Jump to content

Malwarebytes

Trojan.Agent is on me

- - - - -
Started by Tharan, Mar 25 2009 02:13 PM

10 replies to this topic

#1
Tharan
Posted 25 March 2009 - 02:13 PM

    New Member

  • Members
  • Pip
  • 6 posts
  • Gender:Male
  • Location:Chennai, India
Hello,
pls I require some help. I'm new here and do not know perfectly your rules, but you might kindly help me.
I have Malwarebytes txt, HiJack.txt and for safety reason I have burned a CD for Recovery (forgot the name, but it suppose to help when pc is not starting propperly and that is what this fellow is not doing)
I can't start properly, after exactly 10 times "cancel" it's loading desktop, but most of the times the desktop is empty, sometimes like now, it's ok. Internet connection is doing fine so far.
Pls somebody may help me. In case somebody needs, of course you do, Malware+HiJack reports, do I just copy them and paste them here or it goes as an attachment?
Thanks
Andre (Tharan is my son)

#2
Tharan
Posted 25 March 2009 - 02:17 PM

    New Member

  • Members
  • Pip
  • 6 posts
  • Gender:Male
  • Location:Chennai, India
Ok,
I guess I need to post straight Malware report:

Malwarebytes' Anti-Malware 1.34
Database version: 1894
Windows 5.1.2600 Service Pack 2

3/25/2009 7:20:21 PM
mbam-log-2009-03-25 (19-20-16).txt

Scan type: Quick Scan
Objects scanned: 61486
Time elapsed: 1 minute(s), 39 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\temp\BN7.tmp (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Protect (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\c++.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\c++.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\c++.exe,) Good: (userinit.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\c++.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Sys\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\temp\BN7.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> No action taken.

and HiJack this one:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:35 PM, on 3/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\c++.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ag-leathers.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\c++.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Local Disk C Gigabyte\Program Files\Flashget\jccatch.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Sys\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Sys\reader_s.exe (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - F:\Local Disk C Gigabyte\Program Files\Flashget\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\Local Disk C Gigabyte\Program Files\Flashget\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4355 bytes

I guess that's the start

#3
Tharan
Posted 25 March 2009 - 02:34 PM

    New Member

  • Members
  • Pip
  • 6 posts
  • Gender:Male
  • Location:Chennai, India
Hi,
by the time waiting for some possible advice, I like to mention that removing the virus with Malwarebytes was a total failure, it could not do "all" and after the shut down of the computer it took some trials to reload the system. Than I have used Combofix and there was the same trouble, after shut down it was not possible to enter the system again. It took 10 times on the cancel button, than via Admin I could enter again and windows wanted to close this window, than that etc, finaly combofix was in the picture again!! After I gave a Malwarebytes quick scan but the fellows are still there, this is the report above.
Thanks
Andre

#4
torrie
Posted 25 March 2009 - 03:18 PM

    New Member

  • Members
  • Pip
  • 2 posts
:D

View PostTharan, on Mar 25 2009, 03:34 PM, said:

Hi,
by the time waiting for some possible advice, I like to mention that removing the virus with Malwarebytes was a total failure, it could not do "all" and after the shut down of the computer it took some trials to reload the system. Than I have used Combofix and there was the same trouble, after shut down it was not possible to enter the system again. It took 10 times on the cancel button, than via Admin I could enter again and windows wanted to close this window, than that etc, finaly combofix was in the picture again!! After I gave a Malwarebytes quick scan but the fellows are still there, this is the report above.
Thanks
Andre

#5
torrie
Posted 25 March 2009 - 03:26 PM

    New Member

  • Members
  • Pip
  • 2 posts

View Posttorrie, on Mar 25 2009, 04:18 PM, said:

:D
Just wanted to let you know I had a very bad virus and it could not be removed or shut off it took over may computer and said I had 314 viruses FAKE but everytime I tried to run mailwarebytes it shut it down. Today I turned on my computer and the rouge virus was down in my tool bar. so I right clicked it turned it off and ran mailwarebytes and it found it and removed it after two week of sheer hell it is gone. Don't know if i can say what it was but it was like av360 iconlooks like norton and windows combined. The key was to find a way to shut it down to remove it. There was nothing to remove in add/remove programs.

#6
Tharan
Posted 25 March 2009 - 05:28 PM

    New Member

  • Members
  • Pip
  • 6 posts
  • Gender:Male
  • Location:Chennai, India

View Posttorrie, on Mar 25 2009, 08:56 PM, said:

Just wanted to let you know I had a very bad virus and it could not be removed or shut off it took over may computer and said I had 314 viruses FAKE but everytime I tried to run mailwarebytes it shut it down. Today I turned on my computer and the rouge virus was down in my tool bar. so I right clicked it turned it off and ran mailwarebytes and it found it and removed it after two week of sheer hell it is gone. Don't know if i can say what it was but it was like av360 iconlooks like norton and windows combined. The key was to find a way to shut it down to remove it. There was nothing to remove in add/remove programs.
But I believe I do not have that much time. In the meantime everything broke down here. I restarted in safe mode and restored system, so I'm on again, but not for long for sure. I don't know why nobody wants to help me??

#7
AdvancedSetup
Posted 26 March 2009 - 12:51 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Hello Tharan and Welcome to Malwarebytes.

It is not that no one wants to help you. If you look at the amount of new and on-going posts in the past few weeks vs. the amount of trained helpers you can hopefully then appreciate why it can take a long time before someone responds. Some people have waited days, and others have slipped through the cracks, it has nothing to do with you.

So, please run the following since you're now able to get back on the system.


STEP 01
Update and Scan with Malwarebytes' Anti-Malware
  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Then post back the MBAM log and a new Hijackthis log.


STEP 02
[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
[/indent]



STEP 03
    Please create a BOOTLOG
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
     
    If you're already running inside Windows you can enable it the following way.
     
  • Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and place a check mark by /BOOTLOG
  • Click on OK and you will be prompted to RESTART Windows. Please do restart now.
  • After Windows restarts open the file C:\Windows\ntbtlog.txt with Notepad
  • From the Edit menu choose Select All then Edit, COPY and post that back on your next reply.
  • If the file is over about 150 lines or so then DELETE the C:\Windows\ntbtlog.txt file and restart the computer and post the NEW one it creates.
  • Note: Vista users can type in the Search and it will show on the menu, then Right click and choose Run as Adminsitrator
  • The tab is called BOOT on Vista. Then choose Boot log


STEP 04
RootRepeal - Rootkit Detector
[indent]
  • Please download the following tool: RootRepeal - Rootkit Detector
  • Direct download link is here: RootRepeal.rar
  • If you don't already have a program to open a .RAR compressed file you can download a trial version from here: WinRAR
  • Extract the program file to a new folder such as C:\RootRepeal
  • Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button
  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the same location where you ran it from, such as C:\RootRepeal
  • Save it as your_name_rootrepeal.txt - where your_name is your forum name
  • This makes it more easy to track who the log belongs to.
  • Then open that log and select all and copy/paste it back on your next reply please.
  • Quit the RootRepeal program.
[/indent]
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#8
Tharan
Posted 26 March 2009 - 02:28 AM

    New Member

  • Members
  • Pip
  • 6 posts
  • Gender:Male
  • Location:Chennai, India
Hi,
thanks to know, not to be alone, May it's also the time difference, here I have it now 7.45am.
I have followed your instructions, but before I tell you what I have done yesterday night:
1. I did run "smitfraudfix" in safe mode and normal
2. run MAB in safe mode, found viruses, 18 pcs, put in quarantine and removed later
3. run MAB again and it shows no virus.
So far so good, but something is not more the same on my pc, IE is starting up with different site etc.

I did what you have advised and here we go:

Malwarebytes' Anti-Malware 1.34
Database version: 1898
Windows 5.1.2600 Service Pack 2

3/26/2009 7:24:37 AM
mbam-log-2009-03-26 (07-24-37).txt

Scan type: Quick Scan
Objects scanned: 65193
Time elapsed: 1 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:21:57, on 3/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Local Disk C Gigabyte\Program Files\Flashget\jccatch.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: &Download All with FlashGet - F:\Local Disk C Gigabyte\Program Files\Flashget\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\Local Disk C Gigabyte\Program Files\Flashget\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3218 bytes



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/15/2009 3:54:20 PM
System Uptime: 3/26/2009 7:06:31 AM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 945GCM-S2L
Processor: Intel® Pentium® D CPU 3.00GHz | Socket 775 | 3000/200mhz
Processor: Intel® Pentium® D CPU 3.00GHz | Socket 775 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 19 GiB total, 11.225 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 18.265 GiB free.
E: is FIXED (NTFS) - 19 GiB total, 18.146 GiB free.
F: is FIXED (NTFS) - 19 GiB total, 7.083 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 2/15/2009 3:56:37 PM - System Checkpoint
RP2: 2/15/2009 4:02:55 PM - Installed Realtek High Definition Audio Driver
RP3: 2/15/2009 4:03:21 PM - Installed Windows XP KB888111WXPSP2.
RP4: 2/15/2009 4:10:31 PM - Installed Microsoft Office Professional Edition 2003
RP5: 2/15/2009 4:28:08 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP6: 2/15/2009 4:34:30 PM - Installed Adobe Reader 8.1.1
RP7: 2/15/2009 5:21:00 PM - Installed AVG Free 8.0
RP8: 2/16/2009 6:18:03 PM - System Checkpoint
RP9: 2/17/2009 8:48:58 AM - Avg8 Update
RP10: 2/17/2009 8:56:06 AM - Avg8 Update
RP11: 2/18/2009 7:11:00 AM - Avg8 Update
RP12: 2/18/2009 7:53:00 AM - Installed SmartFTP Client
RP13: 2/19/2009 10:57:01 AM - System Checkpoint
RP14: 2/20/2009 12:41:16 PM - System Checkpoint
RP15: 2/24/2009 5:51:50 AM - System Checkpoint
RP16: 2/25/2009 6:35:03 AM - System Checkpoint
RP17: 2/26/2009 9:32:31 AM - System Checkpoint
RP18: 2/28/2009 2:51:37 PM - System Checkpoint
RP19: 3/1/2009 4:35:39 PM - System Checkpoint
RP20: 3/2/2009 5:42:23 PM - System Checkpoint
RP21: 3/2/2009 6:15:08 PM - Removed Adobe Reader 8.1.1
RP22: 3/3/2009 6:28:24 PM - System Checkpoint
RP23: 3/5/2009 8:45:48 AM - System Checkpoint
RP24: 3/5/2009 10:28:55 AM - Avg8 Update
RP25: 3/10/2009 11:20:04 AM - System Checkpoint
RP26: 3/11/2009 8:48:27 PM - System Checkpoint
RP27: 3/11/2009 9:42:36 PM - Removed AVG 8.0
RP28: 3/11/2009 9:43:09 PM - Installed AVG 8.0
RP29: 3/12/2009 9:48:42 PM - System Checkpoint
RP30: 3/13/2009 9:50:40 PM - System Checkpoint
RP31: 3/14/2009 10:26:40 PM - System Checkpoint
RP32: 3/15/2009 9:16:38 AM - Installed Windows Media Player Firefox Plugin
RP33: 3/16/2009 12:55:27 PM - System Checkpoint
RP34: 3/17/2009 1:38:35 PM - System Checkpoint
RP35: 3/17/2009 4:19:53 PM - Installed Image Resizer Powertoy for Windows XP
RP36: 3/17/2009 4:22:58 PM - Installed Calculator Powertoy for Windows XP
RP37: 3/18/2009 5:27:20 PM - Removed Calculator Powertoy for Windows XP
RP38: 3/18/2009 5:27:43 PM - Removed Image Resizer Powertoy for Windows XP
RP39: 3/18/2009 5:27:59 PM - Removed Nokia Connectivity Cable Driver
RP40: 3/19/2009 6:56:35 PM - System Checkpoint
RP41: 3/23/2009 11:59:48 AM - System Checkpoint
RP42: 3/24/2009 12:09:56 PM - System Checkpoint
RP43: 3/25/2009 12:21:06 PM - System Checkpoint
RP44: 3/25/2009 6:24:31 PM - ComboFix created restore point
RP45: 3/25/2009 10:46:09 PM - Restore Operation

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
AiO_Scan
ALZip
Audacity 1.2.6
Cablenut 4.08
CCleaner (remove only)
Enterprise
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HP PSC & Officejet 5.3.B Corporate Edition
HTML-Kit
Intel® Graphics Media Accelerator Driver
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.7)
MSVC80_x86
Nero 6 Ultra Edition
Nokia PC Suite
PC Connectivity Solution
Picture Resize Genius 2.9.4
PowerDVD
QFolder
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Scan
SmartFTP Client
Total Video Converter 3.02
VideoLAN VLC media player 0.8.6d
WebFldrs XP
Windows Media Player Firefox Plugin
WinRAR archiver

==== Event Viewer Messages From Past Week ========

3/25/2009 12:45:35 PM, error: Service Control Manager [7034] - The Service Eset service terminated unexpectedly. It has done this 1 time(s).
3/25/2009 3:27:00 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 aac2a49e.
3/25/2009 3:42:27 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/25/2009 3:44:53 PM, error: Service Control Manager [7034] - The afisicx Service service terminated unexpectedly. It has done this 1 time(s).
3/25/2009 3:44:53 PM, error: Service Control Manager [7034] - The sopidkc Service service terminated unexpectedly. It has done this 1 time(s).
3/25/2009 3:44:53 PM, error: Service Control Manager [7034] - The tdctxte Service service terminated unexpectedly. It has done this 1 time(s).
3/25/2009 9:46:05 PM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
3/25/2009 10:01:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/25/2009 10:01:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/25/2009 10:01:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/25/2009 10:01:43 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/25/2009 10:01:43 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/25/2009 10:01:43 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/25/2009 10:01:43 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/25/2009 10:01:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
3/25/2009 10:10:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/25/2009 10:11:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/25/2009 10:31:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
3/25/2009 10:45:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

==== End Of File ===========================



DDS (Ver_09-03-16.01) - FAT32x86
Run by Sys at 7:25:56.42 on Thu 03/26/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.586 [GMT 5.5:30]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sys\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - f:\local disk c gigabyte\program files\flashget\jccatch.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
IE: &Download All with FlashGet - f:\local disk c gigabyte\program files\flashget\jc_all.htm
IE: &Download with FlashGet - f:\local disk c gigabyte\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
TCP: {0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75} = 208.67.222.222,208.67.220.220
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sys\applic~1\mozilla\firefox\profiles\1uk2ovhl.default\
FF - prefs.js: browser.startup.homepage - www.rediffmail.com
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-03-25 23:39 1,630 a------- c:\windows\system32\tmp.reg
2009-03-25 22:00 <DIR> --dsh--- C:\FOUND.004
2009-03-25 19:34 <DIR> --d----- c:\program files\Trend Micro
2009-03-25 18:08 <DIR> --dsh--- C:\FOUND.003
2009-03-25 15:52 <DIR> --dsh--- C:\FOUND.002
2009-03-25 12:41 1,990 a------- c:\windows\system32\65.tmp
2009-03-25 12:40 71,680 a------- c:\windows\system32\5F.tmp
2009-03-25 12:40 28,672 a------- c:\windows\system32\5E.tmp
2009-03-25 12:39 124 a------- c:\windows\system32\5B.tmp
2009-03-18 17:24 <DIR> --d----- c:\program files\HTML-Kit
2009-03-18 17:17 <DIR> --d----- c:\program files\Chami
2009-03-18 16:39 <DIR> --d----- c:\docume~1\sys\applic~1\FreshHTML
2009-03-17 16:40 7,168 a--sh--- c:\windows\Thumbs.db
2009-03-17 16:40 31 a------- c:\windows\system32\Days5.ini
2009-03-17 16:40 <DIR> --d----- c:\program files\Picture Resize Genius
2009-03-17 16:19 <DIR> --d----- c:\windows\Downloaded Installations
2009-03-17 14:34 <DIR> --d----- c:\program files\common files\PCSuite
2009-03-17 14:34 <DIR> --d----- c:\program files\common files\Nokia
2009-03-17 14:34 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-03-17 14:34 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-03-17 14:33 91,136 a------- c:\windows\system32\nmwcdcls.dll
2009-03-17 14:33 <DIR> --d----- c:\program files\Nokia
2009-03-11 21:44 <DIR> --d----- c:\docume~1\sys\applic~1\Malwarebytes
2009-03-11 21:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-11 21:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 21:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-11 21:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 10:26 <DIR> --dsh--- C:\FOUND.001
2009-03-04 11:02 124,688 a------- c:\windows\system32\MSWINSCK.OCX
2009-03-04 11:02 10,752 a------- c:\windows\system32\aamd532.dll
2009-03-04 08:22 <DIR> --dsh--- C:\FOUND.000
2009-03-02 19:18 <DIR> --d----- c:\windows\system32\Logfiles
2009-03-02 19:18 <DIR> --d----- C:\Inetpub
2009-03-01 22:02 <DIR> --d----- c:\program files\Free WMA MP3 Converter
2009-03-01 21:03 <DIR> --d----- c:\program files\CCleaner
2009-03-01 20:17 <DIR> --d----- c:\program files\Audacity
2009-02-25 19:12 <DIR> --ds---- c:\documents and settings\sys\UserData

==================== Find3M ====================

2009-03-25 12:40 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-03-25 12:40 182,912 a------- c:\windows\system32\dllcache\ndis.sys
2009-02-16 16:57 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-15 16:58 106,253 a------- c:\windows\hpoins07.dat
2009-02-15 16:26 16,608 a------- c:\windows\gdrv.sys
2009-02-15 16:16 155,995 a------- c:\windows\java\packages\S73RDZ1N.ZIP
2009-02-15 16:16 2,232 a------- c:\windows\java\packages\data\1RN3DN93.DAT
2009-02-15 16:16 2,678 a------- c:\windows\java\packages\data\CGVB71RR.DAT
2009-02-15 16:16 2,678 a------- c:\windows\java\packages\data\VD3BDN17.DAT
2009-02-15 16:16 2,678 a------- c:\windows\java\packages\data\J3TVJJJJ.DAT
2009-02-15 16:16 2,678 a------- c:\windows\java\packages\data\8PZJDBN5.DAT
2009-02-15 16:16 2,678 a------- c:\windows\java\packages\data\1B33HFPF.DAT
2009-02-15 15:47 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 7:26:05.82 ===============


Service Pack 2 3 26 2009 07:38:15.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltMgr.sys
Loaded driver sr.sys
Loaded driver Fastfat.sys
Loaded driver KSecDD.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\Rtenicxp.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\system32\DRIVERS\serial.sys
Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\parport.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\RtkHDAud.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\Ntfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbscan.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys
Loaded driver \SystemRoot\system32\DRIVERS\HPZius12.sys
Loaded driver \SystemRoot\system32\DRIVERS\HPZid412.sys
Loaded driver \SystemRoot\system32\DRIVERS\HPZipr12.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys


ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/03/26 07:43
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7458000 Size: 187776 File Visible: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2142208 File Visible: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAA938000 Size: 138496 File Visible: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF73EA000 Size: 95360 File Visible: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF72CA000 Size: 3072 File Visible: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A95000 Size: 4224 File Visible: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7997000 Size: 12288 File Visible: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7737000 Size: 63744 File Visible: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7637000 Size: 49536 File Visible: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF75C7000 Size: 53248 File Visible: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF75B7000 Size: 36352 File Visible: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF7402000 Size: 153344 File Visible: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7A8B000 Size: 5888 File Visible: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF76C7000 Size: 61440 File Visible: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA7D0000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A9B000 Size: 8192 File Visible: No
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAAA8A000 Size: 12288 File Visible: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C1000 Size: 73728 File Visible: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7BAD000 Size: 4096 File Visible: -
Status: -

Name: Fastfat.sys
Image Path: Fastfat.sys
Address: 0xF7396000 Size: 143360 File Visible: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7847000 Size: 27392 File Visible: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7717000 Size: 34944 File Visible: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF7877000 Size: 20480 File Visible: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF73CB000 Size: 124800 File Visible: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A93000 Size: 7936 File Visible: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7428000 Size: 125056 File Visible: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E2000 Size: 134400 File Visible: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF70E1000 Size: 151552 File Visible: -
Status: -

Name: HPZid412.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xF7747000 Size: 50848 File Visible: -
Status: -

Name: HPZipr12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xAAA96000 Size: 16224 File Visible: -
Status: -

Name: HPZius12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xF78AF000 Size: 21472 File Visible: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA9C0B000 Size: 263040 File Visible: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7617000 Size: 52736 File Visible: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBFA38000 Size: 925696 File Visible: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBFA03000 Size: 217088 File Visible: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF9E1000 Size: 139264 File Visible: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Address: 0xF711A000 Size: 1353696 File Visible: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF9D3000 Size: 57344 File Visible: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7627000 Size: 41856 File Visible: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF75F7000 Size: 36096 File Visible: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAA982000 Size: 134912 File Visible: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAAA23000 Size: 74752 File Visible: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7587000 Size: 35840 File Visible: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7857000 Size: 24576 File Visible: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A87000 Size: 8192 File Visible: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF706D000 Size: 143360 File Visible: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF737F000 Size: 92032 File Visible: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A97000 Size: 4224 File Visible: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF784F000 Size: 23040 File Visible: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7597000 Size: 42240 File Visible: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xAA45B000 Size: 181248 File Visible: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAA89D000 Size: 451456 File Visible: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF788F000 Size: 19072 File Visible: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7687000 Size: 35072 File Visible: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7A43000 Size: 15488 File Visible: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF732F000 Size: 107904 File Visible: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0x86553000 Size: 182912 File Visible: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7A2B000 Size: 9600 File Visible: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xAA6DC000 Size: 12928 File Visible: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF7056000 Size: 91776 File Visible: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF76A7000 Size: 38016 File Visible: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF76F7000 Size: 34560 File Visible: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAA95A000 Size: 162816 File Visible: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7897000 Size: 30848 File Visible: -
Status: -

Name: Ntfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Ntfs.SYS
Address: 0xAA810000 Size: 574592 File Visible: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2142208 File Visible: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF729A000 Size: 2944 File Visible: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF7090000 Size: 80128 File Visible: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF780F000 Size: 18688 File Visible: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7AAB000 Size: 6784 File Visible: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7447000 Size: 68224 File Visible: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7B4F000 Size: 3328 File Visible: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7807000 Size: 28672 File Visible: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2142208 File Visible: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAAB46000 Size: 139264 File Visible: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF7045000 Size: 69120 File Visible: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7867000 Size: 17792 File Visible: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF72EB000 Size: 8832 File Visible: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7657000 Size: 51328 File Visible: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7667000 Size: 41472 File Visible: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7677000 Size: 48384 File Visible: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF786F000 Size: 16512 File Visible: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2142208 File Visible: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAA90C000 Size: 176512 File Visible: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A99000 Size: 4224 File Visible: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF7014000 Size: 196864 File Visible: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF7647000 Size: 57472 File Visible: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAA5F8000 Size: 45056 File Visible: No
Status: -

Name: Rtenicxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
Address: 0xF70C7000 Size: 105856 File Visible: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAAB68000 Size: 4554752 File Visible: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF7A23000 Size: 15488 File Visible: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF7607000 Size: 64896 File Visible: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF73B9000 Size: 73472 File Visible: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xAA3B8000 Size: 336256 File Visible: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A8D000 Size: 4352 File Visible: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xAA318000 Size: 60800 File Visible: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAA9CB000 Size: 359040 File Visible: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF785F000 Size: 20480 File Visible: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7697000 Size: 40704 File Visible: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6FB8000 Size: 209408 File Visible: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF789F000 Size: 31616 File Visible: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A91000 Size: 8192 File Visible: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF783F000 Size: 26624 File Visible: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF76D7000 Size: 57600 File Visible: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF70A4000 Size: 143360 File Visible: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF78A7000 Size: 25856 File Visible: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xAAA9A000 Size: 15104 File Visible: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7837000 Size: 20480 File Visible: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7887000 Size: 20992 File Visible: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF7106000 Size: 81920 File Visible: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF75A7000 Size: 52352 File Visible: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF7707000 Size: 34560 File Visible: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF78B7000 Size: 20480 File Visible: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xAA1EB000 Size: 82944 File Visible: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1839104 File Visible: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1839104 File Visible: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7A89000 Size: 8192 File Visible: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2142208 File Visible: -
Status: -

Finally I have a Smitfraudfix-report from today morning, I have it, so I give it to you as well - I guess no harm

SmitFraudFix v2.405

Scan done at 7:07:16.70, Thu 03/26/2009
Run from C:\Documents and Settings\Sys\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\Sys\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sys


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sys\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sys\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SYS\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"DefaultDomainName"="SYSTEM"
"System"=""
"AltDefaultDomainName"="SYSTEM"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 208.67.222.222
DNS Server Search Order: 208.67.220.220

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer=208.67.222.222,208.67.220.220
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer=208.67.222.222,208.67.220.220
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer=208.67.222.222,208.67.220.220


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#9
Tharan
Posted 26 March 2009 - 05:06 AM

    New Member

  • Members
  • Pip
  • 6 posts
  • Gender:Male
  • Location:Chennai, India
There are for sure still some problems more. I just tried to ping my internet connection and I got following reply:

"windows\system32\ping.exe is not valid win32 application"
What a crape! :(

#10
AdvancedSetup
Posted 27 March 2009 - 12:41 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Please try the following. Click on START - RUN and type in or copy/paste the following.

netsh winsock reset

If that does not help to restore the network then try this one and restart the computer
netsh int ip reset c:\resetlog.txt

Then let's do a disk check just to make sure nothing is wrong with the file system.

You may have corrupted files on your disk. Please try running the following.
First close ALL Applications as this routine will automatically restart your computer.
Click on START - RUN and copy / paste the following entry into the box and click OK
CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#11
AdvancedSetup
Posted 01 April 2009 - 12:30 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us