Solved Hang ups slow running processes/applications frequently

Teros · 2011/10/31

[Resolved] Hang ups slow running processes/applications frequently

1. MBAM Log
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8052

Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702

10/31/2011 12:42:00 PM
mbam-log-2011-10-31 (12-42-00).txt

Scan type: Quick scan
Objects scanned: 159421
Time elapsed: 7 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2. GMER LOG

Odd thing about the scan, I had virus disabled entirely, internet cord out, apps closed, I started it up, it scanned for a second, I pressed scan, then ok, by the end the big white screen was still blank. However, I pressed save to desktop, opened it afterward to copy and paste... however, there is nothing to copy, its blank, fresh log, did I ***** something up?

3. aswMBR LOG

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-31 12:44:21
-----------------------------
12:44:21.109 OS Version: Windows x64 5.2.3790 Service Pack 2
12:44:21.109 Number of processors: 4 586 0xF0B
12:44:21.109 ComputerName: USER-14D1B69C21 UserName: Administrator
12:44:28.515 Initialize success
12:44:28.562 AVAST engine defs: 11103100
12:45:20.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-f
12:45:20.031 Disk 0 Vendor: WDC_WD6400AAKS-65A7B0 01.03B01 Size: 610480MB BusType: 3
12:45:20.031 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-17
12:45:20.031 Disk 1 Vendor: WDC_WD7500AAKS-00RBA0 30.04G30 Size: 715403MB BusType: 3
12:45:20.046 Disk 0 MBR read successfully
12:45:20.046 Disk 0 MBR scan
12:45:20.046 Disk 0 Windows XP default MBR code
12:45:20.062 Service scanning
12:45:23.843 Modules scanning
12:45:23.843 Disk 0 trace - called modules:
12:45:23.859 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys
12:45:23.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadf9c070770]
12:45:23.875 3 CLASSPNP.SYS[fffffadf90a378c9] -> nt!IofCallDriver -> \Device\0000006b[0xfffffadf9ca06920]
12:45:23.875 5 ACPI.sys[fffffadf90ba9e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-f[0xfffffadf9cbc9060]
12:45:29.937 AVAST engine scan C:\WINDOWS
12:45:41.531 AVAST engine scan C:\WINDOWS\system32
12:48:13.875 AVAST engine scan C:\WINDOWS\system32\drivers
12:48:36.312 AVAST engine scan C:\Documents and Settings\Administrator
12:50:32.171 AVAST engine scan C:\Documents and Settings\All Users
12:50:54.734 Scan finished successfully
12:51:01.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat "
12:51:01.984 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt "

4. DDS LOG

Unfortunately, like Combofix, it is not xp 64 bit compatible... would not allow me to open it.

A brief description and history, I have had this problem for about 3 months I would say now. It started after I was at another forum getting help for this problem, however, a rootkit and trojan were found, both eliminated. The tech said it was a backdoor rootkit, w/e that means. Hang ups were gone for about a week. Then they came back, I have tried most the programs you mentioned to post in a start up thread already, through other forum techs. I pretty much have tried everything they could think of, if you need references on specifics, I can do my best to find the threads again. Anyways, so now they are continuous, pretty much at all times, with or without apps open. However, it is a diffident trigger, not sure it's the cause or related. That's about all the general information I have. I did try the page set for virtual memory I saw in a thread here, doesn't seem to help, but I gave it a shot anyways. Looking forward to getting this fixed, thanks!

broni · 2011/10/31

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================================

DDS is fully 64-bit compatible.
What happens when you try to run it?

Teros · 2011/10/31

same window as combofix gives me, basically lists all the compatible versions, mine is not.

broni · 2011/10/31

I think I see what's going on.
Is it Windows Server 2003?

Teros · 2011/10/31

not sure what you, mean the latest version I downloaded off windows update or the actual xp 64 version?

But, yes it's version 2003, SP2 when I right click my computer and click properties, if that helps any to clarify.

broni · 2011/10/31

I meant your Windows version.
Windows 5.2 is Windows Server 2003
There are very limited number of tools for that Windows version.

So far your logs look clean.

Let's see if this one will run....

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Teros · 2011/11/01

Only a OTL Log came up at the end, I think I would of had to clicked the option to scan extra registry as well in order to get the other one. Here's the OTL, let me know if you want the other as well.

OTL logfile created on: 10/31/2011 9:56:18 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 82.94% Memory free
10.26 Gb Paging File | 9.87 Gb Available in Paging File | 96.26% Paging File free
Paging file location(s): d:\pagefile.sys 6666 8888 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 397.89 Gb Free Space | 66.74% Space Free | Partition Type: NTFS
Drive D: | 697.65 Gb Total Space | 491.83 Gb Free Space | 70.50% Space Free | Partition Type: NTFS

Computer Name: USER-14D1B69C21 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/17 14:14:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/31 16:38:46 | 001,604,608 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11110100\algo.dll
MOD - [2011/10/29 09:21:15 | 000,239,432 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11110100\aswRep.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/25 01:38:33 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/27 16:08:46 | 000,868,352 | ---- | M] (Cyber Power Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 05:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 21:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010/12/21 16:50:47 | 000,022,336 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/02/22 12:28:46 | 000,021,200 | ---- | M] (Licensed for Sysinfo Lab) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASTRA32\astra64.sys -- (ASTRA64)
DRV - [2007/02/18 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [1997/12/22 19:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysWow64\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1058093358-2681104663-2786989613-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1058093358-2681104663-2786989613-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:home
IE - HKU\S-1-5-21-1058093358-2681104663-2786989613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/28 17:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 01:57:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/23 20:04:15 | 000,000,000 | ---D | M]

[2011/09/24 12:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/10/24 19:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wvtvti0j.default\extensions
[2011/09/24 12:59:52 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wvtvti0j.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/24 12:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WVTVTI0J.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WVTVTI0J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/01 01:57:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

Hosts file not found
O3:64bit: - HKU\S-1-5-21-1058093358-2681104663-2786989613-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-1058093358-2681104663-2786989613-500\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3:64bit: - HKU\S-1-5-21-1058093358-2681104663-2786989613-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-1058093358-2681104663-2786989613-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1058093358-2681104663-2786989613-500..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1058093358-2681104663-2786989613-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9079FF4C-5EF8-40FC-9DC6-5DCE577D106F}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl ") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/03 19:08:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: aux - File not found
Drivers32:64bit: aux4 - File not found
Drivers32:64bit: aux5 - File not found
Drivers32:64bit: midi - File not found
Drivers32:64bit: midi4 - File not found
Drivers32:64bit: midi5 - File not found
Drivers32:64bit: midimapper - File not found
Drivers32:64bit: mixer - File not found
Drivers32:64bit: mixer4 - File not found
Drivers32:64bit: mixer5 - File not found
Drivers32:64bit: msacm.imaadpcm - File not found
Drivers32:64bit: msacm.msadpcm - File not found
Drivers32:64bit: msacm.msg711 - File not found
Drivers32:64bit: msacm.msgsm610 - File not found
Drivers32:64bit: msacm.trspch - File not found
Drivers32:64bit: vidc.iyuv - File not found
Drivers32:64bit: vidc.mrle - File not found
Drivers32:64bit: vidc.msvc - File not found
Drivers32:64bit: vidc.uyvy - File not found
Drivers32:64bit: vidc.yuy2 - File not found
Drivers32:64bit: vidc.yvu9 - File not found
Drivers32:64bit: vidc.yvyu - File not found
Drivers32:64bit: wave - File not found
Drivers32:64bit: wave4 - File not found
Drivers32:64bit: wave5 - File not found
Drivers32:64bit: wavemapper - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\SysWow64\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/31 19:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
[2011/10/31 19:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2011/10/28 18:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Epic_Battle_Fantasy_3_secure.swf
[2011/10/25 18:52:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/19 21:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/18 14:23:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/17 14:14:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/06 17:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/10/06 17:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software

========== Files - Modified Within 30 Days ==========

[2011/10/31 20:29:29 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/31 19:49:42 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1058093358-2681104663-2786989613-500.job
[2011/10/31 19:49:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/31 18:52:46 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/31 12:43:42 | 000,137,853 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Firefox 6.0.2 (en-US) - 2011-09-24.pcv
[2011/10/28 17:16:30 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/28 17:16:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2011/10/25 23:59:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1058093358-2681104663-2786989613-500.job
[2011/10/17 14:14:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/16 19:00:31 | 098,058,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_10_17_03_40.exe
[2011/10/16 18:47:17 | 001,541,014 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\tdsskiller.zip
[2011/10/14 02:26:32 | 000,733,770 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/10/13 23:56:19 | 000,000,045 | ---- | M] () -- C:\WINDOWS\SysWow64\initdebug.nfo
[2011/10/07 14:36:44 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/02 16:37:24 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MBR.dat

========== Files Created - No Company Name ==========

[2011/10/31 12:43:41 | 000,137,853 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Firefox 6.0.2 (en-US) - 2011-09-24.pcv
[2011/10/16 18:55:07 | 098,058,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_10_17_03_40.exe
[2011/10/16 18:47:02 | 001,541,014 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\tdsskiller.zip
[2011/10/13 23:56:18 | 000,000,045 | ---- | C] () -- C:\WINDOWS\SysWow64\initdebug.nfo
[2011/09/20 22:16:56 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rtkhdaud.dat
[2011/09/06 15:41:37 | 000,017,408 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db
[2011/09/03 02:44:22 | 000,162,304 | ---- | C] () -- C:\WINDOWS\SysWow64\ztvunrar36.dll
[2011/09/03 02:44:22 | 000,153,088 | ---- | C] () -- C:\WINDOWS\SysWow64\UNRAR3.dll
[2011/09/03 02:44:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\ztvunace26.dll
[2011/09/03 02:44:22 | 000,075,264 | ---- | C] () -- C:\WINDOWS\SysWow64\unacev2.dll
[2011/09/01 02:18:05 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011/08/30 01:14:14 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/01 17:45:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2011/08/01 17:44:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2011/02/08 17:50:59 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/02/08 17:50:55 | 000,020,783 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/02/08 17:50:53 | 000,010,296 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2010/12/09 11:54:17 | 000,733,770 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2010/12/08 20:21:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/08 17:47:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/12/08 17:08:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2010/12/07 20:35:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/07 20:21:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LCDMedia.INI
[2010/12/06 02:49:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/03 21:09:37 | 000,010,240 | ---- | C] () -- C:\WINDOWS\SysWow64\vidx16.dll
[2010/12/03 21:07:49 | 000,044,136 | ---- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2010/12/03 19:11:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/02 20:13:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/02/18 05:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 05:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2007/02/18 05:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 05:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 05:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 05:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 05:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 05:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 05:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 05:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 05:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 05:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 05:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 05:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 05:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 05:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2007/02/18 05:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 05:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 05:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2007/02/18 05:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2007/02/18 05:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe

========== LOP Check ==========

[2011/10/02 19:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2011/09/08 17:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2010/12/16 20:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreeStone Group
[2010/12/09 17:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2011/08/30 15:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PFStaticIP
[2011/07/29 00:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Rags
[2011/09/08 00:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2011/10/31 21:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/01 16:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vmntemplate
[2010/12/21 15:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/12/03 23:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/12 04:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/12/09 16:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Plantronics
[2011/09/03 01:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/09/07 22:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/03 02:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/02 15:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}(2)
[2011/09/02 15:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}
[2011/10/31 19:47:15 | 000,031,892 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/12/03 19:08:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/09/16 17:12:29 | 000,000,222 | -HS- | M] () -- C:\boot.ini
[2010/12/03 19:08:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/03 19:08:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/03 19:08:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/02/18 05:00:00 | 000,047,772 | RHS- | M] () -- C:\NTDETECT.COM
[2007/02/18 05:00:00 | 000,297,072 | RHS- | M] () -- C:\ntldr

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/12/03 19:08:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 18:57:56 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/09/06 13:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2007/02/18 05:00:00 | 000,000,002 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/12/03 19:08:34 | 000,000,290 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/12/03 19:12:47 | 000,000,117 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/12/03 19:12:46 | 000,000,079 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/09/16 12:59:48 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/10/17 14:14:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/16 19:00:31 | 098,058,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_10_17_03_40.exe
[2010/12/16 19:53:08 | 066,920,072 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Administrator\Desktop\xp64 ati drivers.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/10/20 23:23:26 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/12/03 19:12:46 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/10/31 20:46:53 | 000,065,536 | -H-- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1997/12/22 18:23:36 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

Also, is firefox and the plugin-container.exe for it supposed be super high in mem usage, looking at the processes in task manager atm. Firefox.exe at 234k and the plugin-container.exe 554k.

broni · 2011/11/01

I don't see anything malicious there.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Teros · 2011/11/02

Shockingly it found two trojan's, question is are they the cause or just a hindrance. Anyways scan info below.

C:\System Volume Information\_restore{6BC97AF4-D928-4E0D-8FA3-0BC61E89D4AA}\RP277\A0076831.exe a variant of Win32/Inject.NDT trojan
C:\System Volume Information\_restore{6BC97AF4-D928-4E0D-8FA3-0BC61E89D4AA}\RP277\A0076832.exe a variant of Win32/Inject.NDT trojan

broni · 2011/11/02

Those two items are in your restore points, which are about to be reset.
Nothing to worry about

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Teros · 2011/11/02

gonna keep some cookies, won't be all though.

Also, there's something called REMOVE in my add and remove programs, it is not uninstallable either, is that a problem?

broni · 2011/11/02

there's something called REMOVE in my add and remove programs, it is not uninstallable either, is that a problem?
Click to expand...

I really can't comment without some additional details, but I wouldn't worry about it.
Some listing in Add\Remove is not really active.

Teros · 2011/11/02

you'll find this interesting, so I click windows update, odd that it has not been doing it auto like I set it to. Here is what popped up when I clicked it in my start bar. http://support.microsoft.com/kb/2497281, what....? Gonna try another way, but ***?

broni · 2011/11/02

Are you saying you can't access Windows update site?

Teros · 2011/11/02

the link I gave you in the post above, it shows me that, I am going to try another way though.

Also,

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 10238934 bytes
->Temporary Internet Files folder emptied: 449718 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 214879736 bytes
->Flash cache emptied: 48171 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 215.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11022011_180547

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

And

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8073

Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702

11/2/2011 6:28:56 PM
mbam-log-2011-11-02 (18-28-56).txt

Scan type: Quick scan
Objects scanned: 159947
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Teros · 2011/11/02

hahaha, this didn't help my computer, just finished TFC, here's the end log.

Temp File Cleaner process completed: Wed Nov 02 18:57:26 PDT 2011
-Freed 906.3 MB in 3022 files.
-Drive C:\ now has 356.6 GB free.
-Processing time: 136.265 seconds

broni · 2011/11/02

All clean

Teros · 2011/11/02

still hanging a bit, we'll see, thanks again man

Teros · 2011/11/02

.... well, while I am sure it helped, the hanging has not had a noticeable difference

broni · 2011/11/02

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Log in or Sign up

Solved Hang ups slow running processes/applications frequently

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Hang ups slow running processes/applications frequently

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Teros Inactive Thread Starter

Teros Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches