Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\Windows\System32\Drivers\szkimzl.sys


  • This topic is locked This topic is locked
2 replies to this topic

#1 iJoe

iJoe

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 13 January 2010 - 11:45 PM

Today I turned on my computer and a message from AVAST said that the file C:\Windows\System32\Drivers\szkimzl.sys was infected. So, I pressed 'delete' and I turned on my internet, which was working fine the other day, and it wouldn't work. I thought it might have been firefox, but I tried IE, Chrome, and Opera, none of the worked. I have three other computers, which are all on the same modem and they all work fine.

Here's the DDS Log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 19:56:43.29 on Wed 01/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.592 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1296 [VPS 100101-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: {44d81424-ce39-4312-9649-6d46d0791a2e} - c:\windows\system32\awttSlmm.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PlayNC Launcher]
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [vmamyovr] c:\windows\system32\config\systemprofile\local settings\application data\jaahjq\nnitsysguard.exe
dRun: [ygua8e7yhuiesfha876yfauy8fe] c:\windows\temp\ma3xj.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Save YouTube Video
IE: Save YouTube Video as MP3
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} - hxxp://xiah.gamescampus.com/luncher/GamesCampus.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} - hxxp://file.daum.net/down/DaumFile.cab
DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} - hxxp://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} - hxxp://channel.dontblynk.com/Launcher/StWbUsa.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/js/NCLoader.5.cab
DPF: {68B5B09E-9CB4-4E93-A75B-44DD4362120C} - hxxp://comic.daum.net/download/new/ToonsXContentsPlug.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://www.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg8.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B13183E5-7C8A-428A-935A-00D5392F3245} - hxxp://image.tocteen.daum.net/viewer/TnsViewer.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {6B8F626A-5E74-4284-88AF-62317F9AB57C} = 68.87.64.196,68.87.66.196
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\awttSlmm
Hosts: 66.240.255.107 nprotect.lineage2.com
Hosts: 64.56.64.73 l2authd.lineage2.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\yo7xasa2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - www.comcast.net
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\yo7xasa2.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\yo7xasa2.default\extensions\cslauncher@getamped.com\plugins\npCsLauncher.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npAbacast.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\NPAbacheck.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npcyworld.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-2 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-2 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-2 155160]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-2 352920]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-2 254040]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 XDva226;XDva226;\??\c:\windows\system32\xdva226.sys --> c:\windows\system32\XDva226.sys [?]

=============== Created Last 30 ================

2010-01-13 06:26:02 0 d-----w- c:\windows\ie8updates
2010-01-13 06:25:37 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 06:25:30 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-13 06:25:30 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-06 02:51:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-06 02:44:32 0 d-----r- c:\program files\Skype
2010-01-03 08:07:39 0 d-sh--w- c:\documents and settings\hp_administrator\IECompatCache
2010-01-03 08:05:50 0 d-sh--w- c:\documents and settings\hp_administrator\PrivacIE
2010-01-03 08:01:47 0 d-sh--w- c:\documents and settings\hp_administrator\IETldCache
2010-01-03 07:55:11 0 dc-h--w- c:\windows\ie8
2010-01-03 02:47:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-03 02:47:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 02:47:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-02 05:27:01 0 ----a-w- c:\windows\system32\18467.exe
2010-01-02 05:04:40 767488 ----a-w- c:\windows\system32\drivers\szkimzl.sys
2010-01-02 05:01:25 1 ----a-w- C:\s
2010-01-02 05:01:14 22016 ----a-w- C:\ovqac.exe
2010-01-02 04:13:01 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-12-30 02:58:06 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-12-30 02:58:06 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-12-30 02:58:05 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-12-30 02:58:04 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-12-30 02:57:46 0 d-----w- c:\program files\Heroes of Newerth
2009-12-25 23:26:14 0 d-----w- c:\docume~1\hp_adm~1\applic~1\TS3Client
2009-12-25 23:25:34 0 d-----w- c:\program files\TeamSpeak 3 Client
2009-12-24 22:32:15 69 ----a-w- c:\documents and settings\hp_administrator\jagex_runescape_preferences2.dat
2009-12-19 04:10:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-18 15:08:11 0 d-----w- C:\8d6632984c71b87c76b3e8d5675e
2009-12-17 16:37:55 0 d-----w- C:\24156e03addafb4e5aba93d2af
2009-12-16 14:42:41 0 d-----w- C:\2b4b998d933768bc7ce1417c
2009-12-15 10:51:31 0 d-----w- C:\4a25950fbe7c423cca945f

==================== Find3M ====================

2010-01-11 22:42:02 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-11 22:42:02 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-01-08 23:15:41 40926 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2009-12-25 18:50:10 39 ----a-w- c:\documents and settings\hp_administrator\jagex_runescape_preferences.dat
2009-12-18 20:23:09 79743 ----a-w- c:\windows\War3Unin.dat
2009-12-09 04:55:17 2360712 ----a-w- c:\windows\system32\DaumActiveX_2_0_0_8.dll
2009-11-07 21:50:41 82568 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-30 19:15:40 2715648 ----a-w- c:\windows\system32\DAUMPLAYERDLL.DLL
2009-10-29 07:46:51 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-10-29 07:45:37 5940736 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-29 07:45:37 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2009-10-29 07:45:37 1208832 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2009-10-29 07:45:35 594432 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-29 07:45:35 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-29 07:45:35 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2009-10-29 07:45:34 1985536 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2009-10-29 07:45:34 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2009-10-29 07:45:33 11069952 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2009-10-29 07:45:32 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-04-17 01:54:49 55092 --sha-w- c:\windows\system32\mmlSttwa.ini2

============= FINISH: 19:59:09.23 ===============

Edited by iJoe, 14 January 2010 - 12:05 AM.


BC AdBot (Login to Remove)

 


#2 iJoe

iJoe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 13 January 2010 - 11:48 PM

Again, sorry but there isn't an option to add attachments.
Here's the attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/27/2008 5:44:01 PM
System Uptime: 1/13/2010 6:28:00 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2204/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 162.984 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is FIXED (FAT32) - 9 GiB total, 0.535 GiB free.
I: is CDROM ()
J: is Removable
K: is CDROM (CDFS)
L: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TAP-Win32 Adapter V9
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider V9
Name: TAP-Win32 Adapter V9
PNP Device ID: ROOT\NET\0000
Service: tap0901

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TAP-Win32 Adapter V8
Device ID: ROOT\NET\0001
Manufacturer: TAP-Win32 Provider
Name: TAP-Win32 Adapter V8
PNP Device ID: ROOT\NET\0001
Service: tap0801

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

????
AAC Decoder
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5
Adobe Shockwave Player
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
Bonjour
BufferChm
CCleaner
Collab
Counter-Strike
Counter-Strike: Source
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Daum ActiveX 컨트롤 - ??? ?????
Daum ActiveX 컨트롤 - Daum ???? ????
Daum ActiveX 컨트롤 - Daum?? ????
Destinations
DeviceManagementQFolder
DivX Codec
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
Face of Mankind
FL Studio 8
Free Audio CD Burner version 1.2
FullDPAppQFolder
FutureStream Client
GlassFish V2 UR1
Google Chrome
H.264 Decoder
Heroes of Newerth
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Software Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
IL Download Manager
InstantShareDevices
iTunes
Java DB 10.4.1.3
Java™ 6 Update 11
Java™ 6 Update 12
Java™ 6 Update 15
Java™ SE Development Kit 6 Update 11
Java™ SE Development Kit 6 Update 12
LightScribe 1.4.105.1
Malwarebytes' Anti-Malware
MapleStory
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
mIRC
MKV Splitter
Move Media Player
Mozilla Firefox (3.0.17)
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
musicshakeENG
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
MySQL Server 5.0
MySQL Tools for 5.0
NCsoft Launcher
NetMeter 1.1.3
nProtect Netizen(remove only)
NVIDIA Drivers
OpenOffice.org Installer 1.0
OpenVPN 2.1_rc15
OptionalContentQFolder
Pando Media Booster
PhotoGallery
PoiZone
QuickTime
RandMap
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
SkinsHP1
Skype?4.1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Steam
SUPERAntiSpyware Free Edition
System Requirements Lab
TeamSpeak 3 Client
Toxic Biohazard
TuneUp Utilities 2008
Uninstall 1.0.0.1
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP (remove only)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 8.0 Runtime Setup Package
Warcraft III: All Products
WC3Banlist
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver

==== Event Viewer Messages From Past Week ========

1/9/2010 8:58:45 AM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
1/9/2010 8:58:04 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/9/2010 8:58:04 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/13/2010 7:50:48 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/12/2010 5:39:36 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/11/2010 2:20:46 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\atapi.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.

==== End Of File ===========================



and the Root repeal

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2010/01/13 20:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF7693000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\szkimzl.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\hot3-7@hotmail.com\SharingMetadata\claer90@hanmail.net\DFSR\Staging\CS{7FE69280-7186-0D93-4064-59CCE11DBC1C}\14\114-{E~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\hot3-7@hotmail.com\SharingMetadata\ok3313@hotmail.com\DFSR\Staging\CS{797F21D7-AC34-ED2D-912D-75B5ECC9F22E}\12\12-{CAE319FF-A457-4F7D-9763-C808A7F2E7DB}-v12-{CAE319FF-A457-4F7D-9763-C808A7F2E7DB}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\hot3-7@hotmail.com\SharingMetadata\t.mac.92@hotmail.com\DFSR\Staging\CS{CC72E649-CA07-3001-5AB8-5035AE8D094A}\11\11-{5C8194A3-7D75-4916-AEF4-72B982268D6A}-v11-{5C8194A3-7D75-4916-AEF4-72B982268D6A}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\hot3-7@hotmail.com\SharingMetadata\t.mac.92@hotmail.com\DFSR\Staging\CS{CC72E649-CA07-3001-5AB8-5035AE8D094A}\12\12-{5C8194A3-7D75-4916-AEF4-72B982268D6A}-v12-{5C8194A3-7D75-4916-AEF4-72B982268D6A}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb8563576

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb8563432

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb8563910

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb856300a

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb856350c

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb8562f4a

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb8562fae

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb856362c

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb85635ec

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb856376c

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf6ab50b0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x867338f0 Size: 363

==EOF==

Moving to HJT forum. ~ OB

Edited by Orange Blossom, 14 January 2010 - 12:01 AM.


#3 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:01:39 AM

Posted 18 January 2010 - 04:29 AM

Being helped at TSF.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users