Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another panicked needs help (pleaes help!)


  • This topic is locked This topic is locked
7 replies to this topic

#1 VenomFaiz03

VenomFaiz03

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 20 April 2011 - 08:46 AM

so, I have some virus which keeps coming up as "ikd.exe" in the task manager. No matter how many times i put it down it keeps coming back.
I've managed to at least get passed it's internet-barring behaviors, but I can't seem to kill it. I got HijackThis! and did what I could to run it. It suggests I bring the log to "knowledgable folks" I'm hoping that's where someone here comes in?

Edited by VenomFaiz03, 20 April 2011 - 09:34 AM.


BC AdBot (Login to Remove)

 


#2 VenomFaiz03

VenomFaiz03
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 20 April 2011 - 08:51 AM

Additionally, I have no idea what happened up there in the title. I guess I meant to say "another panicked guy needs help" but like... the whole thing looks awful. Blech. I promise I'm more literate than that -_-

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.

If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.


Edited by Budapest, 21 April 2011 - 03:23 PM.


#3 VenomFaiz03

VenomFaiz03
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 20 April 2011 - 10:02 PM

For reference, I've managed to get a hold of the DDS report, but the GMER is taking forever. I've been running it since this morning, but it's still working on searching every last file.

In that case just skip the GMER log.


Edited by Budapest, 21 April 2011 - 03:24 PM.


#4 VenomFaiz03

VenomFaiz03
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 20 April 2011 - 10:26 PM

Alright, here ya go. I'll be pasting the DDS and the partially complete GMER log. Should I also paste the Attach text document that came with the DDS?

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Villians at 17:11:28.79 on Wed 04/20/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1272 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Villians\Local Settings\Temporary Internet Files\Content.IE5\57EMTEBC\HijackThis[1].exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Villians\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.computers.us.fujitsu.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 FJVBCtrl;FJVBCtrl;c:\program files\fujitsu\fujitsu hotkey utility\FJVBCtrl.sys [2006-8-30 5760]
R2 FlashDrv;FlashDrv;c:\progra~1\fujitsu\flashaid\FlashDrv.sys [2006-8-30 7196]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2006-8-29 4864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2011-04-20 12:21:23 184320 --sha-w- c:\windows\system32\65d3j.dll
2011-04-20 12:21:22 503808 --sha-w- c:\docume~1\villians\locals~1\applic~1\ikd.exe
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 17:12:03.48 ===============


and now the GMER (incomplete)

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-20 20:23:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: gmer.exe; Driver: C:\DOCUME~1\Villians\LOCALS~1\Temp\ufrdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Villians\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Softex\OmniPass\scureapp.exe[1304] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 6 Bytes PUSH 0515AF67; RET
.text C:\Program Files\Softex\OmniPass\scureapp.exe[1304] ntdll.dll!NtSuspendThread 7C90DE3E 6 Bytes PUSH 0515AF34; RET
.text C:\Program Files\Softex\OmniPass\scureapp.exe[1304] kernel32.dll!CreateProcessInternalW + 1 7C8197B1 5 Bytes [F3, AF, 15, 05, C3]
.text C:\Program Files\Opera\Opera.exe[1664] ntdll.dll!NtSuspendThread 7C90DE3E 6 Bytes PUSH 0803AF34; RET
.text C:\Program Files\Opera\Opera.exe[1664] kernel32.dll!CreateProcessInternalW + 1 7C8197B1 5 Bytes [F3, AF, 03, 08, C3] {REP SCASD ; ADD ECX, [EAX]; RET }
.text C:\WINDOWS\Explorer.EXE[4976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 4 Bytes [68, 67, AF, F5]
.text C:\WINDOWS\Explorer.EXE[4976] ntdll.dll!NtProtectVirtualMemory + 5 7C90D6F3 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[4976] ntdll.dll!NtSuspendThread 7C90DE3E 4 Bytes [68, 34, AF, F5]
.text C:\WINDOWS\Explorer.EXE[4976] ntdll.dll!NtSuspendThread + 5 7C90DE43 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[4976] kernel32.dll!CreateProcessInternalW + 1 7C8197B1 3 Bytes [F3, AF, F5] {REP SCASD ; CMC }
.text C:\WINDOWS\Explorer.EXE[4976] kernel32.dll!CreateProcessInternalW + 5 7C8197B5 1 Byte [C3]


thanks for the attention, Budapest.

Yes please paste the Attach file.


Edited by Budapest, 21 April 2011 - 03:25 PM.


#5 VenomFaiz03

VenomFaiz03
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 20 April 2011 - 10:34 PM

Ah, sorry, I didn't finish reading the guide. So here's a description of the problem and I'll attach the Attach.txt to this post.

The problem is, the virus is trying its damnedest to keep me from using either Opera or InternetExplorer by presenting me a false "You're computer may be infected" warning that tries to behave in a windows XP security manner. the options it gives are "Register now!" or "proceed unprotected (dangerous!)" but the proceed unprotected button yields no results. Attempting to open IE or Opera by alternate means has a similar warning in all tabs and websites, this time with the options "Register now!" "proceed unprotected" and "scan my computer now!" or something to that effect. Additionally, trying to download anything (except when I manage to trick the virus) closes the download and opens the " you may be infected" warning again. ugh... So troublesome...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/13/2010 11:17:40 PM
System Uptime: 4/19/2011 8:08:39 PM (21 hours ago)
.
Motherboard: FUJITSU | | FJNB1C3
Processor: Intel® Core™2 CPU T5600 @ 1.83GHz | Onboard | 1828/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 185 GiB total, 76.335 GiB free.
D: is FIXED (NTFS) - 1 GiB total, 1.273 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP103: 1/25/2011 9:59:32 PM - System Checkpoint
RP104: 1/26/2011 12:48:06 AM - Installed DirectX
RP105: 1/29/2011 7:19:32 PM - System Checkpoint
RP106: 1/31/2011 1:57:39 AM - System Checkpoint
RP107: 2/2/2011 2:36:01 AM - Removed Opera 11.00.
RP108: 2/3/2011 8:02:36 AM - Removed WinZip 15.0
RP109: 2/3/2011 8:04:44 AM - Installed WinZip 15.0
RP110: 2/4/2011 3:09:05 AM - Software Distribution Service 3.0
RP111: 2/5/2011 10:32:37 PM - System Checkpoint
RP112: 2/6/2011 11:41:44 PM - System Checkpoint
RP113: 2/10/2011 12:30:25 AM - System Checkpoint
RP114: 2/11/2011 3:00:16 AM - Software Distribution Service 3.0
RP115: 2/16/2011 12:18:06 AM - System Checkpoint
RP116: 2/17/2011 1:44:55 AM - System Checkpoint
RP117: 2/19/2011 11:34:17 AM - System Checkpoint
RP118: 2/23/2011 1:25:30 AM - System Checkpoint
RP119: 2/28/2011 4:12:17 AM - System Checkpoint
RP120: 3/1/2011 5:51:34 PM - System Checkpoint
RP121: 3/7/2011 8:13:28 AM - System Checkpoint
RP122: 3/9/2011 1:26:23 PM - Software Distribution Service 3.0
RP123: 3/10/2011 3:00:14 AM - Software Distribution Service 3.0
RP124: 3/12/2011 4:07:21 AM - System Checkpoint
RP125: 3/14/2011 3:54:42 AM - System Checkpoint
RP126: 3/16/2011 12:08:55 AM - System Checkpoint
RP127: 3/16/2011 4:45:21 AM - Software Distribution Service 3.0
RP128: 3/19/2011 12:09:30 PM - System Checkpoint
RP129: 3/22/2011 1:02:28 AM - System Checkpoint
RP130: 3/23/2011 7:48:55 PM - Software Distribution Service 3.0
RP131: 3/24/2011 3:29:16 AM - Software Distribution Service 3.0
RP132: 3/27/2011 8:02:26 PM - System Checkpoint
RP133: 4/2/2011 3:10:03 PM - System Checkpoint
RP134: 4/4/2011 4:46:19 AM - System Checkpoint
RP135: 4/6/2011 7:14:52 PM - System Checkpoint
RP136: 4/9/2011 3:31:20 AM - System Checkpoint
RP137: 4/13/2011 11:32:45 PM - System Checkpoint
RP138: 4/15/2011 3:18:07 AM - Software Distribution Service 3.0
RP139: 4/16/2011 3:00:15 AM - Software Distribution Service 3.0
RP140: 4/19/2011 1:54:53 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Agere Systems HDA Modem
AIM 7
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
Bandisoft MPEG-1 Decoder
BarSim 1.5.3
Bing Bar
Bonjour
CamStudio
Champions Online
CL-Eye Driver
Download Updater (AOL LLC)
Drumaxx
EVE Online (remove only)
Fingerprint Sensor Minimum Install
FL Studio 9
FlashAid
Fujitsu Display Manager
Fujitsu Driver Update
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
Furcadia
Google Desktop
Google Toolbar for Internet Explorer
Guild Wars
Hardcore
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IL Download Manager
Intel® PROSet/Wireless Software
Intense RO Full v5
iTunes
Java™ 6 Update 21
LifeBook Application Panel
MapleStory
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft WinUsb 2.0
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
MySpaceIM
mZConfig
Nexon Game Manager
OmniPass
Opera 11.10
Pando Media Booster
Picasa 2
PoiZone
PopTag!
Portal
Portal 2
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Sakura
Sawer
SecondLifeViewer2 (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 5.1
Steam
System Requirements Lab CYRI
TalesWeaver 1.07
Team Fortress 2
Toxic Biohazard
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Ventrilo Client
Vindictus
VLC media player 1.0.5
WebFldrs XP
Wind and Water: Puzzle Battles
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB887626 for more information]
Windows PowerShell™ 1.0
Windows XP Service Pack 3
WinZip 15.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/20/2011 5:48:28 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
4/20/2011 5:48:25 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/20/2011 5:47:02 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
4/19/2011 1:35:38 AM, error: Dhcp [1002] - The IP address lease 192.168.1.111 for the Network Card with network address 001B77286946 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/18/2011 12:04:52 AM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001B77286946 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/15/2011 3:01:50 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001B77286946. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================

Edited by VenomFaiz03, 20 April 2011 - 10:35 PM.


#6 VenomFaiz03

VenomFaiz03
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 21 April 2011 - 02:28 PM

As a side note, if the process is force-closed using task manager, it will always restart when given a certain trigger, like InternetExplorer or Opera startup or trying to install AVG free. Otherwise, once force-closed, it kinda stays out of the way and doesn't display any tooltips like it normally does.

EDIT: Posts merged ~Budapest

Edited by Budapest, 21 April 2011 - 03:26 PM.


#7 VenomFaiz03

VenomFaiz03
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 26 April 2011 - 03:56 PM

Well, after waiting a week or so, I don't mean to seem impatient, but I wound up getting a bit of advice from some other tech-savvy individuals. Got suggestions on how to use System Restore points and handle the situation before it had a chance to redevelop. Worked out pretty well, if I do say so myself. That said, sorry for breaking the rules of "don't do it yourself" and "Don't bump your own thread" but I just had to. Anyway, could an admin please delete this thread for me? I'd appreciate it.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:28 AM

Posted 26 April 2011 - 06:37 PM

Thanks for letting me know :thumbup2:

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users