Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Photo

Windows Explorer Keeps Crashing

Started by PapaSmurfinNZ , Oct 28 2009 01:39 PM

  • This topic is locked This topic is locked
3 replies to this topic

#1 PapaSmurfinNZ

PapaSmurfinNZ

  • Members
  • 29 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:New Zealand
  • Local time:04:36 AM

Posted 28 October 2009 - 01:39 PM

Hey there,

I dont know if I am posting in the right area as I dont really know what is causing my problem,

I have an issue with Windows Explorer Crashing everytime I open a video file. I have a few drives and it is happening accross them all, I can navigate to the file that I want to open, when I click the file the video will start and all other explorer windows will close showing an empty desktop. It all comes back after a few seconds, but this does not effect the playing of the video file or any other windows like FireFox.

Please find the logs as requested and the attached zip file.

Thanks

PapaSmurf :(

===========================================================================================================================================================

DDS (Ver_09-10-26.01) - NTFSx86
Run by Dave at 7:14:03.92 on Thu 29/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.2047.1258 [GMT 13:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Delete Duplicate Files\DDFS.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Sony Ericsson\Mobile\SyncIndicator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
F:\Vicki's Documents\Vicki\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.nz/ig
uSearch Page =
uSearch Bar =
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WindowsLivePhone] "c:\program files\windows live\device manager\msgrdvmn.exe" /AutoRun
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WindowsLivePhone] c:\program files\windows live\device manager\msgrdvmn.exe /AutoRun
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\phone connection monitor.lnk - c:\program files\sony ericsson\mobile\audevicemgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\windows search.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Search
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {BF17B190-08E5-41E7-836A-5CE81D80803F} = 10.1.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\ow4lwolp.default\
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [2008-9-4 30808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-31 64160]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-11-13 15424]
R2 878TVCard;Bt878 TV Card - Video Capture;c:\windows\system32\drivers\Bt878.sys [2008-10-1 196736]
R2 878TVTuner;Bt878 TV Card - TV Tuner;c:\windows\system32\drivers\BtTuner.sys [2008-10-1 9216]
R2 878Xbar;Bt878 TV Card - Crossbar;c:\windows\system32\drivers\BtXbar.sys [2008-10-1 8448]
R2 Delete Duplicate Files Scan on Schedule Service;Delete Duplicate Files Scan on Schedule Service;c:\program files\delete duplicate files\DDFS.exe [2009-7-22 212992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 1028432]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2004-4-19 6656]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-6-15 17408]

=============== Created Last 30 ================

2009-10-21 18:37:45 0 d-----w- c:\docume~1\dave\applic~1\Windows Search
2009-10-20 07:48:51 0 d-----w- c:\program files\common files\DivX Shared
2009-10-20 07:48:42 0 d-----w- c:\program files\DivX
2009-10-12 06:35:17 215465 ----a-w- c:\windows\system32\nvapps.nvb
2009-10-12 06:34:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-10-12 06:32:42 0 d-----w- c:\docume~1\dave\applic~1\Windows Desktop Search
2009-10-12 06:31:27 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-10-12 06:31:27 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-10-12 06:31:27 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-10-12 06:30:34 0 d-----w- c:\windows\system32\URTTEMP
2009-10-09 04:00:23 0 d-----w- C:\ConverterOutput
2009-10-09 03:59:07 0 d-----w- c:\program files\Cucusoft
2009-10-09 02:41:58 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-09 02:41:48 0 d-----w- c:\program files\PC Connectivity Solution
2009-09-30 03:06:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Nokia
2009-09-30 02:54:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-09-30 02:54:09 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-09-30 02:49:49 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-09-30 02:49:49 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-09-30 02:44:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-09-30 02:44:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-09-30 02:44:41 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-09-30 02:43:41 0 d-----w- c:\program files\common files\PCSuite
2009-09-30 02:43:36 0 d-----w- c:\program files\common files\Nokia
2009-09-30 02:43:15 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-09-30 02:43:14 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-09-30 02:43:14 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-09-30 02:43:11 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-09-30 02:43:11 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-09-30 02:43:11 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-09-30 02:43:00 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-09-30 02:42:59 0 d-----w- c:\program files\Nokia

==================== Find3M ====================

2009-10-28 18:14:04 173520928 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-28 10:46:32 2044328 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 01:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 01:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 10:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 06:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 06:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-09-05 04:02:51 262144 -c--a-w- c:\program files\Uninstall Spy Blocker.dll
2006-06-23 06:48:54 32768 -c--a-r- c:\windows\inf\UpdateUSB.exe
2008-10-16 08:53:56 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101620081017\index.dat

============= FINISH: 7:14:49.51 ===============

===========================================================================================================================================================

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/29 07:17
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6527000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5C2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB5144000 Size: 49152 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xB9DC9000 Size: 81920 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Dave\Local Settings\Apps\2.0\CCT8RY2G.QEO\6T3Q0BP9.A1E\poli..apac_1b8b6d511efbea69_0001.0003_cddd63c9dd3cc744\micr..ces3_31bf3856ad364e35_0003.0000_none_22c70d32a44be281.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Dave\Local Settings\Apps\2.0\CCT8RY2G.QEO\6T3Q0BP9.A1E\poli..apac_1b8b6d511efbea69_0001.0003_cddd63c9dd3cc744\micr..ces3_31bf3856ad364e35_0003.0000_none_22c70d32a44be281.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Dave\Local Settings\Apps\2.0\CCT8RY2G.QEO\6T3Q0BP9.A1E\poli..apac_1b8b6d511efbea69_0001.0003_cddd63c9dd3cc744\poli..apac_1b8b6d511efbea69_0001.0003_none_c79cef8894a9351e.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Dave\Local Settings\Apps\2.0\CCT8RY2G.QEO\6T3Q0BP9.A1E\poli..apac_1b8b6d511efbea69_0001.0003_cddd63c9dd3cc744\poli..apac_1b8b6d511efbea69_0001.0003_none_c79cef8894a9351e.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d3040

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66cf930

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66daa80

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d3510

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d9870

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d9aa0

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66dcfd0

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d3600

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66cff20

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66db6e0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66db440

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d9580

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66db8b0

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66cfd70

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d9350

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d9150

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66dc250

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66dbcb0

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d2c00

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66dc080

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d3220

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d0120

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66db140

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d9cd0

Shadow SSDT
-------------------
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d1250

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d12e0

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d1360

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb66d1520

==EOF==

===========================================================================================================================================================

Attached Files


BC AdBot (Login to Remove)

 

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Florida
  • Local time:12:36 PM

Posted 03 November 2009 - 06:22 AM

Hello PapaSmurfinNZ

Welcome to BleepingComputer :(
==========================
Hi I see no sign of malware in your logs.

Since that is the case I request that you post a new thread in this forum: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

Thank you.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 PapaSmurfinNZ

PapaSmurfinNZ
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:New Zealand
  • Local time:04:36 AM

Posted 03 November 2009 - 12:52 PM

Thanks your for reply,

I will post in the new forum,

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Florida
  • Local time:12:36 PM

Posted 03 November 2009 - 08:58 PM

You are welcome :(


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :(

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·