Okay, here is the DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Boss at 20:17:53.98 on Thu 03/25/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.311 [GMT -4:00]
AV: Paladin Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: F-Secure Internet Security 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Internet Security 2010 10.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Common\FSLAUNCH.EXE
C:\Documents and Settings\Boss\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.google.com/uDefault_Page_URL =
hxxp://www.dellnet.commSearch Page =
mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluInternet Settings,ProxyOverride =
hxxp://localhost;mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - No File
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure\nrs\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure\nrs\iescript\baselitmus.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {850CD0B8-DA33-4558-A8C8-95D7908E37A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Remote System Protection] rundll32.exe c:\windows\system32\ramne.dll, HUI_proc
mPolicies-explorer: <NO NAME> =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\organize\bandobjs.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL
DPF: DirectAnimation Java Classes -
file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\java\classes\xmldso.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} -
hxxp://codecs.microsoft.com/codecs/i386/voxacm.CABDPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
hxxp://download.macromedia.com/pub/shoc ... tor/sw.cabDPF: {33564D57-0000-0010-8000-00AA00389B71} -
hxxp://download.microsoft.com/download/ ... mv9VCM.CABDPF: {33564D57-9980-0010-8000-00AA00389B71} -
hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
hxxp://update.microsoft.com/microsoftup ... 1382117273DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
hxxp://v4.windowsupdate.microsoft.com/C ... 5567476852DPF: {B49C4597-8721-4789-9250-315DFBD9F525} -
hxxp://www.tgrthaber.com.tr/CanliYayin/ ... _en_dl.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/s ... wflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - No File
STS: {77f79558-9176-4096-8963-d02fbcc298cd} - No File
STS: {ef24fa8a-3fc3-4061-93d4-7411f7d57fc9} - No File
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\boss\applic~1\mozilla\firefox\profiles\w680v9w6.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - component: c:\program files\f-secure\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-3-23 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-3-23 80000]
R1 26F77o8;26F77o8;c:\windows\system32\drivers\26F77o8.sys [2002-8-29 753792]
R1 393T9D1;393T9D1;c:\windows\system32\drivers\393T9D1.sys [2002-8-29 752768]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2010-3-23 68064]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2003-7-16 55168]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2010-3-23 215648]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2010-3-23 107104]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2008-3-9 36224]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2010-3-23 55992]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\135.tmp --> c:\windows\system32\135.tmp [?]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2010-1-15 10112]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2010-3-23 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2010-3-23 25184]
=============== Created Last 30 ================
2010-03-26 00:04:08 0 ----a-w- c:\documents and settings\boss\defogger_reenable
2010-03-25 23:11:13 0 d-----w- c:\program files\Trend Micro
2010-03-25 22:38:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-25 19:59:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-25 19:46:19 0 d-----w- c:\documents and settings\boss\.SunDownloadManager
2010-03-25 18:10:00 0 d-----w- c:\program files\Sophos
2010-03-25 17:06:21 0 d-----w- c:\windows\system32\scripting
2010-03-25 17:06:16 0 d-----w- c:\windows\l2schemas
2010-03-25 17:06:14 0 d-----w- c:\windows\system32\en
2010-03-25 17:00:16 0 d-----w- c:\windows\network diagnostic
2010-03-24 14:29:54 2 --shatr- c:\windows\winstart.bat
2010-03-24 14:28:56 0 d-----w- c:\program files\UnHackMe
2010-03-23 20:53:43 0 d-----w- c:\docume~1\boss\applic~1\f-secure
2010-03-23 20:40:31 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-03-23 20:39:43 80000 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2010-03-23 20:38:35 0 d-----w- c:\program files\F-Secure
2010-03-23 20:11:05 0 d-----w- c:\docume~1\alluse~1\applic~1\fssg
2010-03-23 17:40:25 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-03-23 14:52:16 0 d-----w- c:\program files\GiPo@Utilities
2010-03-23 14:52:16 0 d-----w- c:\program files\common files\Gibinsoft Shared
2010-03-23 13:56:24 0 d--h--w- c:\windows\PIF
2010-03-22 21:04:49 0 d-----w- c:\program files\TweakNow PowerPack 2009
2010-03-22 21:04:49 0 d-----w- c:\docume~1\boss\applic~1\TweakNow PowerPack 2009
2010-03-22 19:36:58 0 d-sh--w- c:\documents and settings\boss\PrivacIE
2010-03-22 17:03:05 0 d-----w- c:\docume~1\boss\applic~1\Malwarebytes
2010-03-22 17:01:03 0 d-sh--w- c:\documents and settings\boss\IETldCache
2010-03-22 16:17:23 0 d-----w- C:\!KillBox
2010-03-22 16:16:30 92672 ----a-w- C:\KillBox.exe
2010-03-22 16:15:32 401720 ----a-w- C:\HijackThis.exe
2010-03-22 15:59:05 0 d-----w- c:\windows\system32\MpEngineStore
2010-03-22 14:16:41 0 d-----w- c:\program files\common files\ODBC
2010-03-21 22:30:18 0 d-----w- c:\program files\AVG
2010-03-21 20:16:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-21 18:31:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-21 18:31:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-21 18:31:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-21 18:31:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-21 14:27:35 0 d--h--w- c:\windows\system32\GroupPolicy
2010-03-21 14:02:10 2 ----a-w- c:\windows\msoffice.ini
2010-03-20 19:46:38 0 d-----w- c:\windows\system32\NtmsData
2010-03-13 18:56:36 10752 ----a-w- c:\windows\DCEBoot.exe
2010-03-05 09:24:22 42496 ----a-w- c:\windows\system32\zojetiru.exe
2010-03-04 13:59:07 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-26 01:48:15 53 ----a-w- c:\windows\system32\4DW4R3sv.dat
2010-02-26 01:48:14 0 ----a-w- c:\windows\system32\drivers\fualfyp.sys
2010-02-26 01:47:22 8 ----a-w- c:\docume~1\alluse~1\applic~1\mswintmp.dat
==================== Find3M ====================
2010-03-25 19:59:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-15 16:07:38 28032 ----a-w- c:\windows\system32\ssmirrdr.dll
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
1601-01-01 00:03:28 69632 --sha-w- c:\windows\system32\fazotene.exe
1601-01-01 00:03:28 7400 --sha-w- c:\windows\system32\reranavu.exe
1601-01-01 00:03:28 42496 --sha-w- c:\windows\system32\zijokomo.exe
============= FINISH: 20:19:34.03 ===============
*********************************************
Here is the GMER
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-03-26 08:45:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Boss\LOCALS~1\Temp\axtdapow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xF86A8CD6]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xF86A8CF0]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xF86A7E8C]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xF86A81BC]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xF86A7BCC]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xF86A85EE]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xF86A988C]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xF86A843E]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xF86A7A4C]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xF86A7EC0]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xF86A8042]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xF86A79A6]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xF86A7B06]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xF86A7F86]
Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 832E5A9A
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
**********************************
Here is the attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/11/2003 3:02:11 PM
System Uptime: 3/25/2010 6:42:23 PM (2 hours ago)
Motherboard: Dell Computer Corp. | | 0H0678
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2651/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 56 GiB total, 38.468 GiB free.
D: is Removable
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Direct Parallel
Device ID: ROOT\MS_PTIMINIPORT\0000
Manufacturer: Microsoft
Name: Direct Parallel
PNP Device ID: ROOT\MS_PTIMINIPORT\0000
Service: Raspti
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.5
ATI Control Panel
ATI Display Driver
AutoUpdate
AVI WMV MPEG Converter
BPS Data Shredder 1.0
Canon MultiPASS Suite 4.20a
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Support
DivX
DivX Player
DivX Web Player
DVDSentry
F-Secure Internet Security 2010
F-Secure PSC Prerequisites
GiPo@MoveOnBoot 1.9.5
Google Earth
Google Toolbar for Internet Explorer
Help and Support Customization
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HyperCam 2
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Internet Washer Pro 3.2-AC1
InterVideo WinDVD Platinum
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 18
LG USB Modem driver
Lotus Organizer 6.0
Malwarebytes' Anti-Malware
Media Player Codec Pack 3.2.0
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! for Windows XP
Microsoft Publisher 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIRC
Modem Helper
Mozilla Firefox (3.6.2)
MSVCRT
PowerDVD
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Sophos Anti-Rootkit 1.5.0
Sound Blaster Live!
Spybot - Search & Destroy 1.2
TweakNow PowerPack 2009
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V CAST Music with Rhapsody
Verizon Help and Support Tool
Verizon High Speed Internet
Viewpoint Media Player
VLC media player 0.9.8a
Vz In Home Agent
VZAccess Manager
Web Games Player Plugin
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 2002
Yahoo! Messenger Explorer Bar
==== Event Viewer Messages From Past Week ========
3/25/2010 5:58:41 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\atapi.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
3/25/2010 3:26:33 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file atapi.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.2180, the version of the system file is 5.1.2600.5512.
3/23/2010 6:50:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\atapi.sys could not be copied into the DLL cache. The specific error code is 0x00000000 [The operation completed successfully. ]. This file is necessary to maintain system stability.
3/23/2010 6:48:11 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\atapi.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
3/23/2010 4:56:35 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
3/23/2010 4:53:35 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
3/23/2010 4:51:42 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
3/23/2010 4:51:42 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
3/23/2010 4:51:36 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
3/23/2010 3:32:34 PM, error: F-Secure Standalone Minifilter [1] -
3/23/2010 10:35:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/23/2010 10:34:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/22/2010 8:28:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
3/22/2010 8:10:36 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
3/22/2010 5:45:05 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01e: Windows XP Service Pack 3 (KB936929).
3/22/2010 3:46:44 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}
3/22/2010 3:36:49 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
3/22/2010 10:04:19 AM, error: Service Control Manager [7000] - The McAfee.com Personal Firewall Service service failed to start due to the following error: The system cannot find the path specified.
3/21/2010 7:46:12 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.
3/21/2010 4:21:34 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
3/21/2010 4:21:34 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastUI.exe. Reference error message: The operation completed successfully. .
3/21/2010 4:21:34 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
3/21/2010 4:21:10 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\avastUI.exe. Reference error message: The operation completed successfully. .
3/21/2010 4:20:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/21/2010 4:20:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
3/21/2010 3:45:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/20/2010 3:45:19 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
==== End Of File ===========================