GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Windows Diagnostic Virus, as well

View previous topic View next topic Go down

Windows Diagnostic Virus, as well

Post by Deadmuskrat on Sun Mar 13, 2011 11:23 pm

I got this nasty bugger on my computer today and went through all of the steps to remove it. But after it was gone many of my desktop icons were also gone as well as quickbar icons. Upon further inspection many other things were missing as well. I stumbled upon one post made today on your forum describing the same thing:

[You must be registered and logged in to see this link.]

His description does it more justice:

"I've had this virus and seemingly got rid of it through Malwarebyte's Anti-Malware software. However, the real issue is nothing remains on my desktop; My Documents contains no files and all my other programs have disappeared with the exception of the Google Chrome browser. I should add that an analysis of the disk space available still remains the same as previously and when I scan using Spyware Doctor it scans all the files I can no longer 'see'. "

Here is my OTL log:

OTL Extras logfile created on: 3/13/2011 10:01:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sean\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 683.58 Gb Total Space | 412.26 Gb Free Space | 60.31% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.46 Gb Free Space | 69.74% Space Free | Partition Type: NTFS

Computer Name: SEAN-PC | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\Sean\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01945B9F-AE7C-4287-AE6C-59B6BF08A783}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0981E602-C32C-4291-8DD2-30ED2781F594}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{12D6959D-F153-4BE4-AFFC-125FCBA9C6DE}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |
"{185CEB99-2D00-404E-8526-1834E940B76A}" = lport=138 | protocol=17 | dir=in | app=system |
"{25C68F90-FC8B-4E46-9D5B-9CDB4B78AA20}" = rport=139 | protocol=6 | dir=out | app=system |
"{305F87BB-258F-4775-A0A4-A52665377D5E}" = lport=137 | protocol=17 | dir=in | app=system |
"{33D91922-2361-4408-A8FB-09C4F85E2DB4}" = rport=137 | protocol=17 | dir=out | app=system |
"{430A4AAE-D93C-451B-B2E1-A25DEB52B1D9}" = rport=138 | protocol=17 | dir=out | app=system |
"{454C296A-BBE0-43B2-9A16-9DCFD2E26D8E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader |
"{51D3128E-14AB-4489-8D64-9801C41CA6D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B2D9109-0FC2-4BBB-8059-48FDB1FEBF0F}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{5E97E3CF-891A-49F5-83C3-D98AFB81AC09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6031DFD1-0432-4A00-A70D-B0E263D72F48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70FBE531-4AF4-4B4F-AE0D-C381A3C84BAD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7BF65F3E-E837-4B2D-B3C7-C5D2D59AC939}" = lport=445 | protocol=6 | dir=in | app=system |
"{A5EEE372-73D7-41DF-B963-8E09D0388E9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B2AF108B-C79D-486C-9969-6480437ACE53}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CD999F6B-E9FA-482D-9688-EA6605BAAECA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0D33C75-90FC-45BF-951F-6DA5057530F7}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF970B6D-50F3-4DCE-8C92-C363C8A464D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E0B75CE3-0212-4867-B6E8-0554D52D1BA3}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E235A6-1F50-4C74-B99F-74A617735D51}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{0536F647-71CF-4B1C-862F-0C98ED122758}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{09D676B5-6875-4588-AF75-18AECAF68908}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-enus-ptr-downloader.exe |
"{0B2A4F90-DF8F-4415-ACE5-B7FB525D626B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{0BA98452-14C3-4CF1-94DE-7D787226731C}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{0FD06430-3024-49ED-8749-5FB369FC16AF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{13019EF5-5423-4F46-A1E5-8F89CB924AB1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{14C0CAF7-7A09-40EA-BBA9-BA2C33990FCB}" = protocol=6 | dir=in | app=c:\users\public\games\starcraft ii beta\starcraft ii.exe |
"{152F10E7-B034-4524-AFBE-F157E525D620}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{198C6D22-1838-476E-906C-518BE4B5F750}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1AE491F4-12C4-4829-A955-F0FEC32B231C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-enus-downloader.exe |
"{1DD312F4-FEC5-4C12-946B-CE4EAC9BF6CB}" = protocol=17 | dir=in | app=c:\users\public\games\starcraft ii beta\starcraft ii.exe |
"{1E410ADB-AE8B-4ECA-A366-A2DB15D88A97}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0.9626-to-0.1.0.9637-enus-downloader.exe |
"{20A19F76-8CB0-403F-AEEC-9A6FB95B390E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{23C06722-BDF7-4249-92AE-DA7FFF501ECF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-enus-ptr-downloader.exe |
"{24C72DBE-4583-4806-88B4-FF03F541BFCB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{254B0DD2-A688-4AD4-BE93-AC2B4FC635FD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{32D75E18-16EB-4427-A8C6-1C1AA8ECD279}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{32F7C5BE-C2E4-489A-8576-F36FC3804E25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{36546FE0-1798-4A74-B0E5-CE4190EBF44A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-enus-downloader.exe |
"{36684420-37A7-4D6E-BB6B-BE3BFF9F0E43}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.patch.exe |
"{3FD45E8E-BE66-4F9B-A181-68C191ABBAA6}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{432CD031-A647-48E1-81A9-F833C8AE4CC6}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{43BC1DBE-C85F-4B0C-838D-456EEC5BB9C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47777350-1473-4619-B07C-47461C80B53F}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe |
"{4A436D11-C88E-4799-8097-9C5C56014E72}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10170-to-0.2.0.10179-enus-downloader.exe |
"{4C7E33FA-1763-4BF0-8408-C9C3D284F7B3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4F9587EB-8715-4DBB-A14A-ACFB8482EBA4}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe |
"{5929F776-D07E-4929-8B72-B4C8C5BC9553}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5ACF4ED6-1897-4F95-9B1A-06B324A39B7E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10170-to-0.2.0.10179-enus-downloader.exe |
"{5B8CA697-597E-4A30-A16A-337D9912824F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.2-enus-downloader.exe |
"{5E4D9B2B-34EF-4563-9A7C-BA606E368913}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-enus-downloader.exe |
"{6527D498-611E-4F70-AEA0-BAD6CAD5AA73}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-enus-ptr-downloader.exe |
"{6AB8489F-1C62-4B26-9CAC-A80B4E72276F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6C0E1070-6528-48A1-975D-EE3C8E6DEE8C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{6DD79BD7-2B4D-4CD9-A534-9DF3344ED2F5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-enus-downloader.exe |
"{6F6134FF-172B-4D79-A85C-BF940331B257}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.patch.exe |
"{70022DEB-EA6B-4C9A-BA09-9497756A6543}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-enus-downloader.exe |
"{714F2029-0E0F-4094-BF42-9D146EF899CE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76FE8ABB-F030-4A6C-B8A3-90EEDA46D860}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-enus-downloader.exe |
"{79A7C434-5C05-4828-B528-C0E113274AE8}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft beta\launcher.exe |
"{7A1AE9D1-5CC8-4B6C-90B2-98805CA9B237}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft beta\launcher.exe |
"{7C9C74F5-7290-4C35-B763-5899AAFE32A2}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{7EEB2EAE-BE41-4672-B50D-F0FEBC5E3C46}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-enus-downloader.exe |
"{7F920B3B-2163-4A97-B4ED-D1BDAE97B28A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.2-enus-downloader.exe |
"{813539B5-5E4D-4CA9-BDAE-1E6A6A9CEB40}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{820E9367-7FE4-4184-A2D4-949BB8E99E87}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{822726DD-BAC8-41FB-A621-2B887481E048}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{87DAAC37-ADF4-414A-9C6F-4B7F9921B80C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{88E32637-B3FB-4D2F-A362-88DDB1E9DF7F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8CF74806-34FC-49DB-84D0-540F3A123AE2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{90A4BEC1-FD1E-4C00-AEE9-A2C2E9688683}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-enus-downloader.exe |
"{9388F7F7-BA0F-40DA-99B9-20210323C55B}" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\tversity\media server\mediaserver.exe |
"{941EDDEE-00C6-471D-BAEF-4F4F6E2414D0}" = protocol=6 | dir=in | app=c:\users\public\games\starcraft ii\starcraft ii.exe |
"{9B52C911-FE6F-4308-BB60-9FABBF5141CA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{A30928D5-956E-40A4-92B0-103F48381240}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{A4D8072E-2FF8-4118-B3C5-FA1ED98839D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A78C0457-1185-45C5-B4C2-85660257E806}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AA5C31C3-9AE9-44BE-AD57-14292C2C5881}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-enus-downloader.exe |
"{AB3971A2-3A96-4F8E-8B94-68F87FE37D53}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-enus-ptr-downloader.exe |
"{ABA8CBD1-AC22-43DE-B6E0-8E2E116A7796}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-enus-ptr-downloader.exe |
"{ABBE0077-DC97-40EA-950F-0BFB622E3FCE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{AD6DB327-25C4-430A-AD7E-5C5EF24D2975}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{B042B881-FF6C-4BE4-8B9E-442E1744C61C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{B3D41827-F76A-4E8F-B5AD-E6DA48DD5E1B}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{B8102DF4-5F28-40E6-8561-01041A2D399A}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe |
"{B9B9BC66-AC7A-4B0B-B472-B205C23598DB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0.9626-to-0.1.0.9637-enus-downloader.exe |
"{C0241559-3D66-4877-822F-A73746AB17E6}" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\tversity\media server\mediaserver.exe |
"{C3A0DA1F-221E-458D-A8F0-DB39405614C6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-enus-downloader.exe |
"{C4616CA8-0ECF-4398-A4A9-FA3D4983712B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{C717833F-D7D2-4D0D-B79B-68B6529DCACF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{C8127E5D-026C-4253-8E25-82BEE4C54217}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CF0A2611-67F2-4019-8F64-63D871DEEB30}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{CFD13245-EBB5-4028-8394-08F36A8909D4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{D03B2D4F-1625-4534-82E7-8FA3D7722B27}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-enus-downloader.exe |
"{D1F49B2F-DEF4-4BB5-98B0-DF7F1178A13E}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{D8E053C1-4FBE-4473-AA33-A486ED660B48}" = protocol=17 | dir=in | app=c:\users\public\games\starcraft ii\starcraft ii.exe |
"{D933F0E1-491D-481A-B83D-0ACF15C22262}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-enus-downloader.exe |
"{DBD15C26-93C0-4852-9EE5-94A8C413FE03}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{DC8699BD-BF4E-40C7-8E15-813288C6781A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-enus-downloader.exe |
"{E1BCABD7-F9EA-422E-927A-A8691BE0F0D7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-enus-downloader.exe |
"{E41549A8-DDD6-42AA-A1DE-CDC39A475B5E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EE04CADD-1DEB-44BA-BE48-81FD6CFFC89C}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{F5AC57E0-9AC4-46F4-932D-DF396AD8D44D}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe |
"{F5DCCA8E-07F5-476B-B8BD-5569EFB83A41}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-enus-downloader.exe |
"{F8E30AC8-15CC-4817-9FBD-A7868501408E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{F9EE6F92-DD03-4467-911E-47DB91BF65DD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-enus-ptr-downloader.exe |
"{FA542CA1-26E5-4628-829D-3F5C300FB54A}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{FF5A650B-487F-43BF-A31A-9C128F7AF5CE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-enus-downloader.exe |
"TCP Query User{0A070B33-73BF-4B4C-B463-D8D02C908E87}C:\users\public\games\world of warcraft public test\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\blizzard downloader.exe |
"TCP Query User{0ABF1ADA-B2AD-4C57-ADBF-DFFC017EACBB}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{0F186F66-56ED-4E6F-80AC-53ADBB827159}C:\users\sean\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\locallow\dyyno receiver\dppm.exe |
"TCP Query User{12AB2518-05FD-458C-BFB2-803E33022F89}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{18861A75-7763-410F-81AD-C3E3C0C4F1C1}C:\users\sean\downloads\utorrent(2).exe" = protocol=6 | dir=in | app=c:\users\sean\downloads\utorrent(2).exe |
"TCP Query User{18D3A70A-9610-4ECC-8AC4-3DA87D2DC0A7}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{2A7A6E81-4C47-45E5-98F6-AEDD7A6263A2}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{2DB0BA27-3E44-401A-9243-3317231AF86C}C:\users\sean\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\sean\desktop\utorrent.exe |
"TCP Query User{3E77CE2B-BFF6-423E-B04A-E3DEFE8A58E1}C:\users\public\games\world of warcraft beta\cataclysmsandbox.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft beta\cataclysmsandbox.exe |
"TCP Query User{4ABF9396-6068-46C6-9EBF-91F8990BED31}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{584E3A0D-34D6-4FEE-B487-4DB728D43793}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"TCP Query User{5C1965EB-0431-4424-970F-B4E550D32848}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5D1988D4-5621-4058-93F2-5A2462B1500C}C:\program files\winamp remote\bin\orb.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"TCP Query User{5D395B6A-2F91-402E-B88E-89ED50721D3D}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{6A462DE8-EC1F-4905-B3BC-ACDC13712F7B}C:\users\public\games\world of warcraft beta\sandbox.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft beta\sandbox.exe |
"TCP Query User{757986ED-D3CB-410F-A602-3A598D7BE2D6}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{898B5B4E-977D-4ADF-A72C-AD0BC28E6605}C:\users\sean\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\sean\desktop\utorrent.exe |
"TCP Query User{9C398323-1229-4025-A472-E954D4B700B7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{AF3EE5F3-77DF-497C-BF87-3B0BF9A0A4E2}C:\users\sean\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\sean\downloads\utorrent.exe |
"TCP Query User{B5ABD50A-6E3B-4693-933C-EDE6B36DEF1A}C:\users\sean\appdata\local\temp\blizzard launcher temporary - 45e5c510\launcher.exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\temp\blizzard launcher temporary - 45e5c510\launcher.exe |
"TCP Query User{C35A7C1C-18A5-4B14-8C6F-D4C4451936FE}C:\users\sean\appdata\local\temp\blizzard launcher temporary - f8d6a498\launcher.exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\temp\blizzard launcher temporary - f8d6a498\launcher.exe |
"TCP Query User{D1366E97-CB9C-4DA2-A67F-AF9220377837}C:\users\sean\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\sean\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
"TCP Query User{D3B7A894-F7E0-4435-AF00-4D95AA4D2DEA}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{D8B0C3A7-EE9C-4DBB-8540-6E5FD3F0B6CD}C:\program files\winamp remote\bin\orbir.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"TCP Query User{FB5B3C83-C49F-4C1E-B285-16ED2DA0B24F}C:\users\sean\appdata\local\temp\blizzard launcher temporary - ecc68dd0\launcher.exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\temp\blizzard launcher temporary - ecc68dd0\launcher.exe |
"UDP Query User{09397864-CB4A-4251-BADF-FBC143148169}C:\users\sean\appdata\local\temp\blizzard launcher temporary - 45e5c510\launcher.exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\temp\blizzard launcher temporary - 45e5c510\launcher.exe |
"UDP Query User{0CBC5DB8-1615-4F26-A58E-57CA99B47C6A}C:\program files\winamp remote\bin\orb.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"UDP Query User{219ABF35-37B8-41C2-B146-6D2649311F6E}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"UDP Query User{2A6FBF19-41CD-46B2-A39C-82270EDC8C9F}C:\users\sean\downloads\utorrent(2).exe" = protocol=17 | dir=in | app=c:\users\sean\downloads\utorrent(2).exe |
"UDP Query User{3BC5E91F-A615-43E4-A1C5-ED3F0550325D}C:\users\public\games\world of warcraft beta\sandbox.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft beta\sandbox.exe |
"UDP Query User{3C682978-78C1-4A88-914F-06986285E24A}C:\users\sean\appdata\local\temp\blizzard launcher temporary - ecc68dd0\launcher.exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\temp\blizzard launcher temporary - ecc68dd0\launcher.exe |
"UDP Query User{422FA1B3-44B4-46E4-92BB-59BA5F01D4B5}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{46D06A77-31A4-479D-8AD4-3E3C0115B5E6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{4BCB4092-E015-46CD-8943-EECF4BCBB4CA}C:\users\sean\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\locallow\dyyno receiver\dppm.exe |
"UDP Query User{50D156C4-3C84-4027-BDF9-783A669E0834}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{64C93217-7D20-4E12-9DAE-51035F8BFD18}C:\users\sean\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\sean\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
"UDP Query User{65B0E061-AD0C-4517-B324-E63D8BBD93FA}C:\users\sean\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\sean\downloads\utorrent.exe |
"UDP Query User{6C993177-9C02-4109-9FED-15313199ACC6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{777C16F6-9A1F-4082-8753-43D326EAA884}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{7E395360-DFFF-41E5-B05A-B0F13AB55B99}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7F744759-ABD7-4AFE-B7BB-4B958F0CED03}C:\users\sean\appdata\local\temp\blizzard launcher temporary - f8d6a498\launcher.exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\temp\blizzard launcher temporary - f8d6a498\launcher.exe |
"UDP Query User{992CE644-542A-4017-9D17-32F6276A6C63}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{A07F8906-CCAF-4D75-B075-91578B8667FD}C:\users\sean\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\sean\desktop\utorrent.exe |
"UDP Query User{A9CA4F35-C3E8-4A4B-89A7-7432E1A3BD54}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"UDP Query User{AFF366CE-BA49-4A64-871E-379149A09CE9}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{BBFCE29B-2293-4078-8CA8-0405E2B2E812}C:\users\public\games\world of warcraft beta\cataclysmsandbox.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft beta\cataclysmsandbox.exe |
"UDP Query User{E41A70EB-9E20-4EBC-8346-D60AC43DF82C}C:\program files\winamp remote\bin\orbir.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"UDP Query User{E590EBFE-60F3-4F9F-BD8C-166DB51AF2F4}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{EC3A5C07-CDE5-4899-8B15-FF3242B3ADEC}C:\users\public\games\world of warcraft public test\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\blizzard downloader.exe |
"UDP Query User{FD80F6CA-6EAF-409B-9FFE-46DDDEBAA204}C:\users\sean\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\sean\desktop\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0876216B-8135-D74E-4B4F-8F4BCD4E7DE7}" = Catalyst Control Center HydraVision Full
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{09885750-A6D7-4536-B7CA-E61AD7DFE5AB}" = Adobe Setup
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1e8120b5-f214-45de-a2da-1d477879c1ea}" = Nero 9 Lite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0000
"{3341697B-3E28-4C96-4F98-F269E21EB7E5}" = Skins
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{3FAB3594-0C12-2DB3-57E4-4AD2A13215CF}" = Catalyst Control Center Graphics Full Existing
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{47F8EE35-905B-9429-FC0E-6B989C0812E6}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4DBD094A-1D35-61D5-F3A0-4458DCAD37C2}" = Catalyst Control Center Graphics Previews Common
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image 2006 Suite Edition Editor
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60980D5C-0C56-7E59-746C-AA6CC50997E7}" = Catalyst Control Center Graphics Previews Common
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Digital Image 2006 Suite Edition Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6C59EAF3-B76B-52B8-B517-E0E645B08DE5}" = Catalyst Control Center Graphics Light
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{715A7636-C48B-181A-D221-C8C4D942A0C0}" = Catalyst Control Center Graphics Full New
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7603E267-9523-C5E5-8C14-B657B98EDF03}" = Catalyst Control Center Graphics Previews Vista
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8018AD38-3EBB-A031-D4F8-EF6A5952F168}" = ATI Catalyst Install Manager
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE51E45-F0B9-3BE4-4946-1B6D41D16A4A}" = CCC Help English
"{8C94D6F5-6F75-7921-E9EF-93D7486DBB0E}" = CCC Help English
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9531658F-BA09-EBFB-B2EE-06D639030828}" = Catalyst Control Center InstallProxy
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9DB42C-02E9-C357-0078-8C0071A0A4D9}" = Catalyst Control Center Graphics Previews Vista
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A154BBC7-5211-63EE-54F1-DDE3FF25BD0A}" = Catalyst Control Center Graphics Light
"{A1740D36-64B5-E7FF-D8F9-C0B827E42B67}" = Catalyst Control Center Graphics Full New
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A609DCAD-A00D-1820-E0BD-2A05D843B8A7}" = Catalyst Control Center Core Implementation
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A8406091-51A7-FCAF-9F51-86FE36BD346E}" = Catalyst Control Center Graphics Full Existing
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BFC2D769-8412-02A4-5B37-87880157C48B}" = ccc-utility
"{C1A628C2-92CC-BC23-BA13-18C6CFD2222E}" = ccc-utility
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E596BCF1-93C9-F90B-B01E-EBCF4231F2C7}" = Skins
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F347B7CC-F3F5-4464-8FB2-CC3CB42CC59E}" = Adobe Dreamweaver CS3
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_7d27d533949941418d33ba1f052e783" = Adobe Dreamweaver CS3
"avast5" = avast! Free Antivirus
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"CDisplay_is1" = CDisplay 1.8
"Daniusoft DVD Creator_is1" = Daniusoft DVD Creator(Build 1.0.0.2)
"DivX Setup.divx.com" = DivX Setup
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MSC" = McAfee SecurityCenter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PictureItSuite_v11" = Microsoft Digital Image Suite 2006
"Precision" = EVGA Precision 2.0.0
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4
"sp6" = Logitech SetPoint 6.20
"Steam App 400" = Portal
"Steam App 41500" = Torchlight
"Steam App 630" = Alien Swarm
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.2
"VLC media player" = VLC media player 1.1.0
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"World of Warcraft Public Test" = World of Warcraft Public Test
"Wrath of the Lich King Beta" = Wrath of the Lich King Beta

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products
"World of Logs Client" = World of Logs Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2010 5:19:30 AM | Computer Name = Sean-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3420 (0xd5c) Thread address : 0x77775E74 Thread message : Build VSCORE.14.0.0.423
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Users\Public\Documents\Blizzard
Entertainment\World of Warcraft\WoW-0.2.0-enUS-patch.exe by C:\Program Files\Alwil
Software\Avast5\AvastSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 5/6/2010 3:52:39 AM | Computer Name = Sean-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3743 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10b8 Start Time: 01cae7d30e4c7d50 Termination Time: 247

Error - 5/9/2010 5:22:23 AM | Computer Name = Sean-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2864 (0xb30) Thread address : 0x77775E74 Thread message : Build VSCORE.14.0.0.423
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Users\Public\Documents\Blizzard
Entertainment\World of Warcraft\WoW-0.3.0.10522-enUS-ptr-patch.exe by C:\Program
Files\Alwil Software\Avast5\AvastSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/13/2010 1:38:18 AM | Computer Name = Sean-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3636 (0xe34) Thread address : 0x775C5E74 Thread message : Build VSCORE.14.0.0.423
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Users\Public\Documents\Blizzard
Entertainment\World of Warcraft\WoW-0.3.0.10522-enUS-ptr-patch.exe by C:\Users\Public\Documents\Blizzard
Entertainment\World of Warcraft\WoW-0.3.0.10522-enUS-ptr-downloader.exe 4(0)(0)

4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/16/2010 5:25:47 AM | Computer Name = Sean-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3344 (0xd10) Thread address : 0x775C5E74 Thread message : Build VSCORE.14.0.0.423
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Users\Public\Documents\Blizzard
Entertainment\World of Warcraft\WoW-0.3.0.10522-enUS-ptr-patch.exe by C:\Program
Files\Alwil Software\Avast5\AvastSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/16/2010 10:20:46 PM | Computer Name = Sean-PC | Source = VSS | ID = 8194
Description =

Error - 5/16/2010 10:24:21 PM | Computer Name = Sean-PC | Source = System Restore | ID = 8193
Description =

Error - 5/18/2010 7:36:23 PM | Computer Name = Sean-PC | Source = Application Hang | ID = 1002
Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 708 Start Time: 01caf6c92ba60380 Termination Time: 21

Error - 5/27/2010 8:56:33 AM | Computer Name = Sean-PC | Source = Google Update | ID = 20
Description =

Error - 5/30/2010 5:15:42 AM | Computer Name = Sean-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3544 (0xdd8) Thread address : 0x76E35E74 Thread message : Build VSCORE.14.0.0.423
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Users\Public\Documents\Blizzard
Entertainment\World of Warcraft\WoW-0.2.0-enUS-patch.exe by C:\Program Files\Alwil
Software\Avast5\AvastSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

[ Media Center Events ]
Error - 7/8/2008 11:47:12 PM | Computer Name = Sean-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/28/2008 11:30:13 AM | Computer Name = Sean-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/29/2009 11:34:13 PM | Computer Name = Sean-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/13/2011 7:49:48 PM | Computer Name = Sean-PC | Source = DCOM | ID = 10010
Description =

Error - 3/13/2011 7:50:57 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 3/13/2011 7:54:07 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/13/2011 7:54:07 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/13/2011 7:54:07 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/13/2011 7:54:21 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/13/2011 7:59:18 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/13/2011 8:18:12 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/13/2011 8:51:30 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/13/2011 9:13:38 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Deadmuskrat
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2011-03-13
OS : Windows Vista
Points : 20988
# Likes : 0

View user profile

Back to top Go down

Re: Windows Diagnostic Virus, as well

Post by Dr Jay on Mon Mar 14, 2011 3:30 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144815
# Likes : 10

View user profile

Back to top Go down

Re: Windows Diagnostic Virus, as well

Post by Deadmuskrat on Mon Mar 14, 2011 4:07 am

ComboFix 11-03-12.01 - Sean 03/14/2011 3:53.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1761 [GMT -4:00]
Running from: c:\users\Sean\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee VirusScan *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: McAfee VirusScan *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
C:\LHTC974.tmp
C:\LHTCE45.tmp
C:\LHTF3F2.tmp
c:\users\Sean\AppData\Local\Temp\ppcrlui_3448_2
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 08:01 . 2011-03-14 08:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-14 00:23 . 2011-03-14 00:23 -------- d-----w- c:\users\Sean\AppData\Roaming\Malwarebytes
2011-03-14 00:22 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-14 00:22 . 2011-03-14 00:22 -------- d-----w- c:\programdata\Malwarebytes
2011-03-14 00:22 . 2011-03-14 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-14 00:22 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-09 02:10 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 02:10 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 02:10 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 02:10 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 02:10 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 02:10 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 17:58 . 2011-03-08 17:58 -------- d--h--w- c:\programdata\EA Core
2011-03-08 17:58 . 2011-03-08 17:59 -------- d--h--w- c:\programdata\Electronic Arts
2011-03-08 17:39 . 2011-03-10 02:29 -------- d-----w- c:\program files\Dragon Age 2
2011-03-01 21:05 . 2011-03-01 21:05 53248 ---ha-r- c:\users\Sean\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-03-01 21:05 . 2011-03-01 21:05 -------- d--h--w- c:\users\Sean\AppData\Roaming\Leadertech
2011-03-01 21:04 . 2011-03-01 21:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-03-01 21:02 . 2011-03-01 21:05 -------- d--h--w- c:\programdata\Logishrd
2011-03-01 21:02 . 2011-03-01 21:02 -------- d-----w- c:\program files\Logitech
2011-03-01 21:02 . 2011-03-01 21:05 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-03-01 21:01 . 2011-03-01 21:05 -------- d--h--w- c:\users\Sean\AppData\Roaming\Logitech
2011-03-01 21:01 . 2011-03-01 21:02 -------- d--h--w- c:\users\Sean\AppData\Roaming\Logishrd
2011-02-23 08:01 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-23 08:01 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-23 08:01 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-23 08:01 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-23 08:01 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-23 08:01 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-23 08:01 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-02-23 08:01 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-02-23 08:01 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-02-23 08:01 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-02-23 08:01 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-02-23 08:01 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-02-23 08:00 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-02-23 08:00 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-02-23 08:00 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-02-23 08:00 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-02-23 08:00 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-02-23 08:00 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-02-23 08:00 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-02-22 22:15 . 2011-03-14 00:56 -------- d-----w- c:\program files\Common Files\BioWare
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-20 16:37 . 2011-02-09 02:21 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 02:21 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 02:21 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 02:21 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 02:21 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 02:21 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 02:21 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 02:21 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 02:21 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 02:21 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 02:21 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 02:21 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 02:21 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 02:21 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 02:21 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 02:21 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 02:21 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 02:21 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 02:21 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 02:21 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 02:21 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 02:21 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 02:21 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 02:21 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 02:21 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 02:21 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 02:21 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 02:21 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-13 08:47 . 2010-06-29 07:28 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-04-13 22:01 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-04-13 22:02 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-04-13 22:02 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-04-13 22:02 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-04-13 22:02 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-04-13 22:02 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-08 08:47 . 2011-02-09 02:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 02:20 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 02:22 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 06:59 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27 . 2011-02-09 02:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22 . 2011-02-09 02:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22 . 2011-02-09 02:21 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22 . 2011-02-09 02:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 06:22 . 2011-02-09 02:21 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 05:25 . 2011-02-09 02:21 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48 . 2011-02-09 02:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47 . 2011-02-09 02:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49 . 2011-01-12 06:59 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"googletalk"="c:\users\Sean\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"Steam"="c:\program files\Steam\Steam.exe" [2010-12-01 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
.
c:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-24 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Driver Scanner]
2010-06-15 21:14 983272 ----a-w- c:\program files\Systweak\Advanced Driver Scanner\AdvancedDriverScanner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-12-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-12-14 166384]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files\NCsoft\Aion\bin32\GameGuard\dump_wmimmc.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-08-30 3407412]
R3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
R3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-12-14 1112560]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\DRIVERS\ProtoWall.sys [2006-01-02 23296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-319106356-3037724290-439004163-1000Core.job
- c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-31 22:38]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-319106356-3037724290-439004163-1000UA.job
- c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-31 22:38]
.
2011-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-31 14:53]
.
2011-03-13 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-31 14:53]
.
2011-03-14 c:\windows\Tasks\User_Feed_Synchronization-{BC7B4637-7A6B-4D1E-A67C-2E9748C2644A}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xrbcjyrb.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-PlayNC Launcher - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-03-14 04:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2011-03-14 04:03:58
ComboFix-quarantined-files.txt 2011-03-14 08:03
.
Pre-Run: 434,322,817,024 bytes free
Post-Run: 434,563,567,616 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - AA7348339299CD443B60E636792EC496

Deadmuskrat
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2011-03-13
OS : Windows Vista
Points : 20988
# Likes : 0

View user profile

Back to top Go down

Re: Windows Diagnostic Virus, as well

Post by Dr Jay on Mon Mar 14, 2011 4:47 am

Scan for malware

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.



Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144815
# Likes : 10

View user profile

Back to top Go down

Re: Windows Diagnostic Virus, as well

Post by Deadmuskrat on Mon Mar 14, 2011 11:44 am

I originally used Malwarebytes to remove the infection before coming here but did not ave the log. Here is the log for the one i just ran:

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/14/2011 11:34:47 AM
mbam-log-2011-03-14 (11-34-47).txt

Scan type: Quick scan
Objects scanned: 155613
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Deadmuskrat
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2011-03-13
OS : Windows Vista
Points : 20988
# Likes : 0

View user profile

Back to top Go down

Re: Windows Diagnostic Virus, as well

Post by Deadmuskrat on Mon Mar 14, 2011 11:45 am

Here is the MBRcheck report:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Dell XPS420
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 148):
0x82E33000 \SystemRoot\system32\ntkrnlpa.exe
0x82E00000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80696000 \SystemRoot\system32\drivers\acpi.sys
0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806ED000 \SystemRoot\system32\drivers\pci.sys
0x80714000 \SystemRoot\System32\drivers\partmgr.sys
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B606000 \SystemRoot\system32\drivers\iastor.sys
0x8B6CE000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B700000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B710000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B71A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B80D000 \SystemRoot\system32\drivers\ndis.sys
0x8B918000 \SystemRoot\system32\drivers\msrpc.sys
0x8B943000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BA06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB16000 \SystemRoot\system32\drivers\volsnap.sys
0x8BB4F000 \SystemRoot\System32\Drivers\spldr.sys
0x8BB57000 \SystemRoot\System32\Drivers\mup.sys
0x8BB66000 \SystemRoot\System32\drivers\ecache.sys
0x8BB8D000 \SystemRoot\system32\drivers\disk.sys
0x8BB9E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BBBF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8FAD3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8FADC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8FE0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x907A9000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8FAEB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x907AB000 \SystemRoot\System32\drivers\watchdog.sys
0x90A08000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90A95000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x90AD0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90ADB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90B19000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90B28000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90B38000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90B46000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90B5E000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x90B64000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90B93000 \SystemRoot\system32\DRIVERS\storport.sys
0x90BD4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90BDF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x907B7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x907C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x907E5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FB8B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FB9F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90BF6000 \SystemRoot\system32\DRIVERS\ProtoWall.sys
0x8FBB4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x907F4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90BFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FBC4000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FBEE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BBD5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B97E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BBE2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8B9B3000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8B78B000 \SystemRoot\system32\drivers\portcls.sys
0x8B9D4000 \SystemRoot\system32\drivers\drmk.sys
0x8078C000 \SystemRoot\system32\drivers\stwrt.sys
0x8BBF3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90A00000 \SystemRoot\System32\Drivers\Null.SYS
0x8FBF8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B9F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B800000 \SystemRoot\System32\drivers\vga.sys
0x8B7B8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B7D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B7E1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B7E9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x807DF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B7F4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91003000 \SystemRoot\System32\drivers\tcpip.sys
0x910ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x91108000 \SystemRoot\System32\Drivers\Mpfp.sys
0x91131000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91147000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x91159000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x91163000 \SystemRoot\system32\DRIVERS\smb.sys
0x91177000 \SystemRoot\system32\drivers\afd.sys
0x911BF000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x911C4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x805BB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x807ED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x805D1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91409000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91445000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9144F000 \SystemRoot\system32\drivers\mfehidk.sys
0x91482000 \SystemRoot\System32\Drivers\dfsc.sys
0x91499000 \SystemRoot\System32\Drivers\aswSP.SYS
0x914E0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x914E9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x914F9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x914FB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91504000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91511000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x915F6000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x915D9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91400000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x911F6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9AAC0000 \SystemRoot\System32\win32k.sys
0x8FA12000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FA1C000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8FA24000 \SystemRoot\system32\drivers\usbaudio.sys
0x8FA36000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9ACE0000 \SystemRoot\System32\TSDDD.dll
0x9AD00000 \SystemRoot\System32\cdd.dll
0x9AD10000 \SystemRoot\System32\ATMFD.DLL
0x8FA45000 \SystemRoot\system32\drivers\luafv.sys
0x8FA60000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x915F0000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x82008000 \SystemRoot\system32\drivers\spsys.sys
0x820B8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x820C8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x820DB000 \SystemRoot\system32\DRIVERS\WinUSB.SYS
0x820E3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x820F8000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x8210A000 \SystemRoot\system32\drivers\HTTP.sys
0x82177000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x82194000 \SystemRoot\system32\DRIVERS\bowser.sys
0x821AD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x821C2000 \SystemRoot\system32\drivers\mrxdav.sys
0x8FA9F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2E06000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA2E3F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2E57000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2E7F000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2ECD000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA2F0E000 \SystemRoot\system32\drivers\peauth.sys
0xA2FEC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x821E3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x805E4000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA2FF6000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xA2F05000 \SystemRoot\system32\drivers\mfesmfk.sys
0xA2FF8000 \??\C:\Users\Sean\AppData\Local\Temp\catchme.sys
0xA2EF5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x77120000 \Windows\System32\ntdll.dll

Processes (total 82):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
548 csrss.exe
608 C:\Windows\System32\wininit.exe
616 csrss.exe
652 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
676 C:\Windows\System32\lsm.exe
756 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\nvvsvc.exe
960 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\atiesrxx.exe
1120 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\audiodg.exe
1300 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\SLsvc.exe
1392 C:\Windows\System32\svchost.exe
1496 C:\Windows\System32\atieclxx.exe
1536 C:\Windows\System32\svchost.exe
1596 WUDFHost.exe
1668 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1680 C:\Windows\System32\nvvsvc.exe
1804 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1036 C:\Windows\System32\spoolsv.exe
1384 C:\Windows\System32\svchost.exe
2336 C:\Windows\System32\dwm.exe
2452 C:\Windows\System32\taskeng.exe
2668 C:\Windows\System32\ico.exe
2680 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2688 C:\Program Files\McAfee.com\Agent\mcagent.exe
2712 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
2720 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2748 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2756 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2784 C:\Program Files\iTunes\iTunesHelper.exe
2812 C:\Program Files\Logitech\SetPointP\SetPoint.exe
2908 C:\Windows\ehome\ehtray.exe
2924 C:\Program Files\Windows Media Player\wmpnscfg.exe
2952 C:\Windows\System32\svchost.exe
2992 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3036 C:\Program Files\Bonjour\mDNSResponder.exe
3080 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3156 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
3244 C:\Program Files\McAfee\MPF\MpfSrv.exe
3264 C:\Program Files\Steam\Steam.exe
3396 C:\Program Files\McAfee\MSK\msksrver.exe
3596 C:\Windows\ehome\ehmsas.exe
3800 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
3988 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
1216 taskeng.exe
1232 C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
2304 C:\Program Files\Windows Mail\WindowsMailGadget.exe
3448 C:\Program Files\Windows Mail\WinMail.exe
2900 C:\Windows\System32\svchost.exe
3716 C:\Windows\System32\stacsv.exe
1544 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
3768 C:\Windows\System32\svchost.exe
4160 C:\Windows\System32\svchost.exe
4192 C:\Windows\System32\svchost.exe
4228 C:\Windows\System32\SearchIndexer.exe
4764 C:\Program Files\Windows Media Player\wmpnetwk.exe
4876 C:\Windows\System32\svchost.exe
4976 C:\Program Files\iPod\bin\iPodService.exe
5064 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
3452 WmiPrvSE.exe
2600 C:\Windows\System32\taskeng.exe
3660 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
5820 C:\Program Files\Common Files\Steam\SteamService.exe
4932 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
3820 C:\Windows\System32\WerFault.exe
4920 C:\Windows\System32\notepad.exe
1328 C:\Windows\explorer.exe
2248 C:\Windows\System32\wbem\unsecapp.exe
5968 C:\Program Files\Mozilla Firefox\firefox.exe
5584 C:\Program Files\Mozilla Firefox\plugin-container.exe
324 C:\Windows\System32\SearchProtocolHost.exe
2128 C:\Windows\System32\SearchFilterHost.exe
3292 C:\Users\Sean\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c3700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: ST3750640AS, Rev: 3.ADG

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Deadmuskrat
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2011-03-13
OS : Windows Vista
Points : 20988
# Likes : 0

View user profile

Back to top Go down

Re: Windows Diagnostic Virus, as well

Post by Dr Jay on Mon Mar 14, 2011 12:43 pm

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144815
# Likes : 10

View user profile

Back to top Go down

Re: Windows Diagnostic Virus, as well

Post by Deadmuskrat on Mon Mar 14, 2011 2:23 pm

ESET Log:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=90a58b22a053f84aa5becb7aac96bca3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-14 06:21:02
# local_time=2011-03-14 02:21:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 28839285 28839285 0 0
# compatibility_mode=5121 16776574 100 96 59247771 61332737 0 0
# compatibility_mode=5892 16776574 100 95 42573096 136729263 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=227641
# found=1
# cleaned=1
# scan_time=5125
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000057

Deadmuskrat
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2011-03-13
OS : Windows Vista
Points : 20988
# Likes : 0

View user profile

Back to top Go down

Re: Windows Diagnostic Virus, as well

Post by Deadmuskrat on Mon Mar 14, 2011 2:30 pm

A quick update:

Seeing that the files were still on my hard drive but I couldn't 'see' them I went and showed all hidden files. Sure enough, all the icons returned on my desktop and I could see all lost files although they were transparent. This virus seems to have marked tons of my files as hidden.

Also, upon looking at my desktop, there is a shortcut to the malware that started this: Windows Diagnostic that was hidden.

I have not touched it yet as I await your instructions.

Deadmuskrat
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2011-03-13
OS : Windows Vista
Points : 20988
# Likes : 0

View user profile

Back to top Go down

Re: Windows Diagnostic Virus, as well

Post by Dr Jay on Tue Mar 15, 2011 6:36 pm

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144815
# Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum