Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Running Slow And Freeze


  • This topic is locked This topic is locked
23 replies to this topic

#1 Rapul

Rapul

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 08 August 2007 - 04:47 AM

My comp freeze when use Nero and Mozilla simultaneous. I have already re-install Windows XP.
Other simptoms: can not use drag&drop for a time, can't use right click and a lot of such inconvenient little events:
Attached File  IEXPLORER.JPG   12.45KB   12 downloads
I scanned online with BitDefender and find no viruses. But Nod 32 is saying something else:
Attached File  NOD32.JPG   57.75KB   19 downloads
Here is my HijackThis log:
Attached File  hijackthis.log   6.45KB   38 downloads

BC AdBot (Login to Remove)

 


#2 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 17 August 2007 - 08:37 AM

Hello Rapul, sorry for the delay. I'm just looking over your log and will get back to you soon.

#3 Rapul

Rapul
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 18 August 2007 - 02:29 AM

Hello Rapul, sorry for the delay. I'm just looking over your log and will get back to you soon.

Thank you very much, meanwile comp keeps freezing. The last problem is i can not use yahoo messenger because of zone alarm or reciprocal. I had to restart in safe mode and uninstall mess, otherwise my comp refused to start.

#4 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 18 August 2007 - 11:24 AM

Hello Rapul, my name is Rorschach and I'll be helping you with your problems.

Thank you for the screenshots, they were very helpful. However please don't attach the HijackThis log as it makes it harder to read.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

So in your next reply I need to see the following : the two DSS texts in full, the GMER results, the Kaspersky Webscanner report, and tell me if you had any problems.

#5 Rapul

Rapul
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 18 August 2007 - 11:37 PM

After using ATF and DSS, the appearance of the screen has changed. Now I can not attach a screenshot.
DSS did not generate two different logs, but a single one.
Before scanning the comp, GMER gave me a warn: "GMER has found system modification which might have been caused by ROOTKIT activity. Do you want to fully scan your system?"
Comp is still running slow. When I try to open my browser. I can see a lantern which is searching. There is a folder which refuses to open like the others, it is waiting 4 or 5 seconds more to open.
Here are the logs.

DSS log
Deckard's System Scanner v20070809.63
Run by Raul on 2007-08-18 at 22:18:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 256 MiB (512 MiB recommended).
System Drive C: has 0.99 GiB (less than 15%) free.


-- HijackThis (run as Raul.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:14, on 18.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Raul\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Raul.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6511 bytes

-- Files created between 2007-07-18 and 2007-08-18 -----------------------------

2007-08-18 15:50:43 0 dr-h----- C:\Documents and Settings\Raul\Recent
2007-08-17 22:19:27 0 d-------- C:\Documents and Settings\Raul\Application Data\foobar2000
2007-08-17 09:56:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-16 15:40:42 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-08-16 15:40:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-16 15:40:30 0 d-------- C:\Documents and Settings\Raul\Application Data\SUPERAntiSpyware.com
2007-08-16 15:39:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-16 09:03:37 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-15 12:30:23 0 d-------- C:\Program Files\Java
2007-08-15 12:30:20 0 d-------- C:\Program Files\Common Files\Java
2007-08-12 23:25:48 0 d-------- C:\Documents and Settings\Raul\Application Data\Media Player Classic
2007-08-12 12:24:48 163840 --a------ C:\WINDOWS\system32\unrar.dll
2007-08-12 12:24:38 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-08-12 12:24:37 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-12 12:24:37 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-12 12:24:36 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-12 12:24:36 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-08-12 12:24:31 740442 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-08-12 12:24:29 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-12 12:24:26 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-08-12 12:18:26 0 d-------- C:\Documents and Settings\Raul\Application Data\Help
2007-08-12 12:13:17 0 d-------- C:\Program Files\IZArc
2007-08-12 11:29:47 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-08-12 08:37:00 0 d-------- C:\HJT
2007-08-10 07:08:58 0 d-------- C:\Documents and Settings\Raul\Application Data\.BitTornado
2007-08-09 00:13:47 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-08-09 00:13:29 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-08-09 00:12:41 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-08-09 00:12:41 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-08-09 00:12:13 1669152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-09 00:10:43 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-08-09 00:09:35 0 d-------- C:\WINDOWS\Internet Logs
2007-08-05 21:37:17 0 d-------- C:\WINDOWS\pss
2007-08-05 18:26:57 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-08-05 18:26:41 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-08-05 18:26:23 0 d--h----- C:\Program Files\CanonBJ
2007-08-05 15:23:37 0 d-------- C:\Program Files\Drawing for Children
2007-08-05 15:16:03 733696 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
2007-08-05 12:55:50 0 d-------- C:\Documents and Settings\Raul\Application Data\Macromedia
2007-08-05 11:10:28 0 d-------- C:\Documents and Settings\Raul\Application Data\AdobeUM
2007-08-05 10:55:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-08-05 10:49:27 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-08-05 10:49:17 0 d-------- C:\Documents and Settings\Raul\Application Data\Adobe
2007-08-05 10:46:01 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-05 10:45:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-08-04 19:24:48 0 d-------- C:\WINDOWS\Sun
2007-08-04 19:24:48 0 d-------- C:\Documents and Settings\Raul\Application Data\Sun
2007-08-04 14:46:04 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-04 14:45:58 0 d-------- C:\Documents and Settings\Raul\Application Data\Mozilla
2007-08-04 08:56:01 0 d-------- C:\Documents and Settings\Raul\Application Data\vlc
2007-08-04 08:54:56 0 d-------- C:\Program Files\VideoLAN
2007-08-04 01:04:03 0 d-------- C:\Program Files\Yahoo!
2007-08-04 01:03:39 0 d-------- C:\Program Files\CCleaner
2007-08-04 00:32:16 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-04 00:31:47 0 d---s---- C:\Documents and Settings\Raul\UserData
2007-08-03 21:30:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-03 12:26:10 545 --a------ C:\WINDOWS\UC.PIF
2007-08-03 12:26:10 545 --a------ C:\WINDOWS\RAR.PIF
2007-08-03 12:26:10 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-08-03 12:26:10 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-08-03 12:26:10 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-08-03 12:26:10 545 --a------ C:\WINDOWS\LHA.PIF
2007-08-03 12:26:10 545 --a------ C:\WINDOWS\ARJ.PIF
2007-08-03 12:26:10 0 d-------- C:\totalcmd
2007-08-03 11:41:36 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2007-08-03 11:40:55 0 d-------- C:\Documents and Settings\Raul\Application Data\GRETECH
2007-08-03 11:39:49 0 d-------- C:\Program Files\GomPlayer
2007-08-03 11:18:42 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-08-03 11:18:13 0 d-------- C:\Program Files\VIA
2007-08-03 11:12:23 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-08-03 11:11:04 0 d-------- C:\Program Files\Realtek AC97
2007-08-03 11:10:53 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2007-08-03 11:10:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 11:10:26 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-03 11:00:19 0 d-------- C:\Program Files\foobar2000
2007-08-03 10:52:30 0 d-------- C:\Documents and Settings\Raul\Application Data\Ahead
2007-08-03 10:44:51 0 d-------- C:\Program Files\Nero
2007-08-03 10:44:51 0 d-------- C:\Program Files\Common Files\Ahead
2007-08-03 10:44:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-08-03 10:43:05 0 d-------- C:\WINDOWS\RegisteredPackages
2007-08-03 10:21:15 0 d-------- C:\WINDOWS\system32\appmgmt
2007-08-03 10:15:10 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-08-03 08:54:03 0 d-------- C:\Program Files\eMule
2007-08-03 08:27:46 0 d-------- C:\Program Files\Microsoft.NET
2007-08-03 08:27:34 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-08-03 08:26:29 0 d-------- C:\WINDOWS\SHELLNEW
2007-08-03 08:22:23 0 dr-h----- C:\MSOCache
2007-08-03 03:36:04 0 d--hs---- C:\WINDOWS\Installer
2007-08-03 03:36:03 0 d-------- C:\Program Files\Common Files\ODBC
2007-08-03 03:35:59 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-08-03 03:35:58 0 dr------- C:\Program Files
2007-08-03 03:35:58 0 d-------- C:\Program Files\Common Files
2007-08-03 03:35:26 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-08-03 03:35:26 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-08-03 03:35:26 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-08-03 03:35:26 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-08-03 03:35:26 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-08-03 03:35:26 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-08-03 03:35:26 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-08-03 03:35:26 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-08-03 03:35:26 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-08-03 03:35:26 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-08-03 03:35:26 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-08-03 03:35:26 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-08-03 03:35:26 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-08-03 03:35:26 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-08-03 03:35:26 0 dr------- C:\Documents and Settings\All Users\Documents
2007-08-03 03:35:26 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-08-03 03:35:10 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-08-03 03:35:10 0 d-------- C:\WINDOWS\system32\CatRoot
2007-08-03 03:35:05 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-08-03 03:35:05 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-08-03 03:35:04 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-08-03 03:35:04 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-08-03 03:34:40 0 d--hs---- C:\System Volume Information
2007-08-03 03:34:40 0 d-------- C:\Documents and Settings
2007-08-03 03:28:11 0 d-------- C:\WINDOWS
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\WinSxS
2007-08-03 03:28:11 0 dr------- C:\WINDOWS\Web
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\twain_32
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\wins
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\wbem
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\usmt
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\spool
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\ShellExt
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\Setup
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\ras
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\oobe
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\npp
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\mui
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\inetsrv
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\IME
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\icsxml
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\ias
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\export
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\drivers
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-08-03 03:28:11 0 d--h---c- C:\WINDOWS\system32\dllcache
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\dhcp
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\config
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\3076
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\2052
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\1054
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\1042
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\1041
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\1037
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\1033
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\1031
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\1028
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system32\1025
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\system
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\security
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\Resources
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\repair
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\Provisioning
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\PeerNet
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\pchealth
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\mui
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\msapps
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\msagent
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\Media
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\java
2007-08-03 03:28:11 0 d--h----- C:\WINDOWS\inf
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\ime
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\Help
2007-08-03 03:28:11 0 dr--s---- C:\WINDOWS\Fonts
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\ehome
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\Driver Cache
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\Debug
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\Cursors
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\Connection Wizard
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\Config
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\AppPatch
2007-08-03 03:28:11 0 d-------- C:\WINDOWS\addins
2007-08-03 01:53:23 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-08-03 01:19:52 0 d-------- C:\temp
2007-08-03 01:09:34 0 d-------- C:\Documents and Settings\Raul\Application Data\Azureus
2007-08-03 01:05:50 0 d-------- C:\Program Files\Azureus
2007-08-03 00:58:29 0 d-------- C:\Documents and Settings\Raul\Application Data\Identities
2007-08-03 00:58:20 0 d--h----- C:\Documents and Settings\Raul\Templates
2007-08-03 00:58:20 0 dr------- C:\Documents and Settings\Raul\Start Menu
2007-08-03 00:58:20 0 dr-h----- C:\Documents and Settings\Raul\SendTo
2007-08-03 00:58:20 0 d--h----- C:\Documents and Settings\Raul\PrintHood
2007-08-03 00:58:20 1835008 --ah----- C:\Documents and Settings\Raul\NTUSER.DAT
2007-08-03 00:58:20 0 d--h----- C:\Documents and Settings\Raul\NetHood
2007-08-03 00:58:20 0 dr------- C:\Documents and Settings\Raul\My Documents
2007-08-03 00:58:20 0 d--h----- C:\Documents and Settings\Raul\Local Settings
2007-08-03 00:58:20 0 dr------- C:\Documents and Settings\Raul\Favorites
2007-08-03 00:58:20 0 d-------- C:\Documents and Settings\Raul\Desktop
2007-08-03 00:58:20 0 d---s---- C:\Documents and Settings\Raul\Cookies
2007-08-03 00:58:20 0 dr-h----- C:\Documents and Settings\Raul\Application Data
2007-08-03 00:56:28 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-08-03 00:56:19 0 d-------- C:\WINDOWS\Prefetch
2007-08-03 00:56:18 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-08-03 00:56:17 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-08-03 00:56:17 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-08-03 00:56:17 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-08-03 00:56:17 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-08-03 00:56:17 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-08-03 00:56:09 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-08-03 00:56:09 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-08-03 00:56:09 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-08-03 00:56:09 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-08-03 00:56:08 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-08-03 00:51:54 0 d-------- C:\WINDOWS\system32\xircom
2007-08-03 00:51:54 0 d-------- C:\Program Files\microsoft frontpage
2007-08-03 00:51:38 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-08-03 00:51:30 0 -rahs---- C:\MSDOS.SYS
2007-08-03 00:51:30 0 -rahs---- C:\IO.SYS
2007-08-03 00:51:30 0 --a------ C:\CONFIG.SYS
2007-08-03 00:51:30 0 --a------ C:\AUTOEXEC.BAT
2007-08-03 00:49:58 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-08-03 00:49:45 0 dr------- C:\WINDOWS\Offline Web Pages
2007-08-03 00:49:45 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-08-03 00:49:32 0 d--h----- C:\Program Files\WindowsUpdate
2007-08-03 00:49:00 0 d-------- C:\WINDOWS\system32\DirectX
2007-08-03 00:48:12 0 d---s---- C:\WINDOWS\Tasks
2007-08-03 00:48:11 0 d-------- C:\Program Files\Common Files\MSSoap
2007-08-03 00:48:06 0 d-------- C:\WINDOWS\srchasst
2007-08-03 00:48:05 0 d-------- C:\WINDOWS\system32\Macromed
2007-08-03 00:47:53 0 d-------- C:\Program Files\Movie Maker
2007-08-03 00:47:41 0 d-------- C:\WINDOWS\system32\Restore
2007-08-03 00:46:50 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-08-03 00:46:30 0 d-------- C:\WINDOWS\Registration
2007-08-03 00:46:21 0 d-------- C:\Program Files\Online Services
2007-08-03 00:46:12 0 d-------- C:\Program Files\Messenger
2007-08-03 00:46:06 0 d-------- C:\Program Files\MSN Gaming Zone
2007-08-03 00:45:08 0 d-------- C:\Program Files\Windows NT
2007-08-03 00:45:04 0 d-------- C:\WINDOWS\system32\MsDtc
2007-08-03 00:45:02 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-08-03 03:35:26 62 --ahs---- C:\Documents and Settings\Raul\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [03.08.2007 10:13]
"SoundMan"="SOUNDMAN.EXE" [16.04.2007 15:28 C:\WINDOWS\soundman.exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [14.12.2004 02:12]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [21.06.2007 21:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 10:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27.06.2007 19:03]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21.06.2007 14:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [05.08.2007 10:48:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"SwPrv"=3 (0x3)
"CryptSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7844B5A1-88C6-C0D9-0309-F9B8B284CC3E}]
C:\WINDOWS\system32\dllcache\NTGuard.exe s



-- End of Deckard's System Scanner: finished at 2007-08-18 at 22:19:44 ---------

GMER log
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-18 22:50:45
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.13 ----

? srescan.sys The system cannot find the file specified.

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\system32\DRIVERS\amdk7.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\imapi.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\redbook.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\ks.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\drivers\portcls.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\serial.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\serenum.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\parport.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\mouclass.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\gameenum.sys[NTOSKRNL.EXE!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\audstub.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\ndistapi.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] 81AA9D70
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] 81AA9960
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 81AA9F40
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 81AA9770
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B6EA19D0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B6EA1EF0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B6EA2050] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EA1B40] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EA1B40] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B6EA19D0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B6EA1EF0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B6EA2050] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\msgpc.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\rdpdr.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\termdd.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\swenum.sys[NTOSKRNL.EXE!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\mssmbios.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B6EA19D0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B6EA2050] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B6EA1EF0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B6EA1B40] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\usbhub.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\flpydisk.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\System32\Drivers\Null.SYS[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\System32\Drivers\Npfs.SYS[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\rasacd.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B6EA2050] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B6EA19D0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B6EA1EF0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 81A74660
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 81A74660
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EA1B40] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B6EA19D0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B6EA1EF0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B6EA2050] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B6EA2050] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B6EA1EF0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EA1B40] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B6EA19D0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\drivers\ws2ifsl.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [B6EAF360] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\System32\Drivers\Fastfat.SYS[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [B6E9A5C0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B6E9A510] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B6E9A6C0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [B6E9A220] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0
IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] 81A745E0

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F9965F70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F9965F70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F9966160] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F9965F70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B6341FE2] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B6341BEC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B63423D4] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B634267A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B634267A] amon.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B6EAEC50] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F98590F0] kl1.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B6EAEC50] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F98590F0] kl1.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B6EAEC50] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F98590F0] kl1.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B6EAEC50] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F98590F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F98590F0] kl1.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B6EAEC50] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B6EAEC50] vsdatant.sys

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F9965F70] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F9965F70] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F9966160] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F9965F70] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F9959F08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [B6341FE2] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [B6341BEC] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [B63423D4] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [B634267A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [B634267A] amon.sys

---- Threads - GMER 1.0.13 ----

Thread 4:120 81AAF8E0
Thread 4:124 81AAF8E0
Thread 4:128 81A7E8D0
Thread 4:132 81A7E8D0
Thread 4:136 81A7E8D0
Thread 4:404 81AAF8E0
Thread 4:540 81AAF8E0

---- Processes - GMER 1.0.13 ----

Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 1896

---- EOF - GMER 1.0.13 ----

KASPERSKY log
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, August 19, 2007 7:17:57 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/08/2007
Kaspersky Anti-Virus database records: 384940
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
K:\

Scan Statistics:
Total number of scanned objects: 57228
Number of viruses found: 8
Number of infected objects: 27
Number of suspicious objects: 0
Duration of the scan process: 01:51:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Raul\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Raul\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Raul\Desktop\Progs\Total Commander 7.01 + TC UP 2.8\TC UP\tcup.exe/file1558 Infected: not-a-virus:PSWTool.Win32.Delf.f skipped
C:\Documents and Settings\Raul\Desktop\Progs\Total Commander 7.01 + TC UP 2.8\TC UP\tcup.exe/file1570 Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\Raul\Desktop\Progs\Total Commander 7.01 + TC UP 2.8\TC UP\tcup.exe/file1571 Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\Raul\Desktop\Progs\Total Commander 7.01 + TC UP 2.8\TC UP\tcup.exe Inno: infected - 3 skipped
C:\Documents and Settings\Raul\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Raul\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Raul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Raul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Raul\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Raul\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Raul\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Raul\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\RWLTVGAA.NQF/WISE0070.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\ESET\infected\RWLTVGAA.NQF/WISE0071.BIN/MeMediaSetup.exe Infected: not-a-virus:AdTool.Win32.WhenU.k skipped
C:\Program Files\ESET\infected\RWLTVGAA.NQF/WISE0071.BIN Infected: not-a-virus:AdTool.Win32.WhenU.k skipped
C:\Program Files\ESET\infected\RWLTVGAA.NQF/WISE0072.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\ESET\infected\RWLTVGAA.NQF/WISE0073.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\ESET\infected\RWLTVGAA.NQF/WISE0110.BIN/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Program Files\ESET\infected\RWLTVGAA.NQF/WISE0110.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Program Files\ESET\infected\RWLTVGAA.NQF/WISE0110.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Program Files\ESET\infected\RWLTVGAA.NQF WiseSFX: infected - 8 skipped
C:\Program Files\ESET\infected\RWLTVGAA.NQF WiseSFX Dropper: infected - 8 skipped
C:\Program Files\ESET\infected\RWLTVGAA.NQF PE-Crypt.XorPE: infected - 8 skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8A5B6999-4C9F-4721-8B43-F00C64E1E5C6}\RP31\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\ORGANIZA-38B364.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dllcache\NTGuard.log Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\ZLT0572f.TMP Object is locked skipped
C:\WINDOWS\temp\ZLT05732.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{8A5B6999-4C9F-4721-8B43-F00C64E1E5C6}\RP31\change.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{8A5B6999-4C9F-4721-8B43-F00C64E1E5C6}\RP31\change.log Object is locked skipped
K:\E - Desktop\repede pentru nero\A\DOCUMENTE DIN DESKTOP\Bad.CD.Repair.Pro.v4.06.WinALL.Incl.Keymaker-CORE\badcdrepairpro.zip/badcdrepairpro/bad_cd_repair_pro_install.exe/data0002 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
K:\E - Desktop\repede pentru nero\A\DOCUMENTE DIN DESKTOP\Bad.CD.Repair.Pro.v4.06.WinALL.Incl.Keymaker-CORE\badcdrepairpro.zip/badcdrepairpro/bad_cd_repair_pro_install.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
K:\E - Desktop\repede pentru nero\A\DOCUMENTE DIN DESKTOP\Bad.CD.Repair.Pro.v4.06.WinALL.Incl.Keymaker-CORE\badcdrepairpro.zip ZIP: infected - 2 skipped
K:\E - Desktop\repede pentru nero\A\DOCUMENTE DIN DESKTOP\Bad.CD.Repair.Pro.v4.06.WinALL.Incl.Keymaker-CORE\bad_cd_repair_pro_install.exe/data0002 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
K:\E - Desktop\repede pentru nero\A\DOCUMENTE DIN DESKTOP\Bad.CD.Repair.Pro.v4.06.WinALL.Incl.Keymaker-CORE\bad_cd_repair_pro_install.exe NSIS: infected - 1 skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{8A5B6999-4C9F-4721-8B43-F00C64E1E5C6}\RP31\change.log Object is locked skipped
K:\TEMPORAR DIN C PENTRU E\torrents\BitDefender Plus v10 + Keygen CORE + Patch\bitdefender_avplus_v10.exe/Pwinda.exe Infected: Trojan-Downloader.Win32.Delf.asz skipped
K:\TEMPORAR DIN C PENTRU E\torrents\BitDefender Plus v10 + Keygen CORE + Patch\bitdefender_avplus_v10.exe CAB: infected - 1 skipped
K:\TEMPORAR DIN C PENTRU E\torrents\BitDefender Plus v10 + Keygen CORE + Patch\keygen.exe Infected: Backdoor.Win32.Rbot.cqq skipped
K:\TEMPORAR DIN C PENTRU E\torrents\Total Commander 7.01 + TC UP 2.8\TC UP\tcup.exe/file1558 Infected: not-a-virus:PSWTool.Win32.Delf.f skipped
K:\TEMPORAR DIN C PENTRU E\torrents\Total Commander 7.01 + TC UP 2.8\TC UP\tcup.exe/file1570 Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
K:\TEMPORAR DIN C PENTRU E\torrents\Total Commander 7.01 + TC UP 2.8\TC UP\tcup.exe/file1571 Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
K:\TEMPORAR DIN C PENTRU E\torrents\Total Commander 7.01 + TC UP 2.8\TC UP\tcup.exe Inno: infected - 3 skipped

Scan process completed.

#6 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 19 August 2007 - 02:45 PM

Hello Rapul


Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c\windelf.txt, along with a new hijackhislog.



Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\GPInstall.exe
    C:\WINDOWS\system32\ChCfg.exe
    C:\WINDOWS\system32\wins
    C:\WINDOWS\system32\3076
    C:\WINDOWS\system32\2052
    C:\WINDOWS\system32\1054
    C:\WINDOWS\system32\1042
    C:\WINDOWS\system32\1041
    C:\WINDOWS\system32\1037
    C:\WINDOWS\system32\1033
    C:\WINDOWS\system32\1031
    C:\WINDOWS\system32\1028
    C:\WINDOWS\system32\1025
    C:\temp
    C:\Program Files\WindowsUpdate
    C:\Documents and Settings\Raul\Desktop\Progs\Total Commander 7.01 + TC UP 2.8\TC UP\tcup.exe
    K:\E - Desktop\repede pentru nero\A\DOCUMENTE DIN DESKTOP\Bad.CD.Repair.Pro.v4.06.WinALL.Incl.Keymaker-CORE
    K:\TEMPORAR DIN C PENTRU E\torrents\BitDefender Plus v10 + Keygen CORE + Patch


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.



* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Double click the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

So in your next reply I need to see the following : the windelf text, the SDFix report, the OTMoveIt results, the Dr. Web Cureit report, a new DSS log, and tell me how your PC is running now and if you had any problems.

#7 Rapul

Rapul
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 19 August 2007 - 03:53 PM

WIN32DELFKIL LOGFILE - by Marckie


version 3.130
19.08.2007 23:39:26,93
running from: "C:\Documents and Settings\Raul\Desktop"


--- File(s) found in Windows directory ---
gmer.dll

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


--- Notify key ---


--- rebooting the computer ---


--- File(s) found in Windows directory ---
gmer.dll

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"



--- Notify key ---

Finished!


Trying to run SDFix, I obtain the following result:
Attached File  sdfix.JPG   29.11KB   19 downloads

#8 Rapul

Rapul
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 19 August 2007 - 04:28 PM

Trying to run OTMoveIt.exe. Computer freezes at "Move.It" click.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:29:50, on 20.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6820 bytes

Edited by Rapul, 19 August 2007 - 04:29 PM.


#9 Rapul

Rapul
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 20 August 2007 - 01:02 AM

I just succeeded to run OTMoveIt. Here is the results:
File/Folder C:\WINDOWS\GPInstall.exe not found.
File/Folder C:\WINDOWS\system32\ChCfg.exe not found.
File/Folder C:\WINDOWS\system32\wins not found.
File/Folder C:\WINDOWS\system32\3076 not found.
File/Folder C:\WINDOWS\system32\2052 not found.
File/Folder C:\WINDOWS\system32\1054 not found.
File/Folder C:\WINDOWS\system32\1042 not found.
File/Folder C:\WINDOWS\system32\1041 not found.
File/Folder C:\WINDOWS\system32\1037 not found.
Folder cleanup failed. C:\WINDOWS\system32\1033 scheduled to be deleted on reboot.
File/Folder C:\WINDOWS\system32\1031 not found.
File/Folder C:\WINDOWS\system32\1028 not found.
File/Folder C:\WINDOWS\system32\1025 not found.
File/Folder C:\temp not found.
File/Folder C:\Program Files\WindowsUpdate not found.
File/Folder C:\Documents and Settings\Raul\Desktop\Progs\Total Commander 7.01 + TC UP 2.8\TC UP\tcup.exe not found.
File/Folder K:\E - Desktop\repede pentru nero\A\DOCUMENTE DIN DESKTOP\Bad.CD.Repair.Pro.v4.06.WinALL.Incl.Keymaker-CORE not found.
File/Folder K:\TEMPORAR DIN C PENTRU E\torrents\BitDefender Plus v10 + Keygen CORE + Patch not found.

Created on 08.20.2007 08:53:25
The last four items were deleted the first time I use OTMoveIt. After reboot, "Folder cleanup failed. C:\WINDOWS\system32\1033 scheduled to be deleted on reboot." is still here, as you see.
I run Dr.Web CureIt and he found a lot of malware. I deleted them all. Here is the log:
Attached File  DrWeblog.JPG   42.9KB   6 downloads
It considered SDFix as a virus and deleted it.
Now I will restart comp and make a new scan with DSS.
Done.
Here is the log:
Attached File  DSS2.txt   26.07KB   4 downloads

Edited by Rapul, 20 August 2007 - 01:13 AM.


#10 Rapul

Rapul
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 21 August 2007 - 12:13 AM

After all actions i have made, my antivirus is still finding something:
Attached File  Blumblebee2.JPG   26.39KB   10 downloads
The comp is running slow.

#11 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 21 August 2007 - 09:13 AM

Hi Rapul, please don't attach any of the reports as it makes them harder to read.

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.


Next :

Lets try get SDFix running on your PC again, please disable your anti-virus program(AntiVir) and your firewall(ZoneAlarm). Once they are disabled do the following

Download SDFix and save it to your Desktop.

If that doesn't work, try download SDFix from another computer, then reboot your PC into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode. Once in Safe Mode transfer SDFix over onto your PC via a usb stick or a cd.


If you get SDFix working in either of those ways, then do the following while still in Safe Mode.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log



Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.


So in your next reply please post the following : the SDFix report if you got it working, the HijackThis Uninstall List, and tell me how your PC is running now and if you had any problems.

#12 Rapul

Rapul
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 21 August 2007 - 10:53 AM

SDFix: Version 1.99
Run by Raul on 21.08.2007 at 18:44
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Registry Backups: - C:\SDFix\backups\backupreg.zip
Full Registry Backup: - C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

Files with Hidden Attributes:

C:\WINDOWS\system32\dllcache\NTGuard.exe

Finished


UNINSTALL LIST

Adobe Acrobat 7.0 Professional
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
AusLogics Disk Defrag
Avira AntiVir PersonalEdition Classic
Azureus Vuze
Canon MP160
CCleaner (remove only)
eMule
foobar2000 v0.9.4.3
GOM Player
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
IZArc 3.81
Java™ 6 Update 2
Kaspersky Online Scanner
K-Lite Codec Pack 3.3.0 Full
Microsoft Office Professional Edition 2003
Mozilla Firefox (2.0.0.6)
Nero 7
neroxml
Realtek AC'97 Audio
Spybot - Search & Destroy 1.4
Total Commander (Remove or Repair)
VideoLAN VLC media player 0.8.6c
Windows Media Format Runtime
Yahoo! Install Manager
ZoneAlarm

#13 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 21 August 2007 - 02:17 PM

Hello Rapul

Can you please post a new DSS log and tell me how your PC is running now and if you are having any problems.

#14 Rapul

Rapul
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 21 August 2007 - 03:16 PM

DSS log is here:
Attached File  DSS.txt   27.26KB   8 downloads

Comp is still running weird. There is a problem with a folder which I can not open as fast as the others. I receive notifications concerning various programs which must close because windows encountered problems, etc.
And the main problem is still active: as soon as I open Azureus Vuze, the comp became slower and have the same behaviour when I open Nero Express.

Edited by Rapul, 21 August 2007 - 03:25 PM.


#15 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 22 August 2007 - 06:30 AM

Hello Rapul, please do not attach your logs/reports as it makes them harder to read, meaning I may miss something.


Please run OTMoveIt by OldTimer again.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\dbrmdwb.bat
    C:\WINDOWS\system32\dbxDgrevCheck.dll
    C:\WINDOWS\eSellerateEngine.dll


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.



Next download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

So in your next reply please post the following : the OTMoveIt results, the AVG Anti-Spyware report, a new DSS log, and tell me how your PC is running now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users