Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unbootable computer

Started by Bismillah , Aug 12 2011 12:48 PM

  • Please log in to reply

#136
michaelg9
Posted 28 August 2011 - 09:45 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

I'd suggest that you disconnect this computer from the internet as it may be compromised

it keeps going to start then opening all programs..

What do you mean by this?

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\System32\lsass.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Repeat this for the following files:
c:\windows\System32\kernel32.dll
C:\Windows\System32\svchost.exe
C:\Windows\System32\winlogon.exe
C:\Windows\explorer.exe



Next:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

Advertisements

#137
Bismillah
Posted 28 August 2011 - 10:16 AM

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
The mouse is moving itself

earlier it clicked on the start button then went to all programs then stopped.
Its a wired mouse
When i tryed to move files to the tools folder it kept moving itself away from the file i wanted to move.
it sort of has a mind of its own
  • 0

#138
michaelg9
Posted 28 August 2011 - 10:17 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Can you try to disconnect from the internet and then see if it does that again?
Also follow the previous instructions

Edited by michaelg9, 28 August 2011 - 10:18 AM.

  • 0

#139
Bismillah
Posted 28 August 2011 - 10:22 AM

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
I havent disconnected from the internet but it isnt doing anything now.
Ill keep my eye on it
  • 0

#140
Bismillah
Posted 28 August 2011 - 10:40 AM

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
the server load on virscan was quite high so i did them on virustotal.

C:\Windows\System32\winlogon.exe
had 1/44

the rest was clean
while doing the scans my mouse started to move around to the corner of the screens.



would you like me to do them with virscan?

Edited by nortan360, 28 August 2011 - 10:40 AM.

  • 0

#141
michaelg9
Posted 28 August 2011 - 10:46 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
No, it's ok with virustotal. Please post the link for the winlogon scan
  • 0

#142
Bismillah
Posted 28 August 2011 - 10:47 AM

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Also disconnecting from the internet my mouses eradic behavour seems to stop.


http://www.virustota...4d7e-1314549269

Edited by nortan360, 28 August 2011 - 10:48 AM.

  • 0

#143
michaelg9
Posted 28 August 2011 - 11:00 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Ok, I'd suggest you stay disconnected until we find the cause, to prevent further infection and data stolen.
  • 0

#144
Bismillah
Posted 28 August 2011 - 11:01 AM

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Okay but i dont really have another computer i can use
(the GMER scan is still running)


My mouse decided to click on your profile then almost press report member! lol!

Edited by nortan360, 28 August 2011 - 11:03 AM.

  • 0

#145
Bismillah
Posted 28 August 2011 - 11:16 AM

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-28 18:16:10
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\LENOVO\AppData\Local\Temp\fwrirpob.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId 42
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@CrawlType 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@InProgress 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@DoneAddingCrawlSeeds 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@LogName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl43.gthr
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@CheckPoint 0xA6 0x01 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@IsCatalogLevel 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@LogStartAddId 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@SuccessfulTransactions 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@ErrorTransactions 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@WarningTransactions 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@ExcludedTransactions 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@RetryTransactions 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@KilobytesCrawled 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@Modified 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@UnvisitedItems 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43@ForcedFullCrawl 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\44@InProgress 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\44@DoneAddingCrawlSeeds 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\44@LogStartAddId -1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@CrawlNumberInProgress 43
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@CrawlNumberScheduled 44

---- Files - GMER 1.0.15 ----

File C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U70FTOJZ\page__st__135__gopid__2054544[1].txt 0 bytes
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\bmgrmode.dat 29 bytes
File C:\RRbackups\common\css.dat 12288 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 62952 bytes
File C:\RRbackups\common\rr_bcdenum.dat 1263 bytes
File C:\RRbackups\common\SAM 65536 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 20480 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 18720 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-500\8f71098770f72c7a67cd8f1151619865_2d523134-07d7-4b79-ba88-501f51b85683 54 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-500\a18ca4003deb042bbee7a40f15e1970b_2d523134-07d7-4b79-ba88-501f51b85683 54 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1853308285-865056411-922338472-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1853308285-865056411-922338472-500\fe37cbff-df92-472f-b191-4ced8be6282a 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1853308285-865056411-922338472-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\1e617109-803e-4be7-9818-0d7338a89cf9 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution\encobject.dat 14472 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution\enroll.ini 35 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution\hwkeys.dat 8496 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(14) 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(14)\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(14)\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(14)\encobject.dat 14472 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(14)\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(14)\hwkeys.dat 8496 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(14)\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(5) 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(5)\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(5)\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(5)\encobject.dat 14472 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(5)\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(5)\hwkeys.dat 8496 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Lenovo\Client Security Solution(5)\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-1000 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-1000\05f83bf89a3c3d4de6869c54e249f9c7_2d523134-07d7-4b79-ba88-501f51b85683 1315 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-1000\49ac1cf87687c5a4c794042acbff288e_2d523134-07d7-4b79-ba88-501f51b85683 2075 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-1000\533145ef011ddf5ca3983e2545a902b4_2d523134-07d7-4b79-ba88-501f51b85683 2075 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-1000\5c05a24649dce38756a5072a69bfe1ba_2d523134-07d7-4b79-ba88-501f51b85683 47 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-1000\6b29ae44e85efac3c72ff4d1865d73f1_2d523134-07d7-4b79-ba88-501f51b85683 53 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-1000\83aa4cc77f591dfc2374580bbd95f6ba_2d523134-07d7-4b79-ba88-501f51b85683 45 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-1000\8f71098770f72c7a67cd8f1151619865_2d523134-07d7-4b79-ba88-501f51b85683 54 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-1000\932a2db58c237abd381d22df4c63a04a_2d523134-07d7-4b79-ba88-501f51b85683 87 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-1000\dd508fb67e3df5d722d6ce98ff404371_2d523134-07d7-4b79-ba88-501f51b85683 63 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1853308285-865056411-922338472-1000\e52f73ea1e6d8fb5afd750e25de6c8fa_2d523134-07d7-4b79-ba88-501f51b85683 46 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Protect\S-1-5-21-1853308285-865056411-922338472-1000 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Protect\S-1-5-21-1853308285-865056411-922338472-1000\1490f83c-0c8e-4046-8207-939e9c0c08c1 388 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Protect\S-1-5-21-1853308285-865056411-922338472-1000\16b474d0-4175-4098-9186-e14f9b220ac9 388 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Protect\S-1-5-21-1853308285-865056411-922338472-1000\7351c796-01b6-4a6a-861a-8973e570a9e3 388 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Protect\S-1-5-21-1853308285-865056411-922338472-1000\c4872cba-8e5f-4011-8951-a36317076028 388 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Protect\S-1-5-21-1853308285-865056411-922338472-1000\d4092147-25f3-4fb0-9fc9-694af0131118 388 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\Protect\S-1-5-21-1853308285-865056411-922338472-1000\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\B5B564F3C8BDDECB5A946FE8CF6238F60E393EF7 765 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\SystemCertificates\My\Keys 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\1F4080DD5833493C6B17AE6D2DF35D8944C90E7C 232 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\SystemCertificates\Request 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\SystemCertificates\Request\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\SystemCertificates\Request\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LENOVO\AppData\Roaming\Microsoft\SystemCertificates\Request\CTLs 0 bytes
File C:\RRbackups\ProgramData 0 bytes
File C:\RRbackups\ProgramData\Lenovo 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\encobject.dat 1608 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\hwkeys.dat 4248 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\symkeys.dat 656 bytes
File C:\RRbackups\ProgramData\Microsoft 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6875d4e3c8f999d292d070098991a633_2d523134-07d7-4b79-ba88-501f51b85683 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8e8cc906274dcf3385685a09d6769bc4_2d523134-07d7-4b79-ba88-501f51b85683 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d013304477f3689e5815d4051f89c4af_2d523134-07d7-4b79-ba88-501f51b85683 1307 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_2d523134-07d7-4b79-ba88-501f51b85683 52 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_2d523134-07d7-4b79-ba88-501f51b85683 47 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_2d523134-07d7-4b79-ba88-501f51b85683 54 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_2d523134-07d7-4b79-ba88-501f51b85683 893 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\dd508fb67e3df5d722d6ce98ff404371_2d523134-07d7-4b79-ba88-501f51b85683 63 bytes

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

#146
michaelg9
Posted 28 August 2011 - 12:28 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
If that's the only computer available and you can't use another one that will have internet access, you can disconnect it and connect it only when you need to download something and then disconnect it again

Are you playing any games on that computer? This service may not be 100% legit:

[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"



Next:

Run OTL, click the None button.
Under Extra Registry select use safelist
Click Run Scan--->not Quick Scan
Post the log here.

If OTL freezes, do this instead:
Download TCPview to the tools folder
Extract it and then run it. Leave it there some time for things to go in their place
Go to File > Save as...
Save the log at the Desktop and post it here
  • 0

#147
Bismillah
Posted 28 August 2011 - 04:22 PM

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
The only game i play is Minecraft.
I also have 2 steam games which i never play.


I need to be on this computer so that i can post replies to my malware practice logs on the site im training on.

Edited by nortan360, 28 August 2011 - 04:26 PM.

  • 0

#148
Bismillah
Posted 28 August 2011 - 04:26 PM

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
OTL Extras logfile created on: 28/08/2011 23:25:24 - Run 7
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\LENOVO\Desktop\Tools
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.90 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 21.17% Memory free
4.03 Gb Paging File | 2.26 Gb Available in Paging File | 56.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126.10 Gb Total Space | 34.91 Gb Free Space | 27.68% Space Free | Partition Type: NTFS
Drive Q: | 21.49 Gb Total Space | 15.98 Gb Free Space | 74.38% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.07% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: LENOVO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E10263-1297-476B-89D7-C521B6E1A740}" = lport=137 | protocol=17 | dir=in | app=system |
"{21B2EBC2-F171-4D18-B257-D6720AC44DDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{256C6FEB-BCB9-4D33-ACE6-66CC7FB626A0}" = lport=445 | protocol=6 | dir=in | app=system |
"{27471830-068F-4C4D-B901-F470888D3B74}" = lport=139 | protocol=6 | dir=in | app=system |
"{2C5C9D1A-86A2-46FE-A3FA-325081CCC58D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2E6DBF92-F6C9-46B8-AF59-BC7726FD0D6F}" = lport=43594 | protocol=6 | dir=in | name=swscape.no-ip.org |
"{30E59034-2DE5-4281-A5CF-4831E4A9699E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{39044C18-86E1-47AC-89EF-2C84268288BA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{391BED42-08C5-4A36-81B5-D6818C894AF9}" = rport=137 | protocol=17 | dir=out | app=system |
"{5178A66A-052E-4A03-9483-869EDEA93A31}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{5BE10410-0B86-4364-AB4B-198BAAE4E90D}" = lport=57575 | protocol=6 | dir=in | name=pando media booster |
"{5E7BD38E-CAFC-482F-AA4A-EE40858E3134}" = rport=445 | protocol=6 | dir=out | app=system |
"{610EDFA8-BAEF-4C03-B365-0A95B8AE175C}" = lport=57575 | protocol=6 | dir=in | name=pando media booster |
"{6567C1D5-BDBB-4274-9489-BEC38B0738AB}" = lport=138 | protocol=17 | dir=in | app=system |
"{6AC879D9-0EA8-420C-BF19-2473DAD547FB}" = lport=57575 | protocol=17 | dir=in | name=pando media booster |
"{6E027DEC-50D5-44C4-B0CF-FB016F837FED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{74E84433-5E7F-49EC-8DCE-8E80A804A557}" = lport=49587 | protocol=6 | dir=in | name=akamai netsession interface |
"{75A3A323-66CB-4987-8294-A66DDF9BACAE}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{78EA951D-7435-4E13-A77A-F964DCBA7DEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78EA9EF5-A00F-43DB-82E9-ED294D0ED3DB}" = lport=57575 | protocol=17 | dir=in | name=pando media booster |
"{7C7DDD45-898C-48CA-8553-389EB5651CC1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{922341DD-F548-4DFA-81DE-970591797FC7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{94E5822F-651E-425A-8790-86C464EFFA26}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{96871178-11DA-4D99-BED8-5B8908D7E0B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A0F80BC9-C947-4E78-BB0D-9BF55BAD7489}" = rport=138 | protocol=17 | dir=out | app=system |
"{A8825AFA-ABAE-45AA-9612-3908A818EDA3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B1588921-2E17-42B9-B725-11891B976243}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{B3FC28EB-35A3-4E71-9280-E7B225D47071}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B45E266D-2B08-45BE-A06C-7124BF5F697F}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{BDF0DFDC-FB14-4B76-9BC9-11479FD3491D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BEA188E9-8C3B-4B56-9459-DF040634104A}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{D58E1362-AFBF-4106-B60D-46CA090C4C77}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{F5B9B7DC-5F7D-423F-8B82-DE56BF959CB5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC614984-22A5-4723-9C36-1CAFCF1D459A}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0700133B-52A5-41EF-A3FB-BFAF846DB06B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0AFEBF64-0694-41A5-8DCD-DFCD0FCC2C31}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0CE5AE70-FC18-4688-B27D-2E831AA4CEB5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{19387BF8-4743-42FE-9E67-A6419385BBEB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{276CB0FD-E689-45AD-A2B1-9DEA2B28451D}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{2A77DFFA-B23B-4E4F-8933-105BC90D5CF3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2C62E312-1007-43E1-9A5B-4D7F64CDCFFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{343FB819-FC15-4E93-8913-71A6A61E5401}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{361D34D6-AF6C-4060-9D3F-C470116A0E51}" = protocol=17 | dir=in | app=c:\users\lenovo\appdata\local\microsoft\windows\temporary internet files\content.ie5\ivoqulte\setup-msgplus-501[1].exe |
"{450B69F6-2926-4535-B704-0B4D820DC7A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5136DA43-4FA9-4E8A-9B78-5CF66B47741F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{5EBE6BB3-5385-45C4-9751-BE4DB3ED41CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{60D22485-9E3D-4B74-BAA7-C32894C46F29}" = protocol=6 | dir=in | app=c:\users\lenovo\appdata\local\microsoft\windows\temporary internet files\content.ie5\ivoqulte\setup-msgplus-501[1].exe |
"{61FAC299-C882-4C2C-958E-B68C0B641AA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62930958-F20C-4DD0-844D-4BEA9EA35E74}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6BAA21AA-C6CE-4EEB-8F1C-4691DA313C88}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{77552DD5-8E79-4653-95F7-9E26A27A50BA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{777D462F-596A-4F82-BEFA-A98B5D01ECB1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{7EE48DAB-15E7-480D-A88E-10686E40C271}" = protocol=58 | dir=in | [email protected],-28545 |
"{86DD0301-BC92-469D-891D-6E88E219442E}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{86E63D18-EC78-48B5-BA23-48DD14A696A3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{885D8DF0-6205-4374-B7BC-DEACA8F2A9A1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\europa universalis iii - complete\eu3game.exe |
"{8F22B356-646D-4E75-85F0-C6FA62E18A46}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{8FBC55EE-A1D5-40FB-AC09-F5FB61B4A06D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{9A8E0563-416F-4A65-8D37-CD399D8CBE90}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9DA5508F-2847-45EC-BC4B-C5280FB30F73}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A08FD582-C997-43CD-9E28-3734576C6040}" = protocol=58 | dir=out | [email protected],-28546 |
"{AE96CC19-D182-4B36-B3CA-44FE3FE1350B}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{BDE10E61-1428-4596-89A5-CB9D0013435A}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{C6B7B682-B84A-4B0B-9A12-830C69323528}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{D0F1A529-842E-4F2A-8574-BDCBD20131A3}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{D456DFAF-EFDF-4D40-8C84-B1EFBDEE85FC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{DA201C3C-6069-4AD5-84D1-481CF9B7D5DD}" = protocol=1 | dir=in | [email protected],-28543 |
"{DAD4E975-4BF0-4529-A370-86E15A49EA83}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E4850002-D08B-4487-9722-A8274FCC8844}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{E6325377-EF7F-4B2B-A538-4777E9BB9293}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{E7A69F0A-86BC-406E-B399-8798CA1DBB07}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E7FDD2AF-C0DE-4F47-A68F-942BE083A37D}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{EBAA3DBF-69AD-4146-9011-CB40CBFDD317}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F03D91A1-BC1B-4E59-A19E-B45D1B7AF677}" = protocol=1 | dir=out | [email protected],-28544 |
"{F2C0CA97-8CA4-4C90-A45B-20FF8630E4E6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\europa universalis iii - complete\eu3game.exe |
"{F5FE53DD-BF66-4C6F-800D-4E57EEDB6B73}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F73950FE-E876-44F3-BBF1-19B06098C83E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FE37C394-7151-4949-873B-E098CB8F6760}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"TCP Query User{05DC791A-284C-461E-B26B-7A2D87C074DB}C:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe |
"TCP Query User{1F041277-8F02-4368-BAFF-9B1022BD0649}C:\program files\spacialaudio\sambc\sambc.exe" = protocol=6 | dir=in | app=c:\program files\spacialaudio\sambc\sambc.exe |
"TCP Query User{244D5EF7-68CC-42B8-8526-49674288680D}C:\users\lenovo\desktop\triburileserver\www.howcandothis.com\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\triburileserver\www.howcandothis.com\apache\bin\apache.exe |
"TCP Query User{295E2B8D-08A0-4225-BC37-6643DF5B52BA}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{3D2B2BDB-B749-4581-9F10-51E8D58CFD30}C:\program files\net tools\fastftpclient.exe" = protocol=6 | dir=in | app=c:\program files\net tools\fastftpclient.exe |
"TCP Query User{49153710-D820-4118-8A4C-66B3237D15A6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{5CCAA8F4-E289-4966-A690-63ABA8A46D8D}C:\users\lenovo\desktop\triburileserver\www.howcandothis.com\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\triburileserver\www.howcandothis.com\mysql\bin\mysqld.exe |
"TCP Query User{5F7C276E-2767-4D6A-9215-ECE7CE812B78}C:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe |
"TCP Query User{71EE5921-2C48-44AB-AC63-AA2DA669286A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{7DDBAB78-B9B1-4D03-9239-0CC914E980FC}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{82856A8F-7D76-4947-9B40-203A77B2AAF0}C:\program files\net tools\nettools5.exe" = protocol=6 | dir=in | app=c:\program files\net tools\nettools5.exe |
"TCP Query User{93C7E2EB-1465-4B72-ACC6-D1F24AA6D48B}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{96E86FF6-61E0-4023-9632-6081F9D32835}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A54694BB-93A5-4F1D-BD24-F26831E443FA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B613B745-A8D3-47B9-9C99-CECF7752E994}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{BA8983E9-E7C0-4A3C-B62F-4076D3C950A4}C:\users\lenovo\desktop\twlan\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\twlan\apache\bin\httpd.exe |
"TCP Query User{BB522F65-C585-4A93-A733-0269B718270B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{C3BE0646-BCC7-4150-9346-928A46CE1F5F}C:\users\lenovo\desktop\twlan\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\twlan\mysql\bin\mysqld.exe |
"TCP Query User{C63E77A8-792A-460A-96CD-5A4C8897494F}C:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.exe |
"TCP Query User{C95D235D-9B0F-45D5-8ADA-1ED0D4472000}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{D47B7EE5-3934-4CD4-B658-BFD79DF79107}C:\users\lenovo\desktop\habluxrp beta rel 2\hablux rp beta rel 2.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\habluxrp beta rel 2\hablux rp beta rel 2.exe |
"TCP Query User{D680B5CD-CCE5-43F9-B0BA-EDF4601A681D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DA5FC8AB-9010-4B65-BE0B-DE16EEF93648}C:\users\lenovo\desktop\bloodline v3 se\bloodline v3 se.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\bloodline v3 se\bloodline v3 se.exe |
"TCP Query User{F26B82D2-F736-4A06-A803-563D789CF147}C:\users\lenovo\desktop\mess-mania v8.0\mess-mania v8.0.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\mess-mania v8.0\mess-mania v8.0.exe |
"TCP Query User{F48F1DA2-9E9F-4C9B-8678-EF37B3691DB1}C:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.vshost.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.vshost.exe |
"UDP Query User{03BC286A-0BE9-433B-AC95-D757024857FF}C:\users\lenovo\desktop\twlan\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\twlan\apache\bin\httpd.exe |
"UDP Query User{17533472-8C8E-4F57-A3E5-1E805E4BA19A}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{178E74C9-F5D9-493E-A3D0-FC5C03DC15A3}C:\program files\spacialaudio\sambc\sambc.exe" = protocol=17 | dir=in | app=c:\program files\spacialaudio\sambc\sambc.exe |
"UDP Query User{25C3BC54-D76C-4F44-9E06-5EBABAF05A35}C:\users\lenovo\desktop\habluxrp beta rel 2\hablux rp beta rel 2.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\habluxrp beta rel 2\hablux rp beta rel 2.exe |
"UDP Query User{39890D84-666C-4A1D-970B-7A1DB9B1CC2C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{398AE55C-1ED7-4304-8EF3-6BA804F5278E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3DA1A22B-D765-4CEF-9FFE-D1DC8C99D27F}C:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.vshost.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.vshost.exe |
"UDP Query User{4315B022-70F5-49A0-91AB-8B0A561DC96B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{45626900-5098-45E3-8D64-F7D38DBA9929}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{4F4B0964-4C6C-480D-BAA6-767DE3785D7D}C:\users\lenovo\desktop\bloodline v3 se\bloodline v3 se.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\bloodline v3 se\bloodline v3 se.exe |
"UDP Query User{52D775C1-3CCD-412E-8760-DFF48F5FF2A8}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{583EA1C6-18F4-418C-8AC8-8E6AE0026676}C:\users\lenovo\desktop\triburileserver\www.howcandothis.com\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\triburileserver\www.howcandothis.com\apache\bin\apache.exe |
"UDP Query User{5B1C0578-2275-4439-9547-883D0ABF364D}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{5B6A4D74-A91E-4900-9AFF-3E08CFB8786C}C:\users\lenovo\desktop\twlan\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\twlan\mysql\bin\mysqld.exe |
"UDP Query User{695B1699-A248-4B33-B42F-419C1D24EFBF}C:\users\lenovo\desktop\triburileserver\www.howcandothis.com\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\triburileserver\www.howcandothis.com\mysql\bin\mysqld.exe |
"UDP Query User{6BCBD31F-C862-4E8B-8F0C-B9FD84ABA091}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{7856B75F-EEDD-4B63-9BE9-00BE244C8D10}C:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe |
"UDP Query User{7BB7B439-B39C-4729-8806-A9DCEA74B427}C:\program files\net tools\fastftpclient.exe" = protocol=17 | dir=in | app=c:\program files\net tools\fastftpclient.exe |
"UDP Query User{934B7859-65E9-4034-AA5C-44E22C737364}C:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe |
"UDP Query User{9A562150-3F1F-4835-8B78-36ACCDEF7EB6}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{9D25BD1A-F0EC-4A97-AAE0-47FB653FA394}C:\program files\net tools\nettools5.exe" = protocol=17 | dir=in | app=c:\program files\net tools\nettools5.exe |
"UDP Query User{AEA50C1C-4393-4205-8B09-39BCC26F8C8E}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{BDA8AE89-E8F3-450F-91AB-9A7074923B9C}C:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.exe |
"UDP Query User{D247616E-241D-4894-A324-0E904BA2CFBB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F157B8A8-6B39-447F-A253-EDECE4F0E195}C:\users\lenovo\desktop\mess-mania v8.0\mess-mania v8.0.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\mess-mania v8.0\mess-mania v8.0.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052E244C-3674-8907-D9C3-092C89521B94}" = Catalyst Control Center Localization Korean
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{09A84D86-C709-4825-9548-ACF4838D478D}" = Intel® PROSet/Wireless WiFi Software
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0C7DE40E-7C89-4AFB-B744-846F1B582B71}" = SBITS
"{10F90FAD-6627-7113-86AE-C243C74F0DEF}" = CCC Help German
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{1433371A-F983-9562-3947-92420A72849D}" = Catalyst Control Center Graphics Previews Vista
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22266E88-29AF-8D27-F85F-DD75D76E4AE2}" = Catalyst Control Center Localization German
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23146B80-2B64-023D-0696-A753E5C45FB4}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160000}" = Java™ SE Development Kit 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java™ SE Development Kit 6 Update 23
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{3752F72E-A481-41C7-256B-C20D7BFBE3BC}" = CCC Help English
"{3A02BF10-88B9-4D61-9439-A67C9DE7D4BC}" = RS2Bot
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}" = Lenovo Hard Drive Quick Test
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{433894BE-54BF-CC72-2147-14EA837ADC87}" = CCC Help Portuguese
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{52F58309-1687-0C82-699A-27D9029B9429}" = CCC Help Spanish
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 5.2.5
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ADC5DFC-24AA-D4E1-478A-5CD6337F8051}" = Catalyst Control Center Localization Italian
"{6B00B854-F04B-5C6A-63C5-21B9EF8CE3CF}" = CCC Help French
"{6F206B58-E2F7-4A70-ACAC-8E0ABFBC62F6}" = MySQL Connector/ODBC 5.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{771C80E2-7A02-D773-96C3-155F217CD02A}" = CCC Help Japanese
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B647582-EE62-8275-9D76-15692741C585}" = Catalyst Control Center Localization Chinese Traditional
"{7B64FC21-1526-4471-9F37-A81B55D1202D}" = SmartFTP Client
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{821456F8-EB18-41A8-DED5-695096B7D9D6}" = Catalyst Control Center Localization Chinese Standard
"{8220C00D-CBA1-AB41-1A66-7B99FAEF65F9}" = ATI Catalyst Install Manager
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACB5112-A58B-7283-B771-6271A0D9471D}" = Catalyst Control Center Core Implementation
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EBBED54-C2D0-928A-7CA9-D28FAD39C4B6}" = CCC Help Korean
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94B1AD86-8764-8853-F4BB-7F92D5E94AA3}" = Catalyst Control Center Graphics Full New
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B14495A-E66F-3D68-3B03-D40A6862D6D7}" = ccc-utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding
"{A1928ACA-FAB4-4122-86F2-E7C7949EE22E}" = TortoiseSVN 1.6.15.21042 (32 bit)
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A7EE37A9-367B-651F-9F4A-0BDE35D7417F}" = CCC Help Chinese Standard
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{ABC6E084-55EA-5860-4654-B21FFE886B1B}" = PX Profile Update
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE2832A3-8108-F2BF-7086-BE66D29106E7}" = Catalyst Control Center Graphics Light
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA0B7C1F-5315-50C4-1EE9-FFA688A28C74}" = Catalyst Control Center Localization Spanish
"{BAAC402D-86A7-3918-4A24-7C8E83AE1756}" = CCC Help Swedish
"{BBDD2E21-F74F-FE49-956D-13FB1999DC28}" = CCC Help Italian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF1ECD50-5A11-B18B-4AA0-20E41E7C20F7}" = Catalyst Control Center Localization Japanese
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C710E77E-6AC2-608B-214C-CEF6B9CDBA6E}" = Catalyst Control Center InstallProxy
"{C7EE261A-06E9-402D-B504-9967F8FC6F0C}" = Mobile Broadband Connect
"{C912EFA0-0076-11d5-B04A-BD6C80DF2479}" = IconChanger
"{C945C17F-2E78-4511-ABB6-EF637D2EE8FB}" = Skins
"{CCCF9048-DAFD-F1F5-B860-9B5C32FBD2D6}" = Catalyst Control Center Localization Portuguese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103AD9D-4DA4-48D5-A583-BCF3402A62C1}" = Blockyard
"{D22E6706-136E-4810-AF2E-359AE30A7323}" = ThinkVantage Status Gadget
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E2ACDD92-7A9F-FCE8-2452-8A660792038E}" = CCC Help Chinese Traditional
"{E4CB66D5-C29E-9612-5E32-6807E91A82CD}" = Catalyst Control Center Localization Swedish
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EA5AB32C-970E-D7C4-C896-1C927FB3E384}" = Catalyst Control Center Localization Dutch
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F9230D65-8EED-B6DD-F9FB-8AEFDE06579C}" = Catalyst Control Center Localization French
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FAA034EC-DB6A-A753-5DCE-DD7D75EDEA8E}" = ccc-core-static
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF878914-1DDC-44E2-92F6-69DE291DDCA7}" = CCC Help Dutch
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
"25A4FC9EFE7A8860FCF6F86FFABDD9334A2619E3" = Windows Driver Package - Intel (e1yexpress) Net (08/22/2008 9.52.10.1001)
"3EB6CB625B5778835F0A66A7529E69050E0EE033" = Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"ATI Uninstaller" = ATI Uninstaller
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"DMX5_is1" = DriverMax 5
"DSXploder" = NDS Xploder Gamesaves
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"EC1E678D1EFB79A1D02C312390944027C715CD5C" = Windows Driver Package - Intel (iaStor) hdc (02/11/2009 8.8.0.1009)
"EditPad Lite" = Just Great Software EditPad Lite 6.7.1
"EpicBot" = EpicBot
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"FileHippo.com" = FileHippo.com Update Checker
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"HECI" = Intel® Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MySQL Connector/Net_is1" = MySQL Connector/Net 5.0.8
"NoIPDUC" = No-IP DUC
"OnScreenDisplay" = On Screen Display
"OpenAL" = OpenAL
"PC-Doctor for Windows" = Lenovo System Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"RealPlayer 12.0" = RealPlayer
"SAM3" = SAM Broadcaster v4
"SaveVid Plug-in" = SaveVid Plug-in
"Shockwave" = Shockwave
"ShortKeys Lite" = ShortKeys Lite
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Speccy" = Speccy
"Steam App 25800" = Europa Universalis III
"Steam App 3910" = Sid Meier's Civilization III: Complete
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"The Hat_is1" = The Hat 2.3
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZD Soft Screen Recorder" = ZD Soft Screen Recorder 4.1.3.0
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for LENOVO
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Wurm Online 2.7.5g" = Wurm Online 2.7.5g

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#149
michaelg9
Posted 29 August 2011 - 04:43 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Next:


Download TCPview to the tools folder
Extract it and then run it. Leave it there some time for things to go in their place
Go to File > Save as...
Save the log at the Desktop and post it here

Next:

  • Type firewall.cpl in Start, Run dialog.
  • Click the Advanced tab.
  • Click the Restore Defaults button.
  • Click Yes to continue when you see this dialog


Next:

Download OTS to tools folder
  • Boot into safe mode and run OTS
  • Under Additional Scans select all, except these:

    Reg - App Paths
    Reg - Desktop Components
    Reg - Security Center Settings
    Reg - Session Manager Settings
    Reg - Uninstall List

  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

Edited by michaelg9, 29 August 2011 - 04:54 AM.

  • 0

#150
Bismillah
Posted 29 August 2011 - 12:28 PM

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Okay before i run the above the 'issue' has stepped up the offense. i get on to my computer after being on first aid duty today.
CCC.exe is corrupt it pops up saying this.
I cant get on ie or on chrome so i try safe mode with networking that didnt load it just froze.
So i used the last known good configuration


Internet is going incredibly slow.

Edited by nortan360, 29 August 2011 - 12:29 PM.

  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP