Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GMER FREEZES


  • This topic is locked This topic is locked
176 replies to this topic

#1 lora777

lora777

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 20 February 2011 - 12:02 PM

I did the steps from 6-9 and GMER would only scan a few seconds and freezes my computer. I tried 3 times.

Before running GMER I shut all programs down including avira and my browser.

I have regular firefox, portable firefox installed in ram, and Tor firefox. The first thing I noticed was google in the search bar, every time I would click on it the page came up in Chinese, In the portable and reg firefox, but not on the homepage when I click the little house. No matter how many times I would change it to english, it goes back to chinese, so I deleted google out of the search bar in reg ff and portable. Now when I go to the home the page it's in Chinese! It does no good to change it to english because it will be chinese the next time I use it.

It did that for a few days and then I started having problems being able to get on the internet. Some pages will load and others not and most are slow.

Today, new problem, I get redirected to the page that says too slow to load try again later when it only took a second to redirect after clicking to go to the site I was trying to get to.

I ran avira twice, malwarebytes twice, ran a online virus scan. They all got something, sorry I didn't copy paste it. I tried to run GMER, but it hangs at \Device\lde\Pcilde0Channel0-0 soon after it starts.

The first thing I noticed when having problems, don't know it it's related or not, but when using firefox browser to go to a gaming site I frequent I kept getting flash pops up there and only there. I tried everything to stop it for days. They finally stopped, why I have no idea but then the other problems I posted started. I do not know if they are related.

Edited by lora777, 20 February 2011 - 12:27 PM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:36 PM

Posted 25 February 2011 - 10:40 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a log from the RKUnhooker anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Please note that if you are running a 64-bit version of Windows you will not be able to run RKUnhooker and you may skip this step.


Why we request you disable CD Emulation when receiving Malware Removal Advice

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
    Copy the entire contents of the report and paste it in a reply here.
Note** You may get this warning:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Just ignore it, click Cancel, then Accept. :thumbup2:

Best Regards,
oneof4.


#3 lora777

lora777
  • Topic Starter

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 25 February 2011 - 01:02 PM

[attachment=88963:DDS.txt]

#4 lora777

lora777
  • Topic Starter

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 25 February 2011 - 01:47 PM

It didn't run long before it stopped. [attachment=88965:RkU report.rtf]

#5 lora777

lora777
  • Topic Starter

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 25 February 2011 - 03:51 PM

Ok..don't bother with the first Rootkit Unhooker I uploaded.. I didn't read you're instructions carefully... This one should be done right.

Edited by lora777, 25 February 2011 - 03:55 PM.


#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:36 PM

Posted 25 February 2011 - 06:22 PM

Hey lora777 :)

I'm gonna take your log and try to help you get it cleaned up.

There is one more scan that I would like for you to run for me:

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Go ahead and simply paste each of the logs directly into the reply, do not make them attachments.

Best Regards,
oneof4.


#7 lora777

lora777
  • Topic Starter

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 25 February 2011 - 08:24 PM

Hi One... I tried and tried and tried.. and each time as soon as it got to the point: Scanning Firefox Settings... It would freeze and make a very very long whistling noise. :blink:

#8 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:36 PM

Posted 25 February 2011 - 08:38 PM

Try this:

Boot into "Safe Mode"

This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

Then attempt to run OTL again, and post the results.

Best Regards,
oneof4.


#9 lora777

lora777
  • Topic Starter

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 25 February 2011 - 10:42 PM

It did the exact same thing in safe mode.

#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:36 PM

Posted 26 February 2011 - 01:04 PM

OK, boot back into "Safe Mode", then when you get the logon screen, choose the "Administrator" account instead of your own account and try the scan from within the administrator account.

Let me know how that goes.

Best Regards,
oneof4.


#11 lora777

lora777
  • Topic Starter

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 26 February 2011 - 02:21 PM

Success!! :thumbup2:

#12 lora777

lora777
  • Topic Starter

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 28 February 2011 - 12:32 PM

I went back to safe mode and did a rescan so I could give you a fresh olt extra.text having not attached it the first time as you said to do. But, it would only produce the olt.text. So here is the one from two days ago.

Edited by lora777, 28 February 2011 - 12:41 PM.


#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:36 PM

Posted 28 February 2011 - 01:01 PM

Hey lora777 :)

But, it would only produce the olt.text

Yeah, OTL only performs the "Exrta.txt" upon its first run, unless you specifically request it. Again, let me reiterate, please just copy & paste the logs "directly" into the reply; do not make them into attachments. The reason for this is that they are easier for me to read from within the actual reply itself versus having to open the attachment.

======

Let's try to get a closer look into a couple of suspect files:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\system32\sporder.dll

c:\windows\is-9J4R7.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Best Regards,
oneof4.


#14 lora777

lora777
  • Topic Starter

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 28 February 2011 - 01:19 PM

OTL Extras logfile created on: 2/26/2011 12:37:39 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 699.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 36.65 Gb Free Space | 48.02% Space Free | Partition Type: NTFS

Computer Name: LAURIE-1O76IPZI | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5909:TCP" = 5909:TCP:*:Enabled:Vedivi (RS)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5909:TCP" = 5909:TCP:*:Disabled:Vedivi (RS)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Vedivi\VediviService.exe" = C:\Program Files\Vedivi\VediviService.exe:*:Enabled:Vedivi Service
"C:\Program Files\Vedivi\VediviConsole.exe" = C:\Program Files\Vedivi\VediviConsole.exe:*:Enabled:Vedivi Console
"C:\Program Files\Vedivi\tools\vnc\uvnc\winvnc.exe" = C:\Program Files\Vedivi\tools\vnc\uvnc\winvnc.exe:*:Enabled:Vedivi Remote Screen (VNC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\cacaoweb\cacaoweb.exe" = C:\Program Files\cacaoweb\cacaoweb.exe:*:Disabled:cacaoweb
"C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe" = C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe:*:Disabled:Easy-Hide-IP
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth
"C:\Program Files\Vedivi\VediviConsole.exe" = C:\Program Files\Vedivi\VediviConsole.exe:*:Disabled:Vedivi Console
"C:\Program Files\Vedivi\tools\vnc\uvnc\winvnc.exe" = C:\Program Files\Vedivi\tools\vnc\uvnc\winvnc.exe:*:Disabled:Vedivi Remote Screen (VNC)
"C:\Program Files\Vedivi\VediviService.exe" = C:\Program Files\Vedivi\VediviService.exe:*:Disabled:Vedivi Service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs
"{86ED50DC-DACF-405B-A134-F922CA34532F}" = SHG Installation
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2EEBE5E-8F6A-45C3-8554-8BAB4444F463}_is1" = Quick Hide IP version 1.3
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E2F633E6-65D4-4202-82B4-472F8163AF51}" = GoTrusted Secure Tunnel v2.1.1.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5242227-2051-4158-AC42-0F2BAA3CD3D6}" = HP SetRefresh
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom NetXtreme Ethernet Controller
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"AbiWord2" = AbiWord 2.8.6
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX Setup
"EggTimerPlusSardineSoftware_is1" = Egg Timer Plus v3.12
"Foxit Reader" = Foxit Reader
"Glary Utilities_is1" = Glary Utilities 2.30.0.1066
"HotspotShield" = Hotspot Shield 1.57
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Renaissance Games Online - Installer (All Versions)_is1" = Renaissance Games Online
"Smart Defrag_is1" = Smart Defrag
"ST6UNST #1" = Karen's Alarm Clock
"tinySpell_is1" = tinySpell 1.9.20
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZooGames" = ZooGames

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/2/2011 8:07:11 AM | Computer Name = LAURIE-1O76IPZI | Source = Application Error | ID = 1000
Description = Faulting application divx plus player.exe, version 10.2.1.20, faulting
module qtcore4.dll, version 4.5.0.0, fault address 0x000e1b16.

Error - 2/8/2011 6:06:47 PM | Computer Name = LAURIE-1O76IPZI | Source = Application Error | ID = 1000
Description = Faulting application rengames.exe, version 1.0.1.1, faulting module
winmm.dll, version 5.1.2600.5512, fault address 0x00005d9f.

Error - 2/18/2011 2:35:00 AM | Computer Name = LAURIE-1O76IPZI | Source = hss_tapinstall | ID = 10001
Description =

Error - 2/19/2011 8:08:50 PM | Computer Name = LAURIE-1O76IPZI | Source = Application Error | ID = 1000
Description = Faulting application d2pu6vs6.exe, version 1.0.15.15530, faulting
module d2pu6vs6.exe, version 1.0.15.15530, fault address 0x0000cb5d.

Error - 2/20/2011 3:22:49 AM | Computer Name = LAURIE-1O76IPZI | Source = ESENT | ID = 490
Description = svchost (184) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/23/2011 7:48:21 PM | Computer Name = LAURIE-1O76IPZI | Source = HotspotShieldService | ID = 10103
Description =

Error - 2/23/2011 7:48:21 PM | Computer Name = LAURIE-1O76IPZI | Source = HotspotShieldService | ID = 10103
Description =

Error - 2/23/2011 7:48:21 PM | Computer Name = LAURIE-1O76IPZI | Source = HotspotShieldService | ID = 10103
Description =

Error - 2/23/2011 7:48:21 PM | Computer Name = LAURIE-1O76IPZI | Source = HotspotShieldService | ID = 10103
Description =

Error - 2/25/2011 4:22:23 AM | Computer Name = LAURIE-1O76IPZI | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 2/26/2011 4:10:32 PM | Computer Name = LAURIE-1O76IPZI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/26/2011 4:11:20 PM | Computer Name = LAURIE-1O76IPZI | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 2/26/2011 4:11:20 PM | Computer Name = LAURIE-1O76IPZI | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 2/26/2011 4:11:20 PM | Computer Name = LAURIE-1O76IPZI | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 2/26/2011 4:11:20 PM | Computer Name = LAURIE-1O76IPZI | Source = Service Control Manager | ID = 7001
Description = The Hotspot Shield Service service depends on the DHCP Client service
which failed to start because of the following error: %%1068

Error - 2/26/2011 4:11:20 PM | Computer Name = LAURIE-1O76IPZI | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2/26/2011 4:11:20 PM | Computer Name = LAURIE-1O76IPZI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv
Tcpip

Error - 2/26/2011 4:12:40 PM | Computer Name = LAURIE-1O76IPZI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/26/2011 4:32:53 PM | Computer Name = LAURIE-1O76IPZI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/26/2011 4:33:53 PM | Computer Name = LAURIE-1O76IPZI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm SASDIFSV SASKUTIL ssmdrv


< End of report >

#15 lora777

lora777
  • Topic Starter

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 28 February 2011 - 01:21 PM

OTL logfile created on: 2/28/2011 11:08:29 AM - Run 5
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 800.00 Mb Available Physical Memory | 79.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 36.65 Gb Free Space | 48.02% Space Free | Partition Type: NTFS

Computer Name: LAURIE-1O76IPZI | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/26 12:36:35 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/26 12:36:35 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/07 14:48:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/01/07 14:46:06 | 000,271,408 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011/01/05 10:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/15 10:42:14 | 000,326,704 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/01/25 13:11:50 | 000,010,368 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\rramdisk.sys -- (RRamdisk)
DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/22 11:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/22 11:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/20 00:36:46 | 000,010,688 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/20 15:26:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/07/25 00:18:32 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/04/13 10:41:23 | 000,020,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ramdisk.sys -- (Ramdisk)
DRV - [2008/03/18 16:23:06 | 000,020,480 | ---- | M] (GoTrusted) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gttap1.sys -- (gttap1)
DRV - [2006/10/01 02:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2001/08/17 13:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-879983540-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1606980848-879983540-682003330-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1606980848-879983540-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-879983540-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-1606980848-879983540-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=205.202.120.216:3128

IE - HKU\S-1-5-21-1606980848-879983540-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1606980848-879983540-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1606980848-879983540-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 5D CC 7E F4 D5 CB 01 [binary data]
IE - HKU\S-1-5-21-1606980848-879983540-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/27 01:07:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/27 01:07:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/19 10:07:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/19 15:21:45 | 000,000,000 | ---D | M]

[2011/02/26 12:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/02/26 12:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ekavfgj8.default\extensions
[2011/02/26 12:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ekavfgj8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/26 12:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ekavfgj8.default\extensions\staged-xpis
[2011/02/24 20:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/17 22:36:15 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2010/12/27 01:07:08 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/27 01:07:09 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/11/04 08:06:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/01 18:48:40 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2002/09/03 08:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKU\S-1-5-21-1606980848-879983540-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-21-1606980848-879983540-682003330-1004..\Run: [GoTrusted] C:\Program Files\GoTrusted.com\GoTrusted Secure Tunnel v2.1.1.1\GoTrusted Secure Tunnel.exe (GoTrusted.com)
O4 - HKU\S-1-5-21-1606980848-879983540-682003330-1004..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe (KEDMI Scientific Computing)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-879983540-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-879983540-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288285509203 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/28 08:02:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/26 12:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2011/02/26 12:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2011/02/26 12:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/02/26 12:36:25 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/26 12:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/02/26 12:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/02/26 12:34:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/02/26 12:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/02/26 12:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/02/26 12:10:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/02/26 12:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/02/26 12:09:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/02/26 12:09:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/02/26 12:09:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/02/26 12:09:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/02/26 12:09:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/02/26 12:09:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/02/26 12:09:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/02/26 12:09:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/02/26 12:09:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/02/26 12:09:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/02/26 12:09:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/02/26 12:09:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/02/26 12:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/02/26 12:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/02/26 12:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/02/25 12:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rootkit Unhooker LE
[2011/02/25 12:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/02/25 12:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/02/18 17:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hssff
[2011/02/17 22:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quick Hide IP
[2011/02/17 22:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Hide IP
[2011/02/17 22:36:17 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011/02/17 22:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hotspot Shield
[2011/02/17 22:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2011/02/17 11:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/02/17 11:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/02/17 11:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/16 14:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2011/02/10 20:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\ZooGames
[2011/02/03 13:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag
[2011/02/03 13:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/28 10:56:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/28 10:56:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/26 12:36:35 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/25 20:36:26 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/02/21 08:55:50 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/02/17 12:40:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/02/14 21:54:50 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/09 03:19:58 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/26 12:09:55 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/02/26 12:09:55 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/02/14 21:54:50 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/03 13:08:17 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/11/21 15:26:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/28 09:13:24 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/28 08:59:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2010/10/28 00:52:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/24 11:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 11:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 11:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 11:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 11:33:00 | 000,810,113 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 11:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 11:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 11:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 11:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 11:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 11:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 11:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 11:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 11:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 11:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/24 11:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 11:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 12:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 12:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 12:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 12:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 12:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 12:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 12:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 12:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 12:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 12:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/06/07 08:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 14:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/11/06 07:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 01:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2001/10/29 12:51:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users