Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Laptop Internet not working, malwares Laptop Internet not working, malwares
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
Page 3 of 3 < 12 3
 
Thread Tools
Old 04-01-2007, 12:29 AM   #41 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 20,382
OS: XP


Re: Laptop Internet not working, malwares
Lol ...nothing seems to work for you. No worry, we still have some tricks ..

Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot...
  1. In the popup box that appears, copy/paste in:
    • c:\combofix\6ftunder\pctools.vir\pctools.dll
  2. Click the Open button.
  3. Click YES when prompted to restart your computer.

We'll get rid of the offending file first. Folder is deletable once it's gone
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-01-2007, 03:25 AM   #42 (permalink)
Registered User
 
attachkid's Avatar
 
Join Date: Mar 2007
Posts: 32
OS: XP


Re: Laptop Internet not working, malwares
Lol..i dint quite work out with the Hijack this..but i managed to get it deleted in some way..i moved the dll to the desktop..the folder was deletable after that and then dll also got deleted from desktop...so thats out of the way..

The reports:

1. Registry Log

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Framework
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
DisplayName REG_SZ Application Accelerator
ObjectName REG_SZ LocalSystem
Description REG_SZ Windows ÔËÐмÓËÙÆ÷£¬ÌṩÈí¼þµÄ¿ìËÙÔËÐУ¬»Ö¸´£¬ÒÔ¼°¼ÓËÙ¹¦ÄÜ¡£ÎÞ·¨ÖÕÖ¹´Ë·þÎñ¡£

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Framework\Parameters
ServiceDll REG_EXPAND_SZ C:\WINDOWS\system32\hoixh.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Framework\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Framework\Enum
0 REG_SZ Root\LEGACY_FRAMEWORK\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1



2.Combofix

"RUPESH RAGHAVAN" - 07-04-01 15:11:15 Service Pack 2
ComboFix 07-03-31.3 - Running from: "C:\Documents and Settings\RUPESH RAGHAVAN\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ims.ini
C:\WINDOWS\system32\wbem\mof\good\esery.mof
C:\WINDOWS\saslogww.txt


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\Framework
-------\LEGACY_FRAMEWORK


((((((((((((((((((((((((((((((( Files Created from 2007-03-01 to 2007-04-01 ))))))))))))))))))))))))))))))))))


2007-03-28 12:53 <DIR> d-------- C:\Deckard
2007-03-27 21:57 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-03-27 21:43 512 --a------ C:\ScanSectorLog.dat
2007-03-25 16:49 827,936 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-03-25 16:49 16,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-03-19 15:36 4,166 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-19 15:34 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-19 15:34 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-19 15:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-19 15:34 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-19 15:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-19 15:34 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-16 22:31 <DIR> d-------- C:\DOCUME~1\RUPESH~1\APPLIC~1\Uniblue
2007-03-16 14:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-15 20:36 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2007-03-15 20:35 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-03-12 12:46 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2007-03-11 18:38 <DIR> d-------- C:\DOCUME~1\RUPESH~1\APPLIC~1\MailFrontier
2007-03-11 18:33 180,224 --a------ C:\WINDOWS\system32\winlib .dll
2007-03-11 18:22 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-11 18:21 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-03-11 18:21 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-11 18:20 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-03-11 17:01 1 --a------ C:\WINDOWS\system32\index.dat
2007-03-11 15:05 <DIR> d-------- C:\DOCUME~1\RUPESH~1\APPLIC~1\Lavasoft
2007-03-11 15:04 <DIR> d-------- C:\Program Files\Lavasoft
2007-03-11 15:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-03-10 16:53 <DIR> d-------- C:\Program Files\Registry Clean Pro


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-30 23:03 -------- d-------- C:\DOCUME~1\RUPESH~1\APPLIC~1\u3


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="; C:\\WINDOWS\\system32\\ctfmon.exe"
"MoneyAgent"="; \"c:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"MSMSGS"="; \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"DataLayer"="; C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"eabconfg.cpl"="; C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"HP Software Update"="; C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"iTunesHelper"="; C:\\Program Files\\iTunes\\iTunesHelper.exe"
"PCSuiteTrayApplication"="; C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
"QuickTime Task"="; \"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="; C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"Symantec NetDriver Monitor"="; C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"UpdateManager"="; \"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"WinampAgent"="; C:\\Program Files\\Winamp\\winampa.exe"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdmcon.exe\""
"BDNewsAgent"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdnagent.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corporate Client.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Corporate Client.lnk"
"backup"="C:\\WINDOWS\\pss\\Corporate Client.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ELITEC~1\\CYBERO~1\\CYBERO~1.EXE "
"item"="Corporate Client"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0lsanp\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WmdmPMD REG_MULTI_SZ WmdmPMD\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\LaunchU3.exe -a

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\LaunchU3.exe -a

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45a7bec8-61b6-11db-ad72-000e35c160a8}]
Shell\AutoRun\command G:\LaunchU3.exe -a

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a11d81d8-8c16-11d9-9935-000e35c160a8}]
Shell\AutoRun\command E:\setupSNK.exe


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\SYSTEM.SAV\CTO.TXT 4096 bytes
C:\SYSTEM.SAV\CTOHW.TXT 16 bytes
C:\SYSTEM.SAV\DAYLGSAV.reg 320 bytes
C:\SYSTEM.SAV\delink.log 408 bytes
C:\SYSTEM.SAV\fctpatch.log 4096 bytes
C:\SYSTEM.SAV\highgost.flg 32 bytes
C:\SYSTEM.SAV\info.bom 16384 bytes
C:\SYSTEM.SAV\INFO.US 4096 bytes
C:\SYSTEM.SAV\ISLOGCHK.LOG 4096 bytes
C:\SYSTEM.SAV\logoff.bat 112 bytes
C:\SYSTEM.SAV\logoff.reg 288 bytes
C:\SYSTEM.SAV\PREINCHK.log 4096 bytes
C:\SYSTEM.SAV\REBOOT.ME 48 bytes
C:\SYSTEM.SAV\REGDEV.LOG 40 bytes
C:\SYSTEM.SAV\REGFLUSH.LOG 4096 bytes
C:\SYSTEM.SAV\RegionCF
C:\SYSTEM.SAV\RegionCF\euro.reg 216 bytes
C:\SYSTEM.SAV\RegionCF\SFr.reg 232 bytes
C:\SYSTEM.SAV\RmDev.log 4096 bytes
C:\SYSTEM.SAV\SYSINFO.LOG 315392 bytes
C:\SYSTEM.SAV\UTIL
C:\SYSTEM.SAV\UTIL\AOLBB.log 32 bytes
C:\SYSTEM.SAV\UTIL\AOLbits.log 32 bytes
C:\SYSTEM.SAV\UTIL\AppEvBk1.old 65536 bytes
C:\SYSTEM.SAV\UTIL\bootldr.flg 0 bytes
C:\SYSTEM.SAV\UTIL\BOOTSEC.NT4 512 bytes
C:\SYSTEM.SAV\UTIL\brand.exe 184320 bytes
C:\SYSTEM.SAV\UTIL\BrandIt.Log 8192 bytes
C:\SYSTEM.SAV\UTIL\CHKIMAGE.exe 118784 bytes
C:\SYSTEM.SAV\UTIL\CIA.CDC 65536 bytes
C:\SYSTEM.SAV\UTIL\CIA.INI 77824 bytes
C:\SYSTEM.SAV\UTIL\CMDOOBE.CMD 72 bytes
C:\SYSTEM.SAV\UTIL\CMDSWSET.CMD 64 bytes
C:\SYSTEM.SAV\UTIL\COMPMOD.bat 256 bytes
C:\SYSTEM.SAV\UTIL\COMPMOD.exe 45056 bytes
C:\SYSTEM.SAV\UTIL\COMPMOD.LOG 48 bytes
C:\SYSTEM.SAV\UTIL\COMPMOD.TMP 168 bytes
C:\SYSTEM.SAV\UTIL\cpqci.dll 122880 bytes
C:\SYSTEM.SAV\UTIL\cpqsm.exe 86016 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.exe 118784 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.tmp 168 bytes
C:\SYSTEM.SAV\UTIL\delcia.flg 32 bytes
C:\SYSTEM.SAV\UTIL\DelDir.exe 36864 bytes
C:\SYSTEM.SAV\UTIL\delmodem.bat 128 bytes
C:\SYSTEM.SAV\UTIL\delmodem.ini 184 bytes
C:\SYSTEM.SAV\UTIL\dmiuia.cmd 136 bytes
C:\SYSTEM.SAV\UTIL\DQM_MRK.exe 307200 bytes
C:\SYSTEM.SAV\UTIL\EarthLinkall.log 32 bytes
C:\SYSTEM.SAV\UTIL\EarthLinkDialup.log 32 bytes
C:\SYSTEM.SAV\UTIL\FAQ.log 32 bytes
C:\SYSTEM.SAV\UTIL\hpqnt.dll 90112 bytes
C:\SYSTEM.SAV\UTIL\hsc.log 176 bytes
C:\SYSTEM.SAV\UTIL\infobomg.exe 172032 bytes
C:\SYSTEM.SAV\UTIL\INSTALL.LOG 393216 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.INI 112 bytes
C:\SYSTEM.SAV\UTIL\make_rtr.flg 136 bytes
C:\SYSTEM.SAV\UTIL\mobproc.flg 136 bytes
C:\SYSTEM.SAV\UTIL\MSNPackage.log 32 bytes
C:\SYSTEM.SAV\UTIL\mvedv.log 192 bytes
C:\SYSTEM.SAV\UTIL\NONISPCONTENTS.log 32 bytes
C:\SYSTEM.SAV\UTIL\oobe.min 144 bytes
C:\SYSTEM.SAV\UTIL\oobe.wpe 4096 bytes
C:\SYSTEM.SAV\UTIL\osexclude.txt 184 bytes
C:\SYSTEM.SAV\UTIL\PeoplePC.log 32 bytes
C:\SYSTEM.SAV\UTIL\PININST.INI 120 bytes
C:\SYSTEM.SAV\UTIL\PININST.LOG 168 bytes
C:\SYSTEM.SAV\UTIL\POSTOOBE.CMD 4096 bytes
C:\SYSTEM.SAV\UTIL\POSTOOBE.LOG 24 bytes
C:\SYSTEM.SAV\UTIL\postproc.ini 560 bytes
C:\SYSTEM.SAV\UTIL\powerset.log 88 bytes
C:\SYSTEM.SAV\UTIL\PREINCHK.BAT 184 bytes
C:\SYSTEM.SAV\UTIL\random.ini 40 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.EXE 106496 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.INI 560 bytes
C:\SYSTEM.SAV\UTIL\RMDEV.CMD 296 bytes
C:\SYSTEM.SAV\UTIL\SecEvBk1.old 65536 bytes
C:\SYSTEM.SAV\UTIL\sedinst.log 168 bytes
C:\SYSTEM.SAV\UTIL\SWSETDIR.exe 118784 bytes
C:\SYSTEM.SAV\UTIL\SWSETUP.BTO 424 bytes
C:\SYSTEM.SAV\UTIL\SWSETUP.CMD 136 bytes
C:\SYSTEM.SAV\UTIL\SWSET_B.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\SysEvBk1.old 65536 bytes
C:\SYSTEM.SAV\UTIL\TMP.INI 36864 bytes
C:\SYSTEM.SAV\UTIL\touchpad.log 192 bytes
C:\SYSTEM.SAV\UTIL\uiadump32.exe 32768 bytes
C:\SYSTEM.SAV\UTIL\uiautil.exe 57344 bytes
C:\SYSTEM.SAV\UTIL\updie.bat 104 bytes
C:\SYSTEM.SAV\UTIL\WINDVD.LOG 168 bytes
C:\SYSTEM.SAV\UTIL\WMI.BAT 48 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 90

********************************************************************

Completion time: 07-04-01 15:13:58
C:\ComboFix2.txt ... 07-03-31 06:40
C:\ComboFix3.txt ... 07-03-29 13:42


3 . SRENG LOG
[code]

2007-04-01,15:24:29

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<MoneyAgent><; "c:\Program Files\Microsoft Money\System\mnyexpr.exe"> [Microsoft Corp.]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Publisher]
<SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [(Verified)Microsoft Windows Publisher]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HP Component Manager><"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"> [Hewlett-Packard Company]
<HPHmon05><C:\WINDOWS\system32\hphmon05.exe> [Hewlett-Packard]
<DAEMON Tools-1033><"C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME]
<DataLayer><; C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE> [N/A]
<eabconfg.cpl><; C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start> [Hewlett-Packard ]
<HP Software Update><; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.]
<iTunesHelper><; C:\Program Files\iTunes\iTunesHelper.exe> [Apple Computer, Inc.]
<PCSuiteTrayApplication><; C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE> [N/A]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<SunJavaUpdateSched><; C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe> []
<Symantec NetDriver Monitor><; C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer> [(Verified)Symantec Corporation]
<UpdateManager><; "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r> [Sonic Solutions]
<WinampAgent><; C:\Program Files\Winamp\winampa.exe> [N/A]
<BDMCon><"C:\Program Files\Softwin\BitDefender8\bdmcon.exe"> [SOFTWIN S.R.L.]
<BDNewsAgent><"C:\Program Files\Softwin\BitDefender8\bdnagent.exe"> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]

==================================
Startup Folders
N/A

==================================
Services
[Amadeus Automatic Update / Amadeus Automatic Update][Running/Auto Start]
<C:\Program Files\Automatic Update\AutoUpdate.exe><Amadeus>
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[BitDefender Scan Server / bdss][Running/Auto Start]
<"C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[HP WMI Interface / hpqwmi][Stopped/Manual Start]
<C:\Program Files\HPQ\SHARED\HPQWMI.exe><Hewlett-Packard Development Company, L.P.>
[iPod Service / iPodService][Stopped/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Symantec Network Drivers Service / SNDSrvc][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[BitDefender Communicator / XCOMM][Running/Auto Start]
<"C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service><Softwin>

==================================
Drivers
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[Conexant AMC 3D Environmental Audio / CAMCAUD][Running/Manual Start]
<system32\drivers\camcaud.sys><Conexant Systems Inc.>
[CAMCHALA / CAMCHALA][Running/Manual Start]
<system32\drivers\camchal.sys><Conexant Systems Inc.>
[d347bus / d347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[eabfiltr / eabfiltr][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\EABFiltr.sys><Hewlett-Packard Company>
[eabusb / eabusb][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\eabusb.sys><Hewlett-Packard Company>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[gmer / gmer][Stopped/Manual Start]
<System32\DRIVERS\gmer.sys><GMER>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[HSFHWICH / HSFHWICH][Running/Manual Start]
<system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
<system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[HUAWEI Mobile Connect - 3G Modem / hwcdcmdm0][Running/Manual Start]
<system32\DRIVERS\ewusbmdm.sys><QUALCOMM Incorporated>
[HUAWEI Mobile Connect - 3G Application Interface / hwusbser][Running/Manual Start]
<system32\DRIVERS\ewusbser.sys><QUALCOMM Incorporated>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kl1 / kl1][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\kl1.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[Creative WebCam NX Ultra / P1120VID][Stopped/Manual Start]
<system32\DRIVERS\P1120Vid.sys><Creative Technology Ltd.>
[HP Pci Information / pciinfo][Stopped/Auto Start]
<\??\C:\DOCUME~1\RUPESH~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023][Running/Manual Start]
<system32\DRIVERS\Rtlnic51.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
<system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[SMC IrCC Miniport Device Driver / SMCIRDA][Stopped/Manual Start]
<system32\DRIVERS\smcirda.sys><SMC>
[SYMDNS / SYMDNS][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO][Stopped/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20050512.030\symidsco.sys><N/A>
[SYMNDIS / SYMNDIS][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[tifm21 / tifm21][Running/Manual Start]
<system32\drivers\tifm21.sys><Texas Instruments>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Intel(R) PRO/Wireless 2200 Adapter Driver / w22n51][Running/Manual Start]
<system32\DRIVERS\w22n51.sys><Intel® Corporation>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Amadeus Automatic Update]
{051FE707-9706-11D5-A836-000102A7C938} <C:\WINDOWS\Downloaded Program Files\AutoUpdateATL.dll, N/A>
[Amadeus Cmd Page Cross Communication]
{266BB960-7DA8-11D4-A849-00008321B7D9} <C:\WINDOWS\Downloaded Program Files\S1AVISTAPWCOMMS.DLL, N/A>
[Amadeus_SP2_Patcher Class]
{3D518D7D-422F-4787-AC71-10BB552E897B} <C:\WINDOWS\DOWNLO~1\SP2Patch.dll, N/A>
[Java Plug-in 1.4.2_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.2_03]
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[AutoUpdateSrv Class]
{22269CFE-9C4A-11D5-A83D-000102A7C938} <C:\Program Files\Automatic Update\Components\Kernel\2.4P210_CO\AutoUpdateSRV.dll, Amadeus>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\MSXML4.dll, N/A>
[Java Plug-in 1.4.2_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 588][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0017.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 736][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1060][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1200][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1436][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\hpzsnt09.dll] [HP, 2.240.0.0]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 1524][C:\Program Files\Automatic Update\AutoUpdate.exe] [Amadeus, 2, 2, 4, 210]
[C:\Program Files\Automatic Update\1aAutoUpdateCommon.dll] [N/A, ]
[PID: 1620][C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe] [Symantec Corporation, 5.5.1.6]
[C:\WINDOWS\system32\SymNeti.DLL] [Symantec Corporation, 5.5.1.6]
[PID: 1752][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1800][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1876][C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe] [Softwin, 1, 8, 9, 0]
[PID: 1920][C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe] [N/A, ]
[C:\WINDOWS\system32\XCOMM.dll] [Softwin, 1, 8, 9, 0]
[C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdcore.dll] [SOFTWIN SRL, 7, 0, 0, 2293]
[C:\Program Files\Common Files\Softwin\BitDefender Scan Server\libfn.dll] [N/A, ]
[C:\Program Files\Common Files\Softwin\BitDefender Scan Server\avxdisk.dll] [N/A, ]
[PID: 400][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.2 30Sep04]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 612][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.3856]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3856]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3856]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3856]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3856]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.3856]
[PID: 624][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 7.12.2 30Sep04]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.12.2 30Sep04]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.2 30Sep04]
[PID: 644][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 7.12.2 30Sep04]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.12.2 30Sep04]
[C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 7.12.2 30Sep04]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.2 30Sep04]
[PID: 656][C:\Program Files\HP\hpcoretech\hpcmpmgr.exe] [Hewlett-Packard Company, 2.1.1.0]
[C:\Program Files\HP\hpcoretech\HPVCR70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.2 30Sep04]
[C:\WINDOWS\system32\MSXML4.dll] [Microsoft Corporation, 4.20.9841.0]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[PID: 1096][C:\WINDOWS\system32\hphmon05.exe] [Hewlett-Packard, 5,0,84]
[PID: 1140][C:\Program Files\D-Tools\daemon.exe] [DAEMON'S HOME, 3.47.0.0]
[C:\WINDOWS\daemon.dll] [, 3.47.0.0]
[C:\Program Files\D-Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12]
[C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll] [, 1.0.2.0]
[C:\Program Files\D-Tools\Plugins\Images\ccdmount.dll] [GENERIC, 1.02.0.0]
[C:\Program Files\D-Tools\Plugins\Images\mdsmount.dll] [GENERIC, 1.01.0.0]
[C:\Program Files\D-Tools\Plugins\Images\nrgmount.dll] [GENERIC, 1.02.0.0]
[C:\Program Files\D-Tools\Plugins\Images\pdimount.dll] [GENERIC, 1.01.0.0]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.2 30Sep04]
[PID: 1256][C:\Program Files\Softwin\BitDefender8\bdmcon.exe] [SOFTWIN S.R.L., 8.1.0.3]
[C:\Program Files\Softwin\BitDefender8\bdch.dll] [SOFTWIN, 1, 0, 0, 266]
[C:\Program Files\Softwin\BitDefender8\bdsubmit.dll] [SOFTWIN, 1, 0, 0, 143]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Softwin\BitDefender8\procinf.dll] [N/A, ]
[C:\WINDOWS\system32\XCOMM.dll] [Softwin, 1, 8, 9, 0]
[C:\Program Files\Softwin\BitDefender8\TxTools.dll] [SOFTWIN S.R.L, 8, 1, 0, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71ENU.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Softwin\BitDefender8\popup.dll] [TODO: <Company name>, 1.0.0.1]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.2 30Sep04]
[C:\Program Files\Softwin\BitDefender8\main.dll] [SOFTWIN S.R.L., 8.1.0.2]
[C:\Program Files\Softwin\BitDefender8\antivirus.dll] [SOFTWIN S.R.L., 8, 1, 0, 0]
[C:\Program Files\Softwin\BitDefender8\live.dll] [SOFTWIN S.R.L., 8.1]
[C:\Program Files\Softwin\BitDefender8\HTTPGETF.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender8\zlib.dll] [, 1.1.3]
[C:\Program Files\Softwin\BitDefender8\getfile.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender8\vscan.dll] [SOFTWIN S.R.L., 8, 1, 0, 1]
[C:\Program Files\Softwin\BitDefender8\schface.dll] [SOFTWIN S.R.L., 8, 1, 0, 3]
[C:\Program Files\Softwin\BitDefender8\schcore.dll] [SOFTWIN S.R.L., 8, 1, 0, 3]
[C:\Program Files\Softwin\BitDefender8\quar.dll] [SOFTWIN S.R.L., 8.1.0.1]
[C:\Program Files\Softwin\BitDefender8\report.dll] [SOFTWIN S.R.L., 8.1.0.2]
[C:\Program Files\Softwin\BitDefender8\quarcore.dll] [SOFTWIN S.R.L., 8, 1, 0, 0]
[PID: 1276][C:\Program Files\Softwin\BitDefender8\bdnagent.exe] [N/A, ]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 2408][C:\Documents and Settings\RUPESH RAGHAVAN\Desktop\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.2 30Sep04]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================
attachkid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-01-2007, 06:18 AM   #43 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 20,382
OS: XP


Re: Laptop Internet not working, malwares
There no longer appears to be any active malware on this machine.

Do a search for C:\WINDOWS\system32\hoixh.dll. If still present,delete it.

Please tell us about the current condition of the machine
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-01-2007, 08:15 AM   #44 (permalink)
Registered User
 
attachkid's Avatar
 
Join Date: Mar 2007
Posts: 32
OS: XP


Re: Laptop Internet not working, malwares
MY NET HAS STARTED WORKING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


Phew.....THANKS REID AND SUBS...you both did a fine job...

i took the panda scan and bitdefender scan...the reports are as under...

panda activescan

Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\RUPESH RAGHAVAN\Desktop\New Folder\SmitfraudFix\Process.exe
Adware:Adware/BaiduBar Not disinfected C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Microsoft\CD Burning\nu\backups\backup-20070311-165506-537.dll
Adware:Adware/Borlander Not disinfected C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Microsoft\CD Burning\nu\backups\backup-20070311-165506-818.dll
Adware:Adware/BaiduBar Not disinfected C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Microsoft\CD Burning\nu\backups\backup-20070311-191615-162.dll
Adware:Adware/Borlander Not disinfected C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Microsoft\CD Burning\nu\backups\backup-20070313-230032-323.dll
Adware:Adware/BaiduBar Not disinfected C:\nu\backups\backup-20070311-165506-537.dll
Adware:Adware/Borlander Not disinfected C:\nu\backups\backup-20070311-165506-818.dll
Adware:Adware/BaiduBar Not disinfected C:\nu\backups\backup-20070311-191615-162.dll
Adware:Adware/Borlander Not disinfected C:\nu\backups\backup-20070313-230032-323.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Virus:Trj/SpamtaLoad.CS Disinfected Local Folders\Deleted Items\test\test.zip[test.txt.scr]
Virus:Trj/SpamtaLoad.CZ Disinfected Local Folders\Deleted Items\hello\docs.zip[docs.msg.exe]
Virus:Trj/Spamtaload.DM Disinfected Local Folders\Deleted Items\postcard\postcard.zip[postcard.exe]
Virus:W32/Parite.B Disinfected Local Folders\Deleted Items\Re: Protected Mail Request\data_sales.zip[document.txt .exe]
Virus:W32/Sality.T Disinfected Local Folders\Deleted Items\Re: Protected Mail Request\data_sales.zip[document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: Protected Mail Request\data_sales.zip[document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: Its me\mails9.zip[document.txt .exe]
Virus:W32/Parite.B Disinfected Local Folders\Deleted Items\Re: Request\details05.zip[document.txt .exe]
Virus:W32/Sality.T Disinfected Local Folders\Deleted Items\Re: Request\details05.zip[document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: Request\details05.zip[document.txt .exe]
Virus:W32/Parite.B Disinfected Local Folders\Deleted Items\Re: A!p$ghsa\important.zip[document.txt .exe]
Virus:W32/Sality.T Disinfected Local Folders\Deleted Items\Re: A!p$ghsa\important.zip[document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: A!p$ghsa\important.zip[document.txt .exe]
Virus:W32/Parite.B Disinfected Local Folders\Deleted Items\Stolen document\about_you.zip[document.txt .exe]
Virus:W32/Sality.T Disinfected Local Folders\Deleted Items\Stolen document\about_you.zip[document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Stolen document\about_you.zip[document.txt .exe]
Virus:W32/Parite.B Disinfected Local Folders\Deleted Items\Re: Your document\about_you_sales.zip[data.rtf .scr]
Virus:W32/Sality.T Disinfected Local Folders\Deleted Items\Re: Your document\about_you_sales.zip[data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: Your document\about_you_sales.zip[data.rtf .scr]
Hacktool:Exploit/iFrame Not disinfected Local Folders\Inbox\rupesh travel\Delivery Status Notification (Delay)
Virus:W32/Netsky.P.worm Disinfected Local Folders\Inbox\rupesh travel\Delivery Status Notification (Delay)\message.scr



2. BITDEFENDER


//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 01/04/2007 17:35:34
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\
D:\
E:\
Folders : 4632
Files : 621623
Archives : 24296
Packed files : 101213
Identified viruses : 7
Infected files : 14
Warnings : 0
Suspect files : 0
Disinfected files : 1
Deleted files : 0
Copied files : 0
Moved files : 6
Renamed files : 0
I/O errors : 32
Scan time : 02:27:09
Scan speed (files/sec) : 70

Virus definitions : 414657
Scan plugins : 14
Archive plugins : 38
Unpack plugins : 6
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\$VAULT$.AVG\03262578.FIL Infected Trojan.Ianugoph.A
C:\$VAULT$.AVG\03262578.FIL Disinfection failed
C:\$VAULT$.AVG\03262578.FIL Moved
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 16)=>(base64) Infected Win32.Parite.B
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 16)=>(base64) Disinfected
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 16)=>(base64) Infected Win32.Sality.M
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 16)=>(base64) Disinfection failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 16)=>(base64) Move failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 16) Update
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx Update failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 19)=>[Subject: Hello][Date: Fri, 16 Mar 2007 11:03:25 +0530]=>(MIME part)=>document.zip=>zyo.hta Infected JS.Feebs.Gen
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 19)=>[Subject: Hello][Date: Fri, 16 Mar 2007 11:03:25 +0530]=>(MIME part)=>document.zip=>zyo.hta Disinfection failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 278)=>(base64) Infected Win32.Sality.M
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 278)=>(base64) Disinfection failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 278)=>(base64) Move failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 423)=>[Subject: Hi][Date: Sun, 11 Feb 2007 17:08:17 +0530]=>(MIME part)=>mail.zip=>data.hta Infected JS.Feebs.Gen
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 423)=>[Subject: Hi][Date: Sun, 11 Feb 2007 17:08:17 +0530]=>(MIME part)=>mail.zip=>data.hta Disinfection failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 581)=>(base64) Infected Win32.Sality.M
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 581)=>(base64) Disinfection failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 581)=>(base64) Move failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 598)=>(base64) Infected Win32.Sality.M
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 598)=>(base64) Disinfection failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 598)=>(base64) Move failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\rupesh travel.dbx=>(message 9)=>[Subject: Delivery Status Notification (Delay)][Date: Fri, 30 Mar 2007 00:20:11 +0200]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure torgny.wiking@s][Date: Thu, 29 Mar 2007 15:49:30 +0530]=>(MIME part)=>(MIME part)=>(message body) Infected Exploit.Iframe.Vulnerability.B
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\rupesh travel.dbx=>(message 9)=>[Subject: Delivery Status Notification (Delay)][Date: Fri, 30 Mar 2007 00:20:11 +0200]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure torgny.wiking@s][Date: Thu, 29 Mar 2007 15:49:30 +0530]=>(MIME part)=>(MIME part)=>(message body) Disinfection failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\rupesh travel.dbx=>(message 9)=>[Subject: Delivery Status Notification (Delay)][Date: Fri, 30 Mar 2007 00:20:11 +0200]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure torgny.wiking@s][Date: Thu, 29 Mar 2007 15:49:30 +0530]=>(MIME part)=>(MIME part)=>(message body) Move failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Microsoft\CD Burning\nu\backups\backup-20070311-165506-818.dll Detected: Adware.Borlander.B
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Microsoft\CD Burning\nu\backups\backup-20070311-165506-818.dll Disinfection failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Microsoft\CD Burning\nu\backups\backup-20070311-165506-818.dll Moved
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Microsoft\CD Burning\nu\backups\backup-20070313-230032-323.dll Detected: Adware.Borlander.B
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Microsoft\CD Burning\nu\backups\backup-20070313-230032-323.dll Disinfection failed
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Microsoft\CD Burning\nu\backups\backup-20070313-230032-323.dll Moved
C:\nu\backups\backup-20070311-165506-818.dll Detected: Adware.Borlander.B
C:\nu\backups\backup-20070311-165506-818.dll Disinfection failed
C:\nu\backups\backup-20070311-165506-818.dll Moved
C:\nu\backups\backup-20070313-230032-323.dll Detected: Adware.Borlander.B
C:\nu\backups\backup-20070313-230032-323.dll Disinfection failed
C:\nu\backups\backup-20070313-230032-323.dll Moved
C:\WINDOWS\system32\winlib .dll Infected Trojan.Cinmun.A
C:\WINDOWS\system32\winlib .dll Disinfection failed
C:\WINDOWS\system32\winlib .dll Moved


I am messaging this from my Laptop itself......

thank you both Reid and SUBS..Great Job....
attachkid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-02-2007, 06:52 AM   #45 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 19,091
OS: WinXP and Vista


Re: Laptop Internet not working, malwares
You can thank sUBs for that.

Please empty your Outlook Express Deleted Items folder. To do so:
  • Open Outlook Express
  • Right click on Deleted Items
  • Select 'Empty Deleted Items folder'.
  • Click 'Yes' at the next popup box to succesfully empty the Deleted Items folder.

You may want to consider using these settings for your Outlook Express, which will automatically empty the deleted items folder upon exit:

Go to Tools > Options
Under the Maintenance Tab, checkmark the following boxes:

* Empty messages from 'Deleted item' folder on exit
* Purge deleted messages when leaving IMAP folders

-------------------------------------------------------------

You also need to delete the e-mail located here in rupesh travel.dbx:

Subject: Delivery Status Notification (Delay)][Date: Date: Thu, 29 Mar 2007 15:49:30 ] and again the same e-mail on Fri, 30 Mar 2007 .

-------------------------------------------------------------

Due to the level of infection that was present on this system, I think it would be prudent to get one more online scan at Kaspersky and see if it reveals anything further:

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Once again, please advise on the system behavior.
__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Keep this site free for all. Please consider, donating

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-02-2007, 10:41 AM   #46 (permalink)
Registered User
 
attachkid's Avatar
 
Join Date: Mar 2007
Posts: 32
OS: XP


Re: Laptop Internet not working, malwares
HI Ried..

well thanks to both of you...you both had a key role to play..

anyway, kasperesky report is as under, by the way, which file was blocking the net access and how did that go?

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 02, 2007 11:01:47 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/04/2007
Kaspersky Anti-Virus database records: 289939
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 60196
Number of viruses found: 10
Number of infected objects: 49 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:35:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0105\values Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Desktop\New Folder\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Desktop\New Folder\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Desktop\New Folder\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Desktop\New Folder\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Desktop\New Folder\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Deleted Items.dbx Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\info.dbx/[From "service@paypal.com" <service@paypal.com>][Date Sun, 14 Jan 2007 23:33:34 -0200]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ad skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\info.dbx/[From "service@paypal.com" <service@paypal.com>][Date Sun, 14 Jan 2007 23:33:34 -0200]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ad skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\info.dbx/[From "service@paypal.com" <service@paypal.com>][Date Sun, 14 Jan 2007 23:33:34 -0200]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ad skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\info.dbx/[From "service@paypal.com" <service@paypal.com>][Date Sun, 14 Jan 2007 23:33:34 -0200]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ad skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\info.dbx Mail MS Outlook 5: infected - 4 skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\sales.dbx/[From "service@paypal.com" <service@paypal.com>][Date Mon, 15 Jan 2007 08:40:07 +0300]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ad skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\sales.dbx/[From "service@paypal.com" <service@paypal.com>][Date Mon, 15 Jan 2007 08:40:07 +0300]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ad skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\sales.dbx/[From "service@paypal.com" <service@paypal.com>][Date Mon, 15 Jan 2007 08:40:07 +0300]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ad skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\sales.dbx/[From "service@paypal.com" <service@paypal.com>][Date Mon, 15 Jan 2007 08:40:07 +0300]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ad skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\sales.dbx Mail MS Outlook 5: infected - 4 skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\History\History.IE5\MSHist012007040220070403\index.dat Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Temp\JETB784.tmp Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\RUPESH RAGHAVAN\ntuser.dat.LOG Object is locked skipped
C:\nu\backups\backup-20070311-165506-537.dll Infected: Trojan-Clicker.Win32.Agent.io skipped
C:\nu\backups\backup-20070311-191615-162.dll Infected: Trojan-Clicker.Win32.Agent.io skipped
C:\nu\backups\backup-20070311-215654-936.dll Infected: not-a-virus:AdWare.Win32.Agent.bk skipped
C:\nu\backups\backup-20070311-220058-669.dll Infected: not-a-virus:AdWare.Win32.Cinmus.d skipped
C:\nu\backups\backup-20070311-220058-792.dll Infected: not-a-virus:AdWare.Win32.Agent.bk skipped
C:\nu\backups\backup-20070313-230031-304.dll Infected: Trojan-Clicker.Win32.BHO.f skipped
C:\nu\backups\backup-20070313-230032-406.dll Infected: not-a-virus:AdWare.Win32.Agent.bk skipped
C:\nu\backups\backup-20070313-230032-940.dll Infected: Trojan-Clicker.Win32.Agent.io skipped
C:\nu\backups\backup-20070315-214810-214.dll Infected: not-a-virus:AdWare.Win32.Agent.bk skipped
C:\nu\backups\backup-20070315-214810-946.dll Infected: not-a-virus:AdWare.Win32.Cinmus.d skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Huawei technologies\HUAWEI Mobile Connect\vWTP.mdb Object is locked skipped
C:\Program Files\Internet Explorer\sposcl.exe Infected: Trojan-Proxy.Win32.Delf.bz skipped
C:\RECYCLER\S-1-5-21-2961393117-1064640514-2433714503-1007\Dc7\backups\backup-20070311-165506-537.dll Infected: Trojan-Clicker.Win32.Agent.io skipped
C:\RECYCLER\S-1-5-21-2961393117-1064640514-2433714503-1007\Dc7\backups\backup-20070311-191615-162.dll Infected: Trojan-Clicker.Win32.Agent.io skipped
C:\RECYCLER\S-1-5-21-2961393117-1064640514-2433714503-1007\Dc7\backups\backup-20070311-215654-936.dll Infected: not-a-virus:AdWare.Win32.Agent.bk skipped
C:\RECYCLER\S-1-5-21-2961393117-1064640514-2433714503-1007\Dc7\backups\backup-20070311-220058-669.dll Infected: not-a-virus:AdWare.Win32.Cinmus.d skipped
C:\RECYCLER\S-1-5-21-2961393117-1064640514-2433714503-1007\Dc7\backups\backup-20070311-220058-792.dll Infected: not-a-virus:AdWare.Win32.Agent.bk skipped
C:\RECYCLER\S-1-5-21-2961393117-1064640514-2433714503-1007\Dc7\backups\backup-20070313-230031-304.dll Infected: Trojan-Clicker.Win32.BHO.f skipped
C:\RECYCLER\S-1-5-21-2961393117-1064640514-2433714503-1007\Dc7\backups\backup-20070313-230032-406.dll Infected: not-a-virus:AdWare.Win32.Agent.bk skipped
C:\RECYCLER\S-1-5-21-2961393117-1064640514-2433714503-1007\Dc7\backups\backup-20070313-230032-940.dll Infected: Trojan-Clicker.Win32.Agent.io skipped
C:\RECYCLER\S-1-5-21-2961393117-1064640514-2433714503-1007\Dc7\backups\backup-20070315-214810-214.dll Infected: not-a-virus:AdWare.Win32.Agent.bk skipped
C:\RECYCLER\S-1-5-21-2961393117-1064640514-2433714503-1007\Dc7\backups\backup-20070315-214810-946.dll Infected: not-a-virus:AdWare.Win32.Cinmus.d skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1\A0000008.exe Infected: Worm.Win32.Agent.t skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2\A0001062.DLL Infected: Trojan-Downloader.Win32.Small.ejw skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2\A0001063.exe Infected: Worm.Win32.Agent.t skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2\A0001064.exe Infected: Worm.Win32.Agent.t skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2\A0001065.exe Infected: Worm.Win32.Agent.t skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2\A0001066.exe Infected: Worm.Win32.Agent.t skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP5\A0001723.exe Infected: Worm.Win32.Agent.t skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP5\A0001724.exe Infected: Worm.Win32.Agent.t skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP6\A0001825.dll Infected: not-a-virus:AdWare.Win32.Cinmus.d skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP7\A0001897.dll Infected: not-a-virus:AdWare.Win32.Boran.z skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP7\A0001898.dll Infected: not-a-virus:AdWare.Win32.Boran.z skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP7\A0001900.dll Infected: not-a-virus:AdWare.Win32.Boran.z skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP7\A0001901.dll Infected: not-a-virus:AdWare.Win32.Boran.z skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP8\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped