Jump to content

FrankenBox

Advanced Member
  • Content Count

    1,493
  • Joined

  • Last visited

About FrankenBox

  • Rank
    Advanced Member
  • Birthday 11/12/1977

Contact Methods

  • AIM
    Crazy Forrest
  • MSN
    fdpugh@hotmail.com
  • Website URL
    http://
  • ICQ
    337191118
  • Yahoo
    forrest_pugh

Profile Information

  • Gender
    Male
  • Location
    Right where I am

Previous Fields

  • System Specifications:
    Big. Square. White with various stains on the face plate.
  • Teams:
    SETI@Home Team
  1. "peewee_91762@yahoo.com...I made it that because Peewee was my nickname in the Air force."
  2. Thanks.... looks tricky... not too many places seem to have solid info on it yet.
  3. Results from Virustotal: File UD6DD1.EXE received on 08.04.2008 10:40:49 (CET) Current status: finished Result: 1/36 (2.78%) Compact Print results Antivirus Version Last Update Result AhnLab-V3 2008.7.29.1 2008.08.04 - AntiVir 7.8.1.15 2008.08.04 - Authentium 5.1.0.4 2008.08.03 - Avast 4.8.1195.0 2008.08.03 - AVG 8.0.0.156 2008.08.03 - BitDefender 7.2 2008.08.04 - CAT-QuickHeal 9.50 2008.08.02 - ClamAV 0.93.1 2008.08.04 - DrWeb 4.44.0.09170 2008.08.04 - eSafe 7.0.17.0 2008.08.03 - eTrust-Vet 31.6.6002 2008.08.02 - Ewido 4.0 2008.08.03 - F-Prot 4.4.4.56 2008.08.03 - F-Secure 7.60.13501.0 2008.08.04 Suspicious:W32/Dzan!Gemini Fortinet 3.14.0.0 2008.08.04 - GData 2.0.7306.1023 2008.08.04 - Ikarus T3.1.1.34.0 2008.08.04 - K7AntiVirus 7.10.402 2008.08.02 - Kaspersky 7.0.0.125 2008.08.04 - McAfee 5352 2008.08.01 - Microsoft 1.3807 2008.08.04 - NOD32v2 3323 2008.08.04 - Norman 5.80.02 2008.08.01 - Panda 9.0.0.4 2008.08.03 - PCTools 4.4.2.0 2008.08.03 - Prevx1 V2 2008.08.04 - Rising 20.56.01.00 2008.08.04 - Sophos 4.31.0 2008.08.04 - Sunbelt 3.1.1537.1 2008.08.01 - Symantec 10 2008.08.04 - TheHacker 6.2.96.393 2008.08.04 - TrendMicro 8.700.0.1004 2008.08.04 - VBA32 3.12.8.2 2008.08.04 - ViRobot 2008.8.1.1321 2008.08.01 - VirusBuster 4.5.11.0 2008.08.03 - Webwasher-Gateway 6.6.2 2008.08.04 - Additional information File size: 296224 bytes MD5...: b8bee3b4802f23fcc809082dfb5a663b SHA1..: aaf3bec0920d83e09b24988d9d4baeebaa7c92e5 SHA256: b4a6cc1c2881f12ac55ea18dcb4d469c2bd39205db6103ff2450ac5b8ba4ba65 SHA512: 6b3a963734a87b8197dca6b106b9b2bfaa47a152cd26d3f0dbcc94cad96ad5e8 2cfbec390242e6adfd0023c62efbc110fec8a177420356efe5adf8051d8b0acc PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x41db09 timedatestamp.....: 0x48243050 (Fri May 09 11:06:56 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x350bb 0x36000 6.61 d7f9a3888ef873e8a66a5ef75280ec7a .rdata 0x37000 0xb763 0xc000 5.01 781cee8b4262394da3ccceb73a8c24fe .data 0x43000 0xb760 0x3000 3.16 2b669b77dbae0570d425d6dfcbaf70da .rsrc 0x4f000 0xaf8 0x1000 4.42 853b1f5de5376361b0ca12f4a6354f1e ( 7 imports ) > WS2_32.dll: -, -, - > ADVAPI32.dll: SetSecurityDescriptorDacl, InitializeSecurityDescriptor, StartServiceA, QueryServiceStatus, CloseServiceHandle, OpenServiceA, OpenSCManagerA, RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegDeleteValueA, RegCreateKeyExA, QueryServiceConfigA, RegNotifyChangeKeyValue > KERNEL32.dll: GlobalAlloc, GlobalFree, lstrcmpA, TlsGetValue, GlobalReAlloc, GlobalHandle, TlsAlloc, TlsSetValue, LocalReAlloc, TlsFree, InterlockedDecrement, InterlockedIncrement, GlobalGetAtomNameA, GetThreadLocale, ResumeThread, GlobalFlags, lstrcmpW, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GetLocaleInfoA, GetCPInfo, GetOEMCP, SetFilePointer, FlushFileBuffers, GlobalLock, CreateFileA, GetFileAttributesA, RaiseException, RtlUnwind, ExitThread, CreateThread, GetSystemTimeAsFileTime, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, HeapFree, HeapReAlloc, GetCommandLineA, GetProcessHeap, GetStartupInfoA, HeapSize, ExitProcess, GetACP, IsValidCodePage, LCMapStringA, LCMapStringW, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, GetConsoleCP, GetConsoleMode, GetLocaleInfoW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GlobalUnlock, FormatMessageA, SetLastError, GetCurrentProcess, LoadLibraryW, CreateFileW, WaitNamedPipeW, SetNamedPipeHandleState, WriteFile, SetWaitableTimer, GetOverlappedResult, ReadFile, GetCurrentThreadId, CreateEventW, CreateNamedPipeW, DisconnectNamedPipe, ConnectNamedPipe, lstrlenA, CompareStringA, MultiByteToWideChar, InterlockedExchange, WaitForMultipleObjects, LocalAlloc, LocalFree, CreateProcessA, GetModuleFileNameA, GetTickCount, CopyFileA, TerminateProcess, MoveFileExA, GetVersion, VirtualAlloc, DeleteFileA, Sleep, ResetEvent, SetEvent, TerminateThread, DeleteCriticalSection, CreateEventA, InitializeCriticalSection, GetCurrentDirectoryA, GetComputerNameA, GetTempPathA, GetTempFileNameA, GetSystemDirectoryA, FindFirstFileA, FindNextFileA, FindClose, lstrcmpiA, OpenFile, WideCharToMultiByte, GetVersionExA, GetLastError, EnterCriticalSection, _lclose, LeaveCriticalSection, GetPrivateProfileIntA, FindResourceA, FreeLibrary, LoadResource, LockResource, SizeofResource, CreateMutexA, GetModuleHandleA, WaitForSingleObject, GetExitCodeThread, lstrcpyA, GetCurrentProcessId, OpenProcess, CloseHandle, ReadProcessMemory, WriteProcessMemory, GetProcAddress, LoadLibraryA, InterlockedCompareExchange > USER32.dll: DestroyMenu, PostQuitMessage, RegisterWindowMessageA, LoadIconA, WinHelpA, GetCapture, GetClassLongA, SetPropA, GetPropA, RemovePropA, GetForegroundWindow, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, GetClientRect, GetMenu, PostMessageA, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, CopyRect, DefWindowProcA, CallWindowProcA, SystemParametersInfoA, IsIconic, GetWindowPlacement, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, ModifyMenuA, EnableMenuItem, CheckMenuItem, SetWindowPos, SetWindowLongA, IsWindow, GetDlgItem, GetFocus, ClientToScreen, GetWindow, GetDlgCtrlID, GetWindowRect, GetClassNameA, PtInRect, SetWindowTextA, UnregisterClassA, SetWindowsHookExA, CallNextHookEx, GrayStringA, DrawTextExA, DispatchMessageA, PeekMessageA, ValidateRect, GetWindowTextA, LoadCursorA, GetSystemMetrics, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, UnhookWindowsHookEx, GetWindowThreadProcessId, SendMessageA, GetParent, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, MessageBoxA, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, wsprintfA, DrawTextA, TabbedTextOutA, GetKeyState > GDI32.dll: TextOutA, ExtTextOutA, Escape, SelectObject, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, RectVisible, DeleteDC, GetStockObject, PtVisible, DeleteObject, GetDeviceCaps, SetMapMode, RestoreDC, SaveDC, SetBkColor, SetTextColor, GetClipBox, CreateBitmap > WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter > OLEAUT32.dll: -, -, - ( 61 exports ) __0TmProcessGuard@@QAE@KHH@Z, __0TmProcessGuard@@QAE@PBD0HH@Z, __0TmProcessGuard@@QAE@XZ, __0TmServiceGuard@@QAE@PBD00HH@Z, __0TmServiceGuard@@QAE@PBDKHH@Z, __0TmServiceGuard@@QAE@XZ, __1TmProcessGuard@@UAE@XZ, __1TmServiceGuard@@UAE@XZ, __4TmProcessGuard@@QAEXAAV0@@Z, __4TmServiceGuard@@QAEXAAV0@@Z, ___7TmProcessGuard@@6B@, ___7TmServiceGuard@@6B@, _BackupService@TmServiceGuard@@IAEXXZ, _CheckProcess@TmProcessGuard@@QAE_NAAVCStringArray@@H@Z, _GetGuardInfo@TmProcessGuard@@QBEXAAKAAV_$CStringT@DV_$StrTraitMFC@DV_$ChTraitsCRT@D@ATL@@@@@ATL@@1AAH2@Z, _GetService@TmServiceGuard@@QAE_AV_$CStringT@DV_$StrTraitMFC@DV_$ChTraitsCRT@D@ATL@@@@@ATL@@XZ, _IsIPChanged@@YA_NPBDPADH@Z, _IsMonitor@TmProcessGuard@@IBE_NXZ, _IsNTPlatform@@YA_NXZ, _IsProcessAlive@TmProcessGuard@@MAE_NXZ, _IsProcessAlive@TmServiceGuard@@MAE_NXZ, _IsRetryNow@TmProcessGuard@@IBE_NXZ, _IsTheSame@TmProcessGuard@@QBE_NABV_$CStringT@DV_$StrTraitMFC@DV_$ChTraitsCRT@D@ATL@@@@@ATL@@0@Z, _IsTheSame@TmProcessGuard@@QBE_NK@Z, _IsTheSame@TmProcessGuard@@QBE_NPBV1@@Z, _IsValidProcess@TmProcessGuard@@QBE_NXZ, _QueryAllLog@TmProcessGuard@@QBEXAAVCStringArray@@@Z, _RegWatchDog_Ofc@@YA_NXZ, _RegWatchDog_Ofc_95@@YA_NXZ, _RegWatchDog_Ofc_NTRT@@YA_NXZ, _RegWatchDog_Ofc_PCCNTMON@@YA_NXZ, _RegWatchDog_Ofc_TMLISTEN@@YA_NXZ, _RegWatchDog_Ofc_TMPROXY@@YA_NXZ, _ResetMonitor@TmProcessGuard@@IAEXXZ, _ResetRetryCount@TmProcessGuard@@QAEXXZ, _ResetRetryTick@TmProcessGuard@@QAEXXZ, _ResetRetryVar@TmProcessGuard@@QAEXXZ, _RetryWakeupProcess@TmProcessGuard@@MAE_NXZ, _RetryWakeupProcess@TmServiceGuard@@MAE_NXZ, _SetMonitor@TmProcessGuard@@IAEXXZ, _SetProcessID@TmProcessGuard@@QAEXK@Z, _SetRetryCountLimit@TmProcessGuard@@QAEXH@Z, _SetRetryTickLimit@TmProcessGuard@@QAEXH@Z, _StepMonitor@TmProcessGuard@@IAEXXZ, _StepRetry@TmProcessGuard@@IAEXXZ, _UnRegWatchDog_Ofc@@YA_NXZ, _UnRegWatchDog_Ofc_95@@YA_NXZ, _UnRegWatchDog_Ofc_NTRT@@YA_NXZ, _UnRegWatchDog_Ofc_PCCNTMON@@YA_NXZ, _UnRegWatchDog_Ofc_TMLISTEN@@YA_NXZ, _UnRegWatchDog_Ofc_TMPROXY@@YA_NXZ, C_IsIPChanged, C_OfcDogLockFiles, C_RegWatchDog_Ofc, C_RegWatchDog_Ofc_PCCNTMON, C_RegWatchDog_Ofc_TMLISTEN, C_RegWatchDog_Ofc_TMPROXY, C_UnRegWatchDog_Ofc, C_UnRegWatchDog_Ofc_PCCNTMON, C_UnRegWatchDog_Ofc_TMLISTEN, C_UnRegWatchDog_Ofc_TMPROXY ThreatExpert info: http://www.threatexpert.com/report.aspx?md...809082dfb5a663b The other service reports nothing.
  4. Might not be as simple as that... I lost ME7244.exe when I switched back to normal startup to see if it would start because the file search couldn't locate it. I did not find it starting up again, but got a nother bogus looking one... LNAFE2.exe Similarly there does not seem to be a listing for it. Right now it is sitting open on my taskmanager but the file search is not able to locate it. Unless it is a network file (in which case H*($S*#* we have big problems here), I think it might be an alias name for another process. I keep seeing symantec find the same trojan threats over and over again even though I have removed them from the current and system registries.... there is a file here somewhere that I am not finding. Edit: Collapsing Following post... FOUND IT! It's getting created in a temp file whenever I restart.... I will upload LNAFE2.exe and scan per processes above now...
  5. I'm helping to clean up a work machine that is very very sick while our IT guy is away. Found a number of trojans so far, a few nasty malware pranks, and some rogue .exe files that I can't seem to place. Mostly clean now, but I have two processes running that are suspicious. msiexec.exe is automatically loading when windows boots, although there are no residual installation processes due to complete. ME7244.exe is running and I am not sure what that is... further, there is no google info on it. I am considering it a very likely candidate to be a trouble maker. Does anyone know what this process is?
  6. could be that your system preferences are set so that all new dialogs and processes are forced to open into a new window. I have seen it floating around somewhere before, but cant remember exactly where. It's a system setting - check your control panel. Or perhaps someone knows exactly where this option is.
  7. The PSU might read as good, but might not have the necessary capacity to run all the hardware, especially with newer graphics cards.
  8. Have you disabled the onboard video controller in your BIOS? If not, you will effectively running a dual monitor machine, and the onboard controller will try to be the primary - you won't see anything unless you plug into the onboard jack. If not that, try what dickster says - it's most likely just a power issue.
  9. My recommendation for a fix would be to address the warning logic about system restore size. I think the average size of drives may be higher than stated, however if this is not the case, try benchmarking against a relative percentage of drive space. I have my system restore set almost to minimum (1%) and due to my drive size this is still almost 6000 MB- Would I like to have this space back? Sure, but unless I take the time to look up the setting in my registry my choice is 200MB (two or three points), or 6000MB. I can't say I love the new layout, but after playing a little bit, it does provide more information than before. It's a good start but could definitely benefit from continued tuning. edit: system resort/system restore, with Windows it's about the same thing.
  10. AH! Graphics card issue most likely. reference here. It seems the problem is that a WinXP SP1 install will not support PCI-E graphics cards. (I was wondering why I had similar problems with mine when I set it up - finally took it too a shop to configure the raid and install for me). Since this is a laptop (?) you may have the option in Bios to select a basic (onboard) graphics option and go through the install, upgrade and then reintegrate your upgraded graphics contoller. Incidentally - SP1 will not support USB2 either, which may or may not be an issue for you.
  11. Well then we are more likely getting down to a faulty or locked disc...
  12. Depends on how bad you need what is in the upgrade. I had no problems installing it, but since I run a machine that depends on a lot of legacy apps from older windows OS' and some old DOS code I ran into problems with the new service pack rendering those useless. You may find certain changes to settings and the way things are layed out that you may not like. It's more a question of do you really want it rather than do you really need it.
  13. If the disk is clean and scratch free, the next thing I'm wondering about the possibility of a memory problem. Sounds like there is not enough functional memory for XP to load. Even with a scratched disk, I have never had problems with BSOD right from the start. If the memory is not bad you can try the following: Boot down, disconnect all power cords or batteries, depress the power button for a few seconds to drain any residual charge from the board. What I am suspecting is the possibility of a hung thread. Your memory is not clearing it during a normal power up cycle, and so there is not enough room for windows to load. Once the memory is cleared you should definitely be able to load XP. If you have enough memory to run Vista, then XP will easily fit.
×
×
  • Create New...