Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winsock Provider Catalog Damaged


  • Please log in to reply
5 replies to this topic

#1 Pawl

Pawl

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 05 July 2011 - 09:26 PM

Hello. How can I get my internet working again on my other computer? When trying to use the internet, I am told "Internet Explorer cannot display the webpage." I then click on "diagnose conneciton problems" and am told "windows had detected a problem with the Winsock provider catalog on this computer." I have attempted to reset the catalog multiple times, including restarting the computer at end of each reset, and all attempts failed. When I click on "view diagnostic log," I am told "not all base service provider entries could be found in the winsock catalog. A reset is needed."

This problem occurred after attempting to update Windows through the Windows Updater. Unfortunately, I do not remember everything I updated. There was an upgrade for the "Microsoft .NET Framework" from Service Pack 2 to Service Pack 3 and possibly SP 3 to SP 3.5. The updater was updating but appeared to freeze, because it was attempting to update one of the .NET Framework updates for 4-5 hours. I cancelled the update and restarted the computer. Shortly afterward, I tried to use the internet and had this winsock issue.

I am using:
Windows XP Media Center Edition Service Pack 3
Internet Explorer 8
Currently .NET Framework 2.0 SP 2

I have tried these attempts:
-tried to reset the Winsock provider Catalog several times
-tried system restore to before the updates
-ran Spybot Search and Destroy
-ran Malware Bytes Anti-Malware
-deleted the file "mpiyatewisucej" from C/windows/system32-because the name did not come up in Google
-uninstalled .NET Framework 3 and 3.5
None of these have helped.

Thank you for the time to read this and help! :-D

Edited by hamluis, 07 July 2011 - 08:14 PM.
Moved from XP to Networking.


BC AdBot (Login to Remove)

 


#2 Pawl

Pawl
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 05 July 2011 - 10:13 PM

Also,
I have right clicked on my internet connection in "network connections" folder and clicked properties for "internet protocol (TCP/IP) and double checked to make sure I am obtaining IP address automatically and obtaining the DNS server address automatically.
I have also ran command prompt and entered the command "netsh winsock reset catalog".
-this message came up "Unable to reset the Winsock Catalog. The system cannot find the file specified."

#3 Pawl

Pawl
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 07 July 2011 - 07:01 PM

Up to date:
I used my Windows XP Media Center cd and reinstalled the TCP/IP Protocol. I had some trouble because it kept asking for the Windows XP Professional cd, and that's not my operating system. (checked OS from right clicking my computer)

I ran the command "netsh winsock reset catalog" from command prompt and reset computer. But didn't work. Here's a copy of the catalog.

Last diagnostic run time: 07/07/11 16:47:30 WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
error Provider entry MSAFD Tcpip [TCP/IP] could not perform simple loopback communication. Error 10050.
error Provider entry MSAFD Tcpip [UDP/IP] could not perform simple loopback communication. Error 10050.
info Provider entry MSAFD Tcpip [TCP/IPv6] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IPv6] passed the loopback communication test.
error Provider entry RSVP UDP Service Provider could not perform simple loopback communication. Error 10091.
error Provider entry RSVP TCP Service Provider could not perform simple loopback communication. Error 10091.
error A connectivity problem exists with an installed LSP.
info The user didn't approve the proposed automated repair attempt: Reset WinSock catalog
info Redirecting user to support call



Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Broadcom 440x 10/100 Integrated Controller, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Wireless Network Connection, Device=Dell Wireless 1390 WLAN Mini-Card, MediaType=LAN, SubMediaType=WIRELESS
info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394
info Both Ethernet and Wireless connections available, prompting user for selection
action User input required: Select network connection
info Wireless connection selected
Network adapter status

info Network connection status: Connected



HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.



There's a line that states "error A connectivity problem exists with an installed LSP."
Here's a copy from the command "netsh winsock show catalog" from command prompt



Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [TCP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1001
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [UDP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1002
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [RAW/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1003
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 3
Protocol: 0
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [TCP/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1004
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [UDP/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1005
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [RAW/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1006
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 3
Protocol: 0
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP UDP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\rsvpsp.dll
Catalog Entry ID: 1007
Version: 6
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP TCP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\rsvpsp.dll
Catalog Entry ID: 1008
Version: 6
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Name Space Provider Entry
------------------------------------------------------
Description: Tcpip
Provider ID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Name Space: 12
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: NTDS
Provider ID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Name Space: 32
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: Network Location Awareness (NLA) Namespace
Provider ID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Name Space: 15
Active: 1
Version: 0

Im thinking of running the program lspfix but they advise not to unless someone highly knowledgeable helps.
Is any of this information wrong?
Could someone lend a hand?

Thank you for reading through all this info and for all the future help!

#4 SuBz3r0

SuBz3r0

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 08 July 2011 - 12:30 AM

Try using LSPfix utility hxxp://download.bleepingcomputer.com/spyware/lspfix.zip be careful using it as it might corrupt your connectivity. The default on windows XP system are
File: Description:
------------- -----------------
mswsock.dll Tcpip
winrnr.dll NTDS
rsvpsp.dll (Protocol handler)
vsocklib.dll (Protocol handler)

post your results here.

Edited by SuBz3r0, 08 July 2011 - 12:32 AM.


#5 Pawl

Pawl
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 08 July 2011 - 10:35 AM

Sorry I had gone to bed last night.

Here are the results from Ispfix.

mswsock.dll Tcpip
winrnr.dll NTDS
rsvpsp.dll (Protocol handler)

#6 Pawl

Pawl
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 08 July 2011 - 11:53 AM

I just noticed the info I need to provide in this forum:
Using Inspiron E1705
Using wireless internet
Using modem/router: 2WIRE model: 3801HGV
Aproximately 20ft from modem/router
Using DSL

MiniToolBox scan results:

MiniToolBox by Farbar
Ran by Paul (administrator) on 08-07-2011 at 12:10:03
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
Hosts file not detected in the default diroctory
================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Unable to contact IP driver, error code 2,


================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/07/2011 02:56:45 PM) (Source: Application Error) (User: )
Description: Faulting application RCDMENU.EXE, version 2.93.0.1, faulting module RCDMENU.EXE, version 2.93.0.1, fault address 0x000f38e3.
Processing media-specific event for [RCDMENU.EXE!ws!]

Error: (07/06/2011 05:33:15 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (07/06/2011 05:33:15 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (07/05/2011 05:07:22 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (07/02/2011 11:41:25 PM) (Source: MsiInstaller) (User: Paul)Paul
Description: Product: Microsoft Security Client -- Error 1704. An installation for AVSDK5 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (07/02/2011 11:37:46 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe2.1.1116.00x8004ff0acommon client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (07/02/2011 11:37:44 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x8004FF0A
Description:Security Essentials is still installed on your computer.. Security Essentials was not removed from your computer. It will continue to monitor your computer and help protect it from potential threats. Error code:0x8004FF0A.

Error: (07/02/2011 11:22:42 PM) (Source: ioloServiceManager.exe) (User: )
Description: The service process could not connect to the service controller

Error: (07/02/2011 11:20:44 PM) (Source: Application Hang) (User: )
Description: Hanging application _iu14D2N.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/02/2011 11:15:21 PM) (Source: Application Hang) (User: )
Description: Hanging application _iu14D2N.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/08/2011 00:09:02 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1068

Error: (07/08/2011 00:09:02 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error:
%%2

Error: (07/08/2011 00:09:02 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC driver service failed to start due to the following error:
%%2

Error: (07/08/2011 00:09:02 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1068

Error: (07/08/2011 00:09:02 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error:
%%2

Error: (07/08/2011 00:09:02 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC driver service failed to start due to the following error:
%%2

Error: (07/08/2011 00:09:00 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1068

Error: (07/08/2011 00:09:00 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error:
%%2

Error: (07/08/2011 00:09:00 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC driver service failed to start due to the following error:
%%2

Error: (07/08/2011 10:31:44 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (07/07/2011 02:56:45 PM) (Source: Application Error)(User: )
Description: RCDMENU.EXE2.93.0.1RCDMENU.EXE2.93.0.1000f38e3

Error: (07/06/2011 05:33:15 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (07/06/2011 05:33:15 PM) (Source: LoadPerf)(User: )
Description: Performance

Error: (07/05/2011 05:07:22 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Error: (07/02/2011 11:41:25 PM) (Source: MsiInstaller)(User: Paul)Paul
Description: Product: Microsoft Security Client -- Error 1704. An installation for AVSDK5 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (07/02/2011 11:37:46 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe2.1.1116.00x8004ff0acommon client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (07/02/2011 11:37:44 PM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x8004FF0A
Description:Security Essentials is still installed on your computer.. Security Essentials was not removed from your computer. It will continue to monitor your computer and help protect it from potential threats. Error code:0x8004FF0A.

Error: (07/02/2011 11:22:42 PM) (Source: ioloServiceManager.exe)(User: )
Description: The service process could not connect to the service controller

Error: (07/02/2011 11:20:44 PM) (Source: Application Hang)(User: )
Description: _iu14D2N.tmp51.52.0.0hungapp0.0.0.000000000

Error: (07/02/2011 11:15:21 PM) (Source: Application Hang)(User: )
Description: _iu14D2N.tmp51.52.0.0hungapp0.0.0.000000000


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 49%
Total physical RAM: 1022.37 MB
Available physical RAM: 514.71 MB
Total Pagefile: 2460.09 MB
Available Pagefile: 2076.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.05 MB

======================= Partitions: =======================================

1 Drive c: () (Fixed) (Total:68.07 GB) (Free:2.55 GB) NTFS
2 Drive d: (XP_MCE_SP2_ENG) (CDROM) (Total:2.67 GB) (Free:0 GB) CDFS
3 Drive e: (TRAVELDRIVE) (Removable) (Total:0.96 GB) (Free:0.33 GB) FAT

================= Users: ==================================================

User accounts for \\PIZZ

-------------------------------------------------------------------------------
Administrator Guest HelpAssistant
Paul SUPPORT_388945a0
The command completed successfully.

================= End of Users ============================================




I just ran the program GMER and found these results:


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-08 11:50:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK8032GSX rev.AS112D
Running: gmer.exe; Driver: C:\DOCUME~1\Paul\LOCALS~1\Temp\pxtdapoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1936] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F728B650] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F728B600] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F728B410] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F728B410] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F728B650] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F728B600] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F728B600] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F728B410] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F728B650] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F728B410] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F728B600] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F728B650] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F728B650] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F728B410] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisSend] [F728B390] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [F728B410] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [F728B600] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [F728B650] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F728B410] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F728B600] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F728B650] xpacket.sys (iolo Firewall Kernel Module/iolo technologies, LLC)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 870CE53B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 870CE53B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 870CE53B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 870CE53B
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----


I suppose I should post a thread in the Malware forums?

Edited by Pawl, 08 July 2011 - 12:17 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users