Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Pro system continually freezes momentarily


  • This topic is locked This topic is locked
23 replies to this topic

#1 karlhanes

karlhanes

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 14 January 2010 - 10:31 PM

Hi everyone,

I'm new to the forum and would like some assistance regarding a problem I have that's now reached a despairing point. I search through numerous such forums on the net and decided this one would be my best bet in obtaining a resolution.


I have:

ASUS Pentium 4, 1.6GHz. 896MB RAM, ASUS A 9250 Graphics Card 128MB

Win XP Pro SP3, Wireless remote (station) ADSL 512KB TP-Link


Whether I browse or use any desktop application, my system freezes every 5-10secs for a duration of anywhere from 4-10secs. It's got to the point where it's heavily impeding my ability to use the PC fast and efficiently, especially when typing text in Word and the like.


I've searched this forums database for a possible solution to no avail so I thought it best to post about it.

The following are logs I've run on my system today that may help anyone attempting to assist me.


HijackThis ComboFix DDS RSIT Juction txt output files


I do use torrents, but I always check the downloads with the latest versions of SuperAntiSpyware Pro and ESET NOD32 before Sandboxing them prior to fully installing them, and I run malware and virus checks daily.



My system was working well till some weeks ago when this problem began to creep in and worsen gradually.



I would appreciate any assistants.


Regards.

Edited by Orange Blossom, 14 January 2010 - 11:24 PM.
Move to HJT forum. ~ OB


BC AdBot (Login to Remove)

 


#2 karlhanes

karlhanes
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 16 January 2010 - 05:54 PM

Hi everyone,

I'm new to the forum and would like some assistance regarding a problem I have.


I use torrents, but I always check the downloads with the latest versions of SuperAntiSpyware Pro and ESET NOD32 4 before Sandboxing them prior to fully installing them, and I run malware and virus checks daily. I somehow feel this is not a malware related problem but I cannot be certain of that.


Whether I browse or use any desktop application, my system freezes every 5-10secs for a duration of anywhere from 4-10secs. It's got to the point where it's heavily impeding my ability to use the PC fast and efficiently, especially when typing text in Word and the like.



I have:

ASUS Pentium 4 motherboard, 1.6GHz. 896MB RAM, ASUS A 9250 Graphics Card 128MB

Win XP Pro SP3, Wireless remote (station) ADSL 512KB TP-Link


I have worked through the forum's "Preparation Guide for use before posting about your potential Malware problem" and "Slow Computer/browser? Check Here First; It May Not Be Malware". Followed and implemented everything that was pertinent to my system, including many Tweaks outlined in the Tweaks link contained in the latter thread pre-mentioned; yet the problem remains.





Here are my DDS and RootRepel logs and report:


DDS (Ver_09-12-01.01) - NTFSx86
Run by 777 at 12:47:40.61 on 15/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.896.320 [GMT 11:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\diagnostic\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe -H
mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall pro\feedback.exe" /dump:os_startup
mRun: [Nuance OmniPage 17-reminder] "c:\program files\nuance\omnipage17\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 17\ereg\Ereg.ini"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262620940281
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262620880890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class
mASetup: >{X9B49E34-C7CC-11D0-8953-00A0C90347FF} - rundll32.exe advpack.dll,LaunchINFSection IE.inf,IE.PerUser.Goo

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\777\applic~1\mozilla\firefox\profiles\qn05ca9w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-29 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-29 96408]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-12-21 714752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2009-12-21 1312584]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-29 735960]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-29 275968]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-12-21 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-12-21 256792]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-5-29 108032]
S3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2009-12-21 33920]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]

=============== Created Last 30 ================

2010-01-11 22:50:29 0 d-----w- c:\docume~1\777\applic~1\FLEXnet
2010-01-11 22:50:06 0 d-----w- c:\docume~1\777\applic~1\Zeon
2010-01-11 22:46:07 0 d-----w- c:\docume~1\777\applic~1\Nuance
2010-01-11 22:46:00 391 ----a-w- c:\windows\MAXLINK.INI
2010-01-11 22:43:41 0 d-----w- c:\program files\Nuance
2010-01-11 15:20:31 0 d-----w- c:\program files\SomePDF
2010-01-11 01:50:26 0 d-----w- c:\windows\RegisteredPackages
2010-01-11 00:51:17 1069056 ----a-w- c:\windows\system32\win32.dll
2010-01-11 00:51:17 0 d-----w- c:\program files\Bad CD DVD Reader
2010-01-07 04:31:05 163 ----a-w- c:\windows\MXSkypeRecorder.INI
2010-01-07 04:25:38 0 d-----w- c:\docume~1\777\applic~1\MXSkypeRec
2010-01-07 04:09:12 344064 ----a-w- c:\windows\system32\Msvcr70.dll
2010-01-07 04:09:12 0 d-----w- c:\program files\Absolute Sound Recorder
2010-01-05 08:15:58 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-05 08:15:48 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-05 08:15:48 0 d-----w- c:\docume~1\777\applic~1\SUPERAntiSpyware.com
2010-01-04 17:11:14 0 d-----w- c:\program files\MSXML 4.0
2010-01-04 16:59:06 0 d-----w- c:\windows\ie8updates
2010-01-04 16:36:22 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-04 16:36:22 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-04 16:36:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-04 16:36:21 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-04 16:36:20 1986048 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-04 16:32:55 2067968 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-01-04 16:26:48 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-04 16:26:46 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-04 16:26:45 2066176 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-04 16:03:07 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-01-04 16:03:07 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-12-20 14:09:40 714752 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-12-20 14:08:28 256792 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-12-20 14:06:55 49 ----a-w- c:\windows\transp.gif
2009-12-20 14:06:52 0 d-----w- c:\windows\system32\Filt
2009-12-20 14:06:37 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-12-20 14:05:35 0 d-----w- c:\program files\Agnitum
2009-12-20 14:04:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Agnitum
2009-12-20 13:20:17 0 d-----w- c:\program files\ESET
2009-12-20 08:44:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab

==================== Find3M ====================

2028-11-03 09:25:54 35104 ----a-w- c:\windows\fonts\ataques.ttf
2028-10-04 13:42:58 55232 ----a-w- c:\windows\fonts\taquesau.ttf
2009-12-08 01:28:45 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-03 02:21:17 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-24 06:19:28 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-21 09:30:06 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-13 14:47:57 260608 ----a-w- c:\windows\PEV.exe
2009-10-29 07:45:45 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-24 19:11:34 77312 ----a-w- c:\windows\MBR.exe
2009-09-19 12:21:40 1531904 ----a-w- c:\program files\avd.msi
2009-08-21 11:38:24 88 --sha-r- c:\windows\system32\3ED98F0DBC.sys

============= FINISH: 12:48:40.25 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 08/12/2009 12:40:42 PM
System Uptime: 15/01/2010 09:45:28 AM (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4B-MX
Processor: Intel® Pentium® 4 CPU 1.60GHz | PGA 478 | 1594/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 19 GiB total, 2.582 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 14.735 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_30138086&REV_03\4&1351887D&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_30138086&REV_03\4&1351887D&0&40F0
Service: E100B

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TP-LINK 11b/g Wireless Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_2052168C&REV_01\4&1351887D&0&50F0
Manufacturer: TP-LINK
Name: TP-LINK 11b/g Wireless Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_2052168C&REV_01\4&1351887D&0&50F0
Service: AR5211

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&268D196D&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&268D196D&0
Service: i8042prt

==== System Restore Points ===================

RP35: 05/01/2010 03:37:21 AM - Software Distribution Service 3.0
RP36: 05/01/2010 10:37:58 AM - Revo Uninstaller's restore point - SUPERAntiSpyware Professional
RP37: 05/01/2010 10:38:12 AM - Removed SUPERAntiSpyware Professional
RP38: 05/01/2010 05:43:48 PM - Revo Uninstaller's restore point - Ad-Aware
RP39: 05/01/2010 05:49:09 PM - Installed SUPERAntiSpyware Professional
RP40: 05/01/2010 07:05:45 PM - Revo Uninstaller's restore point - SUPERAntiSpyware Professional
RP41: 05/01/2010 07:06:34 PM - Removed SUPERAntiSpyware Professional
RP42: 05/01/2010 07:15:47 PM - Installed SUPERAntiSpyware Professional
RP43: 07/01/2010 12:57:54 AM - System Checkpoint
RP44: 07/01/2010 03:04:46 PM - Revo Uninstaller's restore point - Absolute Sound Recorder version 3.3.9
RP45: 08/01/2010 03:42:35 PM - System Checkpoint
RP46: 10/01/2010 04:48:59 AM - System Checkpoint
RP47: 10/01/2010 01:04:59 PM - Revo Uninstaller's restore point - Fraps (remove only)
RP48: 11/01/2010 11:57:47 AM - Revo Uninstaller's restore point - Bad CD DVD Reader 1.0
RP49: 11/01/2010 12:49:41 PM - Installed DirectX 9.0
RP50: 11/01/2010 02:55:32 PM - Revo Uninstaller's restore point - E.M. Free Game Capture 2.31
RP51: 12/01/2010 09:38:47 AM - Installed Nuance OmniPage 17.
RP52: 12/01/2010 09:43:24 AM - Installed Nuance OmniPage 17.
RP53: 13/01/2010 11:30:55 AM - System Checkpoint
RP54: 14/01/2010 12:01:38 PM - System Checkpoint
RP55: 14/01/2010 03:34:41 PM - Revo Uninstaller's restore point - Fraps (remove only)

==== Installed Programs ======================

Absolute Sound Recorder version 3.7.1
Active@ UNDELETE
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Advanced PDF Password Recovery
Advanced RAR Password Recovery (remove only)
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
ATI Parental Control & Encoder
µTorrent
AVS Update Manager 1.0
AVS Video Editor 4
BitTorrent
Cheetah DVD Burner
Concise Oxford English Dictionary (Eleventh Edition)
ESET NOD32 Antivirus
Google Earth Pro 4.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hullform 9S
Java™ 6 Update 11
K-Lite Mega Codec Pack 4.9.5
Lernout & Hauspie TruVoice American English TTS Engine
Magic ISO Maker v5.4 (build 0239)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB973688)
MX Skype Recorder v3.4
NetTools 5.0
Nuance OmniPage 17
OGA Notifier 2.0.0048.0
Outpost Firewall Pro 2009
Paint Shop Pro 7
PConPoint v4.1
Privoxy 3.0.6
QuickTime
Revo Uninstaller 1.83
Safari
Sandboxie 3.38
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skypeâ„¢ 4.1
Soft Data Fax Modem with SmartCP
Some PDF to Word Converter 1.5
Speakonia
Spybot - Search & Destroy
SUPERAntiSpyware Professional
Tor 0.2.1.19
TP-LINK Client Installation Program
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb976884)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Ventrilo Client
Vidalia 0.1.15
WebFldrs XP
WebSite Downloader 1.1
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
WinRAR archiver
Worms Armageddon
XML Paper Specification Shared Components Pack 1.0
YouTube Downloader 2.5.3

==== Event Viewer Messages From Past Week ========

14/01/2010 11:17:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SharedAccess service.
14/01/2010 11:17:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
14/01/2010 11:16:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
14/01/2010 11:16:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
09/01/2010 10:26:00 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
09/01/2010 10:25:52 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
09/01/2010 04:19:56 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================






ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/17 09:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE8AF000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BDC000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE8EF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Processes
-------------------
Path: C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
PID: 3540 Status: Locked to the Windows API!

Path: C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe
PID: 4000 Status: Locked to the Windows API!

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea72bf0

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea57c70

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea764f0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea53fe0

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea5f220

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea6b440

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea6bd40

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea52d90

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea5efd0

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea69f00

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea79f80

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea5dcb0

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea60a90

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea67530

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea68d40

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea5e840

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea56c90

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea60150

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea6de30

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea53600

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea6d1f0

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea73f30

#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea58a30

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea628e0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea63130

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea72060

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea66720

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea64690

#: 199 Function Name: NtRequestPort
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea78790

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea78ab0

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea65eb0

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea64e10

#: 208 Function Name: NtSaveKeyEx
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea65660

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea770d0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea715d0

#: 223 Function Name: NtSetInformationDebugObject
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea7a570

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea59d80

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea68350

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea639b0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea70320

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea70c50

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea797c0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea6e920

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea6f7b0

#: 262 Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea696c0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea73440

Stealth Objects
-------------------
Object: Hidden Handle [Index: 660, Type: Process]
Process: acs.exe (PID: 936) Address: 0x8373c880 Size: -

Object: Hidden Code [ETHREAD: 0x848eeda8]
Process: System Address: 0x844a6930 Size: 1000

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea7e1f0

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea7de00

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea7d700

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea7bf20

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea7b420

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea7b7b0

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea7e650

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea7d3d0

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea7c2e0

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xeea7cab0

==EOF==

Attached Files


Edited by Orange Blossom, 16 January 2010 - 08:33 PM.
Merged topics. ~ OB


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:21 PM

Posted 20 January 2010 - 04:24 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 karlhanes

karlhanes
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 21 January 2010 - 07:35 AM

Hi myrti,


Thanks for the response, I hope you can sort this out for me.

Firstly, I want to mention that since posting my first 2 posts I have restored Windows from my MS Win XP Pro disk, and I removed Outpost firewall and replaced it with ZoneAlarm Pro Version 9. I was using ZonewAlarm for years and changed to Outpost thinking it may have been my firewall causing the problem, but as it turns out it wasn't. The same happens with either firewalls. I also ran over 100 Windows upgrades after the reinstalltion of the windows system; mainly security upgrades, and all of them were detected as being required by Microsoft when I checked my PC after the system re-installation. That is all I've done since then, but the problem still exists.


What's happening is that when I use my PC, no matter what I'm running/doing, it consistently freezes up (or locks up or times-out) TEMPORARILY, and then it UN-freezes (UN-locks); all the time, all by itself. I never have to reboot, and the frequency it occurs varies, anywhere from every 20seconds to a minute or so; more so when I'm browsing the inet. So anywhere from 20 to 60 odd seconds to begin freezing since the last Un-freeze, and the freezing lasts for about 5-12secs most of the time, sometimes a little longer. If that makes sense?

I also have the problem when I leave a browser window minimized for a while, to work on a desktop application, and then when I return to the browser (that's been sitting idle for a while), as soon as I try to access another page/URL in the browser, no matter what URL it is, it always comes back with a 'Server Not Found' error massage; both in Firefox and IExplorer. Then as soon as I hit RELOAD once, it accesses the page without a problem. This is happening all the time, even when I am using the browser by itself and accessing different pages/urls; not just when I leave the browser minimized and idle for a while. It occurs very frequently. AND when I am typing text fields in a browser, the time-out/freeze still occurs, and it locks/freezes for the length of time I mentioned before, and all by itself it un-freezes. In the browser, whenever I try to use a pulldown menu, it times-out with certainty every time. Like when I'm trying to enter my gmail, and I;m about to type my username in, as soon as I right-click on the field before I start typing, it locks up temporarily as pre-mentioned, and then all by itself, it un-locks when it sees fit.

The only time it rarely doesn't 'time-out/freeze-out' when I'm in a browser, is when I am in a forum and typing in text that I want to post... as I am now. This is the only time it doesn't freeze in a browser, but it does sometimes occur, but not as often as it does when I'm accessing other things (as I already mentioned) in a browser. Pull-down menus are a killer. Using YouTube has become a real pain. It times out even when I'm playing YouTube videos. Even after the video has been downloaded and I finished watching it, if I try to 'REPLAY' it, it will still timeout as it did when it was initially downloading and playing it. I can still hear the audio, but the video freezes for a few seconds. Immediately after I start the video, and then once every 3-4minutes. Again, the freeze/timeout lasts for about 5-12seconds, sometimes a little more.

Now since I reinstalled windows as I mentioned before, I initially had problems when I tried to watch a video that was on my machine (either on the Hard disk or DVD) in Windows Media Player and Media Player Classic. The films/videos would run like a dog; very slow, missing frames. So I re-installed my K-Lite Codec pack, and it fixed the problem a fair bit, but not completely. I use to be able to play videos on my PC and run other applications like Word or something else, without any reduction in the speed of the video or the application. When I do it now, it slows down the video (and sometimes the audio of the video but not always the audio) and it also slows down the speed of the application I am running simultaneously. Both the video and the application slow down when played or used at the same time... and of course, the application is not only slow but it also suffers from the time-out I am talking about at the same time. Slow continually, and frequent temporary timeouts/lock-ups as you are using the application that is running concurrently with the video.

The only thing that does NOT seem to be effected by these time-outs is a game that I occasionally play called Worms Armageddon. That game plays as it always use to... it occasionally times out to access the CD that it's stored on, but that is normal for this game. It always use to do that since I started playing/using it about 10years ago with Windows 98. So this timeout is not a problem, it is part of the normal operation of the game.

The only other thing I have noticed is that I can NOT record a video that is on screen using Fraps. When I initiate the process, it behaves as though it is recording, but when I'm finished, all it's recorded is a video file that has its audio, but no video. All you see when you try to play the video file is a black screen with its soundtrack.


I hope all this makes sense.


Here are the text files that OTL generated:


OTL logfile created on: 21/01/2010 10:28:24 PM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\777\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

896.00 Mb Total Physical Memory | 296.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): c:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.67 Gb Total Space | 1.59 Gb Free Space | 8.51% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 15.12 Gb Free Space | 40.57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 530.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEW-7B8969C1975
Current User Name: 777
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/21 22:26:25 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\777\Desktop\OTL.exe
PRC - [2009/09/29 13:03:46 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/09/29 13:02:52 | 02,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/09/22 02:02:44 | 02,383,728 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/09/22 02:01:24 | 01,011,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/09/11 06:01:39 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/25 17:34:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/29 00:32:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 17:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/03 22:38:24 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/02 00:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/14 16:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/06/05 23:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/05/29 03:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/03/29 16:12:06 | 00,364,544 | ---- | M] () -- C:\Program Files\TP-LINK\TWCU\TWCU.exe
PRC - [2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/12/30 08:15:16 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe


========== Modules (SafeList) ==========

MOD - [2010/01/21 22:26:25 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\777\Desktop\OTL.exe
MOD - [2008/05/02 00:15:36 | 00,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/29 13:11:10 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/29 13:03:46 | 00,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/09/22 02:02:44 | 02,383,728 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/08/25 17:34:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/22 05:50:59 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/29 00:32:26 | 00,053,760 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/06/05 23:20:32 | 00,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/29 03:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/10/27 00:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/12/30 08:15:16 | 00,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - [2009/12/16 16:27:00 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 16:26:58 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 16:26:56 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/29 13:05:54 | 00,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/09/29 13:02:58 | 00,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/29 12:56:32 | 00,116,008 | ---- | M] (ESET) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/09/22 02:01:28 | 00,482,696 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/08/31 13:48:41 | 00,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/22 04:23:49 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/05/29 00:32:24 | 00,108,032 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2008/04/14 09:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/16 19:55:00 | 00,165,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2006/05/03 11:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/21 10:16:34 | 00,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/10/06 01:57:08 | 00,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/07/22 21:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 21:01:10 | 00,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 21:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/28 03:05:42 | 00,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/03/14 04:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/23 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 23:00:00 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001/08/17 23:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1417001333-861567501-515967899-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1417001333-861567501-515967899-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1417001333-861567501-515967899-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1417001333-861567501-515967899-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 D8 21 BD 40 22 CA 01 [binary data]
IE - HKU\S-1-5-21-1417001333-861567501-515967899-1003\S-1-5-21-1417001333-861567501-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1417001333-861567501-515967899-1003\S-1-5-21-1417001333-861567501-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.2
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/20 21:04:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/20 21:04:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/12/21 00:20:22 | 00,000,000 | ---D | M]

[2009/08/25 17:38:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\777\Application Data\Mozilla\Extensions
[2009/08/25 17:38:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\777\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/05 10:50:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\777\Application Data\Mozilla\Firefox\Profiles\qn05ca9w.default\extensions
[2009/12/25 22:24:22 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\777\Application Data\Mozilla\Firefox\Profiles\qn05ca9w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/09/11 21:34:51 | 00,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\777\Application Data\Mozilla\Firefox\Profiles\qn05ca9w.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/12/25 22:24:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/15 13:30:19 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-19\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1417001333-861567501-515967899-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Nuance OmniPage 17-reminder] C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TWCU\TWCU.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1417001333-861567501-515967899-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-861567501-515967899-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1417001333-861567501-515967899-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1417001333-861567501-515967899-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1417001333-861567501-515967899-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1263910349343 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1263910340937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/22 03:48:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/05/27 03:23:22 | 00,000,049 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{8441a60c-8e75-11de-9dcd-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8441a60c-8e75-11de-9dcd-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8441a60c-8e75-11de-9dcd-806d6172696f}\Shell\AutoRun\command - "" = F:\Setup.exe -- [1999/05/27 03:23:22 | 00,282,112 | R--- | M] (Team 17 Software Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/21 22:26:10 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\777\Desktop\OTL.exe
[2010/01/21 16:29:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\Application Data\Windows Search
[2010/01/21 07:59:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/01/20 08:31:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\Local Settings\Application Data\ApplicationHistory
[2010/01/20 08:30:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/20 08:30:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/20 08:09:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/01/20 08:09:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/20 08:09:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/20 08:08:48 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/01/20 07:56:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/01/20 07:55:52 | 00,248,448 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\PROUnstl.exe
[2010/01/20 07:55:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\Local Settings\Application Data\Identities
[2010/01/20 07:54:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\Application Data\Windows Desktop Search
[2010/01/20 07:53:37 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/01/20 07:53:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/01/20 07:52:57 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2010/01/20 07:52:57 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2010/01/20 07:52:57 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2010/01/20 07:52:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/01/20 01:40:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/01/20 01:39:34 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/01/20 01:39:34 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/01/20 01:38:21 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/20 01:38:16 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2010/01/20 01:38:09 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2010/01/20 01:38:09 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2010/01/20 01:38:02 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/01/20 01:38:01 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/20 01:38:01 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/01/20 01:38:01 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/20 01:38:00 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/01/20 01:37:59 | 01,986,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/20 01:37:59 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/01/20 01:37:58 | 01,209,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/01/20 01:37:58 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/01/20 01:37:58 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/01/20 01:37:56 | 05,944,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/01/20 01:37:56 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/01/20 01:37:30 | 01,447,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/01/20 01:37:30 | 01,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/01/20 01:36:39 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/01/20 01:36:39 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2010/01/20 01:36:39 | 00,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2010/01/20 01:36:39 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2010/01/20 01:36:13 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2010/01/20 01:35:49 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2010/01/20 01:35:42 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2010/01/20 01:35:10 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/01/20 01:35:02 | 00,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2010/01/20 01:34:48 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2010/01/20 01:34:48 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2010/01/20 01:34:40 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2010/01/20 01:34:27 | 02,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2010/01/20 01:33:56 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2010/01/20 01:30:43 | 00,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/01/20 01:30:35 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2010/01/20 01:28:53 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2010/01/20 01:28:45 | 00,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2010/01/20 01:28:37 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2010/01/20 01:28:37 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2010/01/20 01:28:37 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2010/01/20 01:28:37 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxclu.dll
[2010/01/20 01:28:37 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2010/01/20 01:28:27 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/01/20 01:28:25 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/01/20 01:28:23 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/01/20 01:28:22 | 02,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/01/20 01:27:57 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010/01/20 01:13:01 | 00,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/01/20 00:10:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\Local Settings\Application Data\ATI
[2010/01/20 00:10:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\Application Data\ATI
[2010/01/20 00:01:43 | 01,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2010/01/20 00:01:43 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll
[2010/01/20 00:01:42 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2010/01/20 00:01:42 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2010/01/20 00:01:41 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll
[2010/01/20 00:01:41 | 00,590,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dramp.dll
[2010/01/20 00:01:41 | 00,436,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim.dll
[2010/01/20 00:01:41 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3drm.dll
[2010/01/20 00:01:41 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2010/01/20 00:01:41 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll
[2010/01/20 00:01:41 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll
[2010/01/20 00:01:41 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll
[2010/01/20 00:01:41 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll
[2010/01/20 00:01:41 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll
[2010/01/20 00:01:41 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dxof.dll
[2010/01/20 00:01:41 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dpmesh.dll
[2010/01/20 00:01:41 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll
[2010/01/20 00:01:41 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll
[2010/01/20 00:01:41 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll
[2010/01/20 00:01:41 | 00,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxapi.sys
[2010/01/20 00:01:40 | 01,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll
[2010/01/20 00:01:40 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2010/01/20 00:01:40 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll
[2010/01/20 00:01:40 | 00,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2010/01/20 00:01:40 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2010/01/20 00:01:40 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll
[2010/01/20 00:01:40 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2010/01/20 00:01:40 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2010/01/20 00:01:40 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll
[2010/01/20 00:01:39 | 01,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2010/01/20 00:01:39 | 01,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2010/01/20 00:01:39 | 00,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll
[2010/01/20 00:01:39 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2010/01/20 00:01:39 | 00,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll
[2010/01/20 00:01:39 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2010/01/20 00:01:39 | 00,467,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diactfrm.dll
[2010/01/20 00:01:39 | 00,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll
[2010/01/20 00:01:39 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll
[2010/01/20 00:01:39 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2010/01/20 00:01:39 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gcdef.dll
[2010/01/20 00:01:39 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl
[2010/01/20 00:01:39 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll
[2010/01/20 00:01:39 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll
[2010/01/20 00:01:39 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll
[2010/01/20 00:01:39 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dimap.dll
[2010/01/20 00:01:39 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll
[2010/01/20 00:01:39 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll
[2010/01/20 00:01:39 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2010/01/20 00:01:39 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll
[2010/01/20 00:01:39 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2010/01/20 00:01:39 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll
[2010/01/20 00:01:39 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll
[2010/01/20 00:01:39 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll
[2010/01/19 23:59:56 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/01/19 23:49:13 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/01/19 23:49:11 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/01/19 23:49:11 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/01/19 23:49:02 | 00,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/01/19 23:49:00 | 01,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/01/19 23:49:00 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/01/19 23:48:59 | 00,299,400 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/01/19 23:48:59 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/01/19 23:48:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/01/19 23:48:57 | 00,482,696 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/01/19 23:48:56 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/01/19 23:48:17 | 00,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/01/19 23:48:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/01/19 23:48:16 | 00,617,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/01/19 23:48:16 | 00,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/01/18 21:29:46 | 06,684,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglx1.dll
[2010/01/18 21:29:46 | 05,033,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2010/01/18 21:29:46 | 01,408,000 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/01/18 21:29:46 | 00,307,200 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/01/18 21:29:46 | 00,286,720 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2010/01/18 21:29:46 | 00,151,552 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010/01/18 21:29:46 | 00,114,688 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/01/18 21:29:46 | 00,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2010/01/18 21:29:46 | 00,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/01/18 21:29:46 | 00,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2010/01/18 21:29:45 | 02,693,280 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/01/18 21:29:45 | 00,413,696 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.exe
[2010/01/18 21:29:45 | 00,282,624 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/01/18 21:29:45 | 00,258,048 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/01/18 21:29:45 | 00,061,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2010/01/18 21:29:45 | 00,041,984 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/01/18 21:29:45 | 00,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/01/18 20:42:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/01/18 20:25:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/18 19:56:22 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/01/18 19:56:21 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/01/18 18:49:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/15 13:55:38 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/15 13:44:11 | 00,095,616 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\junction.exe
[2010/01/15 12:39:09 | 00,000,000 | ---D | C] -- C:\rsit
[2010/01/12 09:50:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\Application Data\FLEXnet
[2010/01/12 09:50:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\Application Data\Zeon
[2010/01/12 09:50:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\Application Data\ScanSoft
[2010/01/12 09:46:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\Application Data\Nuance
[2010/01/12 09:44:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/01/12 09:43:41 | 00,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/01/12 02:20:31 | 00,000,000 | ---D | C] -- C:\Program Files\SomePDF
[2010/01/11 12:50:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/01/11 12:49:44 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/01/11 12:49:44 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/01/11 12:49:44 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2010/01/11 12:49:44 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/01/11 11:51:17 | 00,000,000 | ---D | C] -- C:\Program Files\Bad CD DVD Reader
[2010/01/07 15:26:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\My Documents\Call Recordings
[2010/01/07 15:25:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\Application Data\MXSkypeRec
[2010/01/07 15:09:12 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msvcr70.dll
[2010/01/07 15:09:12 | 00,000,000 | ---D | C] -- C:\Program Files\Absolute Sound Recorder
[2010/01/06 01:45:31 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\777\Recent
[2010/01/05 19:15:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/05 19:15:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\777\Application Data\SUPERAntiSpyware.com
[2010/01/05 19:15:48 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/05 11:19:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/01/05 11:14:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/01/05 10:12:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/01/05 04:11:14 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/01/05 03:59:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/01/05 03:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/01/05 03:58:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/01/05 03:58:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/01/05 03:58:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/01/05 03:03:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/12/22 11:47:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/21 22:26:25 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\777\Desktop\OTL.exe
[2010/01/21 16:53:17 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/21 16:52:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/21 16:51:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/21 16:51:41 | 93,910,2208 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/21 16:50:25 | 09,437,184 | -H-- | M] () -- C:\Documents and Settings\777\NTUSER.DAT
[2010/01/21 16:50:25 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\777\ntuser.ini
[2010/01/21 16:49:24 | 02,113,874 | -H-- | M] () -- C:\Documents and Settings\777\Local Settings\Application Data\IconCache.db
[2010/01/21 01:23:53 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/21 00:26:39 | 00,002,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
[2010/01/20 21:04:04 | 00,000,938 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2010/01/20 20:10:25 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/20 17:20:55 | 00,000,834 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/20 13:06:18 | 00,000,122 | ---- | M] () -- C:\WINDOWS\wa.INI
[2010/01/20 13:05:59 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010/01/20 12:45:26 | 00,554,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/20 12:45:26 | 00,464,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/20 12:45:26 | 00,079,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/20 08:31:47 | 00,000,126 | ---- | M] () -- C:\Documents and Settings\777\Local Settings\Application Data\fusioncache.dat
[2010/01/20 08:29:28 | 01,750,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/20 08:27:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/20 07:53:59 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/01/20 00:11:40 | 00,738,152 | ---- | M] () -- C:\Documents and Settings\777\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/20 00:06:01 | 00,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Catalyst Control Center.lnk
[2010/01/19 23:57:43 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/19 23:50:02 | 00,418,012 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/18 22:49:20 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\777\Desktop\Word.lnk
[2010/01/18 21:47:00 | 00,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/01/18 20:22:02 | 00,000,499 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/01/18 20:17:49 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/01/18 20:17:47 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/18 20:17:47 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/18 20:17:24 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/18 20:14:38 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/01/18 20:14:38 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/01/18 20:14:30 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/01/18 20:14:30 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/01/18 20:14:30 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/01/18 20:14:30 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/01/18 20:14:30 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/01/18 20:14:30 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/01/18 20:10:19 | 00,022,748 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/18 20:07:55 | 00,000,282 | -HS- | M] () -- C:\boot.ini
[2010/01/18 19:56:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/18 19:39:10 | 01,107,663 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/01/18 18:49:47 | 93,913,9072 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/01/15 13:30:19 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/14 16:01:48 | 00,078,336 | ---- | M] () -- C:\Documents and Settings\777\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 16:59:02 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\777\Desktop\Nuance OCR.lnk
[2010/01/12 09:46:00 | 00,000,391 | ---- | M] () -- C:\WINDOWS\MAXLINK.INI
[2010/01/12 02:20:32 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\777\Desktop\Some PDF to Word Converterr.lnk
[2010/01/08 18:37:31 | 00,158,004 | ---- | M] () -- C:\Documents and Settings\777\Desktop\sleepVantage membership form.pdf
[2010/01/07 20:52:16 | 00,004,096 | -H-- | M] () -- C:\Documents and Settings\777\Local Settings\Application Data\keyfile3.drm
[2010/01/07 15:33:48 | 00,000,163 | ---- | M] () -- C:\WINDOWS\MXSkypeRecorder.INI
[2010/01/07 15:25:38 | 00,000,981 | ---- | M] () -- C:\Documents and Settings\777\Desktop\MX Skype Recorder.lnk
[2010/01/07 15:09:14 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\777\Desktop\Absolute Sound Recorder.lnk
[2010/01/06 21:49:34 | 00,000,377 | ---- | M] () -- C:\Documents and Settings\777\Desktop\Understanding God and the bible.rar
[2010/01/05 19:15:51 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/01/05 19:00:01 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\777\Desktop\PConPoint.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/20 13:01:06 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2010/01/20 08:31:47 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\777\Local Settings\Application Data\fusioncache.dat
[2010/01/20 07:53:59 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/01/20 00:08:15 | 93,910,2208 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/20 00:06:01 | 00,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Catalyst Control Center.lnk
[2010/01/20 00:01:42 | 01,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2010/01/20 00:01:42 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/01/20 00:01:42 | 00,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2010/01/20 00:01:42 | 00,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2010/01/20 00:01:42 | 00,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2010/01/20 00:01:42 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2010/01/20 00:01:42 | 00,173,056 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qasf.dll
[2010/01/20 00:01:42 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2010/01/20 00:01:41 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2010/01/20 00:01:41 | 00,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2010/01/20 00:01:41 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2010/01/20 00:01:41 | 00,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010/01/19 23:48:57 | 00,418,012 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/19 21:55:09 | 01,608,226 | ---- | C] () -- C:\Documents and Settings\777\Desktop\RegCure 1.6 Portable.exe
[2010/01/18 22:54:55 | 00,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/18 21:29:46 | 00,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/01/18 21:29:46 | 00,006,005 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/01/18 20:14:38 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/01/18 20:14:30 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/01/18 20:14:30 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/01/18 20:14:30 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/01/18 20:14:30 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/01/18 20:14:30 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/01/18 19:56:44 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/18 19:56:03 | 00,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/01/18 19:56:03 | 00,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/01/18 19:56:03 | 00,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/01/18 19:56:03 | 00,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/01/18 19:56:02 | 00,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/01/18 19:56:02 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/01/18 19:56:02 | 00,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/01/18 19:56:02 | 00,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/01/18 19:56:02 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/01/18 19:56:02 | 00,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/01/18 19:56:02 | 00,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/01/18 19:56:02 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/01/18 19:56:02 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/01/18 19:56:01 | 01,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/01/18 19:56:01 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/01/18 19:56:01 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/01/18 19:56:00 | 02,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/01/18 19:56:00 | 00,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/01/16 22:40:02 | 93,913,9072 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/01/12 16:56:53 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\777\Desktop\Nuance OCR.lnk
[2010/01/12 09:46:00 | 00,000,391 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/01/12 02:20:32 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\777\Desktop\Some PDF to Word Converterr.lnk
[2010/01/08 18:37:25 | 00,158,004 | ---- | C] () -- C:\Documents and Settings\777\Desktop\sleepVantage membership form.pdf
[2010/01/07 20:52:16 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\777\Local Settings\Application Data\keyfile3.drm
[2010/01/07 15:31:05 | 00,000,163 | ---- | C] () -- C:\WINDOWS\MXSkypeRecorder.INI
[2010/01/07 15:25:38 | 00,000,981 | ---- | C] () -- C:\Documents and Settings\777\Desktop\MX Skype Recorder.lnk
[2010/01/07 15:09:14 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\777\Desktop\Absolute Sound Recorder.lnk
[2010/01/06 21:49:34 | 00,000,377 | ---- | C] () -- C:\Documents and Settings\777\Desktop\Understanding God and the bible.rar
[2010/01/05 19:15:51 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/10/22 01:54:47 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/25 02:47:34 | 01,531,904 | ---- | C] () -- C:\Program Files\avd.msi
[2009/09/21 16:31:26 | 00,000,909 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2009/09/11 22:55:55 | 01,100,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/31 14:25:06 | 00,000,122 | ---- | C] () -- C:\WINDOWS\wa.INI
[2009/08/29 20:40:20 | 00,000,059 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/08/22 17:37:40 | 00,078,336 | ---- | C] () -- C:\Documents and Settings\777\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/22 04:23:48 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2009/08/22 04:20:17 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/08/22 02:04:35 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2009/08/22 02:04:34 | 06,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2009/08/22 02:04:34 | 00,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2009/08/22 02:04:34 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/08/22 02:04:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2009/08/22 02:04:34 | 00,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2009/08/22 02:04:34 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2009/08/22 02:04:34 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2009/08/22 02:04:33 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/08/22 02:02:05 | 00,001,526 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/08/22 01:01:05 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/22 01:01:04 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/22 01:01:01 | 02,402,304 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/08/22 01:01:01 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/22 01:01:01 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/22 01:01:00 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/08/22 01:00:58 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/22 01:00:58 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/21 22:38:24 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/08/21 22:38:24 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3ED98F0DBC.sys
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/14 16:42:04 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/01/03 22:03:14 | 00,062,976 | ---- | C] () -- C:\WINDOWS\System32\WBKBCoin.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/09/13 09:17:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2003/09/24 01:40:34 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B013599
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8D65F32
< End of report >







OTL Extras logfile created on: 21/01/2010 10:28:24 PM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\777\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

896.00 Mb Total Physical Memory | 296.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): c:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.67 Gb Total Space | 1.59 Gb Free Space | 8.51% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 15.12 Gb Free Space | 40.57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 530.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEW-7B8969C1975
Current User Name: 777
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = TP-LINK Client Installation Program
"{2955C37C-EC98-4BC3-8E18-7B13FEFED71C}" = ATI Catalyst Control Center
"{34AFE453-F544-4269-89C9-CAB7F0744963}" = Nuance OmniPage 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{64B408B8-068B-4EE0-B16C-658A24E75B8B}" = Active@ UNDELETE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DC0CBB2-F919-4bdd-A608-E8FE35E03237}" = MX Skype Recorder v3.4
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85C70286-A56F-4834-BD24-B34EB76A93A2}" = ESET NOD32 Antivirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"Absolute Sound Recorder_is1" = Absolute Sound Recorder version 3.7.1
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only)
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Video Editor 4_is1" = AVS Video Editor 4
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Concise Oxford English Dictionary (Eleventh Edition)" = Concise Oxford English Dictionary (Eleventh Edition)
"Google Earth Pro 4.2" = Google Earth Pro 4.2
"HijackThis" = HijackThis 2.0.2
"Hullform 9S_is1" = Hullform 9S
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.5
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NetTools_is1" = NetTools 5.0
"PConPoint_is1" = PConPoint v4.1
"Privoxy" = Privoxy 3.0.6
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.83
"Sandboxie" = Sandboxie 3.38
"Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.5
"Speakonia_is1" = Speakonia
"Tor" = Tor 0.2.1.19
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.1.15
"WebSite Downloader" = WebSite Downloader 1.1
"WinRAR archiver" = WinRAR archiver
"Worms Armageddon" = Worms Armageddon
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm Pro" = ZoneAlarm Pro

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1417001333-861567501-515967899-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/11/2009 11:20:36 AM | Computer Name = NEW-7B8969C1975 | Source = MsiInstaller | ID = 11500
Description =

Error - 18/11/2009 11:28:25 AM | Computer Name = NEW-7B8969C1975 | Source = MsiInstaller | ID = 11500
Description =

Error - 18/11/2009 11:30:00 AM | Computer Name = NEW-7B8969C1975 | Source = MsiInstaller | ID = 11500
Description =

Error - 07/12/2009 09:51:43 PM | Computer Name = NEW-7B8969C1975 | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF
while recovering repository file.

Error - 07/12/2009 09:51:43 PM | Computer Name = NEW-7B8969C1975 | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
while recovering repository file.

Error - 07/12/2009 09:51:44 PM | Computer Name = NEW-7B8969C1975 | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS
COMMUNICATION FOUNDATION\SERVICEMODEL.MOF while recovering repository file.

Error - 20/12/2009 07:16:31 AM | Computer Name = NEW-7B8969C1975 | Source = MsiInstaller | ID = 1013
Description =

Error - 20/12/2009 07:31:04 AM | Computer Name = NEW-7B8969C1975 | Source = MsiInstaller | ID = 1013
Description =

Error - 20/12/2009 07:31:17 AM | Computer Name = NEW-7B8969C1975 | Source = MsiInstaller | ID = 1013
Description =

Error - 20/12/2009 07:32:29 AM | Computer Name = NEW-7B8969C1975 | Source = MsiInstaller | ID = 1013
Description =

[ System Events ]
Error - 21/01/2010 01:31:43 AM | Computer Name = NEW-7B8969C1975 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 21/01/2010 01:33:44 AM | Computer Name = NEW-7B8969C1975 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/01/2010 01:33:51 AM | Computer Name = NEW-7B8969C1975 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/01/2010 01:33:53 AM | Computer Name = NEW-7B8969C1975 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/01/2010 01:33:57 AM | Computer Name = NEW-7B8969C1975 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/01/2010 01:34:02 AM | Computer Name = NEW-7B8969C1975 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/01/2010 01:34:05 AM | Computer Name = NEW-7B8969C1975 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/01/2010 01:35:05 AM | Computer Name = NEW-7B8969C1975 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 21/01/2010 01:52:15 AM | Computer Name = NEW-7B8969C1975 | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 21/01/2010 01:53:08 AM | Computer Name = NEW-7B8969C1975 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd


< End of report >




Thanks for time. thumbup2.gif

#5 karlhanes

karlhanes
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 21 January 2010 - 03:33 PM

btw... when I try to "TRACK THIS TOPIC" under "OPTIONS" as you suggested, your system returns with the following error message:


QUOTE
Sorry, an error occurred. If you are unsure on how to use a feature, or don't know why you got this error message, try looking through the help files for more information.

The error returned was:

You are already subscribed to this topic or forum.



... even though I am still NOT subscribed to this topic.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:21 PM

Posted 22 January 2010 - 11:32 AM

Hi,

click on my controls, on the left side scroll down to Subscriptions and click on View topics. Check our topic and select Change to: Immediate email notification from the drop down menu and click with selected. You should now get immediate email notifications. If not, please let me know and I'll alert the technical staff to look into it.

Please also run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 karlhanes

karlhanes
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 22 January 2010 - 09:45 PM

Your subscription suggestion worked fine, I'm now subscribed to this thread.


Here is the my gmer.txt:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-23 12:08:58
Windows 5.1.2600 Service Pack 3
Running: obf1khjz.exe; Driver: C:\DOCUME~1\777\LOCALS~1\Temp\pwgdqkod.sys


---- System - GMER 1.0.15 ----

SSDT 8474D8A0 ZwAssignProcessToJobObject
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEEBC2130]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEEBBB950]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEEBC2900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xEEBD97A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xEEBD9BB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xEEBE3680]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEEBC2A60]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEEBBC790]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xEEBE1070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xEEBE0A50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xEEBD88F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xEEBB5650]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEEBE1960]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEEBE1B80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xEEBE3A20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEEBBC2E0]
SSDT 8474CCB0 ZwOpenProcess
SSDT 8474D0D0 ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEEBE2CC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEEBE22F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEEBC1C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xEEBE2970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xEEBC23F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEEBBCBB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationObject [0xEEBDDD40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xEEBB4D90]
SSDT 8474D6D0 ZwSuspendProcess
SSDT 8474D4F0 ZwSuspendThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xEEBDA750]
SSDT 8474CEE0 ZwTerminateProcess
SSDT 8474D310 ZwTerminateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xEEBB5A90]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [00, 29, BC, EE, A0, 97, BD, ...]
.text ntoskrnl.exe!_abnormal_termination + 151 804E27AD 3 Bytes [0A, BE, EE]
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 12 Bytes [50, 56, BB, EE, 60, 19, BE, ...] {PUSH EAX; PUSH ESI; MOV EBX, 0xbe1960ee; OUT DX, AL ; SBB BYTE [EBX], 0xbe; OUT DX, AL }
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [D0, D6, 74, 84, F0, D4, 74, ...]
.text win32k.sys!EngCreateBitmap + DDB2 BF845B93 5 Bytes JMP 841C7610

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[372] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[1552] ntdll.dll!NtQueryDirectoryFile + 6 7C90D774 4 Bytes [90, 71, DF, 00]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1764] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EEBC7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EEBC7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EEBC8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EEBC5E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EEBC5E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EEBC7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EEBC7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EEBC8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EEBC7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EEBC5E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EEBC8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EEBC7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EEBC8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EEBC7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EEBC7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EEBE88D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EEBC5E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EEBC7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EEBC7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EEBC8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EEBC7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EEBC5E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EEBC8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EEBC7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [EEBC7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [EEBC7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [EEBC5E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [EEBC8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EEBBD8D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EEBBDC90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [EEBBD2D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [EEBBDA60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A52960] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A541D0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54A20] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A549E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] [7C884814] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C884805] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C884805] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\Wininet.dll [KERNEL32.dll!CreateThread] [7C884814] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\Wininet.dll [KERNEL32.dll!GetModuleHandleA] [7C88480A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\Wininet.dll [KERNEL32.dll!GetModuleHandleW] [7C88480F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[984] @ C:\WINDOWS\system32\Wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C884805] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Threads - GMER 1.0.15 ----

Thread System [4:316] 8474B930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC4 0x46 0x8F 0x3C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC4 0x46 0x8F 0x3C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC4 0x46 0x8F 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC4 0x46 0x8F 0x3C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC4 0x46 0x8F 0x3C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----

Edited by karlhanes, 22 January 2010 - 09:46 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:21 PM

Posted 23 January 2010 - 12:17 PM

Hi,

please run Defogger:
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Afterwards please run a new scan with gmer.

please also run a scan with mbr.exe:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
regards myrti

Edited by myrti, 23 January 2010 - 12:29 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 karlhanes

karlhanes
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 23 January 2010 - 06:31 PM

Hi again myrti,

I didn't mention another little problem I have with my PC, and when I tried to type in c:\mbr.exe -t >"C:\mbr.log" at the command prompt, it highlighted the problem so I think it best if I mention it now.

Over a year ago I installed some 3rd party keyboard software that came with a non standard or 3rd party keyboard given to me as a present by a friend of mine who lives in Europe. After installing it I found that the alternate characters on the NUMBER keys that are on the Alphanumeric part of my keyboard (not the numeric pad) did NOT function properly. For instance, when I would hold down the SHIFT and press number 2, it would display the " character, and visa-versa. But not all the characters that it would display were inversely exchangable like " and @. In the case of the BACK-SLASH character, when I attempt to type it it comes up with the # character, and when I try to type the HASH character key it comes up with £ character. WHICH means that I CANNOT type in the BACK-CLASH character from my keyboard. I normally get around this by copying and pasting it in from my character-map. Which is all good and fine, except you cannot PASTE anything into the DOS command line. So for a second I was stumped as to how I was going to type in c:\mbr.exe -t >"C:\mbr.log" at the command prompt. Then I remembered the good old autoexec.bat trick and created it containing the line c:\mbr.exe -t >"C:\mbr.log" and 1 carrage return and saved it to my default command prompt directory - not to my root directory. So I simply typed in autoexec.bat and ran it and it worked fine, and I immediately deleted it after it generated the text log in my root directory.

Now what's strange about all this is that back when I installed the 3rd party keyboard driver software on my PC and noticed this anomaly occurring on my keyboard, I immediately UNinstalled it and reverted back to the original microsoft keyboard driver, but it did not rectify the problem. Given I was still using the same 3rd party keyboard, I thought nothing of it at the time. I wasn't happy with the feel of this keyboard so a couple of months later, and a few months after that I changed keyboards (twice) to standard keyboards, BUT the problem remains. As recently as last month, I bought a new Logitech USB keyboard (non-wireless) that came without any drivers as it was stated on the paperwork that it uses the standard MS keyboard driver... which is the one I've been using for about a year now since rolling-back the driver, perhaps a little longer. And the problem has remained on this keyboard too, my 2nd keyboard in just over a year. I go through them quickly as the lettering on the keys wears out from the typing I do; not all, but the ones I use most, and they're the important ones for me. I've been through about 6 keyboards in just over 3years... since I purchased this PC. I don't type from memory, I look at my board when I type, so I need to see the characters clearly. The old eyesight is not as acute as it use to be blink.gif , if you know what I mean?

So amongst the main problem I have with my PC, I also have this keyboard problem that does NOT want to go away for some reason. If you can offer any advice on this too, I would be very willing to listen.


So here are the logs you requested last:





defogger_disable by jpshortstuff (28.11.09.2)
Log created at 08:24 on 24/01/2010 (777)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled

-=E.O.F=-





GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-24 09:25:58
Windows 5.1.2600 Service Pack 3
Running: obf1khjz.exe; Driver: C:\DOCUME~1\777\LOCALS~1\Temp\pwgdqkod.sys


---- System - GMER 1.0.15 ----

SSDT 845FF8A0 ZwAssignProcessToJobObject
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEEB4F130]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEEB48950]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEEB4F900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xEEB667A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xEEB66BB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xEEB70680]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEEB4FA60]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEEB49790]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xEEB6E070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xEEB6DA50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xEEB658F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEEB6E960]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEEB6EB80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xEEB70A20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEEB492E0]
SSDT 845FECB0 ZwOpenProcess
SSDT 845FF0D0 ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEEB6FCC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEEB6F2F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEEB4EC80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xEEB6F970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xEEB4F3F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEEB49BB0]
SSDT 845FF6D0 ZwSuspendProcess
SSDT 845FF4F0 ZwSuspendThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xEEB67750]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEEADD0B0]
SSDT 845FF310 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [00, F9, B4, EE, A0, 67, B6, ...]
.text ntoskrnl.exe!_abnormal_termination + 151 804E27AD 3 Bytes [DA, B6, EE]
.text ntoskrnl.exe!_abnormal_termination + 1D4 804E2830 5 Bytes [60, E9, B6, EE, 80]
.text ntoskrnl.exe!_abnormal_termination + 1DA 804E2836 2 Bytes [B6, EE] {MOV DH, 0xee}
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [D0, F6, 5F, 84, F0, F4, 5F, ...] {SAL DH, 0x1; POP EDI; TEST AL, DH; HLT ; POP EDI; TEST [EAX+0x77], DL; MOV DH, 0xee}
.text ...
.text win32k.sys!EngCreateBitmap + DDB2 BF845B93 5 Bytes JMP 8408F610

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[508] ntdll.dll!NtQueryDirectoryFile + 6 7C90D774 4 Bytes [90, 71, C2, 00]
.text C:\WINDOWS\Explorer.EXE[508] SHELL32.dll!SHFileOperationW 7CA70A18 5 Bytes JMP 00C51102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1584] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\system32\SearchIndexer.exe[2340] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EEB54B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EEB54930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EEB55260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EEB52E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EEB52E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EEB54B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EEB54930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EEB55260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EEB54B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EEB52E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EEB55260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EEB54930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EEB55260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EEB54930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EEB54B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EEB758D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EEB52E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EEB54B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EEB54930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EEB55260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EEB54B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EEB52E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EEB55260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EEB54930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [EEB54B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [EEB54930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [EEB52E70] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [EEB55260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EEB4A8D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EEB4AC90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [EEB4A2D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [EEB4AA60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61001850] c:\program files\ati technologies\ati.ace\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61001890] c:\program files\ati technologies\ati.ace\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [6301A6FF] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [6301A914] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61001850] c:\program files\ati technologies\ati.ace\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [6301A6FF] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowRect] [6301A914] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61001890] c:\program files\ati technologies\ati.ace\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowPlacement] [6301A2E1] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MoveWindow] [6301A4F4] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [61001890] c:\program files\ati technologies\ati.ace\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowRect] [6301A914] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MoveWindow] [6301A4F4] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [6301A6FF] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3956] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetWindowRect] [6301A914] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:316] 845FD930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC4 0x46 0x8F 0x3C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC4 0x46 0x8F 0x3C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC4 0x46 0x8F 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC4 0x46 0x8F 0x3C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC4 0x46 0x8F 0x3C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----






Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK




Thanks again.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:21 PM

Posted 23 January 2010 - 07:52 PM

Hi,

your logs are looking clean. Just to be safe I would like you to run a scan with Malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Regarding your keyboard problem you could try the following:
  • Click Start and then [b]Control Panel
  • In Control Panel, if you are in Category View, click on [b]Switch to Classic View (top left corner)
  • Open Regional and Language Options.
  • Click on the Languages tab.
  • Under Text services and input languages, click on the Details button.
  • Under Installed services, click Add.
  • In the Add Input Language dialog box, choose the input language and keyboard layout or Input Method Editor (IME) you want to add.
  • Click OK twice. You should now see a language indicator in the System Tray (located at bottom right hand corner of the desktop by default). You should now be able switch between different input languages (= keyboard languages) by pressing the Alt + Shift keys

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 karlhanes

karlhanes
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 24 January 2010 - 12:34 AM

Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3622
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/01/2010 03:47:02 PM
mbam-log-2010-01-24 (15-46-51).txt

Scan type: Quick Scan
Objects scanned: 113209
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\777\Start Menu\Programs\Startup\rarype32.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\777\Application Data\avdrn.dat (Malware.Trace) -> No action taken.





Now what I'd like to know myrti is why SuperAntiSpyware does NOT pick up these 2 trojans? I have the latest version of SAS with the latest definitions, and yet...


Would I be safe in saying that Malwarebytes is somewhat better than SAS? Or do they both have their capabilities? I would also like to know, in your opinion, which one would be better to run for real-time protection on my PC? And is it possible to run BOTH simultaneously?

So I made MBytes delete the 2 problems after saving the log, and all I can say is that for the first time in a couple of months my PC is once again behaving normally. thumbup.gif

I tested the inet; emails, YouTube, forums etc... and no MORE time-outs.
I tested my windows applications, many of them... and no more time-outs.

I do believe the problem is now fixed... as is my keyboard problem too.

As I said in my initial post on this thread... "I search through numerous such forums on the net and decided this one would be my best bet in obtaining a resolution." It seems my gut feeling wasn't too far wrong. thumbup2.gif


Is there anything else I should know regarding this, and out of curiosity... do you know what kind of trojans these 2 were? As in what was their main purpose, what were they doing? Simply making a nuisance of themselves or monitoring my system and reporting it to a remote location?


I thank you dearly mytri, because I was in the process of deciding whether I should throw my PC in the bin and buy a new one given I couldn't find any problem with it.



You've done well. smile.gif

Edited by karlhanes, 24 January 2010 - 12:35 AM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:21 PM

Posted 24 January 2010 - 12:44 AM

Hi,

please don't leave just yet. I would like to check a couple more things before letting you go. Please run a scan with Eset to check for any other malware:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

I do not know what kind of malware this was, since they have been caught by generic detections and have random names. If you wish to check the file, you could upload it to virustotal or jotti. You need to restore the file from Malwarebytes' quarantine and can then upload it.
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the file, then click Submit.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

After the upload run another scan with Malwarebytes to have the file deleted again.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 karlhanes

karlhanes
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 24 January 2010 - 04:32 AM

I already have ESET Nod32 Version 4.0.468.0 with today's definitions installed on my PC, is this any different to the ONLINE test you're talking about? Let me know and will download the onliner if need be. I am running a FULL scan with ESET right now and will report back as soon as it's finished.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:21 PM

Posted 24 January 2010 - 12:00 PM

Hi,
a scan with your installed Eset should also be fine.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 karlhanes

karlhanes
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 24 January 2010 - 05:36 PM

OK,

I ran them BOTH with the same result, this is the log:


C:\Program Files\PConPoint\PConPoint.exe a variant of Win32/Adware.ErrorClean application
D:\Applications\Nuance.OmniPage.Professional.v17.0.MULTiLANGUAGE-SUBSTANCE.rar multiple threats
D:\Applications\pconpoint-full.exe a variant of Win32/Adware.ErrorClean application
D:\Applications\NetTools5\Setup.exe probably a variant of Win32/Agent trojan







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users