|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
09-22-2009, 10:19 PM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2009
Posts: 6
OS: Vista
|
Virus blocking websites and programs
hi i am new to this forum so excuse me if i am missing any information.
i am unable to connect to msn or get updates from windows updates. websites such as housecall online scanner, windows related websites, and other anti virus websites are either redirected or refuse to load. when i open DDS and the dialog box to run appears, clicking on run causes it to freeze. when i open GMER and the scan starts, my computer restarts automatically half way throught. please help me and thank you in advance! ============================= How Soon Can I Expect Help? ============================= Please be considerate of the fact that the people helping you are all volunteers, and in many cases usually have a job, and a limited amount of time to help, and therefore can only do so much. Also please note that there are many more people in need of assistance than there are trained staff members who may assist. Patience for this free assistance is required. If there is an immediate need, please take the machine to a local technician. If no one has replied to your thread within 72hrs after you posted, please reply in your thread with the words "BUMP, please" to move it forward. Do NOT bump the thread unless 72 hours has passed. We work from oldest to newest posts so your wait will be longer if you bump it forward before the 72 hours is up. When looking for threads to respond to, we look for threads with 0 reply, or 1 reply. So, do not bump more than once. If you do, it may appear as though the thread is being handled, and it may be overlooked. ------------------------------------------------------ Last edited by chemist; 09-25-2009 at 11:27 AM. |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
09-26-2009, 06:44 PM
|
#3 (permalink) |
|
Registered User
Join Date: Sep 2009
Posts: 6
OS: Vista
|
Re: Virus blocking websites and programs
forgot bout safe mode. here is the requested info.
DDS (Ver_09-09-24.01) - NTFSx86 NETWORK Run by HLB JOXA SEHAYEK at 19:48:23.83 on 26/09/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3071.2283 [GMT -4:00] SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\IObit\IObit Security 360\is360.exe C:\Program Files\IObit\IObit Security 360\is360tray.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\HLB JOXA SEHAYEK\Desktop\gmer.exe C:\Users\HLB JOXA SEHAYEK\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearch Bar = Preserve uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll {25333bc3-fffe-471b-8d55-d0baf9be8125} BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {93935f7f-9c88-42f8-8445-95251d27fabc} - URLHooker2 Class {9950772d-af73-4aea-80b6-c251ec40ea30} BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe" uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [AeroSnap] c:\program files\aerosnap\AeroSnap.exe mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup mRun: [CCUTRAYICON] FactoryMode mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab TCP: NameServer = 85.255.112.207,85.255.112.210 TCP: {0265B0FC-05CC-49A8-8052-8A492BCF9CF5} = 85.255.112.207,85.255.112.210 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: {522E0112-EDD9-413D-A99E-C311A54B6676} - No File {9950772d-af73-4aea-80b6-c251ec40ea30} LSA: Notification Packages = scecli c:\windows\system32\wobakubi.dll LSA: Authentication Packages = msv1_0 c:\windows\system32\awtqrpmm ================= FIREFOX =================== FF - ProfilePath - c:\users\hlbjox~1\appdata\roaming\mozilla\firefox\profiles\awt0fj62.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll FF - component: c:\users\hlb joxa sehayek\appdata\roaming\mozilla\firefox\profiles\awt0fj62.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPGomtvx_nie.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\users\hlb joxa sehayek\appdata\roaming\mozilla\firefox\profiles\awt0fj62.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\windows\system32\npmirage.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-11 64160] R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-5-22 5504] S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2007-7-10 269448] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-14 108289] S2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896] S2 fmebkpxz;Time Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-5-26 21504] S2 gupdate1c9a65afcf630b0;Google Update Service (gupdate1c9a65afcf630b0);c:\program files\google\update\GoogleUpdate.exe [2009-3-16 133104] S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-9-16 305936] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456] S2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376] S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-4-6 39896] S3 IntelDHSvcConf;IntelDHSvcConf;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2007-4-6 36312] S3 NMSCore;Intel(R) NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-4-6 313816] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064] S3 QualityManager;Intel(R) Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-4-6 272856] S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2007-4-24 83336] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-4-24 15112] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-4-24 108680] S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2007-4-24 100488] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2007-4-24 98696] =============== Created Last 30 ================ 2009-09-25 01:29 6,351 a------- c:\windows\8502zorm798.ocx 2009-09-20 16:57 <DIR> --d----- c:\program files\iPhone Configuration Utility 2009-09-20 16:56 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-09-20 16:56 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-09-20 16:55 <DIR> --d----- c:\program files\iPod 2009-09-20 16:55 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-20 16:55 <DIR> --d----- c:\program files\iTunes 2009-09-20 16:55 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-19 11:49 11,569 a------- c:\windows\system32\3505back9oorz04.dll 2009-09-19 06:10 15,385 a------- c:\windows\1193zhack9ool5bc.exe 2009-09-19 01:58 6,845 a------- c:\windows\system32\25964zpy2d5.bin 2009-09-17 01:55 7,077 a------- c:\windows\system32\5z90wor9554.bin 2009-09-16 11:03 14,974 a------- c:\windows\15z57s5921b.cpl 2009-09-16 03:08 <DIR> --d----- c:\programdata\IObit 2009-09-16 03:08 <DIR> --d----- c:\progra~2\IObit 2009-09-16 03:03 <DIR> --d----- c:\program files\Trend Micro 2009-09-16 03:02 <DIR> --d----- c:\programdata\F-Secure 2009-09-16 03:02 <DIR> --d----- c:\progra~2\F-Secure 2009-09-16 02:59 <DIR> --d----- c:\program files\AxBx 2009-09-16 02:36 102,664 a------- c:\windows\system32\drivers\tmcomm.sys 2009-09-16 02:10 <DIR> --d----- c:\users\hlbjox~1\appdata\roaming\AeroSnapApp 2009-09-16 02:09 <DIR> --d----- c:\program files\AeroSnap 2009-09-16 01:54 8,935 a------- c:\windows\z1569vi9us59a.dll 2009-09-16 00:34 11,239 a------- c:\windows\system32\1z559spy60d.bin 2009-09-14 17:29 <DIR> --d----- c:\program files\CodeGazer 2009-09-14 17:26 <DIR> --d----- c:\program files\RocketDock 2009-09-14 17:20 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-09-14 17:20 <DIR> --d----- c:\program files\Avira 2009-09-14 12:38 11,547 a------- c:\windows\system32\7575addwzr92367.dll 2009-09-13 18:56 <DIR> --d----- c:\programdata\Avira 2009-09-13 18:56 <DIR> --d----- c:\progra~2\Avira 2009-09-12 13:58 5,559 a------- c:\windows\3ze9vir9245.exe 2009-09-07 22:24 3,386 a------- c:\windows\z953w5rm698.exe 2009-09-07 04:45 10,385 a------- c:\windows\31851w5r9134z.bin 2009-09-06 20:58 14,894 a------- c:\windows\system32\b68spa59e24z2.exe 2009-09-06 18:36 8,657 a------- c:\windows\257zaddwa9e264.cpl 2009-09-06 15:34 3,856 a------- c:\windows\system32\584vir2198z.exe 2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx 2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts 2009-09-04 12:04 2,762 a------- c:\windows\141caddwa9ez352.dll 2009-09-01 20:37 14,277 a------- c:\windows\system32\9825spambzt6b9.ocx 2009-09-01 15:57 14,910 a------- c:\windows\55a19ownloader201z.cpl 2009-09-01 13:47 5,965 a------- c:\windows\system32\2204spywarz3595.bin 2009-09-01 03:24 12,444 a------- c:\windows\5z4f9hief1304.exe 2009-09-01 00:50 56 a---h--- c:\windows\system32\ezsidmv.dat 2009-09-01 00:49 <DIR> --d----- c:\programdata\Skype ==================== Find3M ==================== 2009-09-20 16:53 143,360 a------- c:\windows\inf\infstrng.dat 2009-09-20 16:53 86,016 a------- c:\windows\inf\infstor.dat 2009-09-20 16:53 51,200 a------- c:\windows\inf\infpub.dat 2009-09-16 03:10 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-14 17:30 615,424 a------- c:\windows\system32\themeui.dll 2009-09-14 17:30 240,128 a------- c:\windows\system32\uxtheme.dll 2009-08-27 13:16 2,876 a------- c:\windows\26659zpambot319.bin 2009-08-25 21:58 79,535 a------- c:\windows\War3Unin.dat 2009-08-24 04:33 8,799 a------- c:\windows\system32\19521not-azviruse2.bin 2009-08-20 03:05 3,269 a------- c:\windows\7951download5rz190.exe 2009-08-19 17:49 8,091 a------- c:\windows\5ff1thr5atz891.exe 2009-08-19 01:54 11,553 a------- c:\windows\5733thzeat2595.exe 2009-08-18 16:07 7,439 a------- c:\windows\system32\6zc45ddware2509.dll 2009-08-18 02:01 6,927 a------- c:\windows\system32\4559sparsz2527.bin 2009-08-16 12:20 3,642 a------- c:\windows\system32\23515spamz9t7f1.bin 2009-08-14 13:53 12,872 a------- c:\windows\system32\193435pambotz89.bin 2009-08-14 06:40 6,242 a------- c:\windows\system32\259z25ackto9l323.dll 2009-08-10 19:37 6,126 a------- c:\windows\734zvirus295.dll 2009-08-08 15:57 11,345 a------- c:\windows\97z425irus3b5.exe 2009-08-05 12:12 11,034 a------- c:\windows\3b5ezhr9at79475.exe 2009-08-04 17:33 139,264 a------- c:\windows\War3Unin.exe 2009-08-04 17:33 2,829 a------- c:\windows\War3Unin.pif 2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll 2009-07-24 15:53 14,375 a------- c:\windows\system32\19775viruz16a9.bin 2009-07-17 08:11 3,594 a------- c:\windows\13953worz16b.bin 2009-07-17 04:25 2,887 a------- c:\windows\system32\5bfb5ackdoor2z699.dll 2009-07-16 18:28 11,627 a------- c:\windows\system32\552bst9al569z.bin 2009-07-15 14:52 7,045 a------- c:\windows\24711vir59118z.dll 2009-07-13 11:51 13,077 a------- c:\windows\7f419azkdoor2265.bin 2009-07-12 12:41 4,622 a------- c:\windows\system32\4bc5tzal9102.bin 2009-07-11 19:52 10,393 a------- c:\windows\13698zorme5.bin 2009-07-08 05:38 12,102 a------- c:\windows\2690addwa5e9453z.exe 2009-07-07 07:28 6,089 a------- c:\windows\z67379p5731.dll 2009-07-06 02:43 17,054 a------- c:\windows\5dz85hief9464.exe 2009-07-05 01:12 11,362 a------- c:\windows\system32\3d09th5eaz30074.exe 2009-07-03 19:27 16,831 a------- c:\windows\7753bac5door912z.dll 2009-07-03 10:49 15,688 a------- c:\windows\system32\lsdelete.exe 2009-07-01 13:40 15,337 a------- c:\windows\4765z9r1615.exe 2009-07-01 12:09 3,342 a------- c:\windows\20119hackt5ol49cz.bin 2008-12-04 00:24 22,328 a------- c:\users\hlbjox~1\appdata\roaming\PnkBstrK.sys 2008-11-06 00:26 87,608 a------- c:\users\hlbjox~1\appdata\roaming\inst.exe 2008-11-06 00:26 47,360 a------- c:\users\hlbjox~1\appdata\roaming\pcouffin.sys 2008-06-11 03:34 665,600 a------- c:\windows\inf\drvindex.dat 2008-05-26 18:35 174 a--sh--- c:\program files\desktop.ini 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-05-03 02:18 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-05-03 02:18 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-05-03 02:18 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2009-05-03 02:18 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat ============= FINISH: 19:48:38.66 =============== |
|
|
|
|
09-26-2009, 08:19 PM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,993
OS: WinXP and Vista
|
Re: Virus blocking websites and programs
Hello hlbsehayek,
The security of your system has been compromised. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would also be wise to contact those same financial institutions to apprise them of your situation. Do not use this computer to access those sites until it has been cleaned. ================================= This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Download Combofix from any of the links below, and save it to your desktop. Link 1 Link 2 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure how to do this, please see this link http://www.bleepingcomputer.com/forums/topic114351.html -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts.
|
|
|
|
|
09-26-2009, 09:47 PM
|
#5 (permalink) |
|
Registered User
Join Date: Sep 2009
Posts: 6
OS: Vista
|
Re: Virus blocking websites and programs
ComboFix 09-09-25.01 - HLB JOXA SEHAYEK 26/09/2009 23:30.1.4 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3071.2601 [GMT -4:00] Running from: c:\users\HLB JOXA SEHAYEK\Desktop\ComboFix.exe SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\HLB JOXA SEHAYEK\AppData\Roaming\inst.exe c:\users\HLB JOXA SEHAYEK\Documents\cc_20090711_194130.reg c:\windows\10359zroj3f5.bin c:\windows\108z5n5t-a-viru96f6.exe c:\windows\1115nzt-a-viru519e9.exe c:\windows\11171not-a9virus519z.cpl c:\windows\1193zhack9ool5bc.exe c:\windows\11a5zteal659.dll c:\windows\11ffd5wnlzader9569.exe c:\windows\123795i9us6zc.cpl c:\windows\12648n9tza-5irus3e0.bin c:\windows\128359yzare960.exe c:\windows\128699p55b8z.exe c:\windows\12991szy5.cpl c:\windows\12c6zownloade52499.dll c:\windows\12dthre5z18912.cpl c:\windows\13195notza-viru93b0.cpl c:\windows\133azown95ader339.cpl c:\windows\13698zorme5.bin c:\windows\13905zot-a-v95us7f3.exe c:\windows\139459p5mbot2zf.dll c:\windows\13953worz16b.bin c:\windows\141caddwa9ez352.dll c:\windows\14876vi5usz39.ocx c:\windows\14980wormze5.cpl c:\windows\15059h9cztool3f5.bin c:\windows\15146worm194z.cpl c:\windows\15586h9cktoolz04.bin c:\windows\155azdware9076.bin c:\windows\155zteal95.cpl c:\windows\15693trozc5.ocx c:\windows\15f95parze357.ocx c:\windows\15z57s5921b.cpl c:\windows\15z64wo9m182.bin c:\windows\166cstez9569.bin c:\windows\1689th5ef28z8.bin c:\windows\17649zackto5l382.cpl c:\windows\1807zhief5591.ocx c:\windows\1869hazktool3569.cpl c:\windows\1894steal15z6.cpl c:\windows\189bvi516z5.dll c:\windows\1914thrzat58007.cpl c:\windows\1925ztro95f0.bin c:\windows\192threaz5521.ocx c:\windows\19415not9a-virus165z.cpl c:\windows\19479s5yz59.cpl c:\windows\1951zro53a9.ocx c:\windows\19544spambot4ez.cpl c:\windows\19843spz5f.exe c:\windows\19903szamb5t1c9.dll c:\windows\19z3worm655.ocx c:\windows\19z9vir2495.exe c:\windows\1a48adzwa9e23605.cpl c:\windows\1az1backd9or520.exe c:\windows\1b69bzckdoo51715.cpl c:\windows\1b75z9ief3567.exe c:\windows\1b9fzpyw5re51.cpl c:\windows\1bfv5rz389.bin c:\windows\1cdzste9l385.exe c:\windows\1d1cd9wnloade5305z.exe c:\windows\1da9thr5at534z.bin c:\windows\1f8zad5ware2799.cpl c:\windows\1z20spa5se9829.exe c:\windows\1z2799r5j76a.cpl c:\windows\1z312h9ck5ool2b.cpl c:\windows\1z419not-a5virus923.exe c:\windows\1z559virus548.exe c:\windows\1z6659roj604.ocx c:\windows\1z82s5a9se1524.bin c:\windows\2001359rmz6d.exe c:\windows\20119hackt5ol49cz.bin c:\windows\20313not-az59rus61a.exe c:\windows\208379pambot25z.bin c:\windows\208z75orm629.dll c:\windows\20979t5ojzae.cpl c:\windows\2139spazs5999.exe c:\windows\21509not-a-5irzs5ce.exe c:\windows\2166zspy9ba5.dll c:\windows\21945sp52dz.exe c:\windows\2296sparsz2545.cpl c:\windows\23039worz1415.bin c:\windows\234ft9i5f2355z.ocx c:\windows\23994vir5s4fz.cpl c:\windows\23e259izf211.exe c:\windows\24574s5amzot945.cpl c:\windows\2466h9c5tool5zb.bin c:\windows\24711vir59118z.dll c:\windows\24920spa5bzt3da.cpl c:\windows\25448not-a9vzrus1cc.bin c:\windows\257zaddwa9e264.cpl c:\windows\25879spy251z.bin c:\windows\2590b9zkdoor3155.ocx c:\windows\259285a9ktooz2b9.ocx c:\windows\2595zir1295.ocx c:\windows\2599steal8z9.cpl c:\windows\25a0bac9zoor2616.cpl c:\windows\26150z9rm3ff.cpl c:\windows\26565not-a-9iruz66f.exe c:\windows\26659zpambot319.bin c:\windows\2690addwa5e9453z.exe c:\windows\27554viruzf9.ocx c:\windows\2756thzeat29667.bin c:\windows\275ethiez2393.exe c:\windows\28884wz9m1155.bin c:\windows\29098sp95z7.dll c:\windows\2914395yz5f.dll c:\windows\29190vzr5s6c4.exe c:\windows\29249tzo56aa.cpl c:\windows\293579acktool180z.exe c:\windows\29357zro93e5.bin c:\windows\2956backdo5r2989z.dll c:\windows\29589hzeat13375.exe c:\windows\29592spazbo559d.dll c:\windows\29656troz93f.dll c:\windows\29705not-9-5iruz604.ocx c:\windows\29904wor511z.dll c:\windows\29z4not-a-viru51b8.dll c:\windows\29z90viru57509.dll c:\windows\29z99w5rm.bin c:\windows\29zfvir5114.bin c:\windows\2aaf9aczdoor5002.exe c:\windows\2c63tz9eat186505.ocx c:\windows\2d1359iefz59.cpl c:\windows\2d19doznlo9de51731.exe c:\windows\2dz3vi5589.cpl c:\windows\2z05backdoor9523.bin c:\windows\2z314vi9us605.dll c:\windows\2z727spam9ot61b5.cpl c:\windows\301459roz2be.dll c:\windows\302595pambot5z9.cpl c:\windows\303605orzd9.cpl c:\windows\30500z59us61e.exe c:\windows\3058spamzot99.exe c:\windows\30657tr9z75e.exe c:\windows\30825szy99b.ocx c:\windows\3119irz5599.ocx c:\windows\31509hack9ool2fz.cpl c:\windows\31599zo5m243.ocx c:\windows\31851w5r9134z.bin c:\windows\31950wzrm42b.ocx c:\windows\32494sza9b5t21f.ocx c:\windows\324975orm409z.cpl c:\windows\32609n9t-a-zir5s65f.cpl c:\windows\329965pamzot49d.cpl c:\windows\329z2vir5s791.exe c:\windows\34z8thr9at130075.ocx c:\windows\3548tzrea919572.cpl c:\windows\3559downlozder5700.bin c:\windows\3855zhief819.cpl c:\windows\38a1spywa5e3z95.cpl c:\windows\391spywaze3055.dll c:\windows\3935spzrse198.bin c:\windows\3956thz5f1718.dll c:\windows\39831hacz5ool7b.exe c:\windows\3990ad5ware49z.dll c:\windows\39act5rzat25373.exe c:\windows\3aa8t59ez1421.ocx c:\windows\3ac5backd5oz1759.exe c:\windows\3b5ezhr9at79475.exe c:\windows\3ba5zhi9f449.exe c:\windows\3bz6spars530759.bin c:\windows\3d77addw5re392z.cpl c:\windows\3f51down9oader182z.bin c:\windows\3fc5ad9waze2524.exe c:\windows\3ff3down9za5er1310.bin c:\windows\3ffd5teal19z8.ocx c:\windows\3z52s59al759.cpl c:\windows\3z53thi5f2979.dll c:\windows\3z95spywar9622.cpl c:\windows\3ze9vir9245.exe c:\windows\40f2download9r11z95.ocx c:\windows\4125s9azse957.dll c:\windows\4127spzwa5e17639.exe c:\windows\4295zhief24099.bin c:\windows\45c79hie5256z.ocx c:\windows\45z5addware369.dll c:\windows\4695stealz863.dll c:\windows\4725thief1z39.exe c:\windows\4765z9r1615.exe c:\windows\4896thzea92157.ocx c:\windows\489bspaz952460.dll c:\windows\489z9o5m767.ocx c:\windows\48d29ackdz5r498.exe c:\windows\4969vzrus155.dll c:\windows\4993th5zf2694.exe c:\windows\49c6addw9r5530z.exe c:\windows\4b29bzckd5or780.cpl c:\windows\4b35down9ozder973.ocx c:\windows\4b8aspars51298z.exe c:\windows\4c75downloa9e5z22.dll c:\windows\4dfespars51793z.cpl c:\windows\4e59stza5426.bin c:\windows\4zb05p9rse843.dll c:\windows\5012zirus2589.exe c:\windows\5041zworm9a.bin c:\windows\5056zirus591.bin c:\windows\506aaddwzre5779.ocx c:\windows\5156thie922z6.cpl c:\windows\5169vzrus7b9.cpl c:\windows\51757zpy49c.bin c:\windows\5175vi9108z.cpl c:\windows\5177vir29z5.bin c:\windows\5191not-a9vzrus258.cpl c:\windows\51dc9pywzr5840.exe c:\windows\5242zh9ef1450.exe c:\windows\5244zor59ff.cpl c:\windows\524dadz9are1495.bin c:\windows\534319rojz53.dll c:\windows\534ddo9nloadzr1891.cpl c:\windows\5374spar5e99z.exe c:\windows\5395tzreat6870.cpl c:\windows\5399ste59z805.exe c:\windows\53f3thief958z.ocx c:\windows\54765n9t-a-vizus398.dll c:\windows\5556v9rus77dz.ocx c:\windows\5570thr5at9660z.exe c:\windows\558dviz9375.dll c:\windows\5591thizf1814.dll c:\windows\5597addwar5z356.bin c:\windows\55a19ownloader201z.cpl c:\windows\5652sp9mzot63f.dll c:\windows\5693troj49cz.dll c:\windows\5733thzeat2595.exe c:\windows\5738wzrm559.ocx c:\windows\573bspazse2959.cpl c:\windows\5878zpa9bot235.ocx c:\windows\58z59py5e9.ocx c:\windows\5915troz451.dll c:\windows\591h5cztool654.exe c:\windows\5921hazktool7945.dll c:\windows\59235p9rse2z83.cpl c:\windows\59236trojz47.dll c:\windows\5954addwaze2399.exe c:\windows\595bstea92838z.exe c:\windows\595zpambot66b.dll c:\windows\595zthief9456.bin c:\windows\598zdownloader6579.ocx c:\windows\59caaddwar910z.bin c:\windows\59d9addwa9e3518z.cpl c:\windows\59f3backdzor1487.exe c:\windows\59z2spyware9599.dll c:\windows\5a47ad9ware53z9.ocx c:\windows\5a58z5r1094.bin c:\windows\5a5ds9yzare2405.cpl c:\windows\5a78spz95re2350.exe c:\windows\5af4ste59502z.bin c:\windows\5b575iz974.dll c:\windows\5b99tzief25539.bin c:\windows\5c089owzloader685.bin c:\windows\5c79steaz2556.ocx c:\windows\5c79vir7z2.ocx c:\windows\5dz85hief9464.exe c:\windows\5e52baczdoo92376.bin c:\windows\5f4bd5wnl9zder667.dll c:\windows\5f4edownlzad9r1485.ocx c:\windows\5f589ddzare848.ocx c:\windows\5f9espywar9z927.cpl c:\windows\5fb1v9z2083.bin c:\windows\5fbfvzr2988.bin c:\windows\5ff1thr5atz891.exe c:\windows\5z29downloader5011.ocx c:\windows\5z4f9hief1304.exe c:\windows\5z66back5o9r546.bin c:\windows\5z7495r1833.exe c:\windows\5za45i92843.ocx c:\windows\6077spzw5r91913.bin c:\windows\6268b5zkdoor1986.ocx c:\windows\62cspywar528z9.cpl c:\windows\644zspam5ot9ef.bin c:\windows\65f1ba9kd5or2z39.ocx c:\windows\65z3spa9bo588.cpl c:\windows\6637spa5b9t3efz.dll c:\windows\66z9sp5rse1044.ocx c:\windows\678zparse5159.ocx c:\windows\6962baczdoor5165.bin c:\windows\6b48threzt29506.bin c:\windows\6bcf5teal966z.bin c:\windows\6bd9sp5warz9319.exe c:\windows\6ccaback5zor999.exe c:\windows\6czsteal1059.cpl c:\windows\6ff2spzware29475.dll c:\windows\704abackdz5r1998.exe c:\windows\7095sparse26z1.dll c:\windows\70bd9ownloa5er129z.ocx c:\windows\712dt5ief14z09.exe c:\windows\71795zrm455.exe c:\windows\72ebtz95at8321.exe c:\windows\72f9tzie9150.ocx c:\windows\72z55ddware1999.exe c:\windows\734zvirus295.dll c:\windows\7361troz6659.ocx c:\windows\742zspyw9re1750.dll c:\windows\7449t5reat23148z.bin c:\windows\75bfstzal1869.dll c:\windows\7625addwzre3249.bin c:\windows\7753bac5door912z.dll c:\windows\783z9ir5614.bin c:\windows\78f3t5zeat13295.bin c:\windows\78zdthreat24509.bin c:\windows\794sp5waze1568.dll c:\windows\7951download5rz190.exe c:\windows\7951s5arse256z.cpl c:\windows\797edownlozde589.cpl c:\windows\79d45hrezt21213.ocx c:\windows\79d5szarse707.ocx c:\windows\7b18spyzar95307.cpl c:\windows\7b5cbac5doo92z52.cpl c:\windows\7b99zownloade922345.dll c:\windows\7c10do9nlozde513.dll c:\windows\7c6edownload5r123z9.bin c:\windows\7db9do5nloader3921z.dll c:\windows\7df8spar5z3902.exe c:\windows\7e3bdownloade59z5.cpl c:\windows\7e48zownloader29525.bin c:\windows\7ez49ddware251.dll c:\windows\7f419azkdoor2265.bin c:\windows\7z20spywa5e2890.cpl c:\windows\7z795py5e9.dll c:\windows\7z7cback5o9r738.cpl c:\windows\8045tr9j655z.ocx c:\windows\8502zorm798.ocx c:\windows\8720nzt-a5virus941.dll c:\windows\8fcdownzoa59r676.bin c:\windows\90627hacktozl355.dll c:\windows\90e3backdoor5199z.ocx c:\windows\91458trzj28e.bin c:\windows\915vz5408.bin c:\windows\9181ha9ktool5z6.ocx c:\windows\9184vir5sz8b9.exe c:\windows\91e2dowzloade52456.cpl c:\windows\9259worm58z.cpl c:\windows\926vir145z.exe c:\windows\92905tzoj5d1.bin c:\windows\937hackto9l75z.cpl c:\windows\939685py37z.exe c:\windows\93download5z181.exe c:\windows\94539not-a-vizu5486.ocx c:\windows\95059rm66z.exe c:\windows\9509zroj5999.bin c:\windows\95206hacktz5l1e3.bin c:\windows\95a5zir2357.exe c:\windows\961z5r1640.ocx c:\windows\9638hacktool59z.cpl c:\windows\96591troj5zf.ocx c:\windows\96a5zddware241.dll c:\windows\9725zpyw5re210.ocx c:\windows\97dthrzat210275.exe c:\windows\97z425irus3b5.exe c:\windows\9810th5eat13766z.ocx c:\windows\99264hacztoo52e1.ocx c:\windows\99z35teal1553.exe c:\windows\9b71threzt244945.exe c:\windows\9c95vir2z56.dll c:\windows\9e5bthizf2283.bin c:\windows\9ef8vzr2952.exe c:\windows\9z04tro9556.cpl c:\windows\9z80hack9ool52.ocx c:\windows\9za8spy5are2389.bin c:\windows\a8zpyware9595.ocx c:\windows\admintxt.txt c:\windows\b12ad9ware179z5.dll c:\windows\bfz59wnloader16.exe c:\windows\d8bthr9a5247z2.bin c:\windows\dd5backdoor2559z.cpl c:\windows\e5cbazkdo9r914.exe c:\windows\ec5sp9rse292z.exe c:\windows\system32\1026995zmbot5d6.ocx c:\windows\system32\1060zv9ru5555.dll c:\windows\system32\106azpar9e18525.cpl c:\windows\system32\11150woz97f0.ocx c:\windows\system32\11839pywzr52351.dll c:\windows\system32\12018v9rz513e.exe c:\windows\system32\12372hac59ozl10.dll c:\windows\system32\129bspars51z04.ocx c:\windows\system32\13000s5amboz5889.cpl c:\windows\system32\1401stez95655.ocx c:\windows\system32\142cste9l1275z.cpl c:\windows\system32\1440zp9mb5t48.ocx c:\windows\system32\14425not-5-virus59z.ocx c:\windows\system32\145509acztool765.cpl c:\windows\system32\14604t59j7a7z.dll c:\windows\system32\1504szamb9t350.cpl c:\windows\system32\1515zpambot4269.ocx c:\windows\system32\153575oz-a-viru97d9.cpl c:\windows\system32\1536vir59765z.exe c:\windows\system32\15374worm9ez.dll c:\windows\system32\15399spamzot635.ocx c:\windows\system32\15459spy35z.bin c:\windows\system32\154z7no5-a-virus91f.ocx c:\windows\system32\15567spamb9tzf1.ocx c:\windows\system32\155z9ir1846.dll c:\windows\system32\15655viz9s42f.bin c:\windows\system32\15709tr5z57b.exe c:\windows\system32\15954not-azvi5us1a9.dll c:\windows\system32\15z9thr5at5509.ocx c:\windows\system32\164759pamb5tz01.bin c:\windows\system32\1652s9amb5tz9e.ocx c:\windows\system32\16569spambzt13f.exe c:\windows\system32\1657v9r1894z.cpl c:\windows\system32\16948w9zm705.ocx c:\windows\system32\16cdt9zef5991.exe c:\windows\system32\16z195acktool6d1.dll c:\windows\system32\173bsp9rse2z55.cpl c:\windows\system32\175445r9j77z.dll c:\windows\system32\17bcbacz5oor968.bin c:\windows\system32\18255zp941d.bin c:\windows\system32\182765irus79dz.dll c:\windows\system32\1855thizf799.exe c:\windows\system32\185dbackdooz2579.bin c:\windows\system32\19155spy5zc.ocx c:\windows\system32\1915zhief577.bin c:\windows\system32\193435pambotz89.bin c:\windows\system32\19386s5amzot4f0.cpl c:\windows\system32\193z759rm194.cpl c:\windows\system32\19521not-azviruse2.bin c:\windows\system32\19548wozm354.bin c:\windows\system32\195529zoj3f7.dll c:\windows\system32\19574spy6zf.cpl c:\windows\system32\1958zspycf.dll c:\windows\system32\195fdo9nzoader2440.exe c:\windows\system32\19775viruz16a9.bin c:\windows\system32\199055zrm9e1.exe c:\windows\system32\19z095pambot644.dll c:\windows\system32\19z5ir1979.dll c:\windows\system32\1aads9ar5e1z73.ocx c:\windows\system32\1b77addw5r911z2.dll c:\windows\system32\1e90backzoor19275.cpl c:\windows\system32\1z056spam5o95d2.bin c:\windows\system32\1z0b5ddware2819.exe c:\windows\system32\1z559spy60d.bin c:\windows\system32\1z5troj95c.dll c:\windows\system32\20195zr98.dll c:\windows\system32\203465pam9zt718.exe c:\windows\system32\20499notz5-virus33.dll c:\windows\system32\206225acktool2z69.ocx c:\windows\system32\20926spy5z19.bin c:\windows\system32\20999worm53z.dll c:\windows\system32\2120zspam9ot1425.bin c:\windows\system32\2193259rus2fbz.dll c:\windows\system32\2195ba9kdoo5z221.cpl c:\windows\system32\21961za5kt9ol34c.dll c:\windows\system32\21z145pambot942.exe c:\windows\system32\2204spywarz3595.bin c:\windows\system32\22249notza-v5rus3b3.exe c:\windows\system32\23159hiez553.dll c:\windows\system32\23515spamz9t7f1.bin c:\windows\system32\23885zp59bot22f.ocx c:\windows\system32\23996spamboz7915.ocx c:\windows\system32\24318ha5ktzol419.exe c:\windows\system32\2437095zus58a.ocx c:\windows\system32\24946n9t-a-5irus177z.exe c:\windows\system32\25061szam59t77c.exe c:\windows\system32\25085spamb59zd.bin c:\windows\system32\25099trojze2.dll c:\windows\system32\25139zpy9f.ocx c:\windows\system32\25399szy2195.bin c:\windows\system32\2552zteal9127.exe c:\windows\system32\2559z9r1651.ocx c:\windows\system32\258zthief98055.ocx c:\windows\system32\25964zpy2d5.bin c:\windows\system32\25972troz9445.exe c:\windows\system32\2599vir1635z.dll c:\windows\system32\259z25ackto9l323.dll c:\windows\system32\25fdadd9are2525z.cpl c:\windows\system32\260609acztool435.bin c:\windows\system32\264zvi91125.ocx c:\windows\system32\26658spy9abz.ocx c:\windows\system32\26659zirus3f5.dll c:\windows\system32\2693s5ambzt340.bin c:\windows\system32\27085h9ezt25996.exe c:\windows\system32\277bszarse1956.dll c:\windows\system32\27938n5tza-virusef.exe c:\windows\system32\27b9addware5z5.cpl c:\windows\system32\27bzvi9215.exe c:\windows\system32\282275ro9zb1.exe c:\windows\system32\2864zspambo5679.bin c:\windows\system32\28726noz-5-virus439.bin c:\windows\system32\290995zrmb5.ocx c:\windows\system32\29190virus4zc5.dll c:\windows\system32\2923vi5us36z.dll c:\windows\system32\29462zpam5ot595.exe c:\windows\system32\29493hac5tool46z.cpl c:\windows\system32\29615wzrm19b5.dll c:\windows\system32\29975hazktool7d5.bin c:\windows\system32\29995w5rm4z2.dll c:\windows\system32\299bzdd5are1887.cpl c:\windows\system32\299z6sp5455.exe c:\windows\system32\29z7steal16135.dll c:\windows\system32\29z955p916a.dll c:\windows\system32\29z995acktool2a.cpl c:\windows\system32\2bfe5o9nloadez2896.dll c:\windows\system32\2c5cdow9loaderz45.bin c:\windows\system32\2cc8backd9zr3150.exe c:\windows\system32\2d149teaz31415.exe c:\windows\system32\2e5f9p5zare292.bin c:\windows\system32\2f63zpy5a9e556.exe c:\windows\system32\2f9csp5zare516.dll c:\windows\system32\2z099troj659.cpl c:\windows\system32\2z925v5rus542.ocx c:\windows\system32\2za79a5kdoor821.bin c:\windows\system32\304c95zal2979.dll c:\windows\system32\30610spzmbot5e9.bin c:\windows\system32\30715hackzool960.bin c:\windows\system32\3112ztr9j5ad5.exe c:\windows\system32\31491zro5413.cpl c:\windows\system32\3154addware2z59.dll c:\windows\system32\318655ot-a-vzru91e.exe c:\windows\system32\3192v5ruz698.exe c:\windows\system32\32096not-a5zirus38e.dll c:\windows\system32\322689py5ze.bin c:\windows\system32\322b5h9eaz22125.cpl c:\windows\system32\325z19pamb5t1.exe c:\windows\system32\32d9thr5at20z32.dll c:\windows\system32\3345dowzlo9der842.bin c:\windows\system32\3505back9oorz04.dll c:\windows\system32\355zspyware9070.dll c:\windows\system32\3567down9oaze5549.bin c:\windows\system32\35b6addwa9ez072.ocx c:\windows\system32\35bf9tzal3053.dll c:\windows\system32\37cdszy5are6959.bin c:\windows\system32\3814not-a-v59us4dz.dll c:\windows\system32\3840not95-virzs7f5.bin c:\windows\system32\39163spy5zb.bin c:\windows\system32\3919hazktool5dd5.exe c:\windows\system32\391cstza519749.cpl c:\windows\system32\3921zpambo559d.exe c:\windows\system32\3934n95-a-zirus96.cpl c:\windows\system32\39z9spywar51634.bin c:\windows\system32\3b095ir2z86.ocx c:\windows\system32\3b5evzr1399.dll c:\windows\system32\3b97bzckdoor3533.dll c:\windows\system32\3c50ad9ware13z2.bin c:\windows\system32\3c53zd95are2960.dll c:\windows\system32\3c54bazkdoor29995.cpl c:\windows\system32\3c85vi9539z.ocx c:\windows\system32\3caz9ownloader885.cpl c:\windows\system32\3d09th5eaz30074.exe c:\windows\system32\3f5aaddwa9e9z95.ocx c:\windows\system32\4055326820.dll c:\windows\system32\41a5threat2z592.bin c:\windows\system32\429cthr5a916592z.bin c:\windows\system32\42a2zp5ware9221.bin c:\windows\system32\4343szeal1945.ocx c:\windows\system32\4413szeal15599.exe c:\windows\system32\444fspar5e25z19.ocx c:\windows\system32\451fzddware9039.ocx c:\windows\system32\4559sparsz2527.bin c:\windows\system32\4584v9ruz35d.exe c:\windows\system32\45909zt-5-virus279.ocx c:\windows\system32\45z9spa5se545.bin c:\windows\system32\47b1t9r5at3166z.exe c:\windows\system32\4a39downlozde916915.bin c:\windows\system32\4a555ddware9z04.cpl c:\windows\system32\4a93s9eal1z51.exe c:\windows\system32\4b93d5wnloader151z.exe c:\windows\system32\4bc5tzal9102.bin c:\windows\system32\4c84do9nzoade52924.ocx c:\windows\system32\4ceadow5loazer934.dll c:\windows\system32\4d949oznloader3059.exe c:\windows\system32\4e5fstea954z.ocx c:\windows\system32\4f06sz9al20585.dll c:\windows\system32\4f5ethi951266z.dll c:\windows\system32\4faczo9nloader5504.dll c:\windows\system32\4z589hreat15875.bin c:\windows\system32\4zc5threat99459.bin c:\windows\system32\5007z5wnl9ader298.cpl c:\windows\system32\503adow5zoader1945.exe c:\windows\system32\50679virusadz.dll c:\windows\system32\50700hacktoo95z6.bin c:\windows\system32\5123d9wnloade52428z.ocx c:\windows\system32\5161thief9260z.exe c:\windows\system32\517195arse5z6.exe c:\windows\system32\52555pywaze9971.ocx c:\windows\system32\52c1sparse92z.cpl c:\windows\system32\53169h9cktoolzd0.ocx c:\windows\system32\533cdzwnloader2929.cpl c:\windows\system32\5353b9ckdooz5013.exe c:\windows\system32\53e5spazse3599.ocx c:\windows\system32\5454worm9f5z.bin c:\windows\system32\5464ztr9j41.dll c:\windows\system32\5511sp9rsez702.cpl c:\windows\system32\5520zddwa9e3094.bin c:\windows\system32\552bst9al569z.bin c:\windows\system32\5538viz2749.cpl c:\windows\system32\5555trojz549.exe c:\windows\system32\5579t5o95b9z.cpl c:\windows\system32\559dspywarz9225.bin c:\windows\system32\55b1backdoor1z97.dll c:\windows\system32\560ct9iez484.bin c:\windows\system32\561edownzoad9r1155.bin c:\windows\system32\56487spy27z9.bin c:\windows\system32\5651n59-a-vzrus54e.dll c:\windows\system32\5699vz927145.ocx c:\windows\system32\56z5thief29299.ocx c:\windows\system32\5706threatz794.exe c:\windows\system32\57089zoj7415.cpl c:\windows\system32\5750spyw5re4z9.exe c:\windows\system32\57d2sp9w5re29z4.dll c:\windows\system32\57d95hzef2597.exe c:\windows\system32\584vir2198z.exe c:\windows\system32\5902spam5ot2z1.ocx c:\windows\system32\59c9spar5e2252z.exe c:\windows\system32\59z09pambot3a.bin c:\windows\system32\59z45hacktool56e.bin c:\windows\system32\59z4sp9w5re2572.cpl c:\windows\system32\5a35zh9eat230095.bin c:\windows\system32\5a62t9ief5z3.dll c:\windows\system32\5b0fbackdo9z1526.ocx c:\windows\system32\5b9bthief1z75.bin c:\windows\system32\5bdzsparse9610.dll c:\windows\system32\5bfb5ackdoor2z699.dll c:\windows\system32\5d99adzware17025.cpl c:\windows\system32\5effz9wnloade51849.dll c:\windows\system32\5z90wor9554.bin c:\windows\system32\5z94spyware512.cpl c:\windows\system32\5z989py785.bin c:\windows\system32\5zc9t9r5at11655.exe c:\windows\system32\603az9r185.exe c:\windows\system32\604bthreaz5945.ocx c:\windows\system32\60c9thiefz517.exe c:\windows\system32\625dstzal2409.bin c:\windows\system32\6389spyw5re1z86.ocx c:\windows\system32\638cdo5nloadzr1239.bin c:\windows\system32\6472wo5z72c9.exe c:\windows\system32\64z9steal5499.cpl c:\windows\system32\6522spars9z521.ocx c:\windows\system32\6595wozm6e25.exe c:\windows\system32\659cthief283z.ocx c:\windows\system32\65z7addwa5e1939.cpl c:\windows\system32\6615th9eat28177z.dll c:\windows\system32\6645backdoorz7069.dll c:\windows\system32\681ztroj7d95.cpl c:\windows\system32\6855zpyware31569.cpl c:\windows\system32\6859ha5kto9lz6a.ocx c:\windows\system32\68dcspa59e8z4.ocx c:\windows\system32\6950vir14z5.dll c:\windows\system32\6958tzreat22932.exe c:\windows\system32\6zc45ddware2509.dll c:\windows\system32\7083sp5z9ot15d.ocx c:\windows\system32\72e9stea53z26.cpl c:\windows\system32\7523spy9zf.ocx c:\windows\system32\7575addwzr92367.dll c:\windows\system32\7578zackdoor1849.cpl c:\windows\system32\76d8addwarz795.bin c:\windows\system32\77z4b5ckd9or763.bin c:\windows\system32\77zcs9eal5315.cpl c:\windows\system32\7887zi91555.cpl c:\windows\system32\7893spz256.exe c:\windows\system32\7909not-azvirus454.ocx c:\windows\system32\7934backdoo5254z.exe c:\windows\system32\7953s9ealz202.bin c:\windows\system32\7967t5ief50z.ocx c:\windows\system32\7b48downlo5derz609.cpl c:\windows\system32\7d94t5rezt18827.dll c:\windows\system32\7fezs59al3065.dll c:\windows\system32\7z56thief199.ocx c:\windows\system32\7zf5steal9734.cpl c:\windows\system32\7zf7addwar519129.cpl c:\windows\system32\8029not9azvirus15c.bin c:\windows\system32\842zsp5mbo955f.bin c:\windows\system32\85439ot-z-vir5s1ec.cpl c:\windows\system32\8953h95ktzol181.dll c:\windows\system32\895ztroj353.exe c:\windows\system32\8z75hackt5o9f5.dll c:\windows\system32\90easpyware254z.dll c:\windows\system32\90sz5mbot412.cpl c:\windows\system32\915adoznloader2035.exe c:\windows\system32\91833h5cktool7caz.cpl c:\windows\system32\919zaddwa5e1415.bin c:\windows\system32\9255wozm19f.exe c:\windows\system32\9255zac5tool791.bin c:\windows\system32\9348znot-a-vir5s2d7.ocx c:\windows\system32\9371stezl1995.dll c:\windows\system32\94985zrm1d6.bin c:\windows\system32\9529sp52z5.bin c:\windows\system32\9595addwarez88.bin c:\windows\system32\95stealz485.ocx c:\windows\system32\97059worm3zf.cpl c:\windows\system32\9825spambzt6b9.ocx c:\windows\system32\9849znot-a-v5rusa8.exe c:\windows\system32\98z77hacktool52f5.dll c:\windows\system32\992zs9y5e9.cpl c:\windows\system32\9945n5t-a-vizus74f.dll c:\windows\system32\99570hacktool55fz.ocx c:\windows\system32\99z3t5oj1cc.bin c:\windows\system32\9bzsparse5263.ocx c:\windows\system32\9f5bsparse187z.exe c:\windows\system32\9za95hief215.bin c:\windows\system32\9zb1vir2532.ocx c:\windows\system32\b68spa59e24z2.exe c:\windows\system32\b9zthief3105.ocx c:\windows\system32\c99s5eal99z9.exe c:\windows\system32\drivers\gxvxcxpeowtevoibcqqpgqxwtpskfjkxxrttr.sys c:\windows\system32\e75ba9kdozr3162.dll c:\windows\system32\eb9s5ywaze143.bin c:\windows\system32\f5795dwzre3213.cpl c:\windows\system32\gxvxccount c:\windows\system32\gxvxcivctqtiarpvteqtugicvfhenrssfblup.dll c:\windows\System32\gxvxcyytcusqngcxwenebeirwvlyxemvmbpeu.dll c:\windows\system32\winio.vxd c:\windows\system32\z1193spa5bot5a8.cpl c:\windows\system32\z475threa525169.ocx c:\windows\system32\z47back9oor1945.cpl c:\windows\system32\z496worm25c.bin c:\windows\system32\z49csp9rse5143.exe c:\windows\system32\z5268v9rus560.bin c:\windows\system32\z5352spy79f9.exe c:\windows\system32\z5796virus64c.ocx c:\windows\system32\z5961n9t-a-virus734.cpl c:\windows\system32\z645t59ja2.ocx c:\windows\system32\z8169not-9-virus759.dll c:\windows\system32\zadthief9585.bin c:\windows\system32\zb629ownloader569.dll c:\windows\system32\zd69do5nloa9er2485.dll c:\windows\system32\ze409hi5f2061.dll c:\windows\system32\ze56v9r975.ocx c:\windows\system32\zf5cs9arse555.dll c:\windows\Tasks\bihyfaaf.job c:\windows\z1492n5t-a-virus352.bin c:\windows\z15109py256.bin c:\windows\z1569vi9us59a.dll c:\windows\z2924wor51cb.dll c:\windows\z5205hackto9l457.cpl c:\windows\z67379p5731.dll c:\windows\z7f4addware53699.bin c:\windows\z83589roj2595.ocx c:\windows\z953w5rm698.exe c:\windows\z9989ir15.dll c:\windows\zb19d59nloader914.bin c:\windows\zeda9ir1599.bin c:\windows\zf315py9are2797.exe D:\install.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_gxvxcserv.sys -------\Service_gxvxcserv.sys ((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 ))))))))))))))))))))))))))))))) . 2009-09-27 03:38 . 2009-09-27 03:39 -------- d-----w- c:\users\HLB JOXA SEHAYEK\AppData\Local\temp 2009-09-20 20:57 . 2009-09-20 20:57 -------- d-----w- c:\program files\iPhone Configuration Utility 2009-09-20 20:56 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-09-20 20:56 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-09-20 20:55 . 2009-09-20 20:55 -------- d-----w- c:\program files\iPod 2009-09-20 20:55 . 2009-09-20 20:56 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-20 20:55 . 2009-09-20 20:56 -------- d-----w- c:\program files\iTunes 2009-09-16 07:08 . 2009-09-16 07:08 -------- d-----w- c:\programdata\IObit 2009-09-16 07:03 . 2009-09-16 07:03 -------- d-----w- c:\program files\Trend Micro 2009-09-16 07:02 . 2009-09-16 07:02 -------- d-----w- c:\programdata\F-Secure 2009-09-16 06:59 . 2009-09-16 06:59 -------- d-----w- c:\program files\AxBx 2009-09-16 06:52 . 2009-09-16 06:53 -------- d-----w- c:\program files\QuickTime 2009-09-16 06:36 . 2008-07-17 20:13 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-09-16 06:10 . 2009-09-16 06:10 -------- d-----w- c:\users\HLB JOXA SEHAYEK\AppData\Roaming\AeroSnapApp 2009-09-16 06:10 . 2009-09-16 06:10 -------- d-----w- c:\users\HLB JOXA SEHAYEK\AppData\Local\AeroSnapApp 2009-09-16 06:09 . 2009-09-16 06:09 -------- d-----w- c:\program files\AeroSnap 2009-09-14 21:29 . 2009-09-14 21:29 -------- d-----w- c:\program files\CodeGazer 2009-09-14 21:26 . 2009-09-14 21:33 -------- d-----w- c:\program files\RocketDock 2009-09-14 21:20 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-14 21:20 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-14 21:20 . 2009-09-14 21:20 -------- d-----w- c:\program files\Avira 2009-09-13 22:56 . 2009-09-14 21:20 -------- d-----w- c:\programdata\Avira 2009-09-01 04:50 . 2009-09-01 04:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-09-01 04:50 . 2009-09-11 01:29 -------- d-----w- c:\users\HLB JOXA SEHAYEK\AppData\Roaming\skypePM 2009-09-01 04:49 . 2009-09-11 01:32 -------- d-----w- c:\programdata\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-27 03:39 . 2008-08-07 19:12 -------- d-----w- c:\users\HLB JOXA SEHAYEK\AppData\Roaming\DNA 2009-09-27 03:39 . 2008-08-07 19:12 -------- d-----w- c:\program files\DNA 2009-09-26 23:45 . 2008-05-22 23:10 680 ----a-w- c:\users\HLB JOXA SEHAYEK\AppData\Local\d3d9caps.dat 2009-09-26 03:45 . 2009-03-16 17:16 -------- d-----w- c:\programdata\Google Updater 2009-09-20 20:55 . 2009-02-03 04:04 -------- d-----w- c:\program files\Common Files\Apple 2009-09-19 16:03 . 2009-08-15 08:19 -------- d-----w- c:\program files\Heroes of Newerth 2009-09-17 00:36 . 2008-05-23 02:54 -------- d-----w- c:\programdata\WLInstaller 2009-09-16 07:10 . 2008-12-04 17:42 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-16 07:08 . 2008-12-22 00:38 -------- d-----w- c:\program files\IObit 2009-09-14 22:13 . 2008-11-02 21:03 -------- d-----w- c:\program files\Electronic Arts 2009-09-14 21:55 . 2009-03-12 18:38 -------- d-----w- c:\program files\Pcsx2 2009-09-14 21:46 . 2007-07-10 22:45 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-14 21:46 . 2008-09-07 16:52 -------- d-----w- c:\program files\Activision 2009-09-14 21:30 . 2008-05-26 20:23 240128 ----a-w- c:\windows\system32\uxtheme.dll 2009-09-14 21:30 . 2008-05-26 20:22 615424 ----a-w- c:\windows\system32\themeui.dll 2009-09-14 01:39 . 2008-05-28 05:16 -------- d-----w- c:\users\HLB JOXA SEHAYEK\AppData\Roaming\uTorrent 2009-09-11 06:48 . 2008-05-23 02:54 -------- d-----w- c:\program files\Windows Live 2009-09-08 22:07 . 2009-03-16 17:16 -------- d-----w- c:\program files\Google 2009-09-03 00:05 . 2008-09-15 01:03 -------- d-----w- c:\programdata\Installations 2009-09-03 00:04 . 2008-09-14 21:46 -------- d-----w- c:\program files\Nokia 2009-09-03 00:04 . 2008-11-14 05:43 -------- d-----w- c:\program files\Common Files\Nokia 2009-08-26 01:58 . 2009-08-04 21:27 -------- d-----w- c:\program files\Warcraft III 2009-08-26 01:58 . 2009-08-04 21:29 79535 ----a-w- c:\windows\War3Unin.dat 2009-08-17 03:20 . 2008-09-01 02:53 -------- d-----w- c:\program files\Steam 2009-08-16 20:00 . 2008-09-01 02:53 -------- d-----w- c:\program files\Common Files\Steam 2009-08-14 12:49 . 2009-08-07 20:17 -------- d-----w- c:\program files\StealthBot 2009-08-14 10:44 . 2008-12-09 00:28 -------- d-----w- c:\programdata\PMB Files 2009-08-04 21:33 . 2009-08-04 21:29 2829 ----a-w- c:\windows\War3Unin.pif 2009-08-04 21:33 . 2009-08-04 21:29 139264 ----a-w- c:\windows\War3Unin.exe 2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll 2009-07-15 23:30 . 2009-07-15 23:30 104 ----a-w- c:\users\HLB JOXA SEHAYEK\AppData\Local\fusioncache.dat 2009-07-03 14:49 . 2009-07-11 23:52 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-07-03 14:49 . 2009-07-11 23:55 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ------- Sigcheck ------- [-] 2009-09-14 . 5B8AB8E9F38BC52ECD183B099093C2BD . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll [7] 2008-01-19 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll [7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-09 318272] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "AeroSnap"="c:\program files\AeroSnap\AeroSnap.exe" [2008-12-06 886784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCUTRAYICON"="FactoryMode" [X] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 204908] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-06-15 326440] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-04-06 439768] "Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-09-02 1216272] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-16 149280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-10 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^HLB JOXA SEHAYEK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\users\HLB JOXA SEHAYEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^HLB JOXA SEHAYEK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\HLB JOXA SEHAYEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A5E2F4F9-4ACC-49D9-8E12-34C554A9F1C5}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{CB7A8998-4B1E-4D90-B5D9-67E2D40F82F4}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine "{D7C7B185-CD7A-4FB4-9C8F-E488FF26D873}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia "{41DCE02C-9070-4DE4-A4AA-097557D75583}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician "{9361F589-2C58-4607-9F3E-7EDDFC19A2FB}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician "{6C205EE7-6E99-49C4-974F-7B80F2BBA6F0}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect "{5A8AD70F-9DD5-4D8A-9B7C-E626EC865F3A}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service "{A6F6AFBC-E5E3-4FE5-99E2-7A541B465AFF}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD "{712344DC-3475-4A33-8CE2-9D00FC463310}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{287BA272-D032-433E-A8A7-6AEDD2FA4BEC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{75284F45-861C-4441-9630-AC6A462016CC}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{C3D99366-E8C4-4652-B3E8-74B29C8764AC}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{568C8884-2C60-4D86-BA15-D571EE7FA4C8}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{536E9201-0A0C-4D66-998C-959ACE8C6B66}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{EECF479E-3863-4263-AFAF-BC9813D7F0C7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{3A7696C4-9661-4E84-8CB4-C002BD1EE33A}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{5AE3576C-80AC-4692-8319-9B0CD7C0AEAB}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery "{86352F35-BCA7-4D77-9C18-DD98D8C826CA}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery "{53545FA4-8FA4-4011-8589-7F6D679763B0}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{8157B94C-7D7B-4127-BEF0-7B32DBE0852C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{363D997B-7971-4D68-83A9-4153FC71DE24}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{173FF63E-8300-4D83-8AF7-EDA7B6F425B4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{364A1CD2-14D7-4FE1-8838-22FCC48D4AE1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{706AA78A-3607-4F60-AA31-6F959C9387F7}"= UDP:c:\program files\DNA\btdna.exe:DNA "{F1953D8F-59DB-4DF0-BDD4-FCFB951008C2}"= TCP:c:\program files\DNA\btdna.exe:DNA "{D41D819A-99E6-4C87-AFBF-842BB9421079}"= UDP:c:\program files\DNA\btdna.exe:DNA "{9BB2432E-0EE8-4188-A05A-5B43F1EEF4D1}"= TCP:c:\program files\DNA\btdna.exe:DNA "{460132D6-84B6-411E-8DB4-14C8F33F9EEA}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager "{C4C4948C-178C-4217-A061-E49691722293}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager "{3655DAA8-C339-408C-9C92-EF3FF835719C}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core "{072EB3E0-41D8-4E90-8E4E-F6E40B1F8BF9}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core "TCP Query User{2907429B-1F95-44F8-A727-BFF8DFB4F5C9}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{CBD1D0B2-8826-4EBB-BA1C-AFBF8C02DA59}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{C2944B78-6767-4D09-956C-E86A7A26DA94}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{DF30D748-D042-46F2-8172-B802F341CF6B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{188070BE-E3B8-44C5-931B-FEA1B90DF827}c:\\program files\\steam\\steamapps\\yngavz\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\yngavz\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{552BF901-791F-4157-B3DE-896B3B04DDF1}c:\\program files\\steam\\steamapps\\yngavz\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\yngavz\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{C41E9A0F-E75F-4ED8-B7CE-A2E3164AA50E}c:\\program files\\steam\\steamapps\\yngavz\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yngavz\counter-strike source\hl2.exe:hl2 "UDP Query User{BF538EEC-DE93-4599-97BE-EB37B76C9170}c:\\program files\\steam\\steamapps\\yngavz\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yngavz\counter-strike source\hl2.exe:hl2 "{96EA5C6E-4A45-49F9-9871-AC9E901CD8AA}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{B3A8A781-6E5E-4B04-A8E5-F11FC0DDFF7A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{814A9B19-66E8-4370-A27A-BDE0C1EA3433}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{42A3ABC8-FD4A-402D-BD9D-C37E1B3A580F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{8B6FEBAD-1A7C-42D3-ADF7-DF4E3B8FBD3B}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{8A51C42B-F12B-4ECA-B7DC-1F2D37A11201}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{327F0959-1ED0-405E-B0E9-AA523413AE42}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{9C1DCD7F-E8DF-4F69-8FF9-5C8C36F7A31D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{7FE0BE20-EABE-44D8-A3F6-F384D641D3BA}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{59F4A8DB-6A1C-4E60-9EC1-891D9690D94C}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{F6CD34F1-9C3B-451E-863D-922109C8EF91}c:\\program files\\steam\\steamapps\\yngavz\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\yngavz\source sdk base\hl2.exe:hl2 "UDP Query User{64E87D11-864D-4244-9C56-0C9B79D61F35}c:\\program files\\steam\\steamapps\\yngavz\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\yngavz\source sdk base\hl2.exe:hl2 "TCP Query User{C220484B-99E8-4815-84AB-F51925A91852}c:\\ijji\\english\\u_gbound.exe"= UDP:c:\ijji\english\u_gbound.exe:<ijji Downloader> "UDP Query User{16EAE43C-AF3E-449C-8F8A-2F811A1867D3}c:\\ijji\\english\\u_gbound.exe"= TCP:c:\ijji\english\u_gbound.exe:<ijji Downloader> "TCP Query User{2E1A8D74-B821-4DFD-9DBB-93E9749CF585}c:\\ijji\\english\\gunbound revolution\\gunbound.gme"= UDP:c:\ijji\english\gunbound revolution\gunbound.gme:GunBound "UDP Query User{7025C1D0-822E-4325-A222-E71C7647BEBF}c:\\ijji\\english\\gunbound revolution\\gunbound.gme"= TCP:c:\ijji\english\gunbound revolution\gunbound.gme:GunBound "TCP Query User{EA09C863-5B3D-42A7-BE3E-09BE78A2E5D9}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{52836331-188D-4113-A0F9-08497187A357}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{91A06BAD-8B58-4F39-86AF-53A7BDC48DAB}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{62795113-EA2D-486A-BD44-78B2552FB6F2}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{290EE989-2BA7-4687-86F3-74A206848C3C}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{CF2D9865-6873-4F82-B464-99D58F51A0C3}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{3A15444F-3B54-423A-B9A6-82D55656586E}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{2C18F8BA-7615-4B18-913C-0FDB3BE71084}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{1D1C7614-0E28-485A-AE7B-C479C336B702}c:\\program files\\steam\\steamapps\\yngavz\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yngavz\zombie panic! source\hl2.exe:hl2 "UDP Query User{147D4C35-1F01-43F1-A613-6F90B47983FD}c:\\program files\\steam\\steamapps\\yngavz\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yngavz\zombie panic! source\hl2.exe:hl2 "TCP Query User{B6CA5EC5-B0E9-46E2-933E-58A74C2A36EC}c:\\program files\\steam\\steamapps\\yngavz\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\yngavz\insurgency\hl2.exe:hl2 "UDP Query User{D2B406CC-343E-4F97-B0F2-8C24B64DBB0E}c:\\program files\\steam\\steamapps\\yngavz\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\yngavz\insurgency\hl2.exe:hl2 "TCP Query User{E3DD73AE-F197-4EC5-B891-1F7B609DFFFB}c:\\program files\\steam\\steamapps\\yngavz\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\yngavz\age of chivalry\hl2.exe:hl2 "UDP Query User{0860C7F3-C95A-4C55-B1F9-2AD6370704F2}c:\\program files\\steam\\steamapps\\yngavz\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\yngavz\age of chivalry\hl2.exe:hl2 "TCP Query User{6AF8D28B-2D6C-4CDD-BFFB-3D84695CE1C6}c:\\program files\\steam\\steamapps\\laoboi13\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\laoboi13\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{130B6B57-B8FB-4BA4-998A-C342743276D9}c:\\program files\\steam\\steamapps\\laoboi13\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\laoboi13\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{BE2E369B-F01B-4C62-97D4-A498C3398E42}c:\\program files\\steam\\steamapps\\laoboi13\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\laoboi13\age of chivalry\hl2.exe:hl2 "UDP Query User{862E4217-2BA6-4675-9F9B-9CB9AD9FB0BC}c:\\program files\\steam\\steamapps\\laoboi13\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\laoboi13\age of chivalry\hl2.exe:hl2 "TCP Query User{B637BE93-3081-41AB-BBF0-BC85EA5044F4}c:\\program files\\steam\\steamapps\\laoboi13\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\laoboi13\condition zero\hl.exe:Half-Life Launcher "UDP Query User{1AEF1818-F905-4BC7-8D34-BD53A71A830F}c:\\program files\\steam\\steamapps\\laoboi13\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\laoboi13\condition zero\hl.exe:Half-Life Launcher "TCP Query User{AF18DE7D-79BA-47BD-9349-D2F9DBC26B7B}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{7836ED90-B0FC-421D-B9B2-0258CA3E5A65}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "TCP Query User{A501EF13-2908-4745-9E9B-E3F445CB5802}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™ "UDP Query User{394D5BE0-7297-4BE6-BD5C-625DCA06A93A}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™ "TCP Query User{8294FF76-97A4-4420-9F94-178CD57D6F94}c:\\program files\\steam\\steamapps\\laoboi13\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\laoboi13\zombie panic! source\hl2.exe:hl2 "UDP Query User{B35E1DF1-0006-4D27-85D3-555ED6054BAD}c:\\program files\\steam\\steamapps\\laoboi13\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\laoboi13\zombie panic! source\hl2.exe:hl2 "{BB2EFB75-1B50-4C44-85AC-0E71BE71BCE6}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) "{DD9B65A8-21AC-42D4-881C-20A14E6A31DE}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) "{8F6D11D8-D750-4EDF-B3D1-6C28FBC9231B}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) "{AA77C271-59A4-4E43-ACBE-9AD82A52E0C5}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) "TCP Query User{ACE24680-B69B-475C-B457-0CFA0068EFBF}c:\\users\\hlb joxa sehayek\\appdata\\local\\temp\\java_ee_sdk-5_06-windows.exe2\\package\\jre\\bin\\javaw.exe"= UDP:c:\users\hlb joxa sehayek\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe:javaw.exe "UDP Query User{EB343B69-A125-4858-98CD-C630784DE471}c:\\users\\hlb joxa sehayek\\appdata\\local\\temp\\java_ee_sdk-5_06-windows.exe2\\package\\jre\\bin\\javaw.exe"= TCP:c:\users\hlb joxa sehayek\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe:javaw.exe "TCP Query User{BDECC8A0-CDA2-44B6-B111-5B916C003BBF}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad "UDP Query User{B3427221-5D8B-45E2-B7F6-10B7927E5B16}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad "TCP Query User{677B7781-E078-4583-8BB7-B467254F5B94}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{E650A13E-8A28-47E1-B05E-FF7C391B15EF}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{1807208B-E4B9-4C81-9934-C37060DF571D}c:\\program files\\mm2knet\\ghost++\\ghost.exe"= UDP:c:\program files\mm2knet\ghost++\ghost.exe:ghost "UDP Query User{44D82695-5BB6-4475-BBDB-4FB70EA2C0FC}c:\\program files\\mm2knet\\ghost++\\ghost.exe"= TCP:c:\program files\mm2knet\ghost++\ghost.exe:ghost "TCP Query User{30A609AA-4946-4A01-9862-EC9694706115}c:\\users\\public\\games\\world of warcraft trial\\repair.exe"= UDP:c:\users\public\games\world of warcraft trial\repair.exe:Blizzard Repair Utility "UDP Query User{ED085905-CBAA-47E1-BAE7-33ABCF0BA407}c:\\users\\public\\games\\world of warcraft trial\\repair.exe"= TCP:c:\users\public\games\world of warcraft trial\repair.exe:Blizzard Repair Utility "TCP Query User{336DEA26-942E-4A22-A2BB-492EEA47F678}c:\\program files\\steam\\steamapps\\hlbjoxa\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\hlbjoxa\insurgency\hl2.exe:hl2 "UDP Query User{06043B63-E157-4CBB-993C-1A601001B1CF}c:\\program files\\steam\\steamapps\\hlbjoxa\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\hlbjoxa\insurgency\hl2.exe:hl2 "{57721BEF-C989-41C7-8341-3D7ECBE82F98}"= UDP:5353:Adobe CSI CS4 "{0D79022B-2F68-46D3-A2F9-86A0F2DE6599}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{98591A07-D2B0-42AA-B36B-4C2F01D2A51C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "TCP Query User{C8666CD2-D911-4B09-9D6D-C47ED0DBE285}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{C5363185-B138-47C7-B7C8-D391094B55B6}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "TCP Query User{7D33854B-1B3D-4B16-A348-78873FD521D3}c:\\program files\\yugioh virtual dueling\\yugioh virtual desktop 9.exe"= UDP:c:\program files\yugioh virtual dueling\yugioh virtual desktop 9.exe:YGO Virtual Desktop Executable "UDP Query User{E7333C9E-424B-4E28-ADD8-F6AEADDDE991}c:\\program files\\yugioh virtual dueling\\yugioh virtual desktop 9.exe"= TCP:c:\program files\yugioh virtual dueling\yugioh virtual desktop 9.exe:YGO Virtual Desktop Executable "{57193860-D9FE-4AA8-92B3-561AF7CECAA4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{4ABEEDCD-A1B4-434B-9098-E563679D7A2B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{92DF7735-837A-4E1D-9E84-8E45B06E2867}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{D155CF65-D1C7-4187-9722-3896E34DE75F}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "TCP Query User{EA6CC876-23D4-4962-BE99-154939AEAA11}c:\\program files\\graboid\\graboidvideo\\1.4.0.0\\dlmanager\\graboiddlmanager.exe"= UDP:c:\program files\graboid\graboidvideo\1.4.0.0\dlmanager\graboiddlmanager.exe:SABnzbd-0.2.5 "UDP Query User{50F22CE7-B02A-4BDA-B278-FA602016D90C}c:\\program files\\graboid\\graboidvideo\\1.4.0.0\\dlmanager\\graboiddlmanager.exe"= TCP:c:\program files\graboid\graboidvideo\1.4.0.0\dlmanager\graboiddlmanager.exe:SABnzbd-0.2.5 "TCP Query User{51447D0B-2DD2-4F0C-9984-873B4FCBD627}c:\\users\\hlb joxa sehayek\\desktop\\new folder\\server.exe"= UDP:c:\users\hlb joxa sehayek\desktop\new folder\server.exe:server.exe "UDP Query User{8B6493B0-F530-4EB6-8F83-E757FDEAFC70}c:\\users\\hlb joxa sehayek\\desktop\\new folder\\server.exe"= TCP:c:\users\hlb joxa sehayek\desktop\new folder\server.exe:server.exe "{6C472973-CBAA-4F9A-A6FA-A65EEC835190}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{C86F369A-B320-415E-8097-0D7B327770FD}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "TCP Query User{3DAD4620-5D88-41AF-973C-1A3E26FD1565}c:\\users\\hlb joxa sehayek\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\hlb joxa sehayek\appdata\local\google\chrome\application\chrome.exe:chrome.exe "UDP Query User{BFA73B8D-3BE7-4759-8FB8-255D5EF396AB}c:\\users\\hlb joxa sehayek\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\hlb joxa sehayek\appdata\local\google\chrome\application\chrome.exe:chrome.exe "TCP Query User{819BD3FB-CF1C-42A7-B837-826767956611}c:\\users\\hlb joxa sehayek\\documents\\downloads\\pickup.listchecker.exe"= UDP:c:\users\hlb joxa sehayek\documents\downloads\pickup.listchecker.exe:pickup.listchecker.exe "UDP Query User{9E3A168E-FA93-4E48-B6E9-1BBFAC2A5BBC}c:\\users\\hlb joxa sehayek\\documents\\downloads\\pickup.listchecker.exe"= TCP:c:\users\hlb joxa sehayek\documents\downloads\pickup.listchecker.exe:pickup.listchecker.exe "TCP Query User{834A4924-CE7D-4009-83E5-655AB4309377}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena "UDP Query User{C5D57A11-13B4-4111-95E2-D6CECDA4DFB0}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena "TCP Query User{81767AA0-D17F-4782-B2E5-B917FA599668}c:\\program files\\steam\\steamapps\\hlbjoxa\\dystopia\\hl2.exe"= UDP:c:\program files\steam\steamapps\hlbjoxa\dystopia\hl2.exe:hl2 "UDP Query User{2072826B-A5A4-4DF8-B310-E41AA05FDDF5}c:\\program files\\steam\\steamapps\\hlbjoxa\\dystopia\\hl2.exe"= TCP:c:\program files\steam\steamapps\hlbjoxa\dystopia\hl2.exe:hl2 "{DD99D9E0-74C0-47B8-AD2A-7AE32250FAFC}"= UDP:c:\games\DotA Allstars\DotA Allstars.exe:DotA Allstars "{244EC60E-858B-474D-A4CD-C9715B12D569}"= TCP:c:\games\DotA Allstars\DotA Allstars.exe:DotA Allstars "TCP Query User{7EC1D8A0-C1B4-429F-8158-CA7F5DA92AB5}c:\\users\\hlb joxa sehayek\\desktop\\pickup.listchecker.exe"= UDP:c:\users\hlb joxa sehayek\desktop\pickup.listchecker.exe:pickup.listchecker.exe "UDP Query User{A94D2142-F04A-46E5-9A3A-166F3F97B733}c:\\users\\hlb joxa sehayek\\desktop\\pickup.listchecker.exe"= TCP:c:\users\hlb joxa sehayek\desktop\pickup.listchecker.exe:pickup.listchecker.exe "TCP Query User{E2D3C9C3-9A2F-4EC7-B269-B99332331C72}c:\\users\\hlb joxa sehayek\\desktop\\listchecker\\pickup.listchecker.exe"= UDP:c:\users\hlb joxa sehayek\desktop\listchecker\pickup.listchecker.exe:pickup.listchecker.exe "UDP Query User{3433853F-D34D-4B7A-BD33-A8AE0C7A5DB3}c:\\users\\hlb joxa sehayek\\desktop\\listchecker\\pickup.listchecker.exe"= TCP:c:\users\hlb joxa sehayek\desktop\listchecker\pickup.listchecker.exe:pickup.listchecker.exe "TCP Query User{57D41A39-8354-4478-AAB8-7D949C29FE7F}c:\\users\\hlb joxa sehayek\\desktop\\lc\\pickup.listchecker.exe"= UDP:c:\users\hlb joxa sehayek\desktop\lc\pickup.listchecker.exe:pickup.listchecker.exe "UDP Query User{9EBE69A1-6FE7-4BB7-BB63-9467B8D2DF84}c:\\users\\hlb joxa sehayek\\desktop\\lc\\pickup.listchecker.exe"= TCP:c:\users\hlb joxa sehayek\desktop\lc\pickup.listchecker.exe:pickup.listchecker.exe "TCP Query User{92734396-F6E3-419E-9E50-8DBD05ED0E6A}c:\\users\\hlb joxa sehayek\\desktop\\ghost11\\ghostone.exe"= UDP:c:\users\hlb joxa sehayek\desktop\ghost11\ghostone.exe:ghostone.exe "UDP Query User{4EA0BDD4-44ED-488F-BA26-E49989CDE1BC}c:\\users\\hlb joxa sehayek\\desktop\\ghost11\\ghostone.exe"= TCP:c:\users\hlb joxa sehayek\desktop\ghost11\ghostone.exe:ghostone.exe "TCP Query User{4621CCB5-B917-4B07-B9E5-9CABEFCED4F5}c:\\users\\hlb joxa sehayek\\desktop\\ghost11\\ghost.exe"= UDP:c:\users\hlb joxa sehayek\desktop\ghost11\ghost.exe:ghost.exe "UDP Query User{974DD6F3-0B6D-4EAB-9508-A4DB356CE98B}c:\\users\\hlb joxa sehayek\\desktop\\ghost11\\ghost.exe"= TCP:c:\users\hlb joxa sehayek\desktop\ghost11\ghost.exe:ghost.exe "TCP Query User{910C94C6-F8BF-44A1-B582-00065151B5D0}c:\\program files\\steam\\steamapps\\hlbjoxa\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\hlbjoxa\source sdk base\hl2.exe:hl2 "UDP Query User{C3164884-F369-40AC-8679-64AFA2D82505}c:\\program files\\steam\\steamapps\\hlbjoxa\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\hlbjoxa\source sdk base\hl2.exe:hl2 "TCP Query User{463B2B8B-15B1-4E00-9807-F07D1882EDCC}c:\\program files\\steam\\steamapps\\yngavz\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\yngavz\condition zero\hl.exe:Half-Life Launcher "UDP Query User{D717E0ED-CBFB-438A-B75E-3574309DE4F5}c:\\program files\\steam\\steamapps\\yngavz\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\yngavz\condition zero\hl.exe:Half-Life Launcher "TCP Query User{C33AE15F-5026-4AAF-80F9-B9A38022BF9E}c:\\program files\\steam\\steamapps\\hlbjoxa\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\hlbjoxa\age of chivalry\hl2.exe:hl2 "UDP Query User{723CE304-B94C-4DB6-ABDB-B0A2CE7C6C61}c:\\program files\\steam\\steamapps\\hlbjoxa\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\hlbjoxa\age of chivalry\hl2.exe:hl2 "{E3DBB7C3-FDB3-462D-956E-B0A0D41CFE00}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor "{0BCD518D-70BD-4830-B6DC-E7DFD1750B3E}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor "{D49F444A-F680-4DB8-ACA5-E33D0FAAD3D6}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{68F396B6-FE0F-41B8-A465-6546AECA6F7C}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{9A8E1C28-F84A-4B9C-B66A-A79C0DB27264}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{DA0D603D-12CF-455E-85BD-F2FD4FE211BE}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{B341A262-317E-488F-B22D-84DC65BC4F76}"= c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{927C397A-F872-4425-9951-7F1A77FCA421}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead "{272519C1-34EF-47E6-9CCC-02105EC5AA87}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead "TCP Query User{15B9C6E7-BFFD-40FD-8615-90C034247029}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2 "UDP Query User{0CCB2686-7B6A-4EA5-854F-E2DAB719DED9}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2 "{9BE322CD-116D-4EB7-ACF3-D07BB9335708}"= UDP:6644:twkopm "TCP Query User{24843767-896E-48AF-A906-6C59C3E9DC49}c:\\program files\\heroes of newerth\\hon.exe"= UDP:c:\program files\heroes of newerth\hon.exe:hon "UDP Query User{9330BECB-941C-423C-8FC1-7615BBFF44EB}c:\\program files\\heroes of newerth\\hon.exe"= TCP:c:\program files\heroes of newerth\hon.exe:hon "{6EFAB06C-6B41-4874-A407-B4F32116BF7C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{73EDA6B8-2A8C-4475-927F-79F4FA64815E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [11/07/2009 7:52 PM 64160] R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [10/07/2007 6:58 PM 269448] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14/09/2009 5:20 PM 108289] R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [12/02/2007 1:46 PM 208896] R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [16/09/2009 3:08 AM 305936] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1029456] R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [18/02/2007 11:34 PM 5376] R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [22/05/2008 10:00 PM 5504] S2 fmebkpxz;Time Windows;c:\windows\system32\svchost.exe -k netsvcs [26/05/2008 4:22 PM 21504] S2 gupdate1c9a65afcf630b0;Google Update Service (gupdate1c9a65afcf630b0);c:\program files\Google\Update\GoogleUpdate.exe [16/03/2009 1:16 PM 133104] S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [06/04/2007 5:08 PM 39896] S3 IntelDHSvcConf;IntelDHSvcConf;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [06/04/2007 5:08 PM 36312] S3 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [06/04/2007 5:07 PM 313816] S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 4:22 PM 34064] S3 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe [06/04/2007 5:10 PM 272856] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs fmebkpxz [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49] 2009-09-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 00:23] 2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 17:16] 2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 17:16] 2009-08-22 c:\windows\Tasks\NSSstub.job - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-08-18 04:43] 2009-09-27 c:\windows\Tasks\User_Feed_Synchronization-{A455B132-F9BF-4B05-B6F5-6458975516D6}.job - c:\windows\system32\msfeedssync.exe [2009-04-30 11:31] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Settings,ProxyOverride = *.local DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\users\HLB JOXA SEHAYEK\AppData\Roaming\Mozilla\Firefox\Profiles\awt0fj62.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll FF - component: c:\users\HLB JOXA SEHAYEK\AppData\Roaming\Mozilla\Firefox\Profiles\awt0fj62.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGomtvx_nie.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\users\HLB JOXA SEHAYEK\AppData\Roaming\Mozilla\Firefox\Profiles\awt0fj62.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\windows\system32\npmirage.dll . - - - - ORPHANS REMOVED - - - - BHO-{25333BC3-FFFE-471B-8D55-D0BAF9BE8125} - (no file) Toolbar-Locked - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKU-Default-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fmebkpxz] "ServiceDll"="c:\windows\system32\hsmet.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(8104) c:\program files\RocketDock\RocketDock.dll c:\windows\system32\MsnChatHook.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\sysenv.dll c:\windows\system32\BatchCrypto.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\keyManager.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\program files\Intel\IntelDH\CCU\AlertService.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\System32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe c:\acer\Empowering Technology\eRecovery\eRAgent.exe c:\program files\Bonjour\mDNSResponder.exe c:\acer\Empowering Technology\eDataSecurity\eDSService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe c:\windows\System32\PnkBstrA.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\iPod\bin\iPodService.exe c:\windows\System32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2009-09-27 23:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-27 03:44 Pre-Run: 125,163,560,960 bytes free Post-Run: 121,486,839,808 bytes free 1159 --- E O F --- 2009-05-27 07:00 |
|
|
|
|
09-26-2009, 10:03 PM
|
#6 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,993
OS: WinXP and Vista
|
Re: Virus blocking websites and programs
We have a bit more to take care of here. Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Open notepad and copy/paste the text in the code box below into it: Quote:
in the same location as ComboFix.exe *************************************************** Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ***************************************************  Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. **Note** When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner **Note** To optimize scanning time and produce a more sensible report for review:
--------------------------------------------------------------- Please include the following in your next reply: C:\ComboFix.txt Kaspersky results Update on system behavior |
|
|
|
|
|
09-26-2009, 11:40 PM
|
#7 (permalink) |
|
Registered User
Join Date: Sep 2009
Posts: 6
OS: Vista
|
Re: Virus blocking websites and programs
C:\ComboFix.txt
---------------- ComboFix 09-09-25.01 - HLB JOXA SEHAYEK 27/09/2009 0:37.3.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3071.2033 [GMT -4:00] Running from: c:\users\HLB JOXA SEHAYEK\Desktop\ComboFix.exe Command switches used :: c:\users\HLB JOXA SEHAYEK\Desktop\cfscript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll --> c:\windows\System32\shsvcs.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_fmebkpxz ((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 ))))))))))))))))))))))))))))))) . 2009-09-27 04:41 . 2009-09-27 04:41 -------- d-----w- c:\users\HLB JOXA SEHAYEK\AppData\Local\temp 2009-09-27 04:41 . 2009-09-27 04:41 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-09-27 04:41 . 2009-09-27 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-09-20 20:57 . 2009-09-20 20:57 -------- d-----w- c:\program files\iPhone Configuration Utility 2009-09-20 20:56 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-09-20 20:56 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-09-20 20:55 . 2009-09-20 20:55 -------- d-----w- c:\program files\iPod 2009-09-20 20:55 . 2009-09-20 20:56 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-20 20:55 . 2009-09-20 20:56 -------- d-----w- c:\program files\iTunes 2009-09-16 07:08 . 2009-09-16 07:08 -------- d-----w- c:\programdata\IObit 2009-09-16 07:03 . 2009-09-16 07:03 -------- d-----w- c:\program files\Trend Micro 2009-09-16 07:02 . 2009-09-16 07:02 -------- d-----w- c:\programdata\F-Secure 2009-09-16 06:59 . 2009-09-16 06:59 -------- d-----w- c:\program files\AxBx 2009-09-16 06:52 . 2009-09-16 06:53 -------- d-----w- c:\program files\QuickTime 2009-09-16 06:36 . 2008-07-17 20:13 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-09-16 06:10 . 2009-09-16 06:10 -------- d-----w- c:\users\HLB JOXA SEHAYEK\AppData\Roaming\AeroSnapApp 2009-09-16 06:10 . 2009-09-16 06:10 -------- d-----w- c:\users\HLB JOXA SEHAYEK\AppData\Local\AeroSnapApp 2009-09-16 06:09 . 2009-09-16 06:09 -------- d-----w- c:\program files\AeroSnap 2009-09-14 21:29 . 2009-09-14 21:29 -------- d-----w- c:\program files\CodeGazer 2009-09-14 21:26 . 2009-09-14 21:33 -------- d-----w- c:\program files\RocketDock 2009-09-14 21:20 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-14 21:20 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-14 21:20 . 2009-09-14 21:20 -------- d-----w- c:\program files\Avira 2009-09-13 22:56 . 2009-09-14 21:20 -------- d-----w- c:\programdata\Avira 2009-09-01 04:50 . 2009-09-01 04:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-09-01 04:50 . 2009-09-11 01:29 -------- d-----w- c:\users\HLB JOXA SEHAYEK\AppData\Roaming\skypePM 2009-09-01 04:49 . 2009-09-11 01:32 -------- d-----w- c:\programdata\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-27 04:41 . 2008-08-07 19:12 -------- d-----w- c:\users\HLB JOXA SEHAYEK\AppData\Roaming\DNA 2009-09-27 04:21 . 2008-08-07 19:12 -------- d-----w- c:\program files\DNA 2009-09-27 04:12 . 2009-07-11 23:51 -------- d-----w- c:\programdata\Lavasoft 2009-09-26 23:45 . 2008-05-22 23:10 680 ----a-w- c:\users\HLB JOXA SEHAYEK\AppData\Local\d3d9caps.dat 2009-09-26 03:45 . 2009-03-16 17:16 -------- d-----w- c:\programdata\Google Updater 2009-09-20 20:55 . 2009-02-03 04:04 -------- d-----w- c:\program files\Common Files\Apple 2009-09-19 16:03 . 2009-08-15 08:19 -------- d-----w- c:\program files\Heroes of Newerth 2009-09-17 00:36 . 2008-05-23 02:54 -------- d-----w- c:\programdata\WLInstaller 2009-09-16 07:10 . 2008-12-04 17:42 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-16 07:08 . 2008-12-22 00:38 -------- d-----w- c:\program files\IObit 2009-09-14 22:13 . 2008-11-02 21:03 -------- d-----w- c:\program files\Electronic Arts 2009-09-14 21:55 . 2009-03-12 18:38 -------- d-----w- c:\program files\Pcsx2 2009-09-14 21:46 . 2007-07-10 22:45 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-14 21:46 . 2008-09-07 16:52 -------- d-----w- c:\program files\Activision 2009-09-14 21:30 . 2008-05-26 20:23 240128 ----a-w- c:\windows\system32\uxtheme.dll 2009-09-14 21:30 . 2008-05-26 20:22 615424 ----a-w- c:\windows\system32\themeui.dll 2009-09-14 01:39 . 2008-05-28 05:16 -------- d-----w- c:\users\HLB JOXA SEHAYEK\AppData\Roaming\uTorrent 2009-09-11 06:48 . 2008-05-23 02:54 -------- d-----w- c:\program files\Windows Live 2009-09-08 22:07 . 2009-03-16 17:16 -------- d-----w- c:\program files\Google 2009-09-03 00:05 . 2008-09-15 01:03 -------- d-----w- c:\programdata\Installations 2009-09-03 00:04 . 2008-09-14 21:46 -------- d-----w- c:\program files\Nokia 2009-09-03 00:04 . 2008-11-14 05:43 -------- d-----w- c:\program files\Common Files\Nokia 2009-08-26 01:58 . 2009-08-04 21:27 -------- d-----w- c:\program files\Warcraft III 2009-08-26 01:58 . 2009-08-04 21:29 79535 ----a-w- c:\windows\War3Unin.dat 2009-08-17 03:20 . 2008-09-01 02:53 -------- d-----w- c:\program files\Steam 2009-08-16 20:00 . 2008-09-01 02:53 -------- d-----w- c:\program files\Common Files\Steam 2009-08-14 12:49 . 2009-08-07 20:17 -------- d-----w- c:\program files\StealthBot 2009-08-14 10:44 . 2008-12-09 00:28 -------- d-----w- c:\programdata\PMB Files 2009-08-04 21:33 . 2009-08-04 21:29 2829 ----a-w- c:\windows\War3Unin.pif 2009-08-04 21:33 . 2009-08-04 21:29 139264 ----a-w- c:\windows\War3Unin.exe 2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll 2009-07-15 23:30 . 2009-07-15 23:30 104 ----a-w- c:\users\HLB JOXA SEHAYEK\AppData\Local\fusioncache.dat 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-27_03.39.52 ))))))))))))))))))))))))))))))))))))))))) . + 2006-11-02 13:05 . 2009-09-27 04:24 71758 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-05-23 02:12 . 2009-09-27 04:24 12220 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2342643594-3629587009-3629754471-1001_UserData.bin - 2006-11-02 13:02 . 2009-09-27 00:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2006-11-02 13:02 . 2009-09-27 04:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2006-11-02 13:02 . 2009-09-27 00:40 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2006-11-02 13:02 . 2009-09-27 04:26 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2006-11-02 13:02 . 2009-09-27 00:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2006-11-02 13:02 . 2009-09-27 04:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-09-27 04:21 . 2009-09-27 04:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-09-27 04:21 . 2009-09-27 04:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 10:33 . 2009-09-27 04:27 611614 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-09-27 04:27 110318 c:\windows\System32\perfc009.dat + 2009-05-02 04:28 . 2009-09-27 04:26 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-05-02 04:28 . 2009-09-27 00:40 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-09 318272] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "AeroSnap"="c:\program files\AeroSnap\AeroSnap.exe" [2008-12-06 886784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCUTRAYICON"="FactoryMode" [X] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 204908] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-06-15 326440] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-04-06 439768] "Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-09-02 1216272] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-16 149280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-10 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^HLB JOXA SEHAYEK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\users\HLB JOXA SEHAYEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^HLB JOXA SEHAYEK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\HLB JOXA SEHAYEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A5E2F4F9-4ACC-49D9-8E12-34C554A9F1C5}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{CB7A8998-4B1E-4D90-B5D9-67E2D40F82F4}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine "{D7C7B185-CD7A-4FB4-9C8F-E488FF26D873}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia "{41DCE02C-9070-4DE4-A4AA-097557D75583}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician "{9361F589-2C58-4607-9F3E-7EDDFC19A2FB}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician "{6C205EE7-6E99-49C4-974F-7B80F2BBA6F0}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect "{5A8AD70F-9DD5-4D8A-9B7C-E626EC865F3A}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service "{A6F6AFBC-E5E3-4FE5-99E2-7A541B465AFF}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD "{712344DC-3475-4A33-8CE2-9D00FC463310}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{287BA272-D032-433E-A8A7-6AEDD2FA4BEC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{75284F45-861C-4441-9630-AC6A462016CC}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{C3D99366-E8C4-4652-B3E8-74B29C8764AC}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{568C8884-2C60-4D86-BA15-D571EE7FA4C8}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{536E9201-0A0C-4D66-998C-959ACE8C6B66}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{EECF479E-3863-4263-AFAF-BC9813D7F0C7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{3A7696C4-9661-4E84-8CB4-C002BD1EE33A}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{5AE3576C-80AC-4692-8319-9B0CD7C0AEAB}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery "{86352F35-BCA7-4D77-9C18-DD98D8C826CA}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery "{53545FA4-8FA4-4011-8589-7F6D679763B0}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{8157B94C-7D7B-4127-BEF0-7B32DBE0852C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{363D997B-7971-4D68-83A9-4153FC71DE24}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{173FF63E-8300-4D83-8AF7-EDA7B6F425B4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{364A1CD2-14D7-4FE1-8838-22FCC48D4AE1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{706AA78A-3607-4F60-AA31-6F959C9387F7}"= UDP:c:\program files\DNA\btdna.exe:DNA "{F1953D8F-59DB-4DF0-BDD4-FCFB951008C2}"= TCP:c:\program files\DNA\btdna.exe:DNA "{D41D819A-99E6-4C87-AFBF-842BB9421079}"= UDP:c:\program files\DNA\btdna.exe:DNA "{9BB2432E-0EE8-4188-A05A-5B43F1EEF4D1}"= TCP:c:\program files\DNA\btdna.exe:DNA "{460132D6-84B6-411E-8DB4-14C8F33F9EEA}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager "{C4C4948C-178C-4217-A061-E49691722293}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager "{3655DAA8-C339-408C-9C92-EF3FF835719C}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core "{072EB3E0-41D8-4E90-8E4E-F6E40B1F8BF9}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core "TCP Query User{2907429B-1F95-44F8-A727-BFF8DFB4F5C9}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{CBD1D0B2-8826-4EBB-BA1C-AFBF8C02DA59}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{C2944B78-6767-4D09-956C-E86A7A26DA94}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{DF30D748-D042-46F2-8172-B802F341CF6B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{188070BE-E3B8-44C5-931B-FEA1B90DF827}c:\\program files\\steam\\steamapps\\yngavz\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\yngavz\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{552BF901-791F-4157-B3DE-896B3B04DDF1}c:\\program files\\steam\\steamapps\\yngavz\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\yngavz\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{C41E9A0F-E75F-4ED8-B7CE-A2E3164AA50E}c:\\program files\\steam\\steamapps\\yngavz\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yngavz\counter-strike source\hl2.exe:hl2 "UDP Query User{BF538EEC-DE93-4599-97BE-EB37B76C9170}c:\\program files\\steam\\steamapps\\yngavz\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yngavz\counter-strike source\hl2.exe:hl2 "{96EA5C6E-4A45-49F9-9871-AC9E901CD8AA}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{B3A8A781-6E5E-4B04-A8E5-F11FC0DDFF7A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{814A9B19-66E8-4370-A27A-BDE0C1EA3433}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{42A3ABC8-FD4A-402D-BD9D-C37E1B3A580F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{8B6FEBAD-1A7C-42D3-ADF7-DF4E3B8FBD3B}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{8A51C42B-F12B-4ECA-B7DC-1F2D37A11201}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{327F0959-1ED0-405E-B0E9-AA523413AE42}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{9C1DCD7F-E8DF-4F69-8FF9-5C8C36F7A31D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{7FE0BE20-EABE-44D8-A3F6-F384D641D3BA}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{59F4A8DB-6A1C-4E60-9EC1-891D9690D94C}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{F6CD34F1-9C3B-451E-863D-922109C8EF91}c:\\program files\\steam\\steamapps\\yngavz\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\yngavz\source sdk base\hl2.exe:hl2 "UDP Query User{64E87D11-864D-4244-9C56-0C9B79D61F35}c:\\program files\\steam\\steamapps\\yngavz\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\yngavz\source sdk base\hl2.exe:hl2 "TCP Query User{C220484B-99E8-4815-84AB-F51925A91852}c:\\ijji\\english\\u_gbound.exe"= UDP:c:\ijji\english\u_gbound.exe:<ijji Downloader> "UDP Query User{16EAE43C-AF3E-449C-8F8A-2F811A1867D3}c:\\ijji\\english\\u_gbound.exe"= TCP:c:\ijji\english\u_gbound.exe:<ijji Downloader> "TCP Query User{2E1A8D74-B821-4DFD-9DBB-93E9749CF585}c:\\ijji\\english\\gunbound revolution\\gunbound.gme"= UDP:c:\ijji\english\gunbound revolution\gunbound.gme:GunBound "UDP Query User{7025C1D0-822E-4325-A222-E71C7647BEBF}c:\\ijji\\english\\gunbound revolution\\gunbound.gme"= TCP:c:\ijji\english\gunbound revolution\gunbound.gme:GunBound "TCP Query User{EA09C863-5B3D-42A7-BE3E-09BE78A2E5D9}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{52836331-188D-4113-A0F9-08497187A357}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{91A06BAD-8B58-4F39-86AF-53A7BDC48DAB}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{62795113-EA2D-486A-BD44-78B2552FB6F2}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{290EE989-2BA7-4687-86F3-74A206848C3C}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{CF2D9865-6873-4F82-B464-99D58F51A0C3}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{3A15444F-3B54-423A-B9A6-82D55656586E}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{2C18F8BA-7615-4B18-913C-0FDB3BE71084}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{1D1C7614-0E28-485A-AE7B-C479C336B702}c:\\program files\\steam\\steamapps\\yngavz\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yngavz\zombie panic! source\hl2.exe:hl2 "UDP Query User{147D4C35-1F01-43F1-A613-6F90B47983FD}c:\\program files\\steam\\steamapps\\yngavz\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yngavz\zombie panic! source\hl2.exe:hl2 "TCP Query User{B6CA5EC5-B0E9-46E2-933E-58A74C2A36EC}c:\\program files\\steam\\steamapps\\yngavz\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\yngavz\insurgency\hl2.exe:hl2 "UDP Query User{D2B406CC-343E-4F97-B0F2-8C24B64DBB0E}c:\\program files\\steam\\steamapps\\yngavz\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\yngavz\insurgency\hl2.exe:hl2 "TCP Query User{E3DD73AE-F197-4EC5-B891-1F7B609DFFFB}c:\\program files\\steam\\steamapps\\yngavz\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\yngavz\age of chivalry\hl2.exe:hl2 "UDP Query User{0860C7F3-C95A-4C55-B1F9-2AD6370704F2}c:\\program files\\steam\\steamapps\\yngavz\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\yngavz\age of chivalry\hl2.exe:hl2 "TCP Query User{6AF8D28B-2D6C-4CDD-BFFB-3D84695CE1C6}c:\\program files\\steam\\steamapps\\laoboi13\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\laoboi13\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{130B6B57-B8FB-4BA4-998A-C342743276D9}c:\\program files\\steam\\steamapps\\laoboi13\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\laoboi13\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{BE2E369B-F01B-4C62-97D4-A498C3398E42}c:\\program files\\steam\\steamapps\\laoboi13\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\laoboi13\age of chivalry\hl2.exe:hl2 "UDP Query User{862E4217-2BA6-4675-9F9B-9CB9AD9FB0BC}c:\\program files\\steam\\steamapps\\laoboi13\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\laoboi13\age of chivalry\hl2.exe:hl2 "TCP Query User{B637BE93-3081-41AB-BBF0-BC85EA5044F4}c:\\program files\\steam\\steamapps\\laoboi13\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\laoboi13\condition zero\hl.exe:Half-Life Launcher "UDP Query User{1AEF1818-F905-4BC7-8D34-BD53A71A830F}c:\\program files\\steam\\steamapps\\laoboi13\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\laoboi13\condition zero\hl.exe:Half-Life Launcher "TCP Query User{AF18DE7D-79BA-47BD-9349-D2F9DBC26B7B}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{7836ED90-B0FC-421D-B9B2-0258CA3E5A65}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "TCP Query User{A501EF13-2908-4745-9E9B-E3F445CB5802}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™ "UDP Query User{394D5BE0-7297-4BE6-BD5C-625DCA06A93A}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™ "TCP Query User{8294FF76-97A4-4420-9F94-178CD57D6F94}c:\\program files\\steam\\steamapps\\laoboi13\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\laoboi13\zombie panic! source\hl2.exe:hl2 "UDP Query User{B35E1DF1-0006-4D27-85D3-555ED6054BAD}c:\\program files\\steam\\steamapps\\laoboi13\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\laoboi13\zombie panic! source\hl2.exe:hl2 "{BB2EFB75-1B50-4C44-85AC-0E71BE71BCE6}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) "{DD9B65A8-21AC-42D4-881C-20A14E6A31DE}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) "{8F6D11D8-D750-4EDF-B3D1-6C28FBC9231B}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) "{AA77C271-59A4-4E43-ACBE-9AD82A52E0C5}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) "TCP Query User{ACE24680-B69B-475C-B457-0CFA0068EFBF}c:\\users\\hlb joxa sehayek\\appdata\\local\\temp\\java_ee_sdk-5_06-windows.exe2\\package\\jre\\bin\\javaw.exe"= UDP:c:\users\hlb joxa sehayek\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe:javaw.exe "UDP Query User{EB343B69-A125-4858-98CD-C630784DE471}c:\\users\\hlb joxa sehayek\\appdata\\local\\temp\\java_ee_sdk-5_06-windows.exe2\\package\\jre\\bin\\javaw.exe"= TCP:c:\users\hlb joxa sehayek\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe:javaw.exe "TCP Query User{BDECC8A0-CDA2-44B6-B111-5B916C003BBF}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad "UDP Query User{B3427221-5D8B-45E2-B7F6-10B7927E5B16}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad "TCP Query User{677B7781-E078-4583-8BB7-B467254F5B94}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{E650A13E-8A28-47E1-B05E-FF7C391B15EF}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{1807208B-E4B9-4C81-9934-C37060DF571D}c:\\program files\\mm2knet\\ghost++\\ghost.exe"= UDP:c:\program files\mm2knet\ghost++\ghost.exe:ghost "UDP Query User{44D82695-5BB6-4475-BBDB-4FB70EA2C0FC}c:\\program files\\mm2knet\\ghost++\\ghost.exe"= TCP:c:\program files\mm2knet\ghost++\ghost.exe:ghost "TCP Query User{30A609AA-4946-4A01-9862-EC9694706115}c:\\users\\public\\games\\world of warcraft trial\\repair.exe"= UDP:c:\users\public\games\world of warcraft trial\repair.exe:Blizzard Repair Utility "UDP Query User{ED085905-CBAA-47E1-BAE7-33ABCF0BA407}c:\\users\\public\\games\\world of warcraft trial\\repair.exe"= TCP:c:\users\public\games\world of warcraft trial\repair.exe:Blizzard Repair Utility "TCP Query User{336DEA26-942E-4A22-A2BB-492EEA47F678}c:\\program files\\steam\\steamapps\\hlbjoxa\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\hlbjoxa\insurgency\hl2.exe:hl2 "UDP Query User{06043B63-E157-4CBB-993C-1A601001B1CF}c:\\program files\\steam\\steamapps\\hlbjoxa\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\hlbjoxa\insurgency\hl2.exe:hl2 "{57721BEF-C989-41C7-8341-3D7ECBE82F98}"= UDP:5353:Adobe CSI CS4 "{0D79022B-2F68-46D3-A2F9-86A0F2DE6599}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{98591A07-D2B0-42AA-B36B-4C2F01D2A51C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "TCP Query User{C8666CD2-D911-4B09-9D6D-C47ED0DBE285}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{C5363185-B138-47C7-B7C8-D391094B55B6}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "TCP Query User{7D33854B-1B3D-4B16-A348-78873FD521D3}c:\\program files\\yugioh virtual dueling\\yugioh virtual desktop 9.exe"= UDP:c:\program files\yugioh virtual dueling\yugioh virtual desktop 9.exe:YGO Virtual Desktop Executable "UDP Query User{E7333C9E-424B-4E28-ADD8-F6AEADDDE991}c:\\program files\\yugioh virtual dueling\\yugioh virtual desktop 9.exe"= TCP:c:\program files\yugioh virtual dueling\yugioh virtual desktop 9.exe:YGO Virtual Desktop Executable "{57193860-D9FE-4AA8-92B3-561AF7CECAA4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{4ABEEDCD-A1B4-434B-9098-E563679D7A2B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{92DF7735-837A-4E1D-9E84-8E45B06E2867}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{D155CF65-D1C7-4187-9722-3896E34DE75F}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "TCP Query User{EA6CC876-23D4-4962-BE99-154939AEAA11}c:\\program files\\graboid\\graboidvideo\\1.4.0.0\\dlmanager\\graboiddlmanager.exe"= UDP:c:\program files\graboid\graboidvideo\1.4.0.0\dlmanager\graboiddlmanager.exe:SABnzbd-0.2.5 "UDP Query User{50F22CE7-B02A-4BDA-B278-FA602016D90C}c:\\program files\\graboid\\graboidvideo\\1.4.0.0\\dlmanager\\graboiddlmanager.exe"= TCP:c:\program files\graboid\graboidvideo\1.4.0.0\dlmanager\graboiddlmanager.exe:SABnzbd-0.2.5 "{6C472973-CBAA-4F9A-A6FA-A65EEC835190}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{C86F369A-B320-415E-8097-0D7B327770FD}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "TCP Query User{3DAD4620-5D88-41AF-973C-1A3E26FD1565}c:\\users\\hlb joxa sehayek\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\hlb joxa sehayek\appdata\local\google\chrome\application\chrome.exe:chrome.exe "UDP Query User{BFA73B8D-3BE7-4759-8FB8-255D5EF396AB}c:\\users\\hlb joxa sehayek\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\hlb joxa sehayek\appdata\local\google\chrome\application\chrome.exe:chrome.exe "TCP Query User{819BD3FB-CF1C-42A7-B837-826767956611}c:\\users\\hlb joxa sehayek\\documents\\downloads\\pickup.listchecker.exe"= UDP:c:\users\hlb joxa sehayek\documents\downloads\pickup.listchecker.exe:pickup.listchecker.exe "UDP Query User{9E3A168E-FA93-4E48-B6E9-1BBFAC2A5BBC}c:\\users\\hlb joxa sehayek\\documents\\downloads\\pickup.listchecker.exe"= TCP:c:\users\hlb joxa sehayek\documents\downloads\pickup.listchecker.exe:pickup.listchecker.exe "TCP Query User{834A4924-CE7D-4009-83E5-655AB4309377}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena "UDP Query User{C5D57A11-13B4-4111-95E2-D6CECDA4DFB0}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena "TCP Query User{81767AA0-D17F-4782-B2E5-B917FA599668}c:\\program files\\steam\\steamapps\\hlbjoxa\\dystopia\\hl2.exe"= UDP:c:\program files\steam\steamapps\hlbjoxa\dystopia\hl2.exe:hl2 "UDP Query User{2072826B-A5A4-4DF8-B310-E41AA05FDDF5}c:\\program files\\steam\\steamapps\\hlbjoxa\\dystopia\\hl2.exe"= TCP:c:\program files\steam\steamapps\hlbjoxa\dystopia\hl2.exe:hl2 "{DD99D9E0-74C0-47B8-AD2A-7AE32250FAFC}"= UDP:c:\games\DotA Allstars\DotA Allstars.exe:DotA Allstars "{244EC60E-858B-474D-A4CD-C9715B12D569}"= TCP:c:\games\DotA Allstars\DotA Allstars.exe:DotA Allstars "TCP Query User{7EC1D8A0-C1B4-429F-8158-CA7F5DA92AB5}c:\\users\\hlb joxa sehayek\\desktop\\pickup.listchecker.exe"= UDP:c:\users\hlb joxa sehayek\desktop\pickup.listchecker.exe:pickup.listchecker.exe "UDP Query User{A94D2142-F04A-46E5-9A3A-166F3F97B733}c:\\users\\hlb joxa sehayek\\desktop\\pickup.listchecker.exe"= TCP:c:\users\hlb joxa sehayek\desktop\pickup.listchecker.exe:pickup.listchecker.exe "TCP Query User{E2D3C9C3-9A2F-4EC7-B269-B99332331C72}c:\\users\\hlb joxa sehayek\\desktop\\listchecker\\pickup.listchecker.exe"= UDP:c:\users\hlb joxa sehayek\desktop\listchecker\pickup.listchecker.exe:pickup.listchecker.exe "UDP Query User{3433853F-D34D-4B7A-BD33-A8AE0C7A5DB3}c:\\users\\hlb joxa sehayek\\desktop\\listchecker\\pickup.listchecker.exe"= TCP:c:\users\hlb joxa sehayek\desktop\listchecker\pickup.listchecker.exe:pickup.listchecker.exe "TCP Query User{57D41A39-8354-4478-AAB8-7D949C29FE7F}c:\\users\\hlb joxa sehayek\\desktop\\lc\\pickup.listchecker.exe"= UDP:c:\users\hlb joxa sehayek\desktop\lc\pickup.listchecker.exe:pickup.listchecker.exe "UDP Query User{9EBE69A1-6FE7-4BB7-BB63-9467B8D2DF84}c:\\users\\hlb joxa sehayek\\desktop\\lc\\pickup.listchecker.exe"= TCP:c:\users\hlb joxa sehayek\desktop\lc\pickup.listchecker.exe:pickup.listchecker.exe "TCP Query User{92734396-F6E3-419E-9E50-8DBD05ED0E6A}c:\\users\\hlb joxa sehayek\\desktop\\ghost11\\ghostone.exe"= UDP:c:\users\hlb joxa sehayek\desktop\ghost11\ghostone.exe:ghostone.exe "UDP Query User{4EA0BDD4-44ED-488F-BA26-E49989CDE1BC}c:\\users\\hlb joxa sehayek\\desktop\\ghost11\\ghostone.exe"= TCP:c:\users\hlb joxa sehayek\desktop\ghost11\ghostone.exe:ghostone.exe "TCP Query User{4621CCB5-B917-4B07-B9E5-9CABEFCED4F5}c:\\users\\hlb joxa sehayek\\desktop\\ghost11\\ghost.exe"= UDP:c:\users\hlb joxa sehayek\desktop\ghost11\ghost.exe:ghost.exe "UDP Query User{974DD6F3-0B6D-4EAB-9508-A4DB356CE98B}c:\\users\\hlb joxa sehayek\\desktop\\ghost11\\ghost.exe"= TCP:c:\users\hlb joxa sehayek\desktop\ghost11\ghost.exe:ghost.exe "TCP Query User{910C94C6-F8BF-44A1-B582-00065151B5D0}c:\\program files\\steam\\steamapps\\hlbjoxa\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\hlbjoxa\source sdk base\hl2.exe:hl2 "UDP Query User{C3164884-F369-40AC-8679-64AFA2D82505}c:\\program files\\steam\\steamapps\\hlbjoxa\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\hlbjoxa\source sdk base\hl2.exe:hl2 "TCP Query User{463B2B8B-15B1-4E00-9807-F07D1882EDCC}c:\\program files\\steam\\steamapps\\yngavz\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\yngavz\condition zero\hl.exe:Half-Life Launcher "UDP Query User{D717E0ED-CBFB-438A-B75E-3574309DE4F5}c:\\program files\\steam\\steamapps\\yngavz\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\yngavz\condition zero\hl.exe:Half-Life Launcher "TCP Query User{C33AE15F-5026-4AAF-80F9-B9A38022BF9E}c:\\program files\\steam\\steamapps\\hlbjoxa\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\hlbjoxa\age of chivalry\hl2.exe:hl2 "UDP Query User{723CE304-B94C-4DB6-ABDB-B0A2CE7C6C61}c:\\program files\\steam\\steamapps\\hlbjoxa\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\hlbjoxa\age of chivalry\hl2.exe:hl2 "{E3DBB7C3-FDB3-462D-956E-B0A0D41CFE00}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor "{0BCD518D-70BD-4830-B6DC-E7DFD1750B3E}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor "{D49F444A-F680-4DB8-ACA5-E33D0FAAD3D6}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{68F396B6-FE0F-41B8-A465-6546AECA6F7C}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{9A8E1C28-F84A-4B9C-B66A-A79C0DB27264}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{DA0D603D-12CF-455E-85BD-F2FD4FE211BE}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{B341A262-317E-488F-B22D-84DC65BC4F76}"= c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{927C397A-F872-4425-9951-7F1A77FCA421}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead "{272519C1-34EF-47E6-9CCC-02105EC5AA87}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead "TCP Query User{15B9C6E7-BFFD-40FD-8615-90C034247029}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2 "UDP Query User{0CCB2686-7B6A-4EA5-854F-E2DAB719DED9}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2 "{9BE322CD-116D-4EB7-ACF3-D07BB9335708}"= UDP:6644:twkopm "TCP Query User{24843767-896E-48AF-A906-6C59C3E9DC49}c:\\program files\\heroes of newerth\\hon.exe"= UDP:c:\program files\heroes of newerth\hon.exe:hon "UDP Query User{9330BECB-941C-423C-8FC1-7615BBFF44EB}c:\\program files\\heroes of newerth\\hon.exe"= TCP:c:\program files\heroes of newerth\hon.exe:hon "{6EFAB06C-6B41-4874-A407-B4F32116BF7C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{73EDA6B8-2A8C-4475-927F-79F4FA64815E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [10/07/2007 6:58 PM 269448] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14/09/2009 5:20 PM 108289] R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [12/02/2007 1:46 PM 208896] R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [16/09/2009 3:08 AM 305936] R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [18/02/2007 11:34 PM 5376] R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [22/05/2008 10:00 PM 5504] S2 gupdate1c9a65afcf630b0;Google Update Service (gupdate1c9a65afcf630b0);c:\program files\Google\Update\GoogleUpdate.exe [16/03/2009 1:16 PM 133104] S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [06/04/2007 5:08 PM 39896] S3 IntelDHSvcConf;IntelDHSvcConf;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [06/04/2007 5:08 PM 36312] S3 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [06/04/2007 5:07 PM 313816] S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 4:22 PM 34064] S3 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe [06/04/2007 5:10 PM 272856] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 00:23] 2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 17:16] 2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 17:16] 2009-09-27 c:\windows\Tasks\User_Feed_Synchronization-{A455B132-F9BF-4B05-B6F5-6458975516D6}.job - c:\windows\system32\msfeedssync.exe [2009-04-30 11:31] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Settings,ProxyOverride = *.local DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\users\HLB JOXA SEHAYEK\AppData\Roaming\Mozilla\Firefox\Profiles\awt0fj62.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll FF - component: c:\users\HLB JOXA SEHAYEK\AppData\Roaming\Mozilla\Firefox\Profiles\awt0fj62.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGomtvx_nie.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\users\HLB JOXA SEHAYEK\AppData\Roaming\Mozilla\Firefox\Profiles\awt0fj62.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\windows\system32\npmirage.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-27 00:41 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(3348) c:\windows\system32\MsnChatHook.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\sysenv.dll c:\windows\system32\BatchCrypto.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\keyManager.dll . Completion time: 2009-09-27 0:43 ComboFix-quarantined-files.txt 2009-09-27 04:43 ComboFix2.txt 2009-09-27 03:45 Pre-Run: 120,898,244,608 bytes free Post-Run: 120,852,934,656 bytes free 396 --- E O F --- 2009-05-27 07:00 Kaspersky results ----------------- everything was clean Update on system behavior -------------------------- after performing everything you have told me, the only windows theme that works on is the standard one. i would like to change it to the vista one but it does not work. msn messenger works properly and so does windows update and online antivirus scanning sites. thanks so much for your help!!! |
|
|
|
|
09-27-2009, 07:19 AM
|
#8 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,993
OS: WinXP and Vista
|
Re: Virus blocking websites and programs
Quote:
|
|
|
|
|
|
09-27-2009, 11:16 AM
|
#9 (permalink) |
|
Registered User
Join Date: Sep 2009
Posts: 6
OS: Vista
|
Re: Virus blocking websites and programs
for vista tehre is a theme that the windows are smoother and nicer colored and its just basicly the look of the frames of the windows and buttons. the standard one is just the square frames with just a single color. when i go into safe mode it makes all the windows like that usually. so i think maybe coz i ran combofix in safe mode it saved the settings as the standard theme or something. for windows vista right click the desktop click personalize, then theme. then there is vista them and windows classic and windows vista theme. currently its on vista but it displays the classic theme. thats pretty much it
|
|
|
|
|
09-27-2009, 05:56 PM
|
#10 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,993
OS: WinXP and Vista
|
Re: Virus blocking websites and programs
As long as you see Vista in the list to select from, you shouldn't have a problem switching back to that. Reboot your machine and see if you can get it back.
|
|
|
|
|
| Thread Tools | |
|
|
