010/03/03 15:51:00 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010/03/03 14:49:04 | 000,000,000 | ---D | C] -- D:\Program Files\ESET
[2010/03/03 14:45:00 | 000,000,000 | ---D | C] -- D:\Program Files\FileASSASSIN
[2010/03/03 07:02:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\WinMount
[2010/03/03 06:59:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Adobe
[2010/02/21 21:39:16 | 000,027,984 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\sbbd.exe
[2010/02/19 21:11:56 | 001,230,336 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\msvidctl.dll
[2010/02/19 21:11:56 | 000,083,968 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/02/19 21:11:56 | 000,052,096 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\msdv.sys
[2010/02/19 21:11:56 | 000,052,096 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\msdv.sys
[2010/02/19 21:11:56 | 000,047,104 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wstdecod.dll
[2010/02/19 21:11:56 | 000,018,688 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/02/19 21:11:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/02/19 21:11:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\bdaplgin.ax
[2010/02/19 21:11:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/02/19 21:11:56 | 000,015,104 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\mpe.sys
[2010/02/19 21:11:56 | 000,015,104 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mpe.sys
[2010/02/19 21:11:56 | 000,014,976 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\streamip.sys
[2010/02/19 21:11:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ipsink.ax
[2010/02/19 21:11:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ipsink.ax
[2010/02/19 21:11:56 | 000,011,392 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\bdasup.sys
[2010/02/19 21:11:56 | 000,011,392 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\bdasup.sys
[2010/02/19 21:11:56 | 000,010,880 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\slip.sys
[2010/02/19 21:11:56 | 000,010,112 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ndisip.sys
[2010/02/19 21:11:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ksolay.ax
[2010/02/19 21:11:54 | 000,005,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mstee.sys
[2010/02/19 21:11:52 | 001,201,152 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\d3d8.dll
[2010/02/19 21:11:52 | 000,667,648 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dinput8.dll
[2010/02/19 21:11:52 | 000,181,248 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dmime.dll
[2010/02/19 21:11:52 | 000,122,880 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dmusic.dll
[2010/02/19 21:11:52 | 000,100,864 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dmsynth.dll
[2010/02/19 21:11:52 | 000,098,816 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dmstyle.dll
[2010/02/19 21:11:52 | 000,076,800 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dmscript.dll
[2010/02/19 21:11:52 | 000,058,368 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dmcompos.dll
[2010/02/19 21:11:52 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dmloader.dll
[2010/02/19 21:11:52 | 000,027,136 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dmband.dll
[2010/02/19 21:11:52 | 000,018,432 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dswave.dll
[2010/02/19 21:11:51 | 000,974,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dxdiag.exe
[2010/02/19 21:11:51 | 000,491,520 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dsdmoprp.dll
[2010/02/19 21:11:51 | 000,381,952 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpvoice.dll
[2010/02/19 21:11:51 | 000,186,880 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dsdmo.dll
[2010/02/19 21:11:51 | 000,112,128 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpvvox.dll
[2010/02/19 21:11:51 | 000,080,896 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpvsetup.exe
[2010/02/19 21:11:51 | 000,046,592 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dxdllreg.exe
[2010/02/19 21:11:50 | 000,723,968 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpnet.dll
[2010/02/19 21:11:50 | 000,032,768 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpnhpast.dll
[2010/02/19 21:11:50 | 000,019,968 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpvacm.dll
[2010/02/19 21:11:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpnsvr.exe
[2010/02/19 21:11:50 | 000,003,072 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpnlobby.dll
[2010/02/19 21:11:49 | 001,294,336 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dsound3d.dll
[2010/02/19 21:11:49 | 001,189,888 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dx8vb.dll
[2010/02/19 21:11:49 | 000,648,704 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dinput.dll
[2010/02/19 21:11:49 | 000,602,624 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dx7vb.dll
[2010/02/19 21:11:49 | 000,381,952 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dsound.dll
[2010/02/19 21:11:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dplayx.dll
[2010/02/19 21:11:49 | 000,208,896 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\joy.cpl
[2010/02/19 21:11:49 | 000,079,360 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpwsockx.dll
[2010/02/19 21:11:49 | 000,077,824 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpmodemx.dll
[2010/02/19 21:11:49 | 000,068,096 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpnhupnp.dll
[2010/02/19 21:11:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\pid.dll
[2010/02/19 21:11:49 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dplaysvr.exe
[2010/02/19 21:11:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\d3d8thk.dll
[2010/02/19 21:11:49 | 000,003,072 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpnaddr.dll
[2010/02/19 21:11:48 | 000,797,184 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\d3dim700.dll
[2010/02/19 21:11:48 | 000,292,864 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ddraw.dll
[2010/02/19 21:11:48 | 000,024,064 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ddrawex.dll
[2010/02/19 21:10:57 | 000,000,000 | ---D | C] -- D:\Program Files\GameSpy Arcade
[2010/02/18 21:50:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2010/02/18 21:50:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Help
[2010/02/11 21:03:27 | 000,311,296 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\LEXBCES.EXE
[2010/02/11 21:03:27 | 000,201,216 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\LEXP2P32.DLL
[2010/02/11 21:03:27 | 000,197,120 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\LEX2KUSB.DLL
[2010/02/11 21:03:27 | 000,174,592 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\LEXPPS.EXE
[2010/02/11 21:03:27 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\LEXBCE.DLL
[2010/02/11 21:03:26 | 000,192,512 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\lexlmpm.dll
[2010/02/11 21:03:26 | 000,073,728 | ---- | C] (Dell Computer Corporation) -- D:\WINDOWS\System32\dlbcpwr.dll
[2010/02/11 21:03:26 | 000,057,344 | ---- | C] (Dell Computer Corporation) -- D:\WINDOWS\System32\dlbccinf.dll
[2010/02/11 21:03:26 | 000,049,152 | ---- | C] (Dell Computer Corporation) -- D:\WINDOWS\System32\dlbccoin.dll
[2010/02/11 21:03:26 | 000,000,000 | ---D | C] -- D:\Program Files\Dell 720
[2010/02/11 21:03:23 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- D:\WINDOWS\uninst.exe
[2010/02/11 17:33:40 | 000,000,000 | ---D | C] -- D:\Program Files\Mass Effect 2
[2010/02/10 21:25:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/12/31 11:05:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/19 06:15:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[2008/09/15 20:38:09 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/14 15:31:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Application Data\Xfire
[2008/09/14 11:16:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Xfire
[2008/09/09 06:08:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2008/09/07 21:19:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/09/07 21:17:15 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[3 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/03 20:57:58 | 000,786,432 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/03 20:52:08 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/03/03 20:42:15 | 000,271,490 | ---- | M] () -- D:\WINDOWS\System32\NvApps.xml
[2010/03/03 20:42:13 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/03/03 20:40:09 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2010/03/03 20:21:59 | 000,001,734 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/03/03 19:06:55 | 000,001,740 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2010/03/03 15:51:08 | 000,000,696 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/03 14:45:01 | 000,000,730 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2010/03/03 13:21:37 | 000,002,626 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2010/03/02 15:45:18 | 000,000,799 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/03/02 14:59:38 | 000,002,137 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/02 14:57:42 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/02/25 18:26:12 | 000,000,968 | ---- | M] () -- D:\WINDOWS\win.ini
[2010/02/21 21:39:16 | 000,027,984 | ---- | M] (Sunbelt Software) -- D:\WINDOWS\System32\sbbd.exe
[2010/02/21 20:30:04 | 000,204,632 | ---- | M] (Sunbelt Software, Inc.) -- D:\WINDOWS\System32\drivers\sbtis.sys
[2010/02/21 20:30:04 | 000,085,080 | ---- | M] (Sunbelt Software, Inc.) -- D:\WINDOWS\System32\drivers\sbhips.sys
[2010/02/20 21:48:13 | 000,002,193 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/02/19 21:20:28 | 000,001,795 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Battlefield 2 Special Forces.lnk
[2010/02/19 21:20:28 | 000,001,723 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
[2010/02/18 21:52:16 | 000,000,177 | ---- | M] () -- D:\WINDOWS\dellstat.ini
[2010/02/11 18:39:09 | 000,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2010/02/11 17:58:56 | 000,000,772 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Mass Effect 2.lnk
[2010/02/11 13:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\avastSS.scr
[2010/02/11 13:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 13:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 13:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 13:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/10 21:25:44 | 000,001,700 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[3 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/03 20:21:59 | 000,001,734 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/03/03 19:06:55 | 000,001,740 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2010/03/03 15:51:08 | 000,000,696 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/03 14:45:01 | 000,000,730 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2010/03/03 07:02:41 | 000,289,855 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Abstract__by_Leththe1337.jpg
[2010/02/19 21:20:28 | 000,001,795 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Battlefield 2 Special Forces.lnk
[2010/02/19 21:20:28 | 000,001,723 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
[2010/02/19 21:11:56 | 000,354,816 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll
[2010/02/19 21:11:56 | 000,354,816 | ---- | C] () -- D:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/02/19 21:11:56 | 000,052,224 | ---- | C] () -- D:\WINDOWS\System32\msdvbnp.ax
[2010/02/19 21:11:56 | 000,052,224 | ---- | C] () -- D:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/02/19 21:11:56 | 000,030,208 | ---- | C] () -- D:\WINDOWS\System32\psisrndr.ax
[2010/02/19 21:11:56 | 000,030,208 | ---- | C] () -- D:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/02/19 21:11:54 | 001,798,144 | ---- | C] () -- D:\WINDOWS\System32\dllcache\qedit.dll
[2010/02/19 21:11:54 | 000,733,184 | ---- | C] () -- D:\WINDOWS\System32\dllcache\qedwipes.dll
[2010/02/19 21:11:54 | 000,173,056 | ---- | C] () -- D:\WINDOWS\System32\dllcache\qasf.dll
[2010/02/19 21:11:54 | 000,013,312 | ---- | C] () -- D:\WINDOWS\System32\dllcache\msdmo.dll
[2010/02/19 21:11:53 | 000,470,528 | ---- | C] () -- D:\WINDOWS\System32\dllcache\qdvd.dll
[2010/02/19 21:11:53 | 000,316,928 | ---- | C] () -- D:\WINDOWS\System32\dllcache\qdv.dll
[2010/02/19 21:11:53 | 000,257,024 | ---- | C] () -- D:\WINDOWS\System32\dllcache\qcap.dll
[2010/02/19 21:11:53 | 000,136,192 | ---- | C] () -- D:\WINDOWS\System32\dllcache\mpg2splt.ax
[2010/02/19 21:11:53 | 000,132,608 | ---- | C] () -- D:\WINDOWS\System32\dllcache\devenum.dll
[2010/02/19 21:11:53 | 000,064,512 | ---- | C] () -- D:\WINDOWS\System32\dllcache\amstream.dll
[2010/02/19 21:11:53 | 000,034,304 | ---- | C] () -- D:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010/02/17 22:51:28 | 000,135,744 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/11 21:03:47 | 000,000,177 | ---- | C] () -- D:\WINDOWS\dellstat.ini
[2010/02/11 21:03:26 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\dlbcvs.dll
[2010/02/11 21:03:26 | 000,000,373 | ---- | C] () -- D:\WINDOWS\System32\dlbccoin.ini
[2010/02/11 17:58:56 | 000,000,772 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Mass Effect 2.lnk
[2010/02/10 21:25:44 | 000,001,700 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/01/12 15:18:20 | 001,409,890 | ---- | C] () -- D:\WINDOWS\System32\ffmpegmt.dll
[2010/01/12 15:18:18 | 000,819,200 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2010/01/12 15:18:18 | 000,556,491 | ---- | C] () -- D:\WINDOWS\System32\libmplayer.dll
[2010/01/12 15:18:16 | 004,507,983 | ---- | C] () -- D:\WINDOWS\System32\libavcodec.dll
[2010/01/12 15:18:10 | 000,877,385 | ---- | C] () -- D:\WINDOWS\System32\ff_x264.dll
[2010/01/12 15:18:10 | 000,336,384 | ---- | C] () -- D:\WINDOWS\System32\ff_libfaad2.dll
[2010/01/12 15:18:10 | 000,216,576 | ---- | C] () -- D:\WINDOWS\System32\ff_libdts.dll
[2010/01/12 15:18:10 | 000,151,552 | ---- | C] () -- D:\WINDOWS\System32\ff_libmad.dll
[2010/01/12 15:18:10 | 000,145,408 | ---- | C] () -- D:\WINDOWS\System32\libmpeg2_ff.dll
[2010/01/12 15:18:10 | 000,121,856 | ---- | C] () -- D:\WINDOWS\System32\ff_liba52.dll
[2010/01/12 15:18:08 | 000,169,984 | ---- | C] () -- D:\WINDOWS\System32\ff_samplerate.dll
[2010/01/12 15:18:08 | 000,116,736 | ---- | C] () -- D:\WINDOWS\System32\ff_tremor.dll
[2010/01/12 15:18:08 | 000,100,864 | ---- | C] () -- D:\WINDOWS\System32\ff_wmv9.dll
[2010/01/12 15:18:08 | 000,097,792 | ---- | C] () -- D:\WINDOWS\System32\ff_unrar.dll
[2010/01/12 15:12:36 | 000,085,504 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2009/12/31 19:00:00 | 000,324,096 | ---- | C] () -- D:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/31 19:00:00 | 000,248,320 | ---- | C] () -- D:\WINDOWS\System32\ff_kernelDeint.dll
[2009/11/14 13:37:08 | 000,154,112 | ---- | C] () -- D:\WINDOWS\System32\ts.dll
[2009/11/14 13:33:38 | 000,249,856 | ---- | C] () -- D:\WINDOWS\System32\dxr.dll
[2009/11/14 13:11:50 | 000,093,184 | ---- | C] () -- D:\WINDOWS\System32\avss.dll
[2009/11/14 13:11:42 | 000,150,016 | ---- | C] () -- D:\WINDOWS\System32\mkx.dll
[2009/11/14 13:11:42 | 000,141,824 | ---- | C] () -- D:\WINDOWS\System32\mp4.dll
[2009/11/14 13:11:40 | 000,123,392 | ---- | C] () -- D:\WINDOWS\System32\ogm.dll
[2009/11/14 13:11:40 | 000,109,568 | ---- | C] () -- D:\WINDOWS\System32\avi.dll
[2009/11/14 13:11:38 | 000,097,792 | ---- | C] () -- D:\WINDOWS\System32\avs.dll
[2009/11/14 13:11:32 | 000,080,384 | ---- | C] () -- D:\WINDOWS\System32\mkzlib.dll
[2009/11/14 13:11:32 | 000,024,576 | ---- | C] () -- D:\WINDOWS\System32\mkunicode.dll
[2009/06/24 23:45:34 | 000,037,376 | ---- | C] () -- D:\WINDOWS\System32\drivers\WMDrive.sys
[2009/06/03 15:01:49 | 000,135,168 | ---- | C] () -- D:\WINDOWS\System32\DVDIFOFilter.dll
[2009/05/20 16:09:39 | 000,021,840 | ---- | C] () -- D:\WINDOWS\System32\SIntfNT.dll
[2009/05/20 16:09:39 | 000,017,212 | ---- | C] () -- D:\WINDOWS\System32\SIntf32.dll
[2009/05/20 16:09:39 | 000,012,067 | ---- | C] () -- D:\WINDOWS\System32\SIntf16.dll
[2009/03/20 17:25:02 | 000,041,808 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll
[2009/03/02 18:03:03 | 000,138,576 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/02 18:02:33 | 000,000,319 | ---- | C] () -- D:\WINDOWS\game.ini
[2009/03/01 20:18:43 | 000,000,023 | ---- | C] () -- D:\WINDOWS\BlendSettings.ini
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- D:\WINDOWS\System32\mmfinfo.dll
[2008/12/14 18:02:05 | 000,000,036 | ---- | C] () -- D:\WINDOWS\marscam.ini
[2008/12/03 17:11:50 | 000,180,224 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 16:32:09 | 000,000,118 | ---- | C] () -- D:\WINDOWS\System32\MRT.INI
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 11:34:00 | 000,000,416 | ---- | C] () -- D:\WINDOWS\System32\dtu100.dll.manifest
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/05 11:42:26 | 002,463,976 | ---- | C] () -- D:\WINDOWS\System32\NPSWF32.dll
[2008/09/09 06:05:20 | 000,026,504 | ---- | C] () -- D:\WINDOWS\System32\drivers\swmsflt.sys
[2008/09/08 21:11:54 | 000,019,025 | ---- | C] () -- D:\WINDOWS\Ascd_log.ini
[2008/09/08 21:03:42 | 000,000,709 | R--- | C] () -- D:\WINDOWS\System32\AsusSetup.ini
[2008/09/08 21:03:42 | 000,000,263 | R--- | C] () -- D:\WINDOWS\System32\raidmgmt.ini
[2008/09/08 21:03:33 | 000,018,783 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini
[2008/09/08 21:03:31 | 000,005,810 | R--- | C] () -- D:\WINDOWS\System32\drivers\ASACPI.sys
[2008/09/08 21:03:28 | 000,005,824 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/09/07 21:17:32 | 000,002,016 | ---- | C] () -- D:\WINDOWS\System32\OEMINFO.INI
[2007/11/26 20:56:28 | 000,151,415 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- D:\WINDOWS\System32\Registration.ini
[2006/03/09 02:29:00 | 000,573,440 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll
[2006/03/09 02:29:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll
[2005/07/12 13:44:42 | 000,015,872 | ---- | C] () -- D:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 15:38:00 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\InsDrvZD.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- D:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 143 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
< End of report >

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Thu Mar 04, 2010 2:02 am

OTL Extras logfile created on: 3/3/2010 8:57:50 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = D:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
C: Drive not present or media not loaded
Drive D: | 232.88 Gb Total Space | 63.78 Gb Free Space | 27.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 3.72 Gb Total Space | 3.60 Gb Free Space | 96.72% Space Free | Partition Type: FAT32

Computer Name: GRAHAMFUSSELL
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Xfire\xfire.exe" = D:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"D:\Program Files\Electronic Arts\EADM\Core.exe" = D:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"D:\Program Files\World of Warcraft\Wrath of the Lich King Beta\WoW-3.0.2.8962-to-3.0.2.8970-enUS-downloader.exe" = D:\Program Files\World of Warcraft\Wrath of the Lich King Beta\WoW-3.0.2.8962-to-3.0.2.8970-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe" = D:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Program Files\Curse\CurseClient.exe" = D:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Documents and Settings\Graham\Desktop\keyclone\keyclone.exe" = D:\Documents and Settings\Graham\Desktop\keyclone\keyclone.exe:*:Enabled:keyclone -- File not found
"D:\Program Files\FrostWire\FrostWire.exe" = D:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"D:\Program Files\Warcraft III\Warcraft III.exe" = D:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"D:\Program Files\World of Warcraft\BackgroundDownloader.exe" = D:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\WINDOWS\system32\PnkBstrA.exe" = D:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"D:\WINDOWS\system32\PnkBstrB.exe" = D:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"D:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = D:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\bin\IA\Core\MDM_Util.exe" = E:\bin\IA\Core\MDM_Util.exe:*:Enabled:MDM_Util -- File not found
"D:\Program Files\RealVNC\VNC4\winvnc4.exe" = D:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"D:\WINDOWS\system32\dpvsetup.exe" = D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\World of Warcraft Public Test\WoW-0.2.0-enUS-downloader.exe" = D:\World of Warcraft Public Test\WoW-0.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Program Files\Steam\steamapps\gracker27\team fortress 2\hl2.exe" = D:\Program Files\Steam\steamapps\gracker27\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"D:\Program Files\Steam\steam.exe" = D:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Program Files\iCall\iCall.exe" = D:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- File not found
"D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"D:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = D:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Program Files\Skype\Phone\Skype.exe" = D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\Documents and Settings\Graham\Desktop\Stuff\WoW\keyclone\keyclone.exe" = D:\Documents and Settings\Graham\Desktop\Stuff\WoW\keyclone\keyclone.exe:*:Enabled:keyclone -- File not found
"D:\Program Files\Game\hl2.exe" = D:\Program Files\Game\hl2.exe:*:Enabled:hl2 -- File not found
"D:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = D:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Program Files\Garry's Mod\hl2.exe" = D:\Program Files\Garry's Mod\hl2.exe:*:Disabled:hl2 -- ()
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Documents and Settings\Graham\My Documents\Downloads\MTGOIII_Helper.exe" = D:\Documents and Settings\Graham\My Documents\Downloads\MTGOIII_Helper.exe:*:Enabled:Magic: The Gathering Online III -- File not found
"D:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe" = D:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe:*:Enabled:AirMouse -- File not found
"D:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = D:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = D:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Documents and Settings\Graham\Desktop\Air Mouse.exe" = D:\Documents and Settings\Graham\Desktop\Air Mouse.exe:*:Enabled:AirMouse -- File not found
"D:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe" = D:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"D:\Documents and Settings\Graham\Desktop\Left 4 Dead 2\left4dead2.exe" = D:\Documents and Settings\Graham\Desktop\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2 -- File not found
"D:\Program Files\LimeWire\LimeWire.exe" = D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"D:\Program Files\Garena\Garena.exe" = D:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Interactive PTE LTD)
"D:\Program Files\AIM\aim.exe" = D:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"D:\Program Files\Bonjour\mDNSResponder.exe" = D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Program Files\Unreal Tournament 3\Binaries\UT3.exe" = D:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:UT3 -- File not found
"D:\Program Files\Dragon Age\bin_ship\daorigins.exe" = D:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"D:\Program Files\Dragon Age\DAOriginsLauncher.exe" = D:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"D:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe" = D:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- File not found
"D:\Program Files\Steam\steamapps\common\psychonauts\PsychoLauncher.exe" = D:\Program Files\Steam\steamapps\common\psychonauts\PsychoLauncher.exe:*:Enabled:Psychonauts -- (Double Fine Productions, Inc.)
"D:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe" = D:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game -- (BioWare)
"D:\Program Files\Mass Effect 2\MassEffect2Launcher.exe" = D:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher -- (BioWare)
"D:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = D:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"D:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = D:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"D:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = D:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"D:\Documents and Settings\Graham\Local Settings\Apps\2.0\W5WM7EHB.YWB\9Q4OYLZY.1CY\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = D:\Documents and Settings\Graham\Local Settings\Apps\2.0\W5WM7EHB.YWB\9Q4OYLZY.1CY\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184A0FAD-8D80-4ADA-AF98-D94843D53A1E}" = Photo Viewer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{243DA072-8E39-424A-86A3-F63152021383}" = Adobe Glyphlet Creation Tool CS3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65B86A48-E6F2-431E-B15B-67CA1DFB3A0E}" = AT&T Communication Manager
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{880C837C-C37D-4F2F-B7AC-0E3367B666BC}" = WoW UI Designer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}" = ACID Pro 7.0
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{BA67E3E1-25EE-4481-857D-D3CA99DA71C8}" = Adobe Setup
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BDED1DCF-4A14-475E-83C9-81F4E29C0852}" = Eamonn
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DC017035-1939-425F-8F86-63B462C76C6A}" = PDF Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E66803D6-028C-452E-9A25-53BC64589FBE}" = VIPRE Antivirus
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F1D93F5B-881F-49E3-BA56-B4B8FA991059}" = Adobe Encore CS3 Library
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe Extendscript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"270E0DFBFA7F94FD50228B5EEAE787807AF7E702" = Windows Driver Package - OEM (mr7911) Image (05/29/2008 1.4.0.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_aefc483f26b23ab60cc5653016d5017" = Add or Remove Adobe Creative Suite 3 Production Premium
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Aiseesoft Mod Video Converter_is1" = ~[s p a m]~ Mod Video Converter
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = Ask Toolbar
"AutoItv3" = AutoIt v3.3.4.0
"AutoMacroRecorder_is1" = Auto Macro Recorder V5.1 (Pro V5.2) Trial Version
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Canon MP620 series User Registration" = Canon MP620 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"C-D CaseMaker_is1" = C-D CaseMaker
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Create-Ringtone_is1" = Create-Ringtone 4.99.4
"CurseClient" = Curse Client
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dell Photo Printer 720" = Dell Photo Printer 720
"Diablo II" = Diablo II
"DIN Settings Calculator_is1" = DIN Settings Calculator
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EazyPaper" = EazyPaper
"EphPod" = EphPod
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ExpressBurn" = Express Burn
"FileASSASSIN" = FileASSASSIN
"FL Studio 8" = FL Studio 8
"FrostWire" = FrostWire 4.17.2
"GameSpy Arcade" = GameSpy Arcade
"Garena" = Garena
"GCFExplorer_is1" = GCFExplorer 1.5
"Gmask 1.70 English" = Gmask 1.70 English
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"InfraRecorder" = InfraRecorder
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"LimeWire" = LimeWire 5.1.2
"Magic DVD Ripper_is1" = Magic DVD Ripper V4.2.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.2
"Media Player Classic" = Media Player Classic
"MediaCoder" = MediaCoder 0.7.0.4399
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"RealVNC_is1" = VNC Free Edition 4.1.3
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Send To Phone_is1" = Send To Phone 2.1
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 3830" = Psychonauts
"Steam App 440" = Team Fortress 2
"Switch" = Switch Sound File Converter
"ToolBox" = NCH Toolbox
"Toxic Biohazard" = Toxic Biohazard
"Videora iPod Converter" = Videora iPod Converter 4.07
"Videora iPod touch Converter" = Videora iPod touch Converter 5.04
"VTFEdit_is1" = VTFEdit 1.2.5
"Warcraft III" = Warcraft III
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinMount3_is1" = WinMount V3.2.0521
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wrath of the Lich King Beta" = Wrath of the Lich King Beta
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"YouTube Downloader App" = YouTube Downloader App 2.03

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 5/20/2009 6:14:12 PM | Computer Name = GRAHAMFUSSELL | Source = avast! | ID = 33554522
Description =

Error - 5/20/2009 6:14:12 PM | Computer Name = GRAHAMFUSSELL | Source = avast! | ID = 33554522
Description =

Error - 5/20/2009 6:14:12 PM | Computer Name = GRAHAMFUSSELL | Source = avast! | ID = 33554522
Description =

Error - 5/20/2009 6:14:12 PM | Computer Name = GRAHAMFUSSELL | Source = avast! | ID = 33554522
Description =

Error - 5/20/2009 6:14:12 PM | Computer Name = GRAHAMFUSSELL | Source = avast! | ID = 33554522
Description =

Error - 5/20/2009 6:14:12 PM | Computer Name = GRAHAMFUSSELL | Source = avast! | ID = 33554522
Description =

Error - 5/20/2009 6:14:18 PM | Computer Name = GRAHAMFUSSELL | Source = avast! | ID = 33554522
Description =

Error - 6/10/2009 5:03:40 PM | Computer Name = GRAHAMFUSSELL | Source = avast! | ID = 33554522
Description =

Error - 8/2/2009 10:06:16 PM | Computer Name = GRAHAMFUSSELL | Source = avast! | ID = 33554522
Description =

Error - 8/22/2009 8:42:17 PM | Computer Name = GRAHAMFUSSELL | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 3/1/2010 11:45:13 PM | Computer Name = GRAHAMFUSSELL | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0

Error - 3/1/2010 11:55:25 PM | Computer Name = GRAHAMFUSSELL | Source = WinVNC4 | ID = 1
Description = Connections: blacklisted: 192.168.0.3

Error - 3/1/2010 11:55:25 PM | Computer Name = GRAHAMFUSSELL | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0

Error - 3/2/2010 12:05:23 AM | Computer Name = GRAHAMFUSSELL | Source = WinVNC4 | ID = 1
Description = Connections: blacklisted: 192.168.0.3

Error - 3/2/2010 12:05:23 AM | Computer Name = GRAHAMFUSSELL | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0

Error - 3/2/2010 12:25:34 AM | Computer Name = GRAHAMFUSSELL | Source = WinVNC4 | ID = 1
Description = Connections: blacklisted: 192.168.0.3

Error - 3/2/2010 12:25:34 AM | Computer Name = GRAHAMFUSSELL | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0

Error - 3/2/2010 12:35:50 AM | Computer Name = GRAHAMFUSSELL | Source = WinVNC4 | ID = 1
Description = Connections: blacklisted: 192.168.0.3

Error - 3/2/2010 12:35:50 AM | Computer Name = GRAHAMFUSSELL | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0

Error - 3/2/2010 1:06:19 AM | Computer Name = GRAHAMFUSSELL | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0

[ System Events ]
Error - 3/3/2010 8:53:25 PM | Computer Name = GRAHAMFUSSELL | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 3/3/2010 8:53:25 PM | Computer Name = GRAHAMFUSSELL | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 3/3/2010 9:02:46 PM | Computer Name = GRAHAMFUSSELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP aswTdi Fips intelppm sbaphd SCDEmu

Error - 3/3/2010 9:02:46 PM | Computer Name = GRAHAMFUSSELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/3/2010 9:19:45 PM | Computer Name = GRAHAMFUSSELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/3/2010 9:40:09 PM | Computer Name = GRAHAMFUSSELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/3/2010 9:42:37 PM | Computer Name = GRAHAMFUSSELL | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 3/3/2010 9:52:39 PM | Computer Name = GRAHAMFUSSELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/3/2010 9:52:44 PM | Computer Name = GRAHAMFUSSELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP aswTdi Fips intelppm sbaphd SCDEmu

Error - 3/3/2010 9:55:10 PM | Computer Name = GRAHAMFUSSELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Thu Mar 04, 2010 2:19 am

[You must be registered and logged in to see this link.]

yet another direct statement of my problem

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Thu Mar 04, 2010 5:56 pm

Third day of this virus and it seems to be increasing the damage on my machine. I can't run a normal boot at all, it seems like I run out of physical memory, but task manager says different... everything bogs down, explorer won't open folders, and if I try and run a program, I pretty much have to unplug it and restart it to come back on

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Thu Mar 04, 2010 9:25 pm

You don't help yourself by using the hostfile to by-pass genuine check on photoshop, and I do see Limewire installed, chances are this is the source of your problem.

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Thu Mar 04, 2010 10:24 pm

I seem to be having trouble disabling avast and vipre in safe mode, any tips on this? I ended the processes but when I start CF it tells me they're still running, and they really made it clear that I don't want to run it with them up...

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Thu Mar 04, 2010 11:23 pm

Hello.
Uninstall Vipre if needed, run Combofix anyway, it's in Safe Mode so the AV wont interfere.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Thu Mar 04, 2010 11:50 pm

ComboFix 10-03-04.02 - Graham 03/04/2010 18:39:25.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1654 [GMT -5:00]
Running from: d:\documents and settings\Graham\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Graham\Local Settings\Application Data\iyvdxs
d:\documents and settings\Graham\Local Settings\Application Data\iyvdxs\tvbusftav.exe
d:\documents and settings\Graham\Local Settings\Application Data\jjschb
d:\documents and settings\Graham\Local Settings\Application Data\jjschb\ujrysftav.exe
d:\documents and settings\Graham\My Documents\reg_backup.REG
D:\install.exe
D:\LHT3.tmp
D:\Thumbs.db
d:\windows\COUPON~1.OCX
d:\windows\CouponPrinter.ocx
d:\windows\system32\SIntf16.dll
d:\windows\system32\twain_32.dll
d:\windows\system32\zip32.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 23:33 . 2010-03-04 23:35 -------- d-----w- D:\Combo-Fix19098C
2010-03-04 21:45 . 2010-03-04 21:45 -------- d-----w- D:\Combo-Fix
2010-03-04 19:39 . 2010-03-04 19:39 -------- d-----w- d:\documents and settings\Graham\Application Data\Bytemobile
2010-03-04 17:40 . 2010-03-04 17:40 1 ----a-w- d:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-04 17:39 . 2010-03-04 17:39 -------- d-----w- d:\documents and settings\Administrator\Application Data\OpenOffice.org
2010-03-04 03:41 . 2010-03-04 03:41 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-03-04 02:04 . 2010-03-04 02:04 -------- d-sh--w- d:\documents and settings\Administrator\PrivacIE
2010-03-04 01:21 . 2010-03-04 01:21 -------- d-----w- d:\program files\Trend Micro
2010-03-04 01:07 . 2010-03-04 01:07 -------- d-----w- d:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-04 01:03 . 2010-03-04 01:03 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-03-04 01:03 . 2010-03-04 01:03 -------- d-----w- d:\documents and settings\Administrator\Application Data\Sunbelt
2010-03-04 00:37 . 2010-01-05 09:40 69720 ----a-w- d:\windows\system32\drivers\sbapifs.sys
2010-03-04 00:37 . 2010-01-05 09:40 13400 ----a-w- d:\windows\system32\drivers\sbaphd.sys
2010-03-04 00:31 . 2010-03-04 00:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Sunbelt
2010-03-04 00:31 . 2010-03-04 00:31 -------- d-----w- d:\documents and settings\Graham\Application Data\Sunbelt
2010-03-04 00:06 . 2010-02-22 01:30 85080 ----a-w- d:\windows\system32\drivers\sbhips.sys
2010-03-04 00:06 . 2010-02-22 01:30 204632 ----a-w- d:\windows\system32\drivers\sbtis.sys
2010-03-04 00:06 . 2010-03-04 00:06 -------- d-----w- d:\program files\Sunbelt Software
2010-03-03 20:51 . 2010-03-03 20:51 -------- d-----w- d:\documents and settings\Graham\Application Data\Malwarebytes
2010-03-03 20:51 . 2010-01-07 21:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-03-03 20:51 . 2010-03-03 20:51 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-03 20:51 . 2010-01-07 21:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-03-03 20:51 . 2010-03-03 20:51 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-03-03 19:49 . 2010-03-03 19:49 -------- d-----w- d:\program files\ESET
2010-03-03 19:45 . 2010-03-03 19:45 -------- d-----w- d:\program files\FileASSASSIN
2010-03-03 12:02 . 2010-03-03 12:02 -------- d-----w- d:\documents and settings\Administrator\Application Data\WinMount
2010-02-28 01:35 . 2010-02-28 01:35 -------- d-----w- d:\documents and settings\Graham\Local Settings\Application Data\SSC
2010-02-22 02:39 . 2010-02-22 02:39 27984 ----a-w- d:\windows\system32\sbbd.exe
2010-02-19 02:50 . 2010-02-19 02:50 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\Help
2010-02-18 03:51 . 2010-03-03 14:27 135744 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-11 22:33 . 2010-02-11 22:49 -------- d-----w- d:\program files\Mass Effect 2
2010-02-11 02:25 . 2010-02-11 02:25 -------- d-----w- d:\documents and settings\All Users\Application Data\Alwil Software
2010-02-07 17:25 . 2010-03-04 17:23 -------- d-----w- d:\documents and settings\Graham\Local Settings\Application Data\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 22:32 . 2009-01-07 00:31 1 ----a-w- d:\documents and settings\Graham\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-04 17:23 . 2009-07-06 22:10 -------- d-----w- d:\program files\Steam
2010-03-04 03:51 . 2008-09-12 00:40 1324 ----a-w- d:\windows\system32\d3d9caps.dat
2010-03-02 20:46 . 2008-09-09 19:35 -------- d-----w- d:\program files\World of Warcraft
2010-02-28 04:14 . 2008-12-09 01:47 -------- d-----w- d:\documents and settings\Graham\Application Data\uTorrent
2010-02-28 01:59 . 2008-10-25 21:25 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-02-28 01:20 . 2008-09-09 19:39 -------- d-----w- d:\program files\Common Files\Blizzard Entertainment
2010-02-23 17:46 . 2009-01-12 19:33 -------- d-----w- d:\documents and settings\Graham\Application Data\FrostWire
2010-02-20 02:11 . 2010-02-20 02:10 -------- d-----w- d:\program files\GameSpy Arcade
2010-02-20 01:44 . 2008-10-15 22:14 -------- d-----w- d:\program files\EA GAMES
2010-02-20 01:44 . 2008-09-09 02:13 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-02-19 00:25 . 2009-02-03 20:21 -------- d-----w- d:\program files\Warcraft III
2010-02-18 23:47 . 2009-05-20 20:56 -------- d-----w- d:\program files\Diablo II
2010-02-14 14:26 . 2009-04-25 19:31 -------- d-----w- d:\program files\SpeedFan
2010-02-14 04:14 . 2009-04-10 22:58 -------- d-----w- d:\documents and settings\Graham\Application Data\LimeWire
2010-02-12 02:03 . 2010-02-12 02:03 -------- d-----w- d:\program files\Dell 720
2010-02-11 23:01 . 2008-09-09 02:46 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2010-02-11 22:58 . 2010-01-10 14:11 -------- d-----w- d:\program files\Common Files\BioWare
2010-02-11 22:14 . 2008-10-05 16:29 -------- d-----w- d:\program files\Common Files\Adobe
2010-02-11 18:53 . 2008-09-09 02:50 38848 ----a-w- d:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2008-09-09 02:49 153184 ----a-w- d:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2008-09-09 02:50 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2008-09-09 19:44 162512 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2008-09-09 02:50 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2008-09-09 02:50 100432 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2008-09-09 02:50 94800 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2008-09-09 19:44 19024 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2008-09-09 02:50 28880 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-02-11 03:53 . 2008-09-09 02:49 -------- d-----w- d:\program files\Alwil Software
2010-02-11 02:16 . 2008-12-09 01:47 -------- d-----w- d:\program files\uTorrent
2010-02-09 11:46 . 2009-11-15 05:00 -------- d-----w- d:\program files\Microsoft Silverlight
2010-02-07 16:29 . 2009-06-25 04:45 -------- d-----w- d:\documents and settings\Graham\Application Data\WinMount
2010-01-31 18:00 . 2010-01-31 18:00 -------- d-----w- d:\program files\AutoIt3
2010-01-31 03:32 . 2010-01-31 03:30 -------- d-----w- d:\program files\NVIDIA Corporation
2010-01-31 03:30 . 2010-01-31 03:30 -------- d-----w- d:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-01-31 03:04 . 2010-01-31 03:04 -------- d-----w- d:\documents and settings\Graham\Application Data\Media Player Classic
2010-01-31 03:03 . 2010-01-31 03:03 -------- d-----w- d:\program files\Media Player Classic
2010-01-31 03:00 . 2009-04-25 15:42 -------- d-----w- d:\program files\Windows Media Connect 2
2010-01-31 02:44 . 2010-01-31 02:44 -------- d-----w- d:\documents and settings\Graham\Application Data\DivX
2010-01-31 02:20 . 2010-01-31 02:20 -------- d-----w- d:\program files\Xvid
2010-01-27 03:29 . 2008-09-11 00:37 -------- d-----w- d:\program files\Bonjour
2010-01-24 15:23 . 2010-01-24 15:23 -------- d-----w- d:\documents and settings\All Users\Application Data\CCP
2010-01-24 00:30 . 2010-01-24 00:30 12862 ----a-r- d:\documents and settings\Graham\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2010-01-24 00:30 . 2010-01-24 00:30 -------- d-----w- d:\program files\Pcsx2
2010-01-12 20:12 . 2010-01-12 20:12 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- d:\windows\system32\nvmccs.dll
2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- d:\windows\system32\nvsvc32.exe
2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- d:\windows\system32\nvcolor.exe
2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- d:\windows\system32\nvcpl.dll
2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- d:\windows\system32\nvmctray.dll
2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- d:\windows\system32\nvwddi.dll
2010-01-10 15:02 . 2010-01-10 15:02 -------- d-----w- d:\documents and settings\All Users\Application Data\BioWare
2010-01-10 14:49 . 2010-01-10 14:39 -------- d-----w- d:\program files\Dragon Age
2010-01-10 13:49 . 2008-09-14 21:04 -------- d-----w- d:\program files\Electronic Arts
2010-01-10 13:48 . 2009-08-21 01:30 -------- d-----w- d:\program files\NCSoft
2010-01-01 00:00 . 2010-01-01 00:00 324096 ----a-w- d:\windows\system32\TomsMoComp_ff.dll
2010-01-01 00:00 . 2010-01-01 00:00 248320 ----a-w- d:\windows\system32\ff_kernelDeint.dll
2009-12-12 02:49 . 2009-03-02 23:02 215104 ----a-w- d:\windows\system32\PnkBstrB.exe
2009-12-12 02:33 . 2009-03-02 23:03 138576 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "d:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "d:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\steam\steam.exe" [2010-02-20 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AT&T Communication Manager"="d:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-02-08 33280]
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"IJNetworkScanUtility"="d:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"AdobeCS4ServiceManager"="d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"SBAMTray"="d:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-22 1291600]

d:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

d:\documents and settings\Graham\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-7 0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Xfire\\xfire.exe"=
"d:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"=
"d:\\Program Files\\Curse\\CurseClient.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\FrostWire\\FrostWire.exe"=
"d:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"d:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\World of Warcraft Public Test\\WoW-0.2.0-enUS-downloader.exe"=
"d:\\Program Files\\Steam\\steam.exe"=
"d:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"d:\\Program Files\\Garry's Mod\\hl2.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"d:\\Program Files\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Program Files\\AIM\\aim.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"d:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"=
"d:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"d:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\Documents and Settings\\Graham\\Local Settings\\Apps\\2.0\\W5WM7EHB.YWB\\9Q4OYLZY.1CY\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 SBRE;SBRE;d:\windows\system32\drivers\SBREDrv.sys [10/14/2009 3:39 AM 95024]
R1 SbTis;SbTis;d:\windows\system32\drivers\sbtis.sys [3/3/2010 7:06 PM 204632]
R2 SBAMSvc;VIPRE Antivirus;d:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2/21/2010 9:40 PM 2726000]
R2 SBPIMSvc;SB Recovery Service;d:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2/21/2010 9:39 PM 181584]
S1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [9/9/2008 2:44 PM 162512]
S1 sbaphd;sbaphd;d:\windows\system32\drivers\sbaphd.sys [3/3/2010 7:37 PM 13400]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [9/9/2008 2:44 PM 19024]
S2 sbapifs;sbapifs;d:\windows\system32\drivers\sbapifs.sys [3/3/2010 7:37 PM 69720]
S2 sbhips;sbhips;d:\windows\system32\drivers\sbhips.sys [3/3/2010 7:06 PM 85080]
S2 WMDrive;WMDrive;d:\windows\system32\drivers\WMDrive.sys [6/24/2009 11:45 PM 37376]
S3 ATTRcAppSvc;AT&T RcAppSvc;d:\program files\AT&T\Communication Manager\RcAppSvc.exe [12/21/2007 9:42 AM 113176]
S3 cnxt1803;Compaq 10_100 MiniPCI Ethernet NIC Driver;d:\windows\system32\drivers\cnxt1803.sys [11/22/2009 6:24 PM 39936]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [1/10/2010 9:49 AM 25832]
S3 GarenaPEngine;GarenaPEngine;\??\d:\docume~1\Graham\LOCALS~1\Temp\UXGCF.tmp --> d:\docume~1\Graham\LOCALS~1\Temp\UXGCF.tmp [?]
S3 mr7911;Photo Viewer ;d:\windows\system32\drivers\mr7911.sys [12/14/2008 5:47 PM 39552]
S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);d:\windows\system32\drivers\swnc8u56.sys [9/9/2008 6:09 AM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);d:\windows\system32\drivers\swumx56.sys [9/9/2008 6:08 AM 73856]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Winamp Search - d:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - d:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\n6cybhhf.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: d:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: d:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PlayNC Launcher - (no file)
HKCU-Run-oxsphtwo - d:\documents and settings\Graham\Local Settings\Application Data\jjschb\ujrysftav.exe
HKCU-Run-rupojmbn - d:\documents and settings\Graham\Local Settings\Application Data\iyvdxs\tvbusftav.exe
HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-04 18:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\GarenaPEngine]
"ImagePath"="\??\d:\docume~1\Graham\LOCALS~1\Temp\UXGCF.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\npggsvc]
"ImagePath"="d:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1563985344-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:59,ce,f6,38,48,cb,11,48,a4,19,9d,4e,d8,6c,4e,f8,86,d6,4a,0c,a7,
d7,fa,d3,46,66,be,c1,9a,86,55,70,2b,35,a1,a3,2e,72,a6,90,13,17,84,4e,65,e7,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
d:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-03-04 18:50:04
ComboFix-quarantined-files.txt 2010-03-04 23:50

Pre-Run: 68,303,368,192 bytes free
Post-Run: 68,774,658,048 bytes free

- - End Of File - - D4F163E528D4A89D83CD80569F438AB1

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Fri Mar 05, 2010 12:06 am

Hello.
Hah, the 420 site. Be careful on site like that, many people like to post exploits on chan websites, espicially at /b/. You know why.

I see that you are running Limewire and Frostwire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

You are also running two antivirus', I see from the uninstall list you have Vipre installed, along with Avast. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Vipre to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    FrostWire 4.17.2
    Java(TM) 6 Update 7
    Java(TM) 6 Update 11
    LimeWire 5.1.2
    VIPRE Antivirus

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Fri Mar 05, 2010 12:09 am

Removing these programs, then trying a normal boot.

and personally, 420chan is one of the cleanest chan sites I've seen to date, excluding the once-and-a-while trolls from everywhere else

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Fri Mar 05, 2010 12:11 am

I know, I visit some of the chan sites too. LMBO or ROFL 720 is clean and well moderated, it was just a general warning.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Fri Mar 05, 2010 12:26 am

Heh, well I've spent enough time on 4chan to know what you're talking about Smile

Unfortunately, I booted up normal. I watched all of the processes, and the one that started with a 'u' wasn't up, and neither were a lot of the other ones I would immediately end, but I still experienced the problem where windows explorer boggs down, my mouse pointer will move with no lag, but everything else seems like my computer is running extremely slow

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Fri Mar 05, 2010 12:31 am

There are a few items loading on startup that don't need to be, lets shut some of them off.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Fri Mar 05, 2010 12:34 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:03 PM, on 3/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
D:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
D:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - D:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - D:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [AT&T Communication Manager] "D:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [IJNetworkScanUtility] D:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SBAMTray] "D:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 3.0.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - D:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - D:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Bytemobile, Inc. - (no file)
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: VIPRE Antivirus (SBAMSvc) - Sunbelt Software - D:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - D:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7685 bytes

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Fri Mar 05, 2010 1:43 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [IJNetworkScanUtility] D:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SBAMTray] "D:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: OpenOffice.org 3.0.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe


  • Press "Fix Checked"
  • Close Hijack This.

Reboot normally.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Fri Mar 05, 2010 1:57 am

bump for rebooting, would also like to mention my computer takes a solid 5+ minutes to start up, only maybe once in 99 times will it start in normal time, as I understand you're helping a lot of people, do you have any idea on what this could be from? If not its no biggie, I've dealt with it for like a year :d

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Fri Mar 05, 2010 2:24 am

Rebooted and experienced the same thing as before, my mouse, and even task manager for a short period works completely fine, but then anything in the background appears completely frozen. I stayed in it for a while, and it didn't completely lock up until I started doing more and more things on it, but I tried opening firefox twice, nothing, and I couldn't right click on any icons in the bottom-right toolbar, but they reacted to when I hovered over it

I also get this prompt when I boot in normal mode, something that has my computer, with a bar traveling to the internet logo, and it tried to do something for a program. I have a strong feeling this is part of the malware, I've never seen this window before, nothing even close to it, but it tries to establish a connection with the program and the internet, but does so unsuccessfully

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Fri Mar 05, 2010 8:28 pm

You say you dealt with this for a year? how long has the machine has this infection? malware damage doesn't really help any, but that's something else that maybe causing it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Fri Mar 05, 2010 8:48 pm

I've only had this infection since Wednesday, but the boot problem, I expected it to be a problem because I installed windows on here like 3 times in one day because it kept failing Sad tearing

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Fri Mar 05, 2010 11:08 pm

Ah.
When you installed Windows, did you just overwrite, or fully delete the old partition?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Fri Mar 05, 2010 11:20 pm

It was a while ago but I believe a rewrite

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Fri Mar 05, 2010 11:22 pm

That's probably the problem then.

There was a case a while back now, where something like this happened. Users upgrading from XP to Vista got lots of errors, because they overwrite it and didn't fully format, delete the partition, then create a new partition for Vista.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Fri Mar 05, 2010 11:26 pm

I don't think it booted that long from the start, but after I think a month or so it started doing it, but nonetheless I'd rather fix this virus problem, have to write a paper before monday D:

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Fri Mar 05, 2010 11:27 pm

ijplmsvc.exe

When I end this process, the "Application connection in progress" (connecting to the internet) window closes, but my computer still goes crazy

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Fri Mar 05, 2010 11:29 pm

The malware looks gone now, any slowness can only be helped by caring for your HDD, doing a defrag, cleaning out temp files and such.

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Fri Mar 05, 2010 11:47 pm

Rebooted and still experienced the same problem. The exact text of the first window that opens is "Verifying Application Requirements" and it says "This make take a few moments..." under it, but I realize it could be from one of the recent virus programs I downloaded. As for the slowness itself, its like nothing I've seen my computer do. My CPU usage stays low, but pretty much everything freezes up, and nothing will open. I can't even open my start menu.

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Sat Mar 06, 2010 2:54 pm

Defragging it, didn't expect to see so many fragmented files

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Sat Mar 06, 2010 3:58 pm

[You must be registered and logged in to see this link.] wrote:Defragging it, didn't expect to see so many fragmented files

Hehe, let it defrag the machine, it could take a few hours though.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Sat Mar 06, 2010 4:29 pm

Yeah, that's what it looks like, I started it about an hour or so ago and its about a quarter done

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Sat Mar 06, 2010 5:01 pm

Volume (D:)
Volume size = 233 GB
Cluster size = 4 KB
Used space = 169 GB
Free space = 64.21 GB
Percent free space = 27 %

Volume fragmentation
Total fragmentation = 1 %
File fragmentation = 3 %
Free space fragmentation = 0 %

File fragmentation
Total files = 385,243
Average file size = 543 KB
Total fragmented files = 2
Total excess fragments = 508
Average fragments per file = 1.00

Pagefile fragmentation
Pagefile size = 2.00 GB
Total fragments = 8

Folder fragmentation
Total folders = 26,184
Fragmented folders = 2
Excess folder fragments = 2

Master File Table (MFT) fragmentation
Total MFT size = 501 MB
MFT record count = 411,988
Percent MFT in use = 80 %
Total MFT fragments = 10

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
160 3.73 GB \Program Files\World of Warcraft\Data\patch.MPQ

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Sat Mar 06, 2010 5:18 pm

Just tried a normal boot, my CPU spiked to 100% and back down very quickly, and everything bogged down to an unworkable state as usual Sad tearing

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Sun Mar 07, 2010 4:54 pm

Well, it looks like I can't determine let alone fix what the problem is when I boot normal, so I guess I'll just resort to reformatting. Thanks for all of your help!

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Gracker on Sun Mar 07, 2010 7:20 pm

Bump for fixed, ironically enough. After searching my house for like an hour looking for my original windows CD, which I usually have no problem finding, I gave up and figured I'd need a friend of mine to download and mount a new version of windows for me. After booting normal, out of curiosity I started ending virus programs.. and alas, there was my problem. You said that having 2+ programs running is bad, well, I was going to uninstall the other as soon as I got normal mode to run fine, because I was having problems uninstalling in safe mode. But, I'm running in normal mode fine, networking is working fine, games running fine, and my resolution, oddly enough, went up by like 80 pixels for no apparent reason.

Gracker
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-03-03
Gender Gender : Male
OS OS : Windows XP
Points Points : 25133
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unsure of Name, Lethality, or Source

Post by Belahzur on Sun Mar 07, 2010 8:19 pm

Okay, good. Smile This should be fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum