Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can not access internet


  • This topic is locked This topic is locked
2 replies to this topic

#1 shifty_steve

shifty_steve

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 03 January 2010 - 07:17 PM

please help my freinds pc had the windows virus which cause the pc to loose intrnet access. the virus has now been removed but still can not access the internet.

the prob started off with the windows anti virus pro popped up on screen after that could not access any web page. got windows anti virus removed using avast anti virus and malwarebytes after removed still could not acces net ie comes up with could not find server. the pc is wired direct to the modem.tried using the winsock fix but did not help also tried ispfix software but still nothing any ideas please help.

DDS (Ver_09-12-01.01) - NTFSx86
Run by JANICE at 15:11:19.45 on 16/02/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.499 [GMT 0:00]

AV: avast! antivirus 4.8.1368 [VPS 100216-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:Program FilesBonjourmDNSResponder.exe
svchost.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSsystem32wuauclt.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32igfxpers.exe
C:Program FilesDellMedia ExperienceDMXLauncher.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:Program FilesDell Photo AIO Printer 924dlccmon.exe
C:WINDOWSsystem32rundll32.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe
C:Program FilesDell SupportDSAgnt.exe
C:WINDOWSsystem32dlcccoms.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWindows LiveMessengerMsnMsgr.Exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIBNE.EXE
C:Program FilesiPodbiniPodService.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesWindows LiveContactswlcomm.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsJANICEDesktopdds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:program fileswindows livefamily safetyfssbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.2.4204.1700swg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:program filesepsonepson web-to-pageEPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:program filesepsonepson web-to-pageEPSON Web-To-Page.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {E6AE90A4-1B01-47F0-AA78-E6B122E145E9} - No File
TB: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
uRun: [DellSupport] "c:program filesdell supportDSAgnt.exe" /startup
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [MsnMsgr] "c:program fileswindows livemessengerMsnMsgr.Exe" /background
uRun: [EPSON Stylus Photo R265 Series] c:windowssystem32spooldriversw32x863e_fatibne.exe /fu "c:docume~1janicelocals~1tempE_SF1.tmp" /EF "HKCU"
uRun: [swg] c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe
mRun: [igfxtray] c:windowssystem32igfxtray.exe
mRun: [igfxhkcmd] c:windowssystem32hkcmd.exe
mRun: [igfxpers] c:windowssystem32igfxpers.exe
mRun: [DMXLauncher] c:program filesdellmedia experienceDMXLauncher.exe
mRun: [ISUSScheduler] "c:program filescommon filesinstallshieldupdateserviceissch.exe" -start
mRun: [<NO NAME>]
mRun: [RealTray] c:program filesrealrealplayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [DLA] c:windowssystem32dlaDLACTRLW.EXE
mRun: [dlccmon.exe] "c:program filesdell photo aio printer 924dlccmon.exe"
mRun: [NeroFilterCheck] c:windowssystem32NeroCheck.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [avast!] c:progra~1alwils~1avast4ashDisp.exe
mRun: [fssui] "c:program fileswindows livefamily safetyfsui.exe" -autorun
mRun: [Sony Ericsson PC Suite] "c:program filessony ericssonmobile2application launcherApplication Launcher.exe" /startoptions
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [ISUSPM Startup] "c:program filescommon filesinstallshieldupdateserviceisuspm.exe" -startup
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:program filesmalwarebytes' anti-malwarembamgui.exe" /starttray
mRun: [DLCCCATS] rundll32 c:windowssystem32spooldriversw32x863DLCCtime.dll,_RunDLLEntry@16
dRun: [ctfmon.exe] c:windowssystem32CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:program filescommon filesmicrosoft sharedencarta search barENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1janiceapplic~1mozillafirefoxprofiles5ircohwa.default
FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com
FF - prefs.js: browser.search.selectedEngine - Ask
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2008-4-6 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2008-4-6 20560]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast4ashServ.exe [2007-11-9 138680]
R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2009-5-18 54752]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:windowssystem32drivershnm_wrls_pkt.sys [2006-1-12 13696]
R2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2009-12-18 236368]
R2 wsppkt;Wireless Security Protocol;c:windowssystem32driverswsp_pkt.sys [2006-1-12 13568]
R3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast4ashMaiSv.exe [2007-11-9 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast4ashWebSv.exe [2007-11-9 352920]
R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2009-12-18 19160]
S2 gupdate1c9c26581ef9a7e;Google Update Service (gupdate1c9c26581ef9a7e);c:program filesgoogleupdateGoogleUpdate.exe [2009-4-21 133104]
S3 fsssvc;Windows Live Family Safety Service;c:program fileswindows livefamily safetyfsssvc.exe [2009-8-5 704864]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:windowssystem32driverss816bus.sys [2009-2-17 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:windowssystem32driverss816mdfl.sys [2009-2-17 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:windowssystem32driverss816mdm.sys [2009-2-17 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:windowssystem32driverss816mgmt.sys [2009-2-17 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:windowssystem32driverss816nd5.sys [2009-2-17 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:windowssystem32driverss816obex.sys [2009-2-17 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:windowssystem32driverss816unic.sys [2009-2-17 97704]

=============== Created Last 30 ================

2010-02-16 15:00:03 0 d-----w- c:program filesCCleaner
2010-02-05 10:40:16 0 d-----w- c:windowspss

==================== Find3M ====================

2010-02-11 12:33:40 6528 --sha-w- c:windowssystem32KGyGaAvL.sys
2010-01-15 17:45:19 10238 ----a-w- c:docume~1janiceapplic~1wklnhst.dat
2010-01-07 16:07:14 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-01-07 16:07:04 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-12-31 16:50:03 353792 ----a-w- c:windowssystem32driverssrv.sys
2009-12-31 16:50:03 353792 ------w- c:windowssystem32dllcachesrv.sys
2009-12-31 15:33:06 70656 ----a-w- c:windowssystem32dllcacheie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:windowssystem32dllcacheieudinit.exe
2009-12-18 13:05:43 634648 ----a-w- c:windowssystem32dllcacheiexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:windowssystem32dllcacheieakui.dll
2009-12-16 18:43:27 343040 ----a-w- c:windowssystem32mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:windowssystem32dllcachemspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:windowssystem32csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:windowssystem32dllcachecsrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:windowssystem32ntoskrnl.exe
2009-12-08 19:27:51 2189184 ------w- c:windowssystem32dllcachentoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:windowssystem32dllcachentkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:windowssystem32dllcachentkrpamp.exe
2009-12-08 18:43:50 2066048 ----a-w- c:windowssystem32ntkrnlpa.exe
2009-12-08 18:43:50 2066048 ------w- c:windowssystem32dllcachentkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:windowssystem32dllcacheshlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:windowssystem32dllcachemrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:windowssystem32msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:windowssystem32dllcachemsyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:windowssystem32quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:windowssystem32dllcachequartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:windowssystem32tsbyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:windowssystem32dllcachetsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:windowssystem32msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:windowssystem32dllcachemsvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:windowssystem32avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:windowssystem32dllcacheavifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:windowssystem32iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:windowssystem32dllcacheiyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:windowssystem32msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:windowssystem32dllcachemsrle32.dll
2009-11-21 15:51:04 471552 ------w- c:windowssystem32dllcacheaclayers.dll
2007-02-03 12:05:57 56 --sh--r- c:windowssystem32DE5C0800B3.sys
2009-02-12 10:54:32 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009021220090213index.dat

============= FINISH: 15:11:56.93 ===============


ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2010/02/16 15:21
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:WINDOWSSystem32Driversdump_atapi.sys
Address: 0xAA408000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xF7B1A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xA9026000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:hiberfil.sys
Status: Locked to the Windows API!

Path: C:Documents and SettingsJANICELocal SettingsApplication DataMicrosoftMessengergjgross1@hotmail.comSharingMetadatabigtitjo@hotmail.co.ukDFSRStagingCS{FAD06C54-4450-F2D5-A0B2-63F94BD6AB0D}4329-{C8~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:WINDOWSSystem32DriversaswSP.SYS" at address 0xaa4286b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:WINDOWSSystem32DriversaswSP.SYS" at address 0xaa428574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:WINDOWSSystem32DriversaswSP.SYS" at address 0xaa428a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:WINDOWSSystem32DriversaswSP.SYS" at address 0xaa42814c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:WINDOWSSystem32DriversaswSP.SYS" at address 0xaa42864e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:WINDOWSSystem32DriversaswSP.SYS" at address 0xaa42808c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:WINDOWSSystem32DriversaswSP.SYS" at address 0xaa4280f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:WINDOWSSystem32DriversaswSP.SYS" at address 0xaa42876e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:WINDOWSSystem32DriversaswSP.SYS" at address 0xaa42872e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:WINDOWSSystem32DriversaswSP.SYS" at address 0xaa4288ae

==EOF==

Edited by boopme, 16 February 2010 - 12:55 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:54 PM

Posted 16 February 2010 - 06:31 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:54 PM

Posted 22 February 2010 - 11:33 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users