Jump to content

Trojan.Agent is on me


Recommended Posts

Hello,

pls I require some help. I'm new here and do not know perfectly your rules, but you might kindly help me.

I have Malwarebytes txt, HiJack.txt and for safety reason I have burned a CD for Recovery (forgot the name, but it suppose to help when pc is not starting propperly and that is what this fellow is not doing)

I can't start properly, after exactly 10 times "cancel" it's loading desktop, but most of the times the desktop is empty, sometimes like now, it's ok. Internet connection is doing fine so far.

Pls somebody may help me. In case somebody needs, of course you do, Malware+HiJack reports, do I just copy them and paste them here or it goes as an attachment?

Thanks

Andre (Tharan is my son)

Link to post
Share on other sites

Ok,

I guess I need to post straight Malware report:

Malwarebytes' Anti-Malware 1.34

Database version: 1894

Windows 5.1.2600 Service Pack 2

3/25/2009 7:20:21 PM

mbam-log-2009-03-25 (19-20-16).txt

Scan type: Quick Scan

Objects scanned: 61486

Time elapsed: 1 minute(s), 39 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\temp\BN7.tmp (Trojan.Agent) -> No action taken.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Protect (Rootkit.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\c++.exe -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\c++.exe -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\c++.exe,) Good: (userinit.exe) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\c++.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> No action taken.

C:\Documents and Settings\Sys\reader_s.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\temp\BN7.tmp (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> No action taken.

and HiJack this one:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:34:35 PM, on 3/25/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\reader_s.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\c++.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ag-leathers.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\c++.exe,

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Local Disk C Gigabyte\Program Files\Flashget\jccatch.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Sys\reader_s.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Sys\reader_s.exe (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - F:\Local Disk C Gigabyte\Program Files\Flashget\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - F:\Local Disk C Gigabyte\Program Files\Flashget\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CS1\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CS2\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer = 208.67.222.222,208.67.220.220

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 4355 bytes

I guess that's the start

Link to post
Share on other sites

Hi,

by the time waiting for some possible advice, I like to mention that removing the virus with Malwarebytes was a total failure, it could not do "all" and after the shut down of the computer it took some trials to reload the system. Than I have used Combofix and there was the same trouble, after shut down it was not possible to enter the system again. It took 10 times on the cancel button, than via Admin I could enter again and windows wanted to close this window, than that etc, finaly combofix was in the picture again!! After I gave a Malwarebytes quick scan but the fellows are still there, this is the report above.

Thanks

Andre

Link to post
Share on other sites

:D

Hi,

by the time waiting for some possible advice, I like to mention that removing the virus with Malwarebytes was a total failure, it could not do "all" and after the shut down of the computer it took some trials to reload the system. Than I have used Combofix and there was the same trouble, after shut down it was not possible to enter the system again. It took 10 times on the cancel button, than via Admin I could enter again and windows wanted to close this window, than that etc, finaly combofix was in the picture again!! After I gave a Malwarebytes quick scan but the fellows are still there, this is the report above.

Thanks

Andre

Link to post
Share on other sites

:D

Just wanted to let you know I had a very bad virus and it could not be removed or shut off it took over may computer and said I had 314 viruses FAKE but everytime I tried to run mailwarebytes it shut it down. Today I turned on my computer and the rouge virus was down in my tool bar. so I right clicked it turned it off and ran mailwarebytes and it found it and removed it after two week of sheer hell it is gone. Don't know if i can say what it was but it was like av360 iconlooks like norton and windows combined. The key was to find a way to shut it down to remove it. There was nothing to remove in add/remove programs.

Link to post
Share on other sites

Just wanted to let you know I had a very bad virus and it could not be removed or shut off it took over may computer and said I had 314 viruses FAKE but everytime I tried to run mailwarebytes it shut it down. Today I turned on my computer and the rouge virus was down in my tool bar. so I right clicked it turned it off and ran mailwarebytes and it found it and removed it after two week of sheer hell it is gone. Don't know if i can say what it was but it was like av360 iconlooks like norton and windows combined. The key was to find a way to shut it down to remove it. There was nothing to remove in add/remove programs.

But I believe I do not have that much time. In the meantime everything broke down here. I restarted in safe mode and restored system, so I'm on again, but not for long for sure. I don't know why nobody wants to help me??

Link to post
Share on other sites

  • Root Admin

Hello Tharan and Welcome to Malwarebytes.

It is not that no one wants to help you. If you look at the amount of new and on-going posts in the past few weeks vs. the amount of trained helpers you can hopefully then appreciate why it can take a long time before someone responds. Some people have waited days, and others have slipped through the cracks, it has nothing to do with you.

So, please run the following since you're now able to get back on the system.

STEP 01

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

STEP 02

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

STEP 03

    Please create a BOOTLOG
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
Link to post
Share on other sites

Hi,

thanks to know, not to be alone, May it's also the time difference, here I have it now 7.45am.

I have followed your instructions, but before I tell you what I have done yesterday night:

1. I did run "smitfraudfix" in safe mode and normal

2. run MAB in safe mode, found viruses, 18 pcs, put in quarantine and removed later

3. run MAB again and it shows no virus.

So far so good, but something is not more the same on my pc, IE is starting up with different site etc.

I did what you have advised and here we go:

Malwarebytes' Anti-Malware 1.34

Database version: 1898

Windows 5.1.2600 Service Pack 2

3/26/2009 7:24:37 AM

mbam-log-2009-03-26 (07-24-37).txt

Scan type: Quick Scan

Objects scanned: 65193

Time elapsed: 1 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:21:57, on 3/26/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Local Disk C Gigabyte\Program Files\Flashget\jccatch.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O8 - Extra context menu item: &Download All with FlashGet - F:\Local Disk C Gigabyte\Program Files\Flashget\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - F:\Local Disk C Gigabyte\Program Files\Flashget\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CS1\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CS2\Services\Tcpip\..\{0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75}: NameServer = 208.67.222.222,208.67.220.220

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 3218 bytes

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/15/2009 3:54:20 PM

System Uptime: 3/26/2009 7:06:31 AM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 945GCM-S2L

Processor: Intel® Pentium® D CPU 3.00GHz | Socket 775 | 3000/200mhz

Processor: Intel® Pentium® D CPU 3.00GHz | Socket 775 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (FAT32) - 19 GiB total, 11.225 GiB free.

D: is FIXED (NTFS) - 19 GiB total, 18.265 GiB free.

E: is FIXED (NTFS) - 19 GiB total, 18.146 GiB free.

F: is FIXED (NTFS) - 19 GiB total, 7.083 GiB free.

G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 2/15/2009 3:56:37 PM - System Checkpoint

RP2: 2/15/2009 4:02:55 PM - Installed Realtek High Definition Audio Driver

RP3: 2/15/2009 4:03:21 PM - Installed Windows XP KB888111WXPSP2.

RP4: 2/15/2009 4:10:31 PM - Installed Microsoft Office Professional Edition 2003

RP5: 2/15/2009 4:28:08 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver

RP6: 2/15/2009 4:34:30 PM - Installed Adobe Reader 8.1.1

RP7: 2/15/2009 5:21:00 PM - Installed AVG Free 8.0

RP8: 2/16/2009 6:18:03 PM - System Checkpoint

RP9: 2/17/2009 8:48:58 AM - Avg8 Update

RP10: 2/17/2009 8:56:06 AM - Avg8 Update

RP11: 2/18/2009 7:11:00 AM - Avg8 Update

RP12: 2/18/2009 7:53:00 AM - Installed SmartFTP Client

RP13: 2/19/2009 10:57:01 AM - System Checkpoint

RP14: 2/20/2009 12:41:16 PM - System Checkpoint

RP15: 2/24/2009 5:51:50 AM - System Checkpoint

RP16: 2/25/2009 6:35:03 AM - System Checkpoint

RP17: 2/26/2009 9:32:31 AM - System Checkpoint

RP18: 2/28/2009 2:51:37 PM - System Checkpoint

RP19: 3/1/2009 4:35:39 PM - System Checkpoint

RP20: 3/2/2009 5:42:23 PM - System Checkpoint

RP21: 3/2/2009 6:15:08 PM - Removed Adobe Reader 8.1.1

RP22: 3/3/2009 6:28:24 PM - System Checkpoint

RP23: 3/5/2009 8:45:48 AM - System Checkpoint

RP24: 3/5/2009 10:28:55 AM - Avg8 Update

RP25: 3/10/2009 11:20:04 AM - System Checkpoint

RP26: 3/11/2009 8:48:27 PM - System Checkpoint

RP27: 3/11/2009 9:42:36 PM - Removed AVG 8.0

RP28: 3/11/2009 9:43:09 PM - Installed AVG 8.0

RP29: 3/12/2009 9:48:42 PM - System Checkpoint

RP30: 3/13/2009 9:50:40 PM - System Checkpoint

RP31: 3/14/2009 10:26:40 PM - System Checkpoint

RP32: 3/15/2009 9:16:38 AM - Installed Windows Media Player Firefox Plugin

RP33: 3/16/2009 12:55:27 PM - System Checkpoint

RP34: 3/17/2009 1:38:35 PM - System Checkpoint

RP35: 3/17/2009 4:19:53 PM - Installed Image Resizer Powertoy for Windows XP

RP36: 3/17/2009 4:22:58 PM - Installed Calculator Powertoy for Windows XP

RP37: 3/18/2009 5:27:20 PM - Removed Calculator Powertoy for Windows XP

RP38: 3/18/2009 5:27:43 PM - Removed Image Resizer Powertoy for Windows XP

RP39: 3/18/2009 5:27:59 PM - Removed Nokia Connectivity Cable Driver

RP40: 3/19/2009 6:56:35 PM - System Checkpoint

RP41: 3/23/2009 11:59:48 AM - System Checkpoint

RP42: 3/24/2009 12:09:56 PM - System Checkpoint

RP43: 3/25/2009 12:21:06 PM - System Checkpoint

RP44: 3/25/2009 6:24:31 PM - ComboFix created restore point

RP45: 3/25/2009 10:46:09 PM - Restore Operation

==== Installed Programs ======================

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.3

AiO_Scan

ALZip

Audacity 1.2.6

Cablenut 4.08

CCleaner (remove only)

Enterprise

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

HP PSC & Officejet 5.3.B Corporate Edition

HTML-Kit

Intel® Graphics Media Accelerator Driver

Malwarebytes' Anti-Malware

Microsoft Office Professional Edition 2003

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.0.7)

MSVC80_x86

Nero 6 Ultra Edition

Nokia PC Suite

PC Connectivity Solution

Picture Resize Genius 2.9.4

PowerDVD

QFolder

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Scan

SmartFTP Client

Total Video Converter 3.02

VideoLAN VLC media player 0.8.6d

WebFldrs XP

Windows Media Player Firefox Plugin

WinRAR archiver

==== Event Viewer Messages From Past Week ========

3/25/2009 12:45:35 PM, error: Service Control Manager [7034] - The Service Eset service terminated unexpectedly. It has done this 1 time(s).

3/25/2009 3:27:00 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 aac2a49e.

3/25/2009 3:42:27 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

3/25/2009 3:44:53 PM, error: Service Control Manager [7034] - The afisicx Service service terminated unexpectedly. It has done this 1 time(s).

3/25/2009 3:44:53 PM, error: Service Control Manager [7034] - The sopidkc Service service terminated unexpectedly. It has done this 1 time(s).

3/25/2009 3:44:53 PM, error: Service Control Manager [7034] - The tdctxte Service service terminated unexpectedly. It has done this 1 time(s).

3/25/2009 9:46:05 PM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.

3/25/2009 10:01:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

3/25/2009 10:01:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/25/2009 10:01:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

3/25/2009 10:01:43 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

3/25/2009 10:01:43 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/25/2009 10:01:43 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

3/25/2009 10:01:43 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/25/2009 10:01:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

3/25/2009 10:10:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/25/2009 10:11:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

3/25/2009 10:31:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm

3/25/2009 10:45:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

==== End Of File ===========================

DDS (Ver_09-03-16.01) - FAT32x86

Run by Sys at 7:25:56.42 on Thu 03/26/2009

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.586 [GMT 5.5:30]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Sys\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - f:\local disk c gigabyte\program files\flashget\jccatch.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

IE: &Download All with FlashGet - f:\local disk c gigabyte\program files\flashget\jc_all.htm

IE: &Download with FlashGet - f:\local disk c gigabyte\program files\flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

TCP: {0A00BE83-DA9A-466D-A3BC-0F3D6F9C6F75} = 208.67.222.222,208.67.220.220

Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sys\applic~1\mozilla\firefox\profiles\1uk2ovhl.default\

FF - prefs.js: browser.startup.homepage - www.rediffmail.com

FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-03-25 23:39 1,630 a------- c:\windows\system32\tmp.reg

2009-03-25 22:00 <DIR> --dsh--- C:\FOUND.004

2009-03-25 19:34 <DIR> --d----- c:\program files\Trend Micro

2009-03-25 18:08 <DIR> --dsh--- C:\FOUND.003

2009-03-25 15:52 <DIR> --dsh--- C:\FOUND.002

2009-03-25 12:41 1,990 a------- c:\windows\system32\65.tmp

2009-03-25 12:40 71,680 a------- c:\windows\system32\5F.tmp

2009-03-25 12:40 28,672 a------- c:\windows\system32\5E.tmp

2009-03-25 12:39 124 a------- c:\windows\system32\5B.tmp

2009-03-18 17:24 <DIR> --d----- c:\program files\HTML-Kit

2009-03-18 17:17 <DIR> --d----- c:\program files\Chami

2009-03-18 16:39 <DIR> --d----- c:\docume~1\sys\applic~1\FreshHTML

2009-03-17 16:40 7,168 a--sh--- c:\windows\Thumbs.db

2009-03-17 16:40 31 a------- c:\windows\system32\Days5.ini

2009-03-17 16:40 <DIR> --d----- c:\program files\Picture Resize Genius

2009-03-17 16:19 <DIR> --d----- c:\windows\Downloaded Installations

2009-03-17 14:34 <DIR> --d----- c:\program files\common files\PCSuite

2009-03-17 14:34 <DIR> --d----- c:\program files\common files\Nokia

2009-03-17 14:34 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys

2009-03-17 14:34 <DIR> --d----- c:\program files\PC Connectivity Solution

2009-03-17 14:33 91,136 a------- c:\windows\system32\nmwcdcls.dll

2009-03-17 14:33 <DIR> --d----- c:\program files\Nokia

2009-03-11 21:44 <DIR> --d----- c:\docume~1\sys\applic~1\Malwarebytes

2009-03-11 21:44 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-03-11 21:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-11 21:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-03-11 21:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-03-05 10:26 <DIR> --dsh--- C:\FOUND.001

2009-03-04 11:02 124,688 a------- c:\windows\system32\MSWINSCK.OCX

2009-03-04 11:02 10,752 a------- c:\windows\system32\aamd532.dll

2009-03-04 08:22 <DIR> --dsh--- C:\FOUND.000

2009-03-02 19:18 <DIR> --d----- c:\windows\system32\Logfiles

2009-03-02 19:18 <DIR> --d----- C:\Inetpub

2009-03-01 22:02 <DIR> --d----- c:\program files\Free WMA MP3 Converter

2009-03-01 21:03 <DIR> --d----- c:\program files\CCleaner

2009-03-01 20:17 <DIR> --d----- c:\program files\Audacity

2009-02-25 19:12 <DIR> --ds---- c:\documents and settings\sys\UserData

==================== Find3M ====================

2009-03-25 12:40 182,912 a------- c:\windows\system32\drivers\ndis.sys

2009-03-25 12:40 182,912 a------- c:\windows\system32\dllcache\ndis.sys

2009-02-16 16:57 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-02-15 16:58 106,253 a------- c:\windows\hpoins07.dat

2009-02-15 16:26 16,608 a------- c:\windows\gdrv.sys

2009-02-15 16:16 155,995 a------- c:\windows\java\packages\S73RDZ1N.ZIP

2009-02-15 16:16 2,232 a------- c:\windows\java\packages\data\1RN3DN93.DAT

2009-02-15 16:16 2,678 a------- c:\windows\java\packages\data\CGVB71RR.DAT

2009-02-15 16:16 2,678 a------- c:\windows\java\packages\data\VD3BDN17.DAT

2009-02-15 16:16 2,678 a------- c:\windows\java\packages\data\J3TVJJJJ.DAT

2009-02-15 16:16 2,678 a------- c:\windows\java\packages\data\8PZJDBN5.DAT

2009-02-15 16:16 2,678 a------- c:\windows\java\packages\data\1B33HFPF.DAT

2009-02-15 15:47 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 7:26:05.82 ===============

Service Pack 2 3 26 2009 07:38:15.375

Loaded driver \WINDOWS\system32\ntkrnlpa.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver ACPI.sys

Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver pciide.sys

Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver dmload.sys

Loaded driver dmio.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Loaded driver fltMgr.sys

Loaded driver sr.sys

Loaded driver Fastfat.sys

Loaded driver KSecDD.sys

Loaded driver NDIS.sys

Loaded driver Mup.sys

Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys

Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys

Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys

Loaded driver \SystemRoot\system32\DRIVERS\Rtenicxp.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys

Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys

Loaded driver \SystemRoot\system32\DRIVERS\serial.sys

Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\parport.sys

Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys

Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys

Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys

Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys

Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys

Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys

Loaded driver \SystemRoot\system32\DRIVERS\psched.sys

Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys

Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys

Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys

Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\update.sys

Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS

Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS

Loaded driver \SystemRoot\system32\drivers\RtkHDAud.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys

Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys

Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS

Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS

Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS

Did not load driver \SystemRoot\System32\Drivers\Changer.SYS

Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS

Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS

Loaded driver \SystemRoot\System32\Drivers\Null.SYS

Loaded driver \SystemRoot\System32\Drivers\Beep.SYS

Loaded driver \SystemRoot\System32\drivers\vga.sys

Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS

Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys

Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS

Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys

Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys

Loaded driver \SystemRoot\System32\drivers\afd.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys

Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys

Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys

Loaded driver \SystemRoot\System32\Drivers\Fips.SYS

Loaded driver \SystemRoot\System32\Drivers\Ntfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys

Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\usbscan.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys

Loaded driver \SystemRoot\system32\DRIVERS\HPZius12.sys

Loaded driver \SystemRoot\system32\DRIVERS\HPZid412.sys

Loaded driver \SystemRoot\system32\DRIVERS\HPZipr12.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys

Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys

Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys

Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS

Loaded driver \SystemRoot\system32\DRIVERS\srv.sys

Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\drivers\wdmaud.sys

Loaded driver \SystemRoot\system32\drivers\sysaudio.sys

Loaded driver \SystemRoot\system32\drivers\splitter.sys

Loaded driver \SystemRoot\system32\drivers\aec.sys

Loaded driver \SystemRoot\system32\drivers\swmidi.sys

Loaded driver \SystemRoot\system32\drivers\DMusic.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \SystemRoot\system32\drivers\drmkaud.sys

Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

ROOTREPEAL © AD, 2007-2008

==================================================

Scan Time: 2009/03/26 07:43

Program Version: Version 1.2.3.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF7458000 Size: 187776 File Visible: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2142208 File Visible: -

Status: -

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xAA938000 Size: 138496 File Visible: -

Status: -

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF73EA000 Size: 95360 File Visible: -

Status: -

Name: audstub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys

Address: 0xF72CA000 Size: 3072 File Visible: -

Status: -

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF7A95000 Size: 4224 File Visible: -

Status: -

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7997000 Size: 12288 File Visible: -

Status: -

Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xF7737000 Size: 63744 File Visible: -

Status: -

Name: cdrom.sys

Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Address: 0xF7637000 Size: 49536 File Visible: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xF75C7000 Size: 53248 File Visible: -

Status: -

Name: disk.sys

Image Path: disk.sys

Address: 0xF75B7000 Size: 36352 File Visible: -

Status: -

Name: dmio.sys

Image Path: dmio.sys

Address: 0xF7402000 Size: 153344 File Visible: -

Status: -

Name: dmload.sys

Image Path: dmload.sys

Address: 0xF7A8B000 Size: 5888 File Visible: -

Status: -

Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xF76C7000 Size: 61440 File Visible: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xAA7D0000 Size: 98304 File Visible: No

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7A9B000 Size: 8192 File Visible: No

Status: -

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xAAA8A000 Size: 12288 File Visible: -

Status: -

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF9C1000 Size: 73728 File Visible: -

Status: -

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7BAD000 Size: 4096 File Visible: -

Status: -

Name: Fastfat.sys

Image Path: Fastfat.sys

Address: 0xF7396000 Size: 143360 File Visible: -

Status: -

Name: fdc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys

Address: 0xF7847000 Size: 27392 File Visible: -

Status: -

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xF7717000 Size: 34944 File Visible: -

Status: -

Name: flpydisk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys

Address: 0xF7877000 Size: 20480 File Visible: -

Status: -

Name: fltMgr.sys

Image Path: fltMgr.sys

Address: 0xF73CB000 Size: 124800 File Visible: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF7A93000 Size: 7936 File Visible: -

Status: -

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF7428000 Size: 125056 File Visible: -

Status: -

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806E2000 Size: 134400 File Visible: -

Status: -

Name: HDAudBus.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

Address: 0xF70E1000 Size: 151552 File Visible: -

Status: -

Name: HPZid412.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys

Address: 0xF7747000 Size: 50848 File Visible: -

Status: -

Name: HPZipr12.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

Address: 0xAAA96000 Size: 16224 File Visible: -

Status: -

Name: HPZius12.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys

Address: 0xF78AF000 Size: 21472 File Visible: -

Status: -

Name: HTTP.sys

Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys

Address: 0xA9C0B000 Size: 263040 File Visible: -

Status: -

Name: i8042prt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys

Address: 0xF7617000 Size: 52736 File Visible: -

Status: -

Name: ialmdd5.DLL

Image Path: C:\WINDOWS\System32\ialmdd5.DLL

Address: 0xBFA38000 Size: 925696 File Visible: -

Status: -

Name: ialmdev5.DLL

Image Path: C:\WINDOWS\System32\ialmdev5.DLL

Address: 0xBFA03000 Size: 217088 File Visible: -

Status: -

Name: ialmdnt5.dll

Image Path: C:\WINDOWS\System32\ialmdnt5.dll

Address: 0xBF9E1000 Size: 139264 File Visible: -

Status: -

Name: ialmnt5.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

Address: 0xF711A000 Size: 1353696 File Visible: -

Status: -

Name: ialmrnt5.dll

Image Path: C:\WINDOWS\System32\ialmrnt5.dll

Address: 0xBF9D3000 Size: 57344 File Visible: -

Status: -

Name: imapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys

Address: 0xF7627000 Size: 41856 File Visible: -

Status: -

Name: intelppm.sys

Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys

Address: 0xF75F7000 Size: 36096 File Visible: -

Status: -

Name: ipnat.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Address: 0xAA982000 Size: 134912 File Visible: -

Status: -

Name: ipsec.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xAAA23000 Size: 74752 File Visible: -

Status: -

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF7587000 Size: 35840 File Visible: -

Status: -

Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xF7857000 Size: 24576 File Visible: -

Status: -

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7A87000 Size: 8192 File Visible: -

Status: -

Name: ks.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys

Address: 0xF706D000 Size: 143360 File Visible: -

Status: -

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF737F000 Size: 92032 File Visible: -

Status: -

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xF7A97000 Size: 4224 File Visible: -

Status: -

Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xF784F000 Size: 23040 File Visible: -

Status: -

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF7597000 Size: 42240 File Visible: -

Status: -

Name: mrxdav.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys

Address: 0xAA45B000 Size: 181248 File Visible: -

Status: -

Name: mrxsmb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Address: 0xAA89D000 Size: 451456 File Visible: -

Status: -

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF788F000 Size: 19072 File Visible: -

Status: -

Name: msgpc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Address: 0xF7687000 Size: 35072 File Visible: -

Status: -

Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xF7A43000 Size: 15488 File Visible: -

Status: -

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF732F000 Size: 107904 File Visible: -

Status: -

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0x86553000 Size: 182912 File Visible: -

Status: -

Name: ndistapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xF7A2B000 Size: 9600 File Visible: -

Status: -

Name: ndisuio.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Address: 0xAA6DC000 Size: 12928 File Visible: -

Status: -

Name: ndiswan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xF7056000 Size: 91776 File Visible: -

Status: -

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF76A7000 Size: 38016 File Visible: -

Status: -

Name: netbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys

Address: 0xF76F7000 Size: 34560 File Visible: -

Status: -

Name: netbt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys

Address: 0xAA95A000 Size: 162816 File Visible: -

Status: -

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF7897000 Size: 30848 File Visible: -

Status: -

Name: Ntfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Ntfs.SYS

Address: 0xAA810000 Size: 574592 File Visible: -

Status: -

Name: ntkrnlpa.exe

Image Path: C:\WINDOWS\system32\ntkrnlpa.exe

Address: 0x804D7000 Size: 2142208 File Visible: -

Status: -

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF729A000 Size: 2944 File Visible: -

Status: -

Name: parport.sys

Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys

Address: 0xF7090000 Size: 80128 File Visible: -

Status: -

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF780F000 Size: 18688 File Visible: -

Status: -

Name: ParVdm.SYS

Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS

Address: 0xF7AAB000 Size: 6784 File Visible: -

Status: -

Name: pci.sys

Image Path: pci.sys

Address: 0xF7447000 Size: 68224 File Visible: -

Status: -

Name: pciide.sys

Image Path: pciide.sys

Address: 0xF7B4F000 Size: 3328 File Visible: -

Status: -

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Address: 0xF7807000 Size: 28672 File Visible: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2142208 File Visible: -

Status: -

Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xAAB46000 Size: 139264 File Visible: -

Status: -

Name: psched.sys

Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys

Address: 0xF7045000 Size: 69120 File Visible: -

Status: -

Name: ptilink.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xF7867000 Size: 17792 File Visible: -

Status: -

Name: rasacd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xF72EB000 Size: 8832 File Visible: -

Status: -

Name: rasl2tp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xF7657000 Size: 51328 File Visible: -

Status: -

Name: raspppoe.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xF7667000 Size: 41472 File Visible: -

Status: -

Name: raspptp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Address: 0xF7677000 Size: 48384 File Visible: -

Status: -

Name: raspti.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xF786F000 Size: 16512 File Visible: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2142208 File Visible: -

Status: -

Name: rdbss.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Address: 0xAA90C000 Size: 176512 File Visible: -

Status: -

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF7A99000 Size: 4224 File Visible: -

Status: -

Name: rdpdr.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys

Address: 0xF7014000 Size: 196864 File Visible: -

Status: -

Name: redbook.sys

Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys

Address: 0xF7647000 Size: 57472 File Visible: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xAA5F8000 Size: 45056 File Visible: No

Status: -

Name: Rtenicxp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

Address: 0xF70C7000 Size: 105856 File Visible: -

Status: -

Name: RtkHDAud.sys

Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys

Address: 0xAAB68000 Size: 4554752 File Visible: -

Status: -

Name: serenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys

Address: 0xF7A23000 Size: 15488 File Visible: -

Status: -

Name: serial.sys

Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys

Address: 0xF7607000 Size: 64896 File Visible: -

Status: -

Name: sr.sys

Image Path: sr.sys

Address: 0xF73B9000 Size: 73472 File Visible: -

Status: -

Name: srv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys

Address: 0xAA3B8000 Size: 336256 File Visible: -

Status: -

Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xF7A8D000 Size: 4352 File Visible: -

Status: -

Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xAA318000 Size: 60800 File Visible: -

Status: -

Name: tcpip.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Address: 0xAA9CB000 Size: 359040 File Visible: -

Status: -

Name: TDI.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Address: 0xF785F000 Size: 20480 File Visible: -

Status: -

Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xF7697000 Size: 40704 File Visible: -

Status: -

Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xF6FB8000 Size: 209408 File Visible: -

Status: -

Name: usbccgp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys

Address: 0xF789F000 Size: 31616 File Visible: -

Status: -

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF7A91000 Size: 8192 File Visible: -

Status: -

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xF783F000 Size: 26624 File Visible: -

Status: -

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xF76D7000 Size: 57600 File Visible: -

Status: -

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xF70A4000 Size: 143360 File Visible: -

Status: -

Name: usbprint.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys

Address: 0xF78A7000 Size: 25856 File Visible: -

Status: -

Name: usbscan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys

Address: 0xAAA9A000 Size: 15104 File Visible: -

Status: -

Name: usbuhci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Address: 0xF7837000 Size: 20480 File Visible: -

Status: -

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF7887000 Size: 20992 File Visible: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xF7106000 Size: 81920 File Visible: -

Status: -

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF75A7000 Size: 52352 File Visible: -

Status: -

Name: wanarp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Address: 0xF7707000 Size: 34560 File Visible: -

Status: -

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF78B7000 Size: 20480 File Visible: -

Status: -

Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0xAA1EB000 Size: 82944 File Visible: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1839104 File Visible: -

Status: -

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1839104 File Visible: -

Status: -

Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xF7A89000 Size: 8192 File Visible: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2142208 File Visible: -

Status: -

Finally I have a Smitfraudfix-report from today morning, I have it, so I give it to you as well - I guess no harm

SmitFraudFix v2.405

Scan done at 7:07:16.70, Thu 03/26/2009

Run from C:\Documents and Settings\Sys\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is FAT32

Fix run in normal mode

Link to post
Share on other sites

  • Root Admin

Please try the following. Click on START - RUN and type in or copy/paste the following.

netsh winsock reset

If that does not help to restore the network then try this one and restart the computer

netsh int ip reset c:\resetlog.txt

Then let's do a disk check just to make sure nothing is wrong with the file system.

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30
Link to post
Share on other sites

  • Root Admin

Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.