Results 1 to 10 of 10

Thread: report cont. last one

  1. #1
    Junior Member
    Join Date
    Nov 2005
    Posts
    1

    Default report cont. last one

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B40F3236-C1AB-4671-876A-DD4478F8DA77}] DATAGRAM 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4321B05B-4373-4312-AE0B-DD20ADC5D52E}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4321B05B-4373-4312-AE0B-DD20ADC5D52E}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{25BA314E-1811-4B53-96F5-2341A4E2E414}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{25BA314E-1811-4B53-96F5-2341A4E2E414}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{378577BD-2BAC-44F9-B8E4-D1A52CEA87BE}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip_{378577BD-2BAC-44F9-B8E4-D1A52CEA87BE}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip_{564DC57B-88A6-4779-8552-256F95EA86E7}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip_{564DC57B-88A6-4779-8552-256F95EA86E7}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9C4DA8D-F087-4EFB-884A-8F33C44E7AD1}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9C4DA8D-F087-4EFB-884A-8F33C44E7AD1}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6BDA78D4-4CE6-4E7F-86CB-1C70A019AB49}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6BDA78D4-4CE6-4E7F-86CB-1C70A019AB49}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 35: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1F5F55F6-6C75-4E62-99FA-5B4776005574}] SEQPACKET 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 36: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1F5F55F6-6C75-4E62-99FA-5B4776005574}] DATAGRAM 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 37: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DABD16A7-BE57-4C7C-B211-0D494E499C59}] SEQPACKET 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 38: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DABD16A7-BE57-4C7C-B211-0D494E499C59}] DATAGRAM 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
    GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\nwprovau.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
    DB filename: %SystemRoot%\system32\nwprovau.dll
    DB protocol: NWLink IPX/SPX/NetBIOS*

    Namespace Provider 4: Bluetooth Namespace
    GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
    Filename: %SystemRoot%\system32\wshbth.dll
    Description: Bluetooth
    DB filename: %SystemRoot%\system32\wshbth.dll
    DB protocol: Bluetooth-Namespace

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hello
    When I check for problems I see 0/30 problems found at the bottom and then Congratulations! no threates found.
    The item's in that progress-bar are what is looked for not what is on the pc.
    Curious what file sets do you have SpyBot set for ? See attached Pic.
    How long have you had SSD 1.4 ?
    On SpyBots advanced > tools > system startup page is this the only item that shows for winlogon ?
    Located: WinLogon, WRNotifier
    command: WRLogonNTF.dll
    file: WRLogonNTF.dll

    "Applications errors of files isrdpapi.exe and atbdjpn.exe"
    When do you see those errors, at windows shutdown ?
    Last edited by LonnyRJones; 2005-11-04 at 16:33. Reason: add attachment

  3. #3
    Junior Member
    Join Date
    Nov 2005
    Posts
    1

    Default Re: When do you see these errors at shut down?

    I see these errors during regular use of the computer. I am just working along and one pops up and then another and somtimes the pc ends up in a hung condition and I have to reboot.

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi

    And the other three question's ?

    Post a report from system internals rootkillrevieler
    http://www.sysinternals.com/Utilitie...tRevealer.html

  5. #5
    Junior Member
    Join Date
    Nov 2005
    Posts
    1

    Default responce to 3 questions

    have been using Spybot SD for years - and upgrading to newer versions as they come out. I do alot of program downloading and have quite often been infected with CWS variants and removed them with CWscredder and Spybot SD - here is my start up report

    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2005-05-31 TeaTimer_original.exe (1.4.0.2)
    2005-10-30 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2005-10-28 Includes\Cookies.sbi
    2005-10-28 Includes\Dialer.sbi
    2005-10-28 Includes\Hijackers.sbi
    2005-10-28 Includes\Keyloggers.sbi
    2004-11-29 Includes\LSP.sbi
    2005-10-28 Includes\Malware.sbi
    2005-10-28 Includes\PUPS.sbi
    2005-10-28 Includes\Revision.sbi
    2005-10-28 Includes\Security.sbi
    2005-10-28 Includes\Spybots.sbi
    2005-02-16 Includes\Tracks.uti
    2005-10-28 Includes\Trojans.sbi

    Located: HK_LM:Run, APL
    command: "C:\Program Files\ACT\ACT for Win 7\APL.exe"
    file: C:\Program Files\ACT\ACT for Win 7\APL.exe
    size: 20480
    MD5: 0d88047a483c5aee81af6ea0e3353d4e

    Located: HK_LM:Run, BluetoothAuthenticationAgent
    command: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    file: C:\WINDOWS\system32\rundll32.exe
    size: 33280
    MD5: da285490bbd8a1d0ce6623577d5ba1ff

    Located: HK_LM:Run, ccApp
    command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    size: 71280
    MD5: 5712b77158fbbb5ab5aebc396e15499d

    Located: HK_LM:Run, CloneCDElbyCDFL
    command: "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    file: C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
    size: 45056
    MD5: fb408b5e89b7eb5720e04485b847cbd4

    Located: HK_LM:Run, CloneCDTray
    command: "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    file: C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    size: 57344
    MD5: 7451a022e910fb8e91c7f6d5049a9e83

    Located: HK_LM:Run, DownloadAccelerator
    command: C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    file: C:\PROGRA~1\DAP\DAP.EXE
    size: 1069056
    MD5: 357c0898b3cc52ff08ed68787dc0e0a8

    Located: HK_LM:Run, FaxTalk CallControl 7.0
    command: "C:\Program Files\FaxTalk Messenger Pro 7.0\FTClCtrl.exe"
    file: C:\Program Files\FaxTalk Messenger Pro 7.0\FTClCtrl.exe
    size: 122880
    MD5: 3d29a4bf90da0a8870fa5167b3dbda96

    Located: HK_LM:Run, KernelFaultCheck
    command: %systemroot%\system32\dumprep 0 -k
    file: C:\WINDOWS\system32\dumprep.exe
    size: 10752
    MD5: 13922eb54890c77005268882629a31fe

    Located: HK_LM:Run, LogMeIn GUI
    command: "C:\Program Files\LogMeIn\LogMeInSystray.exe"
    file: C:\Program Files\LogMeIn\LogMeInSystray.exe
    size: 189168
    MD5: 2fdbd9191a9576a3e41edd230b68297c

    Located: HK_LM:Run, NeroFilterCheck
    command: C:\WINDOWS\system32\NeroCheck.exe
    file: C:\WINDOWS\system32\NeroCheck.exe
    size: 155648
    MD5: 3e4c03cefad8de135263236b61a49c90

    Located: HK_LM:Run, NvCplDaemon
    command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    file: C:\WINDOWS\system32\RUNDLL32.EXE
    size: 33280
    MD5: da285490bbd8a1d0ce6623577d5ba1ff

    Located: HK_LM:Run, NvMediaCenter
    command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    file: C:\WINDOWS\system32\RUNDLL32.EXE
    size: 33280
    MD5: da285490bbd8a1d0ce6623577d5ba1ff

    Located: HK_LM:Run, nwiz
    command: nwiz.exe /install
    file: C:\WINDOWS\system32\nwiz.exe
    size: 782336
    MD5: 1821fb026290a1c26a235406b5ccf434

    Located: HK_LM:Run, Omnipage
    command: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    file: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    size: 49152
    MD5: bb272fcbc0fcf0bf43fe75d81ec17899

    Located: HK_LM:Run, Symantec NetDriver Monitor
    command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
    size: 100056
    MD5: f9418981ee4d7e995d359833adab59d5

    Located: HK_LM:Run, type32
    command: "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    file: C:\Program Files\Microsoft IntelliType Pro\type32.exe
    size: 172032
    MD5: 05e10c2c3736e52fe33d16d2f9c73c04

    Located: HK_LM:Run, VC5Player
    command: C:\Program Files\HHVcdV5Sys\VC5Play.exe
    file: C:\Program Files\HHVcdV5Sys\VC5Play.exe
    size: 176128
    MD5: 9aeba99ad111e10519e6cff2f4a2df05

    Located: HK_LM:Run, WinVNC
    command: "C:\Program Files\RealVNC\WinVNC\winvnc.exe" -servicehelper
    file:

    Located: HK_LM:Run, QuickTime Task (DISABLED)
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file:

    Located: HK_LM:Run, RoxioAudioCentral (DISABLED)
    command: "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    file:

    Located: HK_LM:Run, RoxioDragToDisc (DISABLED)
    command: "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    file:

    Located: HK_LM:Run, RoxioEngineUtility (DISABLED)
    command: "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    file:

    Located: HK_CU:Run, ctfmon.exe
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996a38c0b0cf151c2140ae29fc8

    Located: HK_CU:Run, Eraser
    command: C:\Program Files\Eraser\eraser.exe -hide
    file:

    Located: HK_CU:Run, Google Desktop Search
    command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    size: 120320
    MD5: d7ff5e298a0ad6c01e06bc1b2d202cf6

    Located: HK_CU:Run, H/PC Connection Agent
    command: "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    file: C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    size: 405583
    MD5: a4ce7e9913893e1b59e303cf2a43d5d6

    Located: HK_CU:Run, MoneyAgent
    command: "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    file: C:\Program Files\Microsoft Money\System\mnyexpr.exe
    size: 200704
    MD5: b0342cdf37f346704708c6d924028a5a

    Located: HK_CU:Run, NBJ
    command: "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    file: C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
    size: 1945600
    MD5: 8e8237f0468c7ede1480b261e2121367

    Located: HK_CU:Run, OnlinePCfix SmoothSurfer
    command: C:\Program Files\OnlinePCfix\SmoothSurfer\SS.exe -start
    file:

    Located: HK_CU:Run, SpybotSD TeaTimer
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1415824
    MD5: 8f1862afc3c79c0ea37621e87cc2fe6e

    Located: HK_CU:Run, SpyEmergency
    command: "C:\Program Files\Spy Emergency 2005\SpyEmergency.exe"
    file:

    Located: HK_CU:Run, Yahoo! Pager
    command: C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    file:

    Located: HK_CU:Run, MSMSGS (DISABLED)
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1694208
    MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

    Located: Startup (common), Acrobat Assistant.lnk
    command: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    file: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    size: 217193
    MD5: 78bfe3201ada2fe02d1e35d2488e5f55

    Located: Startup (common), Adobe Reader Speed Launch.lnk
    command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    size: 29696
    MD5: deb88aef013dd1eefb462d7cad642166

    Located: Startup (common), InterVideo WinCinema Manager.lnk
    command: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    file: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    size: 237568
    MD5: 2e756973deb506be033151bde547f4bf

    Located: Startup (common), Kaiser VPN Client.lnk
    command: C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe
    file: C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe
    size: 1269836
    MD5: 639c4eb0e3bc42fcb141ef45cb1fa1b4

  6. #6
    Junior Member
    Join Date
    Nov 2005
    Posts
    1

    Default start up report cont.

    Located: Startup (common), QuickBooks Update Agent.lnk
    command: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    file: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    size: 806912
    MD5: 0029df834c3bfd1008bb78b618125c73

    Located: Startup (common), WinZip Quick Pick.lnk
    command: C:\Program Files\WinZip\WZQKPICK.EXE
    file: C:\Program Files\WinZip\WZQKPICK.EXE
    size: 118784
    MD5: 67b2e7b6ae3b400d832f0456068ea83d

    Located: Startup (user), Adobe Gamma.lnk
    command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    size: 113664
    MD5: c2ff17734176cd15221c10044ef0ba1a

    Located: Startup (user), FaxTalk Messenger Pro 7.0.lnk
    command: C:\Program Files\FaxTalk Messenger Pro 7.0\FTMSGR32.EXE
    file: C:\Program Files\FaxTalk Messenger Pro 7.0\FTMSGR32.EXE
    size: 585728
    MD5: e8bf10d4fc3480d2000599108c8320a8

    Located: Startup (user), Launch Microsoft Office Outlook.lnk
    command: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    file: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    size: 196296
    MD5: edb2d35ef459fa287d02206602301e91

    Located: Startup (user), Toddler Keys.lnk
    command: C:\Documents and Settings\Jon\Application Data\Microsoft\Installer\{59B57716-4626-4EF1-AB4D-3EA14B13082C}\_5e9d489c.exe
    file: C:\Documents and Settings\Jon\Application Data\Microsoft\Installer\{59B57716-4626-4EF1-AB4D-3EA14B13082C}\_5e9d489c.exe
    size: 766
    MD5: 004ba4b735b2879d26f46e3270241c1e

    Located: WinLogon, WRNotifier
    command: WRLogonNTF.dll
    file: WRLogonNTF.dll

  7. #7
    Junior Member
    Join Date
    Nov 2005
    Posts
    1

    Default here is my root kit reveal report

    The report is too large to post you can view it for me at www.thetechguyusa.com/rootkitreport/

    thank you

  8. #8
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi

    bytes Hidden from Windows API. C:\Program Files\Bueosoft 10/31/2005 9:22 AM 0 bytes
    Hidden from Windows API. C:\Program Files\Bueosoft\ace.dll
    Hidden from Windows API. C:\WINDOWS\system32\drivers\srmixer.sys 10/30/2005 8:40 AM 12.00 KB Hidden
    Signs of the apropos rootkit
    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
    Please download AproposFix from here:
    http://swandog46.geekstogo.com/aproposfix.exe
    Save it to your desktop but do NOT run it yet.
    Then please reboot your computer in Safe Mode by doing the following:
    1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3) Instead of Windows loading as normal, a menu should appear
    4) Select the first option, to run Windows in Safe Mode.

    Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.
    When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.



    Also Your aperently missing the other default winlogon notify keys
    a registry file called winlogondefaults.reg for xp and win2000def.reg for 2k systems is in this tool
    download and install L2mfix
    http://www.atribune.org/downloads/l2mfix.exe
    Open the l2mfix\regfixes folder and run the apropriet reg file, then restart your PC

  9. #9
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    How is the PC acting now ?

  10. #10
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Due to lack of responses this thread is closed
    If you still need assistance a new log will be needed, send one of our or staff a PM or email and we will re-open it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •