Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: CPU 100% Problem, Virus issues, and sudden Botnet infections. NEED HELP!!!!

  1. #11
    Junior Member
    Join Date
    Nov 2008
    Posts
    12

    Default

    Here's the other post as requested:


    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-11-30 13:37:53
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.14 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEB030604]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xED907040]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xED903930]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEB0304C0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xED907510]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xED90D870]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xED90DAA0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xED910FD0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xED907600]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xED903F20]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xED90F6E0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEB03099E]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xED90D580]
    SSDT spyo.sys ZwEnumerateKey [0xF72F2CA2]
    SSDT spyo.sys ZwEnumerateValueKey [0xF72F3030]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xED90F8B0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xED903D70]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEB03059A]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xED90D350]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xED90D150]
    SSDT spyo.sys ZwQueryKey [0xF72F3108]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEB0306BA]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xED910250]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xED90FCB0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xED906C00]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEB03067A]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xED907220]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xED904120]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEB0307FA]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xED90DCD0]

    INT 0x62 ? 86F65BF8
    INT 0x63 ? 86FD7BF8
    INT 0x84 ? 86FD6BF8
    INT 0x94 ? 86FD6BF8
    INT 0xA4 ? 86FD6BF8
    INT 0xB4 ? 86FD6BF8

    ---- Kernel code sections - GMER 1.0.14 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 12 Bytes [ 10, 75, 90, ED, 70, D8, 90, ... ]
    ? spyo.sys The system cannot find the file specified. !
    ? srescan.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload F60138AC 5 Bytes JMP 86FD61D8

    ---- User code sections - GMER 1.0.14 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[2176] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.14 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72D6040] spyo.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72D613C] spyo.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72D60BE] spyo.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72D67FC] spyo.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72D66D2] spyo.sys
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [ED90BCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [ED90C1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [ED90C320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [ED90BE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [ED90BE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [ED90BCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [ED90C1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [ED90C320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [ED90BCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [ED90BE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [ED90C320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [ED90C1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [ED90C320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [ED90C1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [ED90BCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [ED90BE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [ED90BCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [ED90C1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [ED90C320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [ED90BCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [ED90BE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [ED90C320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [ED90C1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

    ---- User IAT/EAT - GMER 1.0.14 ----

    IAT C:\WINDOWS\system32\services.exe[1072] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT C:\WINDOWS\system32\services.exe[1072] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs 86FD51F8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\usbehci \Device\USBPDO-0 864C51F8
    Device \Driver\usbuhci \Device\USBPDO-1 865631F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F661F8
    Device \Driver\dmio \Device\DmControl\DmConfig 86F661F8
    Device \Driver\dmio \Device\DmControl\DmPnP 86F661F8
    Device \Driver\dmio \Device\DmControl\DmInfo 86F661F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{5726A844-B0D2-4A53-870A-0224830B2368} 8636F500
    Device \Driver\usbuhci \Device\USBPDO-2 865631F8
    Device \Driver\usbuhci \Device\USBPDO-3 865631F8
    Device \Driver\usbuhci \Device\USBPDO-4 865631F8
    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD81F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD81F8
    Device \Driver\Cdrom \Device\CdRom0 8645B1F8
    Device \Driver\usbstor \Device\00000072 85D701F8
    Device \Driver\Cdrom \Device\CdRom1 8645B1F8
    Device \Driver\usbstor \Device\00000073 85D701F8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 86FD81F8
    Device \Driver\usbstor \Device\00000074 85D701F8
    Device \Driver\usbstor \Device\00000075 85D701F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8636F500
    Device \Driver\NetBT \Device\NetbiosSmb 8636F500
    Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\usbstor \Device\0000006b 85D701F8
    Device \Driver\usbuhci \Device\USBFDO-0 865631F8
    Device \Driver\usbuhci \Device\USBFDO-1 865631F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 864371F8
    Device \Driver\usbuhci \Device\USBFDO-2 865631F8
    Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 864371F8
    Device \Driver\usbuhci \Device\USBFDO-3 865631F8
    Device \Driver\usbehci \Device\USBFDO-4 864C51F8
    Device \Driver\Ftdisk \Device\FtControl 86FD81F8
    Device \FileSystem\Fastfat \Fat 85B33500
    Device \FileSystem\Fastfat \Fat B7A1C297

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    Device \FileSystem\Cdfs \Cdfs 85C021F8

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x78 0x4F 0x8D ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x78 0x4F 0x8D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x78 0x4F 0x8D ...
    Reg HKLM\SOFTWARE\Classes\.gba@ gba_auto_file
    Reg HKLM\SOFTWARE\Classes\.IMG@ IMG_auto_file
    Reg HKLM\SOFTWARE\Classes\.srf\PersistentHandler@ {eec97550-47a9-11cf-b952-00aa0051fe20}
    Reg HKLM\SOFTWARE\Classes\.svg@ SafariHTML
    Reg HKLM\SOFTWARE\Classes\.ThrillvilleSaveGame@ ThrillvilleSaveGameType
    Reg HKLM\SOFTWARE\Classes\.ThrillvilleSaveGame\ShellEx
    Reg HKLM\SOFTWARE\Classes\.ThrillvilleSaveGame\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}
    Reg HKLM\SOFTWARE\Classes\.ThrillvilleSaveGame\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}@ {4E5BFBF8-F59A-4e87-9805-1F9B42CC254A}
    Reg HKLM\SOFTWARE\Classes\ciplImageList.cipllImageList@ ciplImageList.cipllImageList
    Reg HKLM\SOFTWARE\Classes\ciplImageList.cipllImageList\Clsid
    Reg HKLM\SOFTWARE\Classes\ciplImageList.cipllImageList\Clsid@ {2B0E4DA3-A9B4-470F-A419-020192F5648D}
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.ciplListBar@ ciplLbar6.ciplListBar
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.ciplListBar\Clsid
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.ciplListBar\Clsid@ {904AD4B2-FC80-4ADF-9D92-D7FFA7948E08}
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBar@ ciplLbar6.cListBar
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBar\Clsid
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBar\Clsid@ {379ACD52-7B83-4C0A-9FD4-08D6AFA83CB5}
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBarItem@ ciplLbar6.cListBarItem
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBarItem\Clsid
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBarItem\Clsid@ {0FEA2009-3E60-4913-A0D0-1483AF32464C}
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBarItems@ ciplLbar6.cListBarItems
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBarItems\Clsid
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBarItems\Clsid@ {E56836F1-D03C-4540-8F6E-859DFBF7611C}
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBars@ ciplLbar6.cListBars
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBars\Clsid
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBars\Clsid@ {7D776CDE-61FC-4347-9CF7-FB6F1F5658E2}
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.CTimer@ ciplLbar6.CTimer
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.CTimer\Clsid
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.CTimer\Clsid@ {E4CCF4DB-3A24-437F-9354-CC61D4658280}
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.GSubclass@ ciplLbar6.GSubclass
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.GSubclass\Clsid
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.GSubclass\Clsid@ {37E556FB-6ADA-444D-82B3-E4A763B194E4}
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.ISubclass@ ciplLbar6.ISubclass
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.ISubclass\Clsid
    Reg HKLM\SOFTWARE\Classes\ciplLbar6.ISubclass\Clsid@ {BC92CF16-4A2C-49DD-8B82-E4CC68938E9D}
    Reg HKLM\SOFTWARE\Classes\gba_auto_file@
    Reg HKLM\SOFTWARE\Classes\gba_auto_file\shell
    Reg HKLM\SOFTWARE\Classes\gba_auto_file\shell\Read
    Reg HKLM\SOFTWARE\Classes\gba_auto_file\shell\Read\command
    Reg HKLM\SOFTWARE\Classes\gba_auto_file\shell\Read\command@ "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe" "%1"
    Reg HKLM\SOFTWARE\Classes\GOPHER\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\GOPHER\DefaultIcon@ C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE,1
    Reg HKLM\SOFTWARE\Classes\GOPHER\shell
    Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open
    Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\command
    Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\command@ C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE -requestPending -osint -url "%1"
    Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\ddeexec
    Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\ddeexec@
    Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\ddeexec\Application
    Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\ddeexec\Application@ Flock
    Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\ddeexec\Topic
    Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\ddeexec\Topic@ WWW_OpenURL
    Reg HKLM\SOFTWARE\Classes\IMG_auto_file@
    Reg HKLM\SOFTWARE\Classes\IMG_auto_file\shell
    Reg HKLM\SOFTWARE\Classes\IMG_auto_file\shell\Play
    Reg HKLM\SOFTWARE\Classes\IMG_auto_file\shell\Play@ Play with VLC
    Reg HKLM\SOFTWARE\Classes\IMG_auto_file\shell\Play\command
    Reg HKLM\SOFTWARE\Classes\IMG_auto_file\shell\Play\command@ C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file "%1"
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab@ Microsoft Tabbed Dialog Control 6.0 (SP6)
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CLSID
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CLSID@ {BDC217C5-ED16-11CD-956C-0000C04E4C0A}
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CurVer
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CurVer@ TabDlg.SSTab.1
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1@ Microsoft Tabbed Dialog Control 6.0 (SP6)
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1\CLSID
    Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1\CLSID@ {BDC217C5-ED16-11CD-956C-0000C04E4C0A}
    Reg HKLM\SOFTWARE\Classes\ThrillvilleSaveGameType@PreviewTitle prop:System.Game.RichSaveName;System.Game.RichApplicationName
    Reg HKLM\SOFTWARE\Classes\ThrillvilleSaveGameType@PreviewDetails prop:System.Game.RichLevel;System.DateChanged;System.Game.RichComment;System.DisplayName;System.DisplayType
    Reg HKLM\SOFTWARE\Classes\ThrillvilleSaveGameType\Shell
    Reg HKLM\SOFTWARE\Classes\ThrillvilleSaveGameType\Shell\Open
    Reg HKLM\SOFTWARE\Classes\ThrillvilleSaveGameType\Shell\Open\Command
    Reg HKLM\SOFTWARE\Classes\ThrillvilleSaveGameType\Shell\Open\Command@ C:\Documents and Settings\Malik & Jamal\Application Data\LucasArts\Thrillville Off The Rails Demo\Thrillville07Demo.exe --workingdir "C:\Documents and Settings\Malik & Jamal\Application Data\LucasArts\Thrillville Off The Rails Demo" --loadfile "%1"
    Reg HKLM\SOFTWARE\Classes\WebKit.CFDictionaryPropertyBag.3@ CFDictionaryPropertyBag
    Reg HKLM\SOFTWARE\Classes\WebKit.CFDictionaryPropertyBag.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.CFDictionaryPropertyBag.3\CLSID@ {DD653964-4D37-4FB2-9CB6-6A9A97719332}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebCache.3@ WebCache
    Reg HKLM\SOFTWARE\Classes\WebKit.WebCache.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebCache.3\CLSID@ {F71071FD-A51B-4B69-9EB6-44374405E80C}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebDatabaseManager.3@ WebDatabaseManager
    Reg HKLM\SOFTWARE\Classes\WebKit.WebDatabaseManager.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebDatabaseManager.3\CLSID@ {C2A1BFC2-1E7C-49FE-8592-D0C7FB440BC0}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebDownload.3@ WebDownload
    Reg HKLM\SOFTWARE\Classes\WebKit.WebDownload.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebDownload.3\CLSID@ {C0F98BD9-3B1C-413D-904A-E2D1453EAF1F}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebError.3@ WebError
    Reg HKLM\SOFTWARE\Classes\WebKit.WebError.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebError.3\CLSID@ {6C6AF3F9-36B4-4BF7-8BDE-74DCD4AD75A4}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebHistory.3@ WebHistory
    Reg HKLM\SOFTWARE\Classes\WebKit.WebHistory.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebHistory.3\CLSID@ {A4B9B45D-949F-4C8C-9B92-6FBFCC1CAAA2}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebHistoryItem.3@ WebHistoryItem
    Reg HKLM\SOFTWARE\Classes\WebKit.WebHistoryItem.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebHistoryItem.3\CLSID@ {6BE190E9-1725-4E4A-88DB-6A9FE242C9E5}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebIconDatabase.3@ WebIconDatabase
    Reg HKLM\SOFTWARE\Classes\WebKit.WebIconDatabase.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebIconDatabase.3\CLSID@ {66827EC1-3AEF-4241-BAC5-F776B44F030F}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebJavaScriptCollector.3@ WebJavaScriptCollector
    Reg HKLM\SOFTWARE\Classes\WebKit.WebJavaScriptCollector.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebJavaScriptCollector.3\CLSID@ {1820D883-42FE-4B78-88C8-5456BB19D224}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebKitStatistics.3@ WebKitStatistics
    Reg HKLM\SOFTWARE\Classes\WebKit.WebKitStatistics.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebKitStatistics.3\CLSID@ {E93AA8D7-F362-4A4A-A95D-325906BEB5F0}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebMutableURLRequest.3@ WebMutableURLRequest
    Reg HKLM\SOFTWARE\Classes\WebKit.WebMutableURLRequest.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebMutableURLRequest.3\CLSID@ {A062ECC3-BB1B-4694-A569-F59E0AD6BE0C}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebNotificationCenter.3@ WebNotificationCenter
    Reg HKLM\SOFTWARE\Classes\WebKit.WebNotificationCenter.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebNotificationCenter.3\CLSID@ {BA590766-0A6F-46C7-B96E-743490D94CB7}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebPreferences.3@ WebPreferences
    Reg HKLM\SOFTWARE\Classes\WebKit.WebPreferences.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebPreferences.3\CLSID@ {67B89F90-F778-438B-ABBF-34D1ACBF8651}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebScriptDebugServer.3@ WebScriptDebugServer
    Reg HKLM\SOFTWARE\Classes\WebKit.WebScriptDebugServer.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebScriptDebugServer.3\CLSID@ {715636C4-59E7-4B85-BBC5-B555888787D7}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebScrollBar.3@ WebScrollBar
    Reg HKLM\SOFTWARE\Classes\WebKit.WebScrollBar.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebScrollBar.3\CLSID@ {24A53AD5-AA9F-44E6-AA22-2C7C250B661A}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebTextRenderer.3@ WebTextRenderer
    Reg HKLM\SOFTWARE\Classes\WebKit.WebTextRenderer.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebTextRenderer.3\CLSID@ {24040CD6-AFF4-4A51-9C8B-71539580EE76}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebURLCredential.3@ WebURLCredential
    Reg HKLM\SOFTWARE\Classes\WebKit.WebURLCredential.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebURLCredential.3\CLSID@ {7433F53B-7FE9-484A-9432-72909457A646}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebURLProtectionSpace.3@ WebURLProtectionSpace
    Reg HKLM\SOFTWARE\Classes\WebKit.WebURLProtectionSpace.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebURLProtectionSpace.3\CLSID@ {F366A6E8-E43C-4FD4-AAB0-8E6E79C73E6E}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebURLRequest.3@ WebURLRequest
    Reg HKLM\SOFTWARE\Classes\WebKit.WebURLRequest.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebURLRequest.3\CLSID@ {2FB5499A-BB5D-4469-8517-789FEC8FD9BA}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebURLResponse.3@ WebURLResponse
    Reg HKLM\SOFTWARE\Classes\WebKit.WebURLResponse.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebURLResponse.3\CLSID@ {AB201196-8DD2-4D45-AEBD-029B6A37AA27}
    Reg HKLM\SOFTWARE\Classes\WebKit.WebView.3@ WebView
    Reg HKLM\SOFTWARE\Classes\WebKit.WebView.3\CLSID
    Reg HKLM\SOFTWARE\Classes\WebKit.WebView.3\CLSID@ {D6BCA079-F61C-4E1E-B453-32A0477D02E3}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAAE602F-C19A-BF58-FB4A-B7FB6AF25C49}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAAE602F-C19A-BF58-FB4A-B7FB6AF25C49}@haofbfcbfofpeika 0x6B 0x61 0x64 0x64 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAAE602F-C19A-BF58-FB4A-B7FB6AF25C49}@haabdeocncfckdbe 0x6E 0x62 0x62 0x68 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAAE602F-C19A-BF58-FB4A-B7FB6AF25C49}@haabdeociekahmij 0x6D 0x61 0x65 0x64 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAAE602F-C19A-BF58-FB4A-B7FB6AF25C49}@iaegfdlcfdpbkjgcin 0x6B 0x61 0x64 0x64 ...

    ---- EOF - GMER 1.0.14 ----

  2. #12
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Does the alarm appear at some certain situation (while being on some specific web site for example)?

    Uninstall your Adobe Flash Player thru add/remove programs. Then install the latest one found here. Any help with the problem?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #13
    Junior Member
    Join Date
    Nov 2008
    Posts
    12

    Default

    I can't pinpoint the exact times that it occurs, but it occurs anytime randomly when accessing the internet, like when opening up a web browser like Firefox or Flock, or using any programs that require internet. It randomly occurs an ill try to pinpoint when it does. Ive completed the installation of the most recent Flash plugin for Adobe

  4. #14
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Since TrendMicro Rubotted is still on beta stage its alarms may not be 100% correct. Your logs all look ok so I think it's highly possible that you've been given one of these false alarms. I recommend uninstall it for now and consider installing again when the program reaches final version status.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #15
    Junior Member
    Join Date
    Nov 2008
    Posts
    12

    Default

    Alright, thanks for your assitance. Before this post is closed thought, i have one last question. Frefox, Flock, and IE all run at extremely high(almost 100% CPU), when im in use of these programs, and that is the one other problem that causes this computer to slow down, and the CPU issue happens all the time everytime when i use the programs, and im not sure what the issue with that is.

  6. #16
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Do you have any toolbar or other addon installed that appears on every of those browsers you listed?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #17
    Junior Member
    Join Date
    Nov 2008
    Posts
    12

    Default

    Um, im not sure exactly what you mean, but ill list what toolbars/addons i have for each browser:
    FLOCK
    -Navigation and Flock Toolbar
    -No extensions or themes
    MOZILLA FIREFOX
    -Navigation and Bookmarks Toolbars
    -ZoneAlarm Spy Blocker
    -AOL Toolbar
    -Yahoo Toolbar
    FIREFOX ADDONS
    -AOL Toolbar
    -JAVa Quick Starter
    -Veoh Browser Plugin
    -Yahoo Toolbar
    Internet Explorer Toolbars
    -AIM Toolbar
    -Windows Live Toolbar
    -MSN Toolbar
    -Yahoo! (with a bunch of wierd symbols after it)
    -Normal Bars

    Im unsure what the error is, since everything looks normal, but for some reason it picks and chooses when it wants to run 100% CPU, an it becomes irritating as it slows everything down. Should i simply try uninstalling an reinstalling the browsers

  8. #18
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Yes, please try reinstallation of the browsers. I can't see what could be wrong there.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #19
    Junior Member
    Join Date
    Nov 2008
    Posts
    12

    Default

    Alright ill do that and see if tha fixes anything. If it dosen't, ill figure some other troubleshooting steps out, cause im unsure why CPU been off so much lately. Thanks again for your help
    Last edited by tashi; 2008-12-09 at 17:48. Reason: Date of archive

  10. #20
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    If reinstallation doesn't help you may ask at http://forums.pcpitstop.com if someone there has a key to the problem
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •