report cont. last one [Archive] - Safer-Networking Forums

View Full Version : report cont. last one

thetechguy

2005-11-04, 10:28

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B40F3236-C1AB-4671-876A-DD4478F8DA77}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4321B05B-4373-4312-AE0B-DD20ADC5D52E}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4321B05B-4373-4312-AE0B-DD20ADC5D52E}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{25BA314E-1811-4B53-96F5-2341A4E2E414}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{25BA314E-1811-4B53-96F5-2341A4E2E414}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{378577BD-2BAC-44F9-B8E4-D1A52CEA87BE}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip_{378577BD-2BAC-44F9-B8E4-D1A52CEA87BE}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip_{564DC57B-88A6-4779-8552-256F95EA86E7}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip_{564DC57B-88A6-4779-8552-256F95EA86E7}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9C4DA8D-F087-4EFB-884A-8F33C44E7AD1}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9C4DA8D-F087-4EFB-884A-8F33C44E7AD1}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6BDA78D4-4CE6-4E7F-86CB-1C70A019AB49}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6BDA78D4-4CE6-4E7F-86CB-1C70A019AB49}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 35: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1F5F55F6-6C75-4E62-99FA-5B4776005574}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 36: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1F5F55F6-6C75-4E62-99FA-5B4776005574}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 37: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DABD16A7-BE57-4C7C-B211-0D494E499C59}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 38: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DABD16A7-BE57-4C7C-B211-0D494E499C59}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*

Namespace Provider 4: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace

LonnyRJones

2005-11-04, 15:29

Hello

When I check for problems I see 0/30 problems found at the bottom and then Congratulations! no threates found.
The item's in that progress-bar are what is looked for not what is on the pc.
Curious what file sets do you have SpyBot set for ? See attached Pic.
How long have you had SSD 1.4 ?
On SpyBots advanced > tools > system startup page is this the only item that shows for winlogon ?
Located: WinLogon, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll

"Applications errors of files isrdpapi.exe and atbdjpn.exe"
When do you see those errors, at windows shutdown ?

thetechguy

2005-11-04, 22:24

I see these errors during regular use of the computer. I am just working along and one pops up and then another and somtimes the pc ends up in a hung condition and I have to reboot.

LonnyRJones

2005-11-05, 00:47

Hi

And the other three question's ? :)

Post a report from system internals rootkillrevieler
http://www.sysinternals.com/Utilities/RootkitRevealer.html

thetechguy

2005-11-09, 21:10

have been using Spybot SD for years - and upgrading to newer versions as they come out. I do alot of program downloading and have quite often been infected with CWS variants and removed them with CWscredder and Spybot SD - here is my start up report

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 TeaTimer_original.exe (1.4.0.2)
2005-10-30 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-10-28 Includes\Cookies.sbi
2005-10-28 Includes\Dialer.sbi
2005-10-28 Includes\Hijackers.sbi
2005-10-28 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-10-28 Includes\Malware.sbi
2005-10-28 Includes\PUPS.sbi
2005-10-28 Includes\Revision.sbi
2005-10-28 Includes\Security.sbi
2005-10-28 Includes\Spybots.sbi
2005-02-16 Includes\Tracks.uti
2005-10-28 Includes\Trojans.sbi

Located: HK_LM:Run, APL
command: "C:\Program Files\ACT\ACT for Win 7\APL.exe"
file: C:\Program Files\ACT\ACT for Win 7\APL.exe
size: 20480
MD5: 0d88047a483c5aee81af6ea0e3353d4e

Located: HK_LM:Run, BluetoothAuthenticationAgent
command: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71280
MD5: 5712b77158fbbb5ab5aebc396e15499d

Located: HK_LM:Run, CloneCDElbyCDFL
command: "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
file: C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
size: 45056
MD5: fb408b5e89b7eb5720e04485b847cbd4

Located: HK_LM:Run, CloneCDTray
command: "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
file: C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
size: 57344
MD5: 7451a022e910fb8e91c7f6d5049a9e83

Located: HK_LM:Run, DownloadAccelerator
command: C:\PROGRA~1\DAP\DAP.EXE /STARTUP
file: C:\PROGRA~1\DAP\DAP.EXE
size: 1069056
MD5: 357c0898b3cc52ff08ed68787dc0e0a8

Located: HK_LM:Run, FaxTalk CallControl 7.0
command: "C:\Program Files\FaxTalk Messenger Pro 7.0\FTClCtrl.exe"
file: C:\Program Files\FaxTalk Messenger Pro 7.0\FTClCtrl.exe
size: 122880
MD5: 3d29a4bf90da0a8870fa5167b3dbda96

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, LogMeIn GUI
command: "C:\Program Files\LogMeIn\LogMeInSystray.exe"
file: C:\Program Files\LogMeIn\LogMeInSystray.exe
size: 189168
MD5: 2fdbd9191a9576a3e41edd230b68297c

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 782336
MD5: 1821fb026290a1c26a235406b5ccf434

Located: HK_LM:Run, Omnipage
command: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
file: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
size: 49152
MD5: bb272fcbc0fcf0bf43fe75d81ec17899

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, type32
command: "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
file: C:\Program Files\Microsoft IntelliType Pro\type32.exe
size: 172032
MD5: 05e10c2c3736e52fe33d16d2f9c73c04

Located: HK_LM:Run, VC5Player
command: C:\Program Files\HHVcdV5Sys\VC5Play.exe
file: C:\Program Files\HHVcdV5Sys\VC5Play.exe
size: 176128
MD5: 9aeba99ad111e10519e6cff2f4a2df05

Located: HK_LM:Run, WinVNC
command: "C:\Program Files\RealVNC\WinVNC\winvnc.exe" -servicehelper
file:

Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file:

Located: HK_LM:Run, RoxioAudioCentral (DISABLED)
command: "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
file:

Located: HK_LM:Run, RoxioDragToDisc (DISABLED)
command: "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
file:

Located: HK_LM:Run, RoxioEngineUtility (DISABLED)
command: "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
file:

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, Eraser
command: C:\Program Files\Eraser\eraser.exe -hide
file:

Located: HK_CU:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 120320
MD5: d7ff5e298a0ad6c01e06bc1b2d202cf6

Located: HK_CU:Run, H/PC Connection Agent
command: "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
file: C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 405583
MD5: a4ce7e9913893e1b59e303cf2a43d5d6

Located: HK_CU:Run, MoneyAgent
command: "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
file: C:\Program Files\Microsoft Money\System\mnyexpr.exe
size: 200704
MD5: b0342cdf37f346704708c6d924028a5a

Located: HK_CU:Run, NBJ
command: "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
file: C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
size: 1945600
MD5: 8e8237f0468c7ede1480b261e2121367

Located: HK_CU:Run, OnlinePCfix SmoothSurfer
command: C:\Program Files\OnlinePCfix\SmoothSurfer\SS.exe -start
file:

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 8f1862afc3c79c0ea37621e87cc2fe6e

Located: HK_CU:Run, SpyEmergency
command: "C:\Program Files\Spy Emergency 2005\SpyEmergency.exe"
file:

Located: HK_CU:Run, Yahoo! Pager
command: C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
file:

Located: HK_CU:Run, MSMSGS (DISABLED)
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: Startup (common), Acrobat Assistant.lnk
command: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
file: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), InterVideo WinCinema Manager.lnk
command: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
file: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 237568
MD5: 2e756973deb506be033151bde547f4bf

Located: Startup (common), Kaiser VPN Client.lnk
command: C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe
file: C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe
size: 1269836
MD5: 639c4eb0e3bc42fcb141ef45cb1fa1b4

thetechguy

2005-11-09, 21:11

Located: Startup (common), QuickBooks Update Agent.lnk
command: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
file: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
size: 806912
MD5: 0029df834c3bfd1008bb78b618125c73

Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 118784
MD5: 67b2e7b6ae3b400d832f0456068ea83d

Located: Startup (user), Adobe Gamma.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (user), FaxTalk Messenger Pro 7.0.lnk
command: C:\Program Files\FaxTalk Messenger Pro 7.0\FTMSGR32.EXE
file: C:\Program Files\FaxTalk Messenger Pro 7.0\FTMSGR32.EXE
size: 585728
MD5: e8bf10d4fc3480d2000599108c8320a8

Located: Startup (user), Launch Microsoft Office Outlook.lnk
command: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
file: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
size: 196296
MD5: edb2d35ef459fa287d02206602301e91

Located: Startup (user), Toddler Keys.lnk
command: C:\Documents and Settings\Jon\Application Data\Microsoft\Installer\{59B57716-4626-4EF1-AB4D-3EA14B13082C}\_5e9d489c.exe
file: C:\Documents and Settings\Jon\Application Data\Microsoft\Installer\{59B57716-4626-4EF1-AB4D-3EA14B13082C}\_5e9d489c.exe
size: 766
MD5: 004ba4b735b2879d26f46e3270241c1e

Located: WinLogon, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll

thetechguy

2005-11-09, 21:20

The report is too large to post you can view it for me at www.thetechguyusa.com/rootkitreport/

thank you

LonnyRJones

2005-11-09, 21:32

Hi

bytes Hidden from Windows API. C:\Program Files\Bueosoft 10/31/2005 9:22 AM 0 bytes
Hidden from Windows API. C:\Program Files\Bueosoft\ace.dll
Hidden from Windows API. C:\WINDOWS\system32\drivers\srmixer.sys 10/30/2005 8:40 AM 12.00 KB Hidden
Signs of the apropos rootkit
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe
Save it to your desktop but do NOT run it yet.
Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.
When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

Also Your aperently missing the other default winlogon notify keys
a registry file called winlogondefaults.reg for xp and win2000def.reg for 2k systems is in this tool
download and install L2mfix
http://www.atribune.org/downloads/l2mfix.exe
Open the l2mfix\regfixes folder and run the apropriet reg file, then restart your PC

LonnyRJones

2005-11-13, 02:00

How is the PC acting now ?

LonnyRJones

2005-11-17, 09:38

Due to lack of responses this thread is closed
If you still need assistance a new log will be needed, send one of our or staff a PM or email and we will re-open it.