Author Topic: new worm?, avast doesn' know it  (Read 58635 times)

0 Members and 1 Guest are viewing this topic.

YoKenny

  • Guest
Re: new worm?, avast doesn' know it
« Reply #30 on: December 26, 2009, 12:41:57 PM »
As IE is the Windows major system display function for Windows XP then no matter what you see it is displayed by it.

When you get the problem resolved your system needs to be updated to SP3 to prevent infections like Vundo.

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #31 on: December 26, 2009, 12:54:27 PM »
OTL logfile created on: 26/12/2009 10:44:30 - Run 1
OTL by OldTimer - Version 3.1.20.1     Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.74 Gb Total Space | 143.33 Gb Free Space | 30.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.74 Gb Total Space | 322.75 Gb Free Space | 69.30% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BEAST-3DDF91376
Current User Name: Mark
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2009/12/26 10:24:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
PRC - [2009/12/26 01:47:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/26 01:47:55 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/16 16:26:56 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/11/24 23:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 23:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 23:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 23:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 23:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/13 20:01:35 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/10/24 23:34:04 | 01,217,808 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2009/10/12 18:03:52 | 17,507,000 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2009/09/28 16:15:58 | 00,242,176 | ---- | M] () -- C:\Program Files\GNU\GnuPG\dirmngr.exe
PRC - [2009/09/03 21:17:14 | 03,342,336 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2009/02/24 19:44:50 | 03,558,136 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/15 00:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #32 on: December 26, 2009, 12:55:22 PM »
PRC - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/08/13 17:06:56 | 03,660,848 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
PRC - [2008/08/03 23:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/08/01 06:19:21 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2008/03/14 22:12:50 | 02,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008/03/14 22:12:48 | 02,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/03/07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/02/20 19:58:46 | 00,019,968 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2008/02/20 19:58:44 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2008/02/20 19:55:12 | 00,969,216 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/06/13 10:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/01/27 16:16:58 | 00,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2009/12/26 10:24:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
MOD - [2008/02/20 19:58:42 | 00,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll
MOD - [2007/03/08 15:36:28 | 00,172,544 | ---- | M] () -- C:\WINDOWS\obipufic.dll
MOD - [2006/08/25 15:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009/12/26 01:47:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/24 23:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 23:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 23:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 23:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/06 01:10:48 | 00,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files\Steam\SteamApps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/09/28 16:15:58 | 00,242,176 | ---- | M] () [Auto | Running] -- C:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2009/02/18 23:11:00 | 02,806,522 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/08/01 06:19:21 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/03/07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009/12/16 16:27:00 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 16:26:58 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 16:26:56 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/24 23:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 23:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 23:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 23:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #33 on: December 26, 2009, 12:56:18 PM »
DRV - [2009/11/24 23:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 23:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/23 09:41:58 | 00,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/22 14:44:08 | 00,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsnmea.sys -- (zgwhsnmea)
DRV - [2008/08/22 14:43:44 | 00,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV - [2008/08/22 14:43:06 | 00,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV - [2008/04/25 11:26:32 | 00,002,397 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2008/04/13 10:21:50 | 00,017,920 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Ntaccess.sys -- (NTACCESS)
DRV - [2008/03/21 20:30:04 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/02/25 08:44:38 | 01,172,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2008/02/25 08:44:22 | 00,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2008/02/25 08:44:08 | 00,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2008/02/25 08:44:00 | 00,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008/02/25 08:43:56 | 00,127,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2008/02/25 08:43:30 | 00,346,856 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2008/02/25 08:43:24 | 00,524,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2008/02/25 08:43:16 | 00,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2008/02/25 08:41:50 | 00,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2008/02/25 08:41:44 | 00,170,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2008/02/25 08:41:36 | 01,323,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2008/02/25 08:41:28 | 00,329,240 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2008/02/25 08:41:18 | 00,134,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2008/02/25 08:41:14 | 00,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2008/02/25 08:41:10 | 00,286,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2008/02/25 08:41:06 | 00,174,104 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2008/02/25 08:41:02 | 00,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2008/02/25 08:40:56 | 00,551,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2008/02/25 08:40:52 | 00,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2008/01/23 21:25:32 | 00,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/12/19 17:35:19 | 00,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/12/05 00:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/12 08:32:30 | 00,094,592 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/08/20 09:05:02 | 00,027,672 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH)
DRV - [2007/07/27 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/09/06 13:37:22 | 00,062,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2003/09/06 12:27:06 | 00,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 12:25:52 | 00,051,744 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/09/06 12:22:08 | 00,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #34 on: December 26, 2009, 12:58:53 PM »
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {FFC6B7D5-902E-4EBD-9177-7C584223F0D8}:1.9.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFC6B7D5-902E-4EBD-9177-7C584223F0D8}: C:\Documents and Settings\Mark\Local Settings\Application Data\{FFC6B7D5-902E-4EBD-9177-7C584223F0D8} [2009/12/25 00:46:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 17:22:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/26 01:48:04 | 00,000,000 | ---D | M]
 
[2009/01/08 20:04:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions
[2009/10/29 19:37:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\tz9chjai.default\extensions
[2009/12/26 01:48:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/29 03:08:04 | 00,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2008/09/10 07:39:42 | 00,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2008/04/28 20:46:51 | 00,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
 
O1 HOSTS File: (765 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 0.0.0.0         rad.msn.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Asaxugesavadeb] C:\WINDOWS\obipufic.DLL ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\Mark\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #35 on: December 26, 2009, 12:59:56 PM »

O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/21 16:52:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/21 16:52:22 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2009/12/26 10:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2009/12/26 10:43:42 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2009/12/26 02:19:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/26 02:18:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com
[2009/12/26 02:18:52 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/26 02:01:17 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/12/26 01:51:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/12/26 01:49:41 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Mark\Recent
[2009/12/26 01:48:04 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/26 01:48:04 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/26 01:48:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/26 01:48:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/26 01:48:04 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/26 01:47:50 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/12/26 01:47:18 | 16,672,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Mark\Desktop\jre-6u17-windows-i586.exe
[2009/12/25 13:52:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\.kde
[2009/12/25 04:15:50 | 00,135,360 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Mark\Desktop\FixBlast.exe
[2009/12/25 00:46:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Local Settings\Application Data\{FFC6B7D5-902E-4EBD-9177-7C584223F0D8}
[2009/12/20 12:09:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\My Documents\NeocoreGames
[2009/12/16 21:46:07 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2009/12/16 21:46:07 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2009/12/16 21:46:07 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2009/12/16 21:46:06 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2009/12/16 21:46:05 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2009/12/16 21:45:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/12/16 21:44:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\My Documents\Sparkplay Media
[2009/12/16 21:44:26 | 00,573,584 | ---- | C] (SparkPlay Media, Inc) -- C:\Documents and Settings\Mark\Desktop\SparkPlayerInstall.exe
[2009/12/09 15:38:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/12/04 05:32:04 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #36 on: December 26, 2009, 01:01:05 PM »

[2009/12/04 05:32:04 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2009/12/02 23:21:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Local Settings\Application Data\Thunderbird
[2009/12/02 23:21:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\Thunderbird
[2009/12/02 23:10:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Gpg4win Documentation
[2009/12/02 23:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\gnupg
[2009/12/02 23:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\GNU
[2009/12/02 23:09:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\gnupg
[2009/12/02 23:09:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GNU
[2009/12/02 23:09:24 | 00,000,000 | ---D | C] -- C:\Program Files\GNU
[2009/12/02 23:08:55 | 06,669,256 | ---- | C] (Mozilla) -- C:\Documents and Settings\Mark\Desktop\Thunderbird Setup 2.0.0.23.exe
[2009/12/02 22:46:46 | 36,557,658 | ---- | C] (g10 Code GmbH) -- C:\Documents and Settings\Mark\Desktop\gpg4win-2.0.1.exe
[2009/05/11 19:05:00 | 01,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[2008/08/04 14:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/04/25 11:33:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2008/04/21 16:55:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/04/21 16:52:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/21 16:52:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/02/20 19:59:14 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2009/12/26 10:46:33 | 00,714,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\kpgmh.sys
[2009/12/26 10:38:48 | 00,000,021 | ---- | M] () -- C:\WINDOWS\S.dirmngr
[2009/12/26 10:38:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/26 10:38:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/26 10:24:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2009/12/26 09:48:34 | 00,054,160 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2009/12/26 09:48:34 | 00,054,160 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2009/12/26 09:48:34 | 00,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2009/12/26 09:43:42 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Mark\NTUSER.DAT
[2009/12/26 09:43:36 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Mark\ntuser.ini
[2009/12/26 09:24:18 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\dvadaeqn.job
[2009/12/26 02:21:14 | 04,910,518 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\SASDEFINITIONS.EXE
[2009/12/26 02:18:55 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/26 02:13:16 | 02,386,270 | ---- | M] () -- C:\MGtools.exe
[2009/12/26 02:09:14 | 07,451,168 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\SUPERAntiSpyware.exe
[2009/12/26 01:52:05 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/26 01:52:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/26 01:52:05 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/12/26 01:50:10 | 00,002,052 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\cc_20091226_015006.reg
[2009/12/26 01:47:55 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/26 01:47:55 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/26 01:47:55 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/26 01:47:55 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/26 01:47:54 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/26 01:46:20 | 16,672,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Mark\Desktop\jre-6u17-windows-i586.exe
[2009/12/26 01:37:09 | 00,112,292 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\cc_20091226_013623.reg
[2009/12/26 01:23:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Igaqofevinuyoz.bin
[2009/12/25 09:45:21 | 00,000,116 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #37 on: December 26, 2009, 01:02:11 PM »

[2009/12/25 04:07:52 | 00,135,360 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Desktop\FixBlast.exe
[2009/12/25 00:46:39 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Avasub.dat
[2009/12/25 00:18:14 | 00,000,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/12/24 03:12:00 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/21 16:28:02 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/19 14:09:24 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/16 21:44:27 | 00,573,584 | ---- | M] (SparkPlay Media, Inc) -- C:\Documents and Settings\Mark\Desktop\SparkPlayerInstall.exe
[2009/12/16 17:41:34 | 00,021,504 | ---- | M] () -- C:\WINDOWS\jestertb.dll
[2009/12/10 23:54:58 | 01,058,225 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\DBM-4.32-r2645-Core-and-WotLK-Mods.zip
[2009/12/07 17:46:59 | 00,001,622 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Left 4 Dead 2.lnk
[2009/12/06 06:06:45 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/12/04 06:33:26 | 00,000,024 | ---- | M] () -- C:\url_history.xml
[2009/12/04 06:11:01 | 00,000,104 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 05:01:00 | 00,007,227 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\RogueFocus.zip
[2009/12/02 23:10:04 | 06,669,256 | ---- | M] (Mozilla) -- C:\Documents and Settings\Mark\Desktop\Thunderbird Setup 2.0.0.23.exe
[2009/12/02 23:10:04 | 00,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kleopatra.lnk
[2009/12/02 23:10:04 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GPA.lnk
[2009/12/02 22:47:39 | 36,557,658 | ---- | M] (g10 Code GmbH) -- C:\Documents and Settings\Mark\Desktop\gpg4win-2.0.1.exe
[2009/11/30 03:11:10 | 00,000,760 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Fantasy Grounds.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009/12/26 10:38:48 | 00,000,021 | ---- | C] () -- C:\WINDOWS\S.dirmngr
[2009/12/26 02:23:22 | 04,910,518 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\SASDEFINITIONS.EXE
[2009/12/26 02:18:55 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/26 02:17:46 | 02,386,270 | ---- | C] () -- C:\MGtools.exe
[2009/12/26 02:17:37 | 07,451,168 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\SUPERAntiSpyware.exe
[2009/12/26 01:50:08 | 00,002,052 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\cc_20091226_015006.reg
[2009/12/26 01:36:27 | 00,112,292 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\cc_20091226_013623.reg
[2009/12/25 00:46:39 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Avasub.dat
[2009/12/25 00:46:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Igaqofevinuyoz.bin
[2009/12/25 00:43:13 | 00,714,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\kpgmh.sys
[2009/12/25 00:43:01 | 00,000,116 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2009/12/16 17:41:34 | 00,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/12/10 23:54:58 | 01,058,225 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\DBM-4.32-r2645-Core-and-WotLK-Mods.zip
[2009/12/07 17:46:59 | 00,001,622 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Left 4 Dead 2.lnk
[2009/12/03 05:00:59 | 00,007,227 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\RogueFocus.zip
[2009/12/02 23:10:04 | 00,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kleopatra.lnk
[2009/12/02 23:10:04 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GPA.lnk
[2009/11/30 03:11:10 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Fantasy Grounds.lnk
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/30 05:48:04 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/26 11:11:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/06/06 06:13:38 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\fusioncache.dat
[2009/02/20 09:52:15 | 00,069,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/02/20 00:26:19 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/05 13:24:45 | 00,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #38 on: December 26, 2009, 01:04:20 PM »

[2008/12/15 16:12:12 | 01,563,797 | -HS- | C] () -- C:\WINDOWS\System32\ekafelat.ini
[2008/12/15 02:04:56 | 00,058,151 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUInstall.LiveUpdate
[2008/12/14 12:03:56 | 01,563,737 | -HS- | C] () -- C:\WINDOWS\System32\ububimem.ini
[2008/12/13 23:12:31 | 01,563,737 | -HS- | C] () -- C:\WINDOWS\System32\iyanusuf.ini
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/30 12:57:07 | 00,136,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/30 12:57:07 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\PnkBstrK.sys
[2008/07/20 11:26:31 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/06/05 07:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/19 08:27:25 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/05/19 07:10:07 | 00,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/05/03 00:54:53 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/05/01 22:21:41 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/05/01 22:21:41 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/05/01 22:21:41 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/04/28 14:39:43 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/27 13:07:32 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/04/25 11:43:26 | 00,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2008/04/25 11:43:26 | 00,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2008/04/25 11:43:26 | 00,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2008/04/25 11:43:26 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2008/04/25 11:43:25 | 00,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2008/04/25 11:26:32 | 00,002,397 | ---- | C] () -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2008/04/22 11:28:21 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/04/22 11:20:09 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/03/31 21:25:46 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/03/21 20:30:08 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 20:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 20:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/21 20:28:20 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/25 13:55:32 | 00,101,603 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/02/20 20:24:36 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/02/20 20:00:12 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008/01/31 16:18:14 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/12/05 00:41:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 00:41:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 00:41:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 00:41:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 00:41:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/13 19:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/07/27 11:00:00 | 00,172,544 | ---- | C] () -- C:\WINDOWS\obipufic.dll
[2006/10/02 16:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
< End of report >

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #39 on: December 26, 2009, 01:07:51 PM »

OTL Extras logfile created on: 26/12/2009 10:44:30 - Run 1
OTL by OldTimer - Version 3.1.20.1     Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.74 Gb Total Space | 143.33 Gb Free Space | 30.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.74 Gb Total Space | 322.75 Gb Free Space | 69.30% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BEAST-3DDF91376
Current User Name: Mark
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*




regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #40 on: December 26, 2009, 01:09:37 PM »

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Enabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Enabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Enabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Enabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Enabled:ooVoo UDP port 37675
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"37676:TCP" = 37676:TCP:*:Enabled:ooVoo TCP port 37676
"37676:UDP" = 37676:UDP:*:Enabled:ooVoo UDP port 37676
"37677:UDP" = 37677:UDP:*:Enabled:ooVoo UDP port 37677
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe" = C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts -- File not found
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe" = C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe" = C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- (Cyanide)
"C:\Program Files\Cyanide\Loki\Loki.exe" = C:\Program Files\Cyanide\Loki\Loki.exe:*:Enabled:Loki -- File not found
"C:\Program Files\Cyanide\Loki\Autorun\AutoRun.exe" = C:\Program Files\Cyanide\Loki\Autorun\AutoRun.exe:*:Enabled:Loki - AutoRun -- File not found
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander -- File not found
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Namco Bandai Games\Warhammer Mark of Chaos\Warhammer.exe" = C:\Program Files\Namco Bandai Games\Warhammer Mark of Chaos\Warhammer.exe:*:Enabled:Warhammer® Mark of Chaos™ - Battle March™ GOLD -- (Black Hole Entertainment)
"C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe" = C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe:*:Enabled:AluSchedulerSvc -- File not found

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #41 on: December 26, 2009, 01:10:44 PM »

"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" = C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe:*:Enabled:symlcsvc -- File not found
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Ntreev\Grand Chase\main.exe" = C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase -- ()
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Program Files\Wizards of the Coast\Magic Online III\Renamer.exe" = C:\Program Files\Wizards of the Coast\Magic Online III\Renamer.exe:*:Enabled:Magic The Gathering Online -- (WotC)
"C:\Program Files\softnyx\GunboundWC\GunBound.gme" = C:\Program Files\softnyx\GunboundWC\GunBound.gme:*:Enabled:GunBound -- (Softnyx)
"C:\Documents and Settings\Mark\Local Settings\Temp\Blizzard Launcher Temporary - 092f8448\Launcher.exe" = C:\Documents and Settings\Mark\Local Settings\Temp\Blizzard Launcher Temporary - 092f8448\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- (ooVoo LLC)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Outspark\WindSlayer\WindSlayer.exe" = C:\Program Files\Outspark\WindSlayer\WindSlayer.exe:*:Enabled:WindSlayer -- ()
"C:\Documents and Settings\Mark\Local Settings\Temp\Blizzard Launcher Temporary - 248a9570\Launcher.exe" = C:\Documents and Settings\Mark\Local Settings\Temp\Blizzard Launcher Temporary - 248a9570\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe" = C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2 -- (THQ Canada Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player  -- (Veoh Networks)
"C:\Program Files\Apprentice\Appr.exe" = C:\Program Files\Apprentice\Appr.exe:*:Enabled:Appr -- ()
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe" = C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm -- (THQ Canada Inc.)
"C:\Program Files\EA Games\Mercenaries 2 World in Flames\Mercenaries2.exe" = C:\Program Files\EA Games\Mercenaries 2 World in Flames\Mercenaries2.exe:*:Enabled:Mercenaries 2: World in Flames -- File not found
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- (Electronic Arts Inc.)
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\patchget.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe" = C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe -- ()
"C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Steam\SteamApps\common\plants vs zombies\PlantsVsZombies.exe" = C:\Program Files\Steam\SteamApps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants Vs Zombies -- ()
"C:\Program Files\Steam\SteamApps\umbereternus\team fortress 2\hl2.exe" = C:\Program Files\Steam\SteamApps\umbereternus\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Codemasters\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Codemasters\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- File not found
"C:\Program Files\Steam\SteamApps\common\overlord ii\Overlord2.exe" = C:\Program Files\Steam\SteamApps\common\overlord ii\Overlord2.exe:*:Enabled:Overlord II -- ()
"C:\Program Files\Steam\SteamApps\common\overlord ii\Config.exe" = C:\Program Files\Steam\SteamApps\common\overlord ii\Config.exe:*:Enabled:Overlord II -- ()
"C:\Program Files\Electronic Arts\BattleForge\Bootstrapper.exe" = C:\Program Files\Electronic Arts\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher -- (EA Phenomic)
"C:\Program Files\Electronic Arts\BattleForge\BattleForge.exe" = C:\Program Files\Electronic Arts\BattleForge\BattleForge.exe:*:Enabled:BattleForge™ -- (EA Phenomic)
"C:\Program Files\Steam\SteamApps\common\bookworm adventures volume 2\BookwormAdventuresVol2.exe" = C:\Program Files\Steam\SteamApps\common\bookworm adventures volume 2\BookwormAdventuresVol2.exe:*:Enabled:Bookworm Adventures Volume 2 -- (PopCap Games, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Cyanide\Blood Bowl\Autorun\Exe\Autorun.exe" = C:\Program Files\Cyanide\Blood Bowl\Autorun\Exe\Autorun.exe:*:Enabled:Blood Bowl - AutoRun -- ()
"C:\Program Files\Cyanide\Blood Bowl\BB.exe" = C:\Program Files\Cyanide\Blood Bowl\BB.exe:*:Enabled:Blood Bowl -- (Cyanide)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe" = C:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe:*:Enabled:Dragon Age Origins Character Creator -- (BioWare)
"C:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Character Creator Launcher -- (BioWare)
"C:\Program Files\Steam\SteamApps\common\command and conquer red alert 3 uprising\RA3EP1.exe" = C:\Program Files\Steam\SteamApps\common\command and conquer red alert 3 uprising\RA3EP1.exe:*:Enabled:Command and Conquer: Red Alert 3 - Uprising -- (Electronic Arts, Inc.)
"C:\Program Files\Steam\SteamApps\common\left 4 dead 2 demo\left4dead2.exe" = C:\Program Files\Steam\SteamApps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2 -- File not found
"C:\Program Files\Steam\SteamApps\common\dragon age origins\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Steam\SteamApps\common\dragon age origins\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #42 on: December 26, 2009, 01:11:33 PM »

"C:\Program Files\Steam\SteamApps\common\zuma's revenge\ZumasRevenge.exe" = C:\Program Files\Steam\SteamApps\common\zuma's revenge\ZumasRevenge.exe:*:Enabled:Zuma's Revenge! Demo -- (PopCap Games, Inc.)
"C:\Program Files\FantasyGrounds\FantasyGrounds.exe" = C:\Program Files\FantasyGrounds\FantasyGrounds.exe:*:Enabled:FantasyGrounds -- ()
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam 732897 -- (Valve Corporation)
"C:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files\Steam\SteamApps\common\dragon age origins\bin_ship\DAOrigins.exe" = C:\Program Files\Steam\SteamApps\common\dragon age origins\bin_ship\DAOrigins.exe:*:Enabled:Dragon Age: Origins -- (BioWare)
"C:\Program Files\Steam\SteamApps\common\dragon age origins\DAOriginsLauncher.exe" = C:\Program Files\Steam\SteamApps\common\dragon age origins\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins -- (BioWare)
"C:\Program Files\Steam\SteamApps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\SteamApps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35242997-4DA2-4DDF-9698-ED8219442B8F}" = Etherlords II
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{5435FF3C-48CF-4B34-85E1-2C95673EB254}" = Dawn of War - Soulstorm
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}" = PC Suite
"{784D1110-7A5D-4BE9-8AAA-CC70FA2D1CBA}" = WindSlayer
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #43 on: December 26, 2009, 01:12:20 PM »

"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = THE SETTLERS - Heritage of Kings (all products)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}" = Dungeon Siege 2 Broken World
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{ABC91C39-266D-4042-828E-4386E0F25218}" = Warhammer® Mark of Chaos™ - Battle March™ GOLD
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6829D65-F5C5-47F0-00BC-F5906EA94F4C}" = Tiger Woods PGA TOUR 07
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CDADEF3D-B6F8-4530-A074-168FCF364DA2}" = WindSlayer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CEA0BA90-DED4-169F-BA18-D9F57E43E6AD}" = Deal or No Deal
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Dragon Age: Origins Character Creator
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®:  Eberron Unlimited ™ v01.09.03.800
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX




"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Tools" = Advanced Tools
"Age of Wonders II" = Age of Wonders II
"AudioCS" = Creative Audio Console
"avast!" = avast! Antivirus
"Battle.net" = Battle.net
"BloodBowl_is1" = Blood Bowl 1.1.2.1
"Bookworm Adventures Vol. 2" = Bookworm Adventures Vol. 2
"BroadJump Client Foundation" = BroadJump Client Foundation
"Camera" = Digital Camera Manager
"Diablo" = Diablo
"Diablo II" = Diablo II
"Dragonica(EU)" = Dragonica(EU)
"Dungeon Keeper II" = Dungeon Keeper 2
"DungeonSiege2" = Dungeon Siege 2
"EADM" = EA Download Manager
"Fantasy Grounds" = Fantasy Grounds
"Feeding Frenzy Deluxe 5.7.18.1" = Feeding Frenzy Deluxe 5.7.18.1
"Fraps" = Fraps
"GameCenter" = GameCenter
"GPG4Win" = Gpg4win (2.0.1)
"Grand Chase" = Grand Chase
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"GunboundWC_is1" = GunboundWC
"HD Tune_is1" = HD Tune 2.55
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Launcher" = Outspark Launcher
"LogMeIn Hamachi" = LogMeIn Hamachi
"LUNA_US_090414" = LUNA Online v1.0.0
"Lunia" = Lunia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"mIRC" = mIRC
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"Nero - Burning Rom!UninstallKey" = Nero 6
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pangya" = Pangya (Ntreev USA)
"Peggle Deluxe 1.01" = Peggle Deluxe 1.01
"Pidgin" = Pidgin
"Plants vs. Zombies" = Plants vs. Zombies
"PopCap Browser Plugin" = PopCap Browser Plugin
"Puzzle Quest Galactrix1.00" = Puzzle Quest Galactrix

Markwest

  • Guest
Re: new worm?, avast doesn' know it
« Reply #44 on: December 26, 2009, 01:12:59 PM »

"Red Alert 2" = Command & Conquer Red Alert 2
"RoboType_is1" = RoboType (PC Magazine)
"SecondLife" = SecondLife (remove only)
"Secret of the Solstice" = Secret of the Solstice
"Shockwave" = Shockwave
"Steam App 12810" = Overlord II
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 17450" = Dragon Age: Origins
"Steam App 220" = Half-Life 2
"Steam App 23380" = Gyromancer
"Steam App 24800" = Command and Conquer: Red Alert 3 - Uprising
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3590" = Plants Vs Zombies
"Steam App 3622" = Zuma's Revenge! Demo
"Steam App 3630" = Bookworm Adventures Volume 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 41500" = Torchlight
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"Veoh Web Player Beta" = Veoh Web Player Beta
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinGrab 1.50_is1" = WinGrab 1.50.09
"WinLiveSuite_Wave3" = Windows Live Essentials
"WOLAPI" = Westwood Shared Internet Components
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Sparkplayer (Beta)" = Sparkplayer (Beta)
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 24/12/2009 23:53:14 | Computer Name = BEAST-3DDF91376 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
 , function 0000001F. 
 
Error - 25/12/2009 00:22:58 | Computer Name = BEAST-3DDF91376 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
 , function 0000001F. 




 
Error - 25/12/2009 09:24:45 | Computer Name = BEAST-3DDF91376 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
 , function 0000001F. 
 
Error - 25/12/2009 09:38:23 | Computer Name = BEAST-3DDF91376 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
 function 00000002. 
 
Error - 25/12/2009 09:57:04 | Computer Name = BEAST-3DDF91376 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753. 
 
Error - 25/12/2009 09:57:04 | Computer Name = BEAST-3DDF91376 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
 chestOpenList() failed: 2147422219. 
 
Error - 25/12/2009 09:57:16 | Computer Name = BEAST-3DDF91376 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
 !m_strErrorWnd.IsEmpty(). 
 
Error - 25/12/2009 22:01:44 | Computer Name = BEAST-3DDF91376 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
 , function 0000001F. 
 
Error - 26/12/2009 00:03:36 | Computer Name = BEAST-3DDF91376 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
 , function 0000001F. 
 
Error - 26/12/2009 05:05:09 | Computer Name = BEAST-3DDF91376 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
 , function 0000001F. 
 
[ Application Events ]
Error - 24/12/2009 20:43:48 | Computer Name = BEAST-3DDF91376 | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.2180, faulting module
 am30400.dll, version 4.72.0.30400, fault address 0x000014d3.
 
Error - 24/12/2009 20:51:47 | Computer Name = BEAST-3DDF91376 | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.2180, faulting
 module am30400.dll, version 4.72.0.30400, fault address 0x000014d3.
 
Error - 24/12/2009 20:51:47 | Computer Name = BEAST-3DDF91376 | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.2180, faulting module
 am30400.dll, version 4.72.0.30400, fault address 0x000014d3.
 
Error - 24/12/2009 20:52:06 | Computer Name = BEAST-3DDF91376 | Source = Application Error | ID = 1000
Description = Faulting application reader_sl.exe, version 8.0.0.0, faulting module
 am30400.dll, version 4.72.0.30400, fault address 0x000014d3.