GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


Computer freezing after malware attack

2 posters

descriptionComputer freezing after malware attack EmptyComputer freezing after malware attack27th February 2010, 9:43 pm

more_horiz
My computer was infected with Antivirus Soft, which I tried to remove by 1. restarting in safe mode and using "system restore" then 2. logging on normally and running a system scan with Malwarebytes anti-malware.

Unfortunately that doesn't seem to have fixed the problem completely. My computer is still freezing after 1 to 10 mins after turning it on. There aren't any other symptoms, it just freezes completely (although the mouse still moves).

My hijackthis log is as follows. I am using windows XP sp2 by the way.
Thanks in advance for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:48 PM, on 2/27/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\savedump.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
F:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\CyberLink\Shared Files\RichVideo.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Pen_Tablet.exe
F:\WINDOWS\system32\TsService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
F:\Program Files\CyberLink\PowerCinema\PCMService.exe
F:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
F:\WINDOWS\system32\Pen_Tablet.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
F:\Program Files\VIA\RAID\raid_tool.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\conime.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\w\My Documents\Downloads\winlogon.scr

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "F:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] F:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = F:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: VIA RAID TOOL.lnk = F:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - F:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - F:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google ?A?b?v?f?[?g ?T?[?r?X (gupdate) (gupdate) - Google Inc. - F:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - F:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TsService - Teruten Inc. - F:\WINDOWS\system32\TsService.exe

--
End of file - 5158 bytes

descriptionComputer freezing after malware attack EmptyRe: Computer freezing after malware attack28th February 2010, 1:10 am

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

descriptionComputer freezing after malware attack EmptyRe: Computer freezing after malware attack28th February 2010, 7:09 am

more_horiz
Here is the results of the log.

Note I updated to the most recent version of MBAM....

Malwarebytes' Anti-Malware 1.44
Database version: 3805
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/28/2010 12:00:32 AM
mbam-log-2010-02-28 (00-00-28).txt

Scan type: Quick Scan
Objects scanned: 165548
Time elapsed: 23 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Documents and Settings\w\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> No action taken.

descriptionComputer freezing after malware attack EmptyRe: Computer freezing after malware attack28th February 2010, 11:54 pm

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionComputer freezing after malware attack EmptyRe: Computer freezing after malware attack1st March 2010, 3:32 am

more_horiz
OTL Extras logfile created on: 2/28/2010 8:28:01 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = F:\Documents and Settings\w\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 676.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): F:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 39.06 Gb Total Space | 4.07 Gb Free Space | 10.43% Space Free | Partition Type: FAT32
Drive D: | 127.98 Gb Total Space | 18.44 Gb Free Space | 14.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 105.76 Gb Total Space | 89.62 Gb Free Space | 84.74% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Q
Current User Name: w
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = F:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"F:\Program Files\CyberLink\PowerCinema\PCMService.exe" = F:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"F:\Program Files\BitTorrent\bittorrent.exe" = F:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"F:\Program Files\Bonjour\mDNSResponder.exe" = F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7D73CC6B-33A8-4DE2-9539-2498A59C12C2}" = My Cinema
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDVD 1.0
"{B547CB8D-549A-436E-97B5-E79F911B11E2}" = SDP Downloader
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer Express
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EDE28287-D32C-415E-9C97-2BF9F9260150}" = ATI Decoder
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Frontcam" = Frontcam
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{7D73CC6B-33A8-4DE2-9539-2498A59C12C2}" = My Cinema
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{EDE28287-D32C-415E-9C97-2BF9F9260150}" = ATI Decoder
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Paint Shop Pro 5.0 Evaluation" = Paint Shop Pro 5.0 Evaluation
"Pen Tablet Driver" = Pen Tablet
"RealAlt_is1" = Real Alternative 2.0.1
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"WinRAR archiver" = WinRAR archiver
"エクセレント麻雀" = エクセレント麻雀

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/12/2010 7:32:26 PM | Computer Name = Q | Source = Google Update | ID = 20
Description =

Error - 1/13/2010 12:16:13 PM | Computer Name = Q | Source = Application Error | ID = 1000
Description = Faulting application psp.exe, version 5.0.0.0, faulting module mfc42.dll,
version 6.2.4131.0, fault address 0x00098f5a.

Error - 1/13/2010 8:10:07 PM | Computer Name = Q | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/28/2010 10:34:08 AM | Computer Name = Q | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 2/28/2010 10:34:10 AM | Computer Name = Q | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 2/28/2010 10:45:10 AM | Computer Name = Q | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 2/28/2010 11:55:32 AM | Computer Name = Q | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 2/28/2010 12:27:08 PM | Computer Name = Q | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 2/28/2010 12:40:54 PM | Computer Name = Q | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 2/28/2010 2:35:06 PM | Computer Name = Q | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 2/28/2010 3:02:51 PM | Computer Name = Q | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 2/28/2010 7:25:17 PM | Computer Name = Q | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 2/28/2010 11:25:29 PM | Computer Name = Q | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2


< End of report >

descriptionComputer freezing after malware attack EmptyRe: Computer freezing after malware attack1st March 2010, 3:33 am

more_horiz
OTL logfile created on: 2/28/2010 8:28:01 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = F:\Documents and Settings\w\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 676.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): F:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 39.06 Gb Total Space | 4.07 Gb Free Space | 10.43% Space Free | Partition Type: FAT32
Drive D: | 127.98 Gb Total Space | 18.44 Gb Free Space | 14.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 105.76 Gb Total Space | 89.62 Gb Free Space | 84.74% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Q
Current User Name: w
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/28 20:27:35 | 000,551,424 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\w\My Documents\Downloads\OTL.exe
PRC - [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) -- F:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009/03/19 14:03:32 | 000,167,936 | ---- | M] (Teruten Inc.) -- F:\WINDOWS\system32\TsService.exe
PRC - [2008/05/01 15:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- F:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008/05/01 15:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- F:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2006/05/25 16:57:50 | 000,118,880 | ---- | M] () -- F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006/05/25 16:57:48 | 000,266,338 | ---- | M] () -- F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/05/25 16:57:24 | 000,147,456 | ---- | M] (CyberLink Corp.) -- F:\Program Files\CyberLink\PowerCinema\PCMService.exe
PRC - [2006/05/25 16:57:06 | 001,073,152 | ---- | M] (Cyberlink) -- F:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2006/02/14 13:09:00 | 000,069,632 | ---- | M] (ASUSTeK) -- F:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
PRC - [2005/10/28 11:23:10 | 001,404,928 | ---- | M] (Belkin) -- F:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
PRC - [2004/12/22 02:09:44 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 05:00:00 | 000,027,648 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\conime.exe
PRC - [2004/07/13 23:44:40 | 000,585,728 | R--- | M] (VIA Technologies) -- F:\Program Files\VIA\RAID\raid_tool.exe


========== Modules (SafeList) ==========

MOD - [2010/02/28 20:27:35 | 000,551,424 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\w\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,811,064 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\imjp81k.dll
MOD - [2004/08/04 05:00:00 | 000,340,023 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\imjp81.ime
MOD - [2004/08/04 05:00:00 | 000,110,637 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\ime\imjp8_1\DICTS\imjpcd.dic


========== Win32 Services (SafeList) ==========

SRV - [2009/03/19 14:03:32 | 000,167,936 | ---- | M] (Teruten Inc.) [Auto | Running] -- F:\WINDOWS\system32\TsService.exe -- (TsService)
SRV - [2008/05/01 15:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- F:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2006/05/25 16:57:50 | 000,118,880 | ---- | M] () [Auto | Running] -- F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/05/25 16:57:48 | 000,266,338 | ---- | M] () [Auto | Running] -- F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/05/25 16:57:06 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- F:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2004/07/17 20:10:00 | 000,516,096 | ---- | M] () [Auto | Stopped] -- F:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)


========== Driver Services (SafeList) ==========

DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/03/17 13:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/01/15 13:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/01/10 18:34:58 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/11/13 03:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 17:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/02/14 03:07:24 | 002,825,088 | R--- | M] (ASUSTek) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005/11/10 11:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2004/12/22 02:07:12 | 002,304,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/12/02 01:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/03 22:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/07/17 19:11:24 | 000,768,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/18 01:55:26 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- F:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - [2004/02/24 18:25:06 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 12:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.jp/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 94.229.69.98:33333

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.jp/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010/02/27 07:49:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010/02/27 15:12:14 | 000,000,000 | ---D | M]

[2009/08/11 05:47:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\w\Application Data\Mozilla\Extensions
[2010/02/27 17:55:38 | 000,000,000 | ---D | M] -- F:\Documents and Settings\w\Application Data\Mozilla\Firefox\Profiles\leuddgz1.default\extensions
[2010/02/26 17:19:57 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- F:\Documents and Settings\w\Application Data\Mozilla\Firefox\Profiles\leuddgz1.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/02/26 06:51:01 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- F:\Documents and Settings\w\Application Data\Mozilla\Firefox\Profiles\leuddgz1.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}(2)
[2010/02/27 17:55:38 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/22 00:23:06 | 000,000,755 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 microsoft
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PCMService] F:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] F:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] F:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe (ASUSTeK)
O4 - HKLM..\Run: [SoundMan] F:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = F:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk = F:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - F:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: F:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: F:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/05/04 14:34:30 | 000,000,237 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/27 14:52:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/02/27 14:51:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Adobe
[2010/02/27 14:51:46 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\Adobe AIR
[2010/02/27 08:52:31 | 000,000,000 | ---D | C] -- F:\Program Files\MSXML 4.0
[2010/02/27 08:49:29 | 000,000,000 | ---D | C] -- F:\WINDOWS\ServicePackFiles
[2010/02/27 08:31:36 | 000,000,000 | ---D | C] -- F:\WINDOWS\Sun
[2010/02/27 08:25:58 | 002,180,352 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/02/27 08:25:58 | 002,136,064 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/02/27 08:25:57 | 002,015,744 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/02/27 08:25:56 | 002,057,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/02/27 08:24:24 | 000,272,128 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\bthport.sys
[2010/02/27 08:11:59 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/02/27 08:11:53 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\PreInstall
[2010/02/27 08:11:52 | 000,026,488 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\spupdsvc.exe
[2010/02/27 08:11:51 | 000,000,000 | -H-D | C] -- F:\WINDOWS\$hf_mig$
[2010/02/27 08:06:02 | 000,000,000 | ---D | C] -- F:\Program Files\Sun
[2010/02/27 08:05:55 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\deploytk.dll
[2010/02/27 08:05:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\javaws.exe
[2010/02/27 08:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\javaw.exe
[2010/02/27 08:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\java.exe
[2010/02/27 08:05:55 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\javacpl.cpl
[2010/02/26 17:35:09 | 000,000,000 | ---D | C] -- F:\WINDOWS\Minidump
[2010/02/26 17:07:15 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\SoftwareDistribution
[2010/02/26 07:31:09 | 000,000,000 | ---D | C] -- F:\Documents and Settings\w\Application Data\Malwarebytes
[2010/02/26 07:31:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/26 07:31:04 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2010/02/26 07:31:04 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2010/02/26 07:31:04 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/26 07:01:23 | 000,000,000 | ---D | C] -- F:\Program Files\Lavasoft
[2010/02/26 07:01:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/15 16:44:36 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Sun
[2010/02/15 16:44:35 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\Java
[2010/02/15 16:44:13 | 000,000,000 | ---D | C] -- F:\Program Files\Java
[2010/02/15 16:43:20 | 000,000,000 | ---D | C] -- F:\Documents and Settings\w\Application Data\Sun
[2010/02/13 20:11:29 | 000,000,000 | ---D | C] -- F:\Program Files\AviSynth 2.5
[2010/02/13 20:11:20 | 000,000,000 | ---D | C] -- F:\Program Files\eRightSoft
[2010/02/13 19:59:32 | 000,000,000 | ---D | C] -- F:\Documents and Settings\w\My Documents\MyGIF
[2010/02/13 19:58:14 | 000,000,000 | ---D | C] -- F:\Program Files\ConvexSoft
[2010/02/13 19:28:31 | 000,000,000 | ---D | C] -- F:\Documents and Settings\w\My Documents\My GIF Animations
[2009/12/11 22:16:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/11 22:11:18 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/11/09 12:06:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/10 18:01:04 | 000,135,168 | R--- | C] ( ) -- F:\WINDOWS\System32\ATIDEMGR.dll
[2009/08/10 17:44:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/10 17:44:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/08/10 17:40:36 | 000,000,000 | --SD | M] -- F:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/10 17:40:36 | 000,000,000 | --SD | M] -- F:\Documents and Settings\LocalService\Application Data\Microsoft
[3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/28 20:26:00 | 000,000,876 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 20:25:26 | 000,000,872 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/28 20:25:25 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010/02/28 20:25:22 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/02/28 12:10:04 | 003,670,016 | ---- | M] () -- F:\Documents and Settings\w\ntuser.dat
[2010/02/28 12:10:00 | 000,000,178 | -HS- | M] () -- F:\Documents and Settings\w\ntuser.ini
[2010/02/28 09:50:18 | 000,143,360 | ---- | M] () -- F:\Documents and Settings\w\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/27 18:44:21 | 004,836,306 | -H-- | M] () -- F:\Documents and Settings\w\Local Settings\Application Data\IconCache.db
[2010/02/27 14:52:43 | 000,001,729 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/27 14:51:54 | 000,000,732 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/02/27 09:01:33 | 000,356,120 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/27 09:01:33 | 000,311,604 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010/02/27 09:01:33 | 000,039,992 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010/02/27 08:59:57 | 000,113,376 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/27 08:55:43 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2010/02/27 08:16:33 | 000,002,278 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010/02/27 08:05:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\deploytk.dll
[2010/02/27 08:05:49 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\javaws.exe
[2010/02/27 08:05:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\javaw.exe
[2010/02/27 08:05:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\java.exe
[2010/02/27 08:05:49 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\javacpl.cpl
[2010/02/26 17:02:21 | 000,000,458 | ---- | M] () -- F:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/26 07:31:08 | 000,000,696 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/22 12:06:03 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/19 15:50:48 | 000,022,100 | -H-- | M] () -- F:\WINDOWS\System32\mlfcache.dat
[2010/02/15 23:56:48 | 000,002,748 | ---- | M] () -- F:\Documents and Settings\w\Desktop\rei.rtf
[2010/02/06 09:17:44 | 000,001,915 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/04 15:54:42 | 000,000,056 | ---- | M] () -- F:\WINDOWS\kgt2k.INI
[2010/01/31 20:11:42 | 015,899,793 | ---- | M] () -- F:\Documents and Settings\w\Desktop\maudioblog17.mp3
[3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/27 14:52:43 | 000,001,729 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/27 14:51:54 | 000,000,732 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/02/26 07:31:08 | 000,000,696 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/26 07:04:58 | 000,000,458 | ---- | C] () -- F:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/15 23:28:47 | 000,002,748 | ---- | C] () -- F:\Documents and Settings\w\Desktop\rei.rtf
[2010/02/12 19:22:48 | 003,670,016 | ---- | C] () -- F:\Documents and Settings\w\ntuser.dat
[2010/02/06 09:17:44 | 000,001,915 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/01 07:24:02 | 000,000,056 | ---- | C] () -- F:\WINDOWS\kgt2k.INI
[2010/01/31 20:11:42 | 015,899,793 | ---- | C] () -- F:\Documents and Settings\w\Desktop\maudioblog17.mp3
[2009/11/13 20:51:14 | 000,237,568 | ---- | C] () -- F:\WINDOWS\System32\rmc_rtspdl.dll
[2009/09/09 06:05:08 | 000,126,976 | ---- | C] () -- F:\WINDOWS\System32\TptmLib.dll
[2009/08/21 14:02:32 | 000,003,072 | R--- | C] () -- F:\WINDOWS\System32\34CoInstaller.dll
[2009/08/21 14:02:23 | 000,363,520 | ---- | C] () -- F:\WINDOWS\System32\PsisDecd.dll
[2009/08/21 13:47:59 | 000,198,144 | ---- | C] () -- F:\WINDOWS\System32\_psisdecd.dll
[2009/08/15 10:05:46 | 000,022,723 | ---- | C] () -- F:\WINDOWS\System32\ssp2ml3.dll
[2009/08/10 17:56:00 | 000,000,164 | ---- | C] () -- F:\WINDOWS\avrack.ini
[2009/08/10 17:55:56 | 000,156,672 | ---- | C] () -- F:\WINDOWS\System32\RTLCPAPI.dll
[2009/08/10 17:45:41 | 000,143,360 | ---- | C] () -- F:\Documents and Settings\w\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/10 17:42:08 | 000,168,448 | ---- | C] () -- F:\WINDOWS\System32\unrar.dll
[2009/08/10 17:42:08 | 000,000,038 | ---- | C] () -- F:\WINDOWS\avisplitter.ini
[2009/08/10 17:42:06 | 000,881,664 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll
[2009/08/10 17:42:06 | 000,205,824 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll
[2009/08/10 17:42:05 | 003,596,288 | ---- | C] () -- F:\WINDOWS\System32\qt-dx331.dll
[2009/08/10 17:42:03 | 000,000,547 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/10 17:42:02 | 000,085,504 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll
[2009/03/13 12:29:48 | 000,208,896 | ---- | C] () -- F:\WINDOWS\System32\TptLIB.dll
[2009/02/09 15:27:08 | 000,114,688 | ---- | C] () -- F:\WINDOWS\System32\TsCheckHook.dll
[2009/01/08 10:04:06 | 000,126,976 | ---- | C] () -- F:\WINDOWS\System32\TptBmlib.dll
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- F:\WINDOWS\System32\InsDrvZD64.DLL
[2004/07/17 19:07:41 | 000,086,016 | ---- | C] () -- F:\WINDOWS\System32\ati2evxx.dll
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- F:\WINDOWS\System32\InsDrvZD.dll
[2002/11/13 14:33:22 | 000,053,248 | R--- | C] () -- F:\WINDOWS\System32\asus_tv_tune.dll
< End of report >

descriptionComputer freezing after malware attack EmptyRe: Computer freezing after malware attack1st March 2010, 10:20 pm

more_horiz
Hello.

This looks fine, how is the machine running now?

descriptionComputer freezing after malware attack EmptyRe: Computer freezing after malware attack

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum