Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Root Kit Zero Access Diagnosed By ComboFix - Help


  • This topic is locked This topic is locked
35 replies to this topic

#1 tonkinsongs

tonkinsongs

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 25 August 2011 - 12:58 PM

Ran Combo Fix and the message it gave me said my computer has been infected with "RootKit Zero Access" My problems have been that all of my spyware has not been able to run with an error message of "Windows cannot access the specified device, path, or file." I used Inherit.exe to open the specific exe files but after the programs would start up, they would disappear with 60 seconds of running??

Any help would be greatly appreciated!!

Here is the log file and I've attached it as well.

ComboFix 11-08-24.03 - Scott 08/25/2011 10:15:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.535 [GMT -7:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *Disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Scott\My Documents\111.bmp
C:\hosts
c:\windows\$NtUninstallKB11598$
c:\windows\$NtUninstallKB11598$\1665310468
c:\windows\$NtUninstallKB11598$\3096341055\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB11598$\3096341055\L\hvmonmrs
c:\windows\$NtUninstallKB11598$\3096341055\loader.tlb
c:\windows\$NtUninstallKB11598$\3096341055\U\@00000001
c:\windows\$NtUninstallKB11598$\3096341055\U\@000000c0
c:\windows\$NtUninstallKB11598$\3096341055\U\@000000cb
c:\windows\$NtUninstallKB11598$\3096341055\U\@000000cf
c:\windows\$NtUninstallKB11598$\3096341055\U\@80000000
c:\windows\$NtUninstallKB11598$\3096341055\U\@800000c0
c:\windows\$NtUninstallKB11598$\3096341055\U\@800000cb
c:\windows\$NtUninstallKB11598$\3096341055\U\@800000cf
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\c_10533.nls
c:\windows\system32\comct332.ocx
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_b88e6a3f
-------\Service_NPF
-------\Legacy_Toolbar_Updater_Service
-------\Service_Toolbar Updater Service
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 17:07 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-08-25 16:51 . 2011-08-25 16:51 388096 ----a-r- c:\documents and settings\Scott\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-25 16:51 . 2011-08-25 16:51 -------- d-----w- c:\program files\Trend Micro
2011-08-25 16:33 . 2002-04-30 04:44 5438 ----a-w- C:\folder_reg.reg
2011-08-25 16:28 . 2011-08-25 16:25 9830 ----a-w- C:\exefix.reg
2011-08-24 20:43 . 2011-08-24 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-08-24 19:37 . 2011-02-23 23:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-08-24 19:37 . 2011-02-24 00:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-08-24 03:44 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 03:44 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 06:25 . 2011-08-21 06:25 -------- d-----w- c:\program files\Amazon
2011-08-18 15:45 . 2011-08-18 15:45 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Avid
2011-08-18 15:45 . 2011-08-18 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avid
2011-08-10 05:34 . 2011-08-18 18:00 -------- d-----w- c:\documents and settings\Scott\Application Data\Digidesign
2011-08-10 05:34 . 2011-08-10 05:34 -------- d-----w- c:\documents and settings\Scott\Application Data\Trillium Lane
2011-08-10 05:29 . 2011-08-10 05:32 -------- d-----w- c:\documents and settings\Scott\Application Data\PACE Anti-Piracy
2011-08-10 05:29 . 2011-08-10 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2011-08-10 05:29 . 2011-08-10 05:29 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2011-08-10 05:29 . 2011-08-10 05:29 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\PACE Anti-Piracy
2011-08-10 05:21 . 2011-08-10 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Digidesign
2011-08-10 05:05 . 2011-08-10 05:05 -------- d-----w- c:\program files\InterLok
2011-08-10 05:02 . 2010-05-25 13:13 23312 ----a-w- c:\windows\system32\drivers\AvidMbox_DFU.sys
2011-08-10 05:01 . 2010-05-25 13:13 398224 ----a-w- c:\windows\system32\drivers\AvidMbox.sys
2011-08-10 05:00 . 2011-08-10 05:03 -------- d-----w- c:\program files\Avid
2011-08-10 04:34 . 2011-08-10 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DigiDriver
2011-08-10 02:52 . 2006-03-29 22:11 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-08-10 02:52 . 2009-12-23 19:12 630784 ------w- c:\windows\system32\ilinet.dll
2011-08-10 02:51 . 2011-08-10 05:09 -------- d-----w- c:\program files\Digidesign
2011-08-10 02:51 . 2011-08-10 05:06 -------- d-----w- c:\program files\Common Files\Digidesign
2011-07-28 00:41 . 2011-07-28 00:41 -------- d-----w- c:\program files\STOPzilla!
2011-07-26 20:19 . 2011-07-26 20:43 -------- d-----w- c:\documents and settings\Scott\Application Data\Audacity
2011-07-26 20:18 . 2011-07-26 20:19 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-21 07:00 . 2007-02-23 02:55 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-07-26 00:59 . 2011-07-26 00:59 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-07-26 00:59 . 2011-07-26 00:59 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-07-26 00:59 . 2011-07-26 00:59 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-07-26 00:59 . 2011-07-26 00:59 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-07-26 00:59 . 2011-07-26 00:59 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-07-26 00:59 . 2011-07-26 00:59 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-07-26 00:59 . 2011-07-26 00:59 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-07-26 00:59 . 2011-07-26 00:59 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-07-26 00:59 . 2011-07-26 00:59 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-07-26 00:59 . 2011-07-26 00:59 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-07-26 00:59 . 2011-07-26 00:59 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-07-26 00:59 . 2011-07-26 00:59 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-07-12 17:44 . 2011-07-12 17:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-03-31 17:09 . 2010-03-31 17:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 19:36 . 2010-04-08 19:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-06-23 00:36 . 2011-03-24 17:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AF9DF3E-17A4-428F-A39E-28ADA0A3A522}]
2011-06-10 16:59 2643120 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-29 4599680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-11-23 110592]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-18 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2010-06-16 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-2-22 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
backup=c:\windows\pss\BlackBerry Desktop Redirector.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.codeode.privacymantra
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"QBFCService"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\MasterWriter 2.0\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [8/24/2011 12:37 PM 13496]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/18/2011 5:02 PM 123264]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [5/22/2011 12:13 AM 328536]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [6/16/2010 4:57 AM 16400]
R2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files\Avid\Mbox\AudioDevMon.exe [5/25/2010 6:13 AM 1919504]
R2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files\Avid\Mbox Mini\AudioDevMon.exe [5/6/2010 10:38 AM 1919504]
R2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files\Avid\Mbox Pro\AudioDevMon.exe [6/11/2010 4:40 PM 1919504]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 5:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 4:55 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 8:00 PM 3456]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S1 MpKsl074b78dc;MpKsl074b78dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62556875-6592-470E-A429-DF2341902363}\MpKsl074b78dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62556875-6592-470E-A429-DF2341902363}\MpKsl074b78dc.sys [?]
S1 MpKsl3304e753;MpKsl3304e753;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37035FBB-A260-4B2C-8004-197EF42DEE0F}\MpKsl3304e753.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37035FBB-A260-4B2C-8004-197EF42DEE0F}\MpKsl3304e753.sys [?]
S1 MpKsl44cd334d;MpKsl44cd334d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF318BE6-0460-4687-A38D-191308F77CC3}\MpKsl44cd334d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF318BE6-0460-4687-A38D-191308F77CC3}\MpKsl44cd334d.sys [?]
S1 MpKsl526f063b;MpKsl526f063b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62556875-6592-470E-A429-DF2341902363}\MpKsl526f063b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62556875-6592-470E-A429-DF2341902363}\MpKsl526f063b.sys [?]
S1 MpKsl5b819847;MpKsl5b819847;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37035FBB-A260-4B2C-8004-197EF42DEE0F}\MpKsl5b819847.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37035FBB-A260-4B2C-8004-197EF42DEE0F}\MpKsl5b819847.sys [?]
S1 MpKsl698f0598;MpKsl698f0598;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0F225ED-E493-4008-99EB-0C7F2D96BBBB}\MpKsl698f0598.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0F225ED-E493-4008-99EB-0C7F2D96BBBB}\MpKsl698f0598.sys [?]
S1 MpKsl6ca55199;MpKsl6ca55199;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62556875-6592-470E-A429-DF2341902363}\MpKsl6ca55199.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62556875-6592-470E-A429-DF2341902363}\MpKsl6ca55199.sys [?]
S1 MpKsl6e4ac3a1;MpKsl6e4ac3a1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF318BE6-0460-4687-A38D-191308F77CC3}\MpKsl6e4ac3a1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF318BE6-0460-4687-A38D-191308F77CC3}\MpKsl6e4ac3a1.sys [?]
S1 MpKsl8d82859a;MpKsl8d82859a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50EFAFD6-675B-40A0-9E31-2DAEFD85A37B}\MpKsl8d82859a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50EFAFD6-675B-40A0-9E31-2DAEFD85A37B}\MpKsl8d82859a.sys [?]
S1 MpKsl9f1cdbf1;MpKsl9f1cdbf1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50EFAFD6-675B-40A0-9E31-2DAEFD85A37B}\MpKsl9f1cdbf1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50EFAFD6-675B-40A0-9E31-2DAEFD85A37B}\MpKsl9f1cdbf1.sys [?]
S1 MpKsla6f0172f;MpKsla6f0172f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62556875-6592-470E-A429-DF2341902363}\MpKsla6f0172f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62556875-6592-470E-A429-DF2341902363}\MpKsla6f0172f.sys [?]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [8/24/2011 12:35 PM 820568]
S3 CEUSBAUD;Lambda MIDI Device;c:\windows\system32\drivers\ceusbaud.sys [11/8/2007 1:51 PM 17920]
S3 glancedrv;glancedrv;c:\windows\system32\drivers\glancedrv.sys [2/23/2011 3:13 PM 34080]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [8/9/2010 12:11 PM 11264]
S3 MBOX;Service for Avid Mbox;c:\windows\system32\drivers\AvidMbox.sys [8/9/2011 10:01 PM 398224]
S3 MBOXDFU;Service for Avid Mbox DFU;c:\windows\system32\drivers\AvidMbox_DFU.sys [8/9/2011 10:02 PM 23312]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [8/18/2005 6:22 PM 124608]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [6/18/2010 2:55 PM 18432]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-24 c:\windows\Tasks\ASC4_AutoCare.job
- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-05-22 23:38]
.
2011-08-25 c:\windows\Tasks\ASC4_AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-05-22 23:38]
.
2011-08-24 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-05-22 23:38]
.
2011-08-25 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-22 23:40]
.
2010-09-17 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-02-23 16:13]
.
2007-02-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-02-23 01:32]
.
2011-08-23 c:\windows\Tasks\WinMendRegistryCleanerForScott.job
- c:\program files\WinMend\Registry Cleaner\RegistryCleaner.exe [2011-02-01 00:17]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: yahoo.com\answers
TCP: DhcpNameServer = 192.168.1.1
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {B0DE2DE0-B7B1-438B-8B7F-59CD9C94AD88} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2006.cab
DPF: {F8A9F96F-8375-4596-BD89-EEAE2781D810} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom1.cab
FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\hzxpl3kb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18836
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-MsMpSvc
AddRemove-Cakewalk VST Adapter 4 - c:\progra~1\Cakewalk\CAKEWA~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 10:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1468)
c:\windows\system32\vrlogon.dll
c:\windows\system32\tvt_gina.dll
c:\program files\Lenovo\Client Security Solution\css_gina_plugin.dll
c:\program files\Lenovo\Client Security Solution\css_wait_bar.dll
c:\program files\Lenovo\Client Security Solution\cssuserdatadispatcher.dll
c:\program files\Lenovo\Client Security Solution\csswait.dll
c:\program files\Common Files\Lenovo\tvt_banner.dll
c:\program files\Lenovo\Client Security Solution\cssdlgpwentry.dll
c:\program files\Lenovo\Client Security Solution\dlganswerprompt.dll
c:\program files\Lenovo\Client Security Solution\tvttsp.dll
c:\program files\Lenovo\Client Security Solution\tcsrpc.dll
c:\program files\Common Files\Lenovo\tvt_res.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\VTI.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5092)
c:\windows\system32\WININET.dll
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lenovo\Client Security Solution\cssauth.exe
c:\windows\system32\TpShocks.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2011-08-25 10:37:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-25 17:37
.
Pre-Run: 65,311,408,128 bytes free
Post-Run: 65,477,931,008 bytes free
.
- - End Of File - - 77EB3B2D302C9845D1ECAC671047EE48

Attached Files

  • Attached File  log.txt   28.25KB   0 downloads


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:54 PM

Posted 26 August 2011 - 07:49 PM

what issues are you still experiencing after running ComboFix?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 tonkinsongs

tonkinsongs
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 28 August 2011 - 06:28 PM

I still cannot open IE or Firefox even though my other computers can run on the wireless router I have installed. Also I get an error message when trying to open certain files that says I don't have permission to open this file, path or folder. My spyware runs but then stops suddenly as well.

#4 tonkinsongs

tonkinsongs
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 28 August 2011 - 06:34 PM

Combo fix also shows me the following box "This machine does not have the Microsoft Windows Recovery console installed. Alternately, an exisiting installation of the recovery console may be present but requires updating Withouth it ComboFix shall not attempt the fixing of some serious infections.

It then says that ComboFix can download and install one but it requires an active internet connection. The virus has taken down my internet. Is there a place I can download this information onto a memory stick and then use it on my infected computer?

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:54 PM

Posted 28 August 2011 - 07:29 PM

we'll work on restoring the connection first, we still have a bit of work to do

download the following programs to a USB and transfer over:


please do the following

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


  • Please download Junction.zip and save it to your desktop.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Now go to Start > Run to open a run box > Copy and paste the following command in the open run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window will open and the system will be scanned.
  • Wait until a log file opens.
  • Copy and paste or attach the content of it in your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 tonkinsongs

tonkinsongs
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 28 August 2011 - 08:07 PM

Thanks! Here are the logs:



TDSS Log

2011/08/28 17:49:04.0437 5488 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/28 17:49:04.0718 5488 ================================================================================
2011/08/28 17:49:04.0718 5488 SystemInfo:
2011/08/28 17:49:04.0718 5488
2011/08/28 17:49:04.0718 5488 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/28 17:49:04.0718 5488 Product type: Workstation
2011/08/28 17:49:04.0718 5488 ComputerName: LENOVO-9F5D8E79
2011/08/28 17:49:04.0718 5488 UserName: Scott
2011/08/28 17:49:04.0718 5488 Windows directory: C:\WINDOWS
2011/08/28 17:49:04.0718 5488 System windows directory: C:\WINDOWS
2011/08/28 17:49:04.0718 5488 Processor architecture: Intel x86
2011/08/28 17:49:04.0718 5488 Number of processors: 2
2011/08/28 17:49:04.0718 5488 Page size: 0x1000
2011/08/28 17:49:04.0718 5488 Boot type: Normal boot
2011/08/28 17:49:04.0718 5488 ================================================================================
2011/08/28 17:49:05.0031 5488 Initialize success
2011/08/28 17:49:08.0312 0588 ================================================================================
2011/08/28 17:49:08.0312 0588 Scan started
2011/08/28 17:49:08.0312 0588 Mode: Manual;
2011/08/28 17:49:08.0312 0588 ================================================================================
2011/08/28 17:49:09.0015 0588 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/28 17:49:09.0046 0588 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/08/28 17:49:09.0109 0588 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/28 17:49:09.0125 0588 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/28 17:49:09.0171 0588 ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/08/28 17:49:09.0203 0588 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/28 17:49:09.0250 0588 AEAudioService (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/08/28 17:49:09.0359 0588 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/28 17:49:09.0406 0588 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/08/28 17:49:09.0421 0588 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/28 17:49:09.0468 0588 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/28 17:49:09.0500 0588 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/28 17:49:09.0515 0588 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/28 17:49:09.0546 0588 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/28 17:49:09.0671 0588 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/28 17:49:09.0687 0588 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/28 17:49:09.0718 0588 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/28 17:49:09.0734 0588 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/28 17:49:09.0765 0588 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2011/08/28 17:49:09.0828 0588 AR5211 (317564a02dc28747bea2e9043955dd6e) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/08/28 17:49:09.0968 0588 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/28 17:49:10.0000 0588 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/28 17:49:10.0046 0588 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/28 17:49:10.0125 0588 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/08/28 17:49:10.0140 0588 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/28 17:49:10.0203 0588 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/28 17:49:10.0343 0588 ati2mtag (e150424208c8a91deed8c45019a6cdd2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/28 17:49:10.0500 0588 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/28 17:49:10.0546 0588 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2011/08/28 17:49:10.0593 0588 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/28 17:49:10.0609 0588 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/28 17:49:10.0671 0588 btaudio (6b7d6ca0db38b36c1d95447757741d1a) C:\WINDOWS\system32\drivers\btaudio.sys
2011/08/28 17:49:10.0734 0588 BTDriver (48e37289bae3d006d5583a661168ca00) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/08/28 17:49:10.0812 0588 BTKRNL (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/08/28 17:49:10.0953 0588 BTWDNDIS (8103112c1016ddc68dc292a083b02487) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/08/28 17:49:11.0000 0588 BTWUSB (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/08/28 17:49:11.0062 0588 BVRPMPR5 (2120b6607cbbe426ce821643838ea1d3) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/08/28 17:49:11.0234 0588 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/28 17:49:11.0375 0588 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/28 17:49:11.0421 0588 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/28 17:49:11.0468 0588 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/28 17:49:11.0500 0588 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/28 17:49:11.0562 0588 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/28 17:49:11.0593 0588 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/28 17:49:11.0640 0588 CEUSBAUD (42291a123cad3914ead8d73169e13661) C:\WINDOWS\system32\Drivers\CEUSBAUD.sys
2011/08/28 17:49:11.0781 0588 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/28 17:49:11.0812 0588 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/28 17:49:11.0843 0588 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/28 17:49:11.0890 0588 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/28 17:49:11.0921 0588 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/28 17:49:11.0953 0588 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/28 17:49:12.0093 0588 DigiNet (e156fd887e1f37c2db7a313cfa6755ae) C:\WINDOWS\system32\DRIVERS\diginet.sys
2011/08/28 17:49:12.0156 0588 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/28 17:49:12.0234 0588 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/28 17:49:12.0343 0588 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/28 17:49:12.0375 0588 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/28 17:49:12.0421 0588 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/28 17:49:12.0437 0588 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/28 17:49:12.0500 0588 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/28 17:49:12.0515 0588 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/28 17:49:12.0546 0588 e1express (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/08/28 17:49:12.0703 0588 eeCtrl (2d401f82d4e81aaf89daaa45f04782a2) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/28 17:49:12.0812 0588 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
2011/08/28 17:49:12.0906 0588 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/28 17:49:12.0937 0588 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/28 17:49:12.0968 0588 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/28 17:49:13.0000 0588 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/28 17:49:13.0015 0588 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/28 17:49:13.0078 0588 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/28 17:49:13.0171 0588 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/28 17:49:13.0218 0588 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/28 17:49:13.0250 0588 glancedrv (1e6c235714a42b2edc0cfa93d0ea66d3) C:\WINDOWS\system32\DRIVERS\glancedrv.sys
2011/08/28 17:49:13.0296 0588 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/28 17:49:13.0343 0588 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/28 17:49:13.0375 0588 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/28 17:49:13.0515 0588 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/28 17:49:13.0531 0588 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/28 17:49:13.0546 0588 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/28 17:49:13.0578 0588 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/28 17:49:13.0625 0588 HSF_DPV (b1fc0b027df4374f9e5b796cfdf797b3) C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys
2011/08/28 17:49:13.0781 0588 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
2011/08/28 17:49:13.0828 0588 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/28 17:49:13.0875 0588 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/28 17:49:13.0921 0588 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/28 17:49:13.0984 0588 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/28 17:49:14.0171 0588 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/08/28 17:49:14.0296 0588 IBMPMDRV (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/08/28 17:49:14.0328 0588 IBMTPCHK (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
2011/08/28 17:49:14.0375 0588 ICDUSB3 (8d083e56ede3a80b214020da9f03143a) C:\WINDOWS\system32\Drivers\ICDUSB3.sys
2011/08/28 17:49:14.0406 0588 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/28 17:49:14.0468 0588 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/28 17:49:14.0484 0588 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/28 17:49:14.0609 0588 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/28 17:49:14.0625 0588 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/28 17:49:14.0640 0588 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/28 17:49:14.0656 0588 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/28 17:49:14.0687 0588 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/28 17:49:14.0734 0588 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/28 17:49:14.0781 0588 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/08/28 17:49:14.0843 0588 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/28 17:49:14.0890 0588 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/28 17:49:15.0015 0588 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/08/28 17:49:15.0046 0588 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/28 17:49:15.0109 0588 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/28 17:49:15.0156 0588 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/28 17:49:15.0171 0588 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/28 17:49:15.0281 0588 MBOX (e9f6d2698716354c2311ee3082647e4a) C:\WINDOWS\system32\DRIVERS\AvidMbox.sys
2011/08/28 17:49:15.0421 0588 MBOXDFU (3548b0db936c07ed7879c183cc343e89) C:\WINDOWS\system32\DRIVERS\AvidMbox_DFU.sys
2011/08/28 17:49:15.0484 0588 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/28 17:49:15.0531 0588 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/28 17:49:15.0578 0588 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/28 17:49:15.0609 0588 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/28 17:49:15.0640 0588 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/28 17:49:15.0750 0588 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/28 17:49:16.0078 0588 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/28 17:49:16.0140 0588 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/28 17:49:16.0218 0588 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/28 17:49:16.0343 0588 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/28 17:49:16.0375 0588 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/28 17:49:16.0406 0588 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/28 17:49:16.0453 0588 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/28 17:49:16.0484 0588 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/28 17:49:16.0515 0588 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/28 17:49:16.0640 0588 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/28 17:49:16.0656 0588 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/28 17:49:16.0796 0588 NAVENG (7d4472a6d350f083acf7316216e14acd) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070412.048\naveng.sys
2011/08/28 17:49:16.0875 0588 NAVEX15 (72278e81ec294ba2dbfee646c0b17a8a) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070412.048\navex15.sys
2011/08/28 17:49:17.0046 0588 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/28 17:49:17.0078 0588 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/28 17:49:17.0140 0588 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/28 17:49:17.0171 0588 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/28 17:49:17.0187 0588 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/28 17:49:17.0250 0588 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/28 17:49:17.0375 0588 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/28 17:49:17.0421 0588 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/28 17:49:17.0468 0588 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/28 17:49:17.0500 0588 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/08/28 17:49:17.0546 0588 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/28 17:49:17.0703 0588 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/08/28 17:49:17.0718 0588 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/28 17:49:17.0828 0588 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/28 17:49:18.0000 0588 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/28 17:49:18.0046 0588 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/28 17:49:18.0109 0588 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/28 17:49:18.0156 0588 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/28 17:49:18.0187 0588 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/28 17:49:18.0203 0588 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/28 17:49:18.0250 0588 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/28 17:49:18.0265 0588 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/28 17:49:18.0375 0588 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/28 17:49:18.0515 0588 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/28 17:49:18.0562 0588 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2011/08/28 17:49:18.0593 0588 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/28 17:49:18.0703 0588 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
2011/08/28 17:49:18.0750 0588 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
2011/08/28 17:49:18.0890 0588 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/28 17:49:18.0921 0588 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys
2011/08/28 17:49:18.0937 0588 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/28 17:49:19.0000 0588 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/28 17:49:19.0031 0588 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/28 17:49:19.0078 0588 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/28 17:49:19.0109 0588 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/28 17:49:19.0218 0588 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/28 17:49:19.0250 0588 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/28 17:49:19.0281 0588 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/28 17:49:19.0328 0588 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/28 17:49:19.0359 0588 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/08/28 17:49:19.0390 0588 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/28 17:49:19.0484 0588 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/28 17:49:19.0500 0588 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/28 17:49:19.0546 0588 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/28 17:49:19.0578 0588 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/28 17:49:19.0593 0588 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/28 17:49:19.0640 0588 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/28 17:49:19.0671 0588 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/28 17:49:19.0718 0588 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/08/28 17:49:19.0843 0588 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/08/28 17:49:19.0890 0588 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/08/28 17:49:20.0015 0588 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/28 17:49:20.0031 0588 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/28 17:49:20.0109 0588 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys
2011/08/28 17:49:20.0156 0588 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
2011/08/28 17:49:20.0281 0588 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/28 17:49:20.0312 0588 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/28 17:49:20.0359 0588 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/28 17:49:20.0406 0588 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/08/28 17:49:20.0468 0588 ShockMgr (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys
2011/08/28 17:49:20.0515 0588 Shockprf (cb0c065af3ac9ac307408ea021cdd20e) C:\WINDOWS\system32\drivers\Shockprf.sys
2011/08/28 17:49:20.0656 0588 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/28 17:49:20.0687 0588 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/28 17:49:20.0718 0588 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2011/08/28 17:49:20.0765 0588 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/08/28 17:49:20.0843 0588 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
2011/08/28 17:49:20.0890 0588 smihlp (01a4388e45ba272082bfc35b0c8dbf8a) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
2011/08/28 17:49:21.0015 0588 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/28 17:49:21.0062 0588 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/28 17:49:21.0171 0588 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/08/28 17:49:21.0265 0588 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/28 17:49:21.0375 0588 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/28 17:49:21.0406 0588 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/28 17:49:21.0468 0588 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/28 17:49:21.0484 0588 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/28 17:49:21.0515 0588 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/28 17:49:21.0578 0588 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/28 17:49:21.0609 0588 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/28 17:49:21.0703 0588 SYMDNS (1f0a3f93fecba6e873e75ac34538708b) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/08/28 17:49:21.0765 0588 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
2011/08/28 17:49:21.0828 0588 SYMFW (ca212638c07f7a1736667319589f416e) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/08/28 17:49:21.0906 0588 SYMIDS (83a0415ab669afe9f2b7fccc52f23153) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/08/28 17:49:22.0046 0588 SYMIDSCO (64c78c2164997fb8d27b8e7ab0d86b3e) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20070411.004\symidsco.sys
2011/08/28 17:49:22.0156 0588 SYMNDIS (2a8ebb694d702d91d8046b31c3da2220) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/08/28 17:49:22.0187 0588 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/08/28 17:49:22.0234 0588 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/08/28 17:49:22.0296 0588 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/28 17:49:22.0328 0588 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/28 17:49:22.0375 0588 SynasUSB (418bd80a7fefaa3fcbd3dcfc021cb294) C:\WINDOWS\system32\drivers\SynasUSB.sys
2011/08/28 17:49:22.0500 0588 SynTP (7c02db7416d52c02b131d0e3a8d2337c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/08/28 17:49:22.0531 0588 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/28 17:49:22.0609 0588 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/28 17:49:22.0734 0588 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/08/28 17:49:22.0765 0588 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/28 17:49:22.0796 0588 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2011/08/28 17:49:22.0859 0588 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/28 17:49:22.0953 0588 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/28 17:49:23.0000 0588 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/28 17:49:23.0109 0588 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
2011/08/28 17:49:23.0171 0588 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys
2011/08/28 17:49:23.0218 0588 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
2011/08/28 17:49:23.0250 0588 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2011/08/28 17:49:23.0312 0588 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys
2011/08/28 17:49:23.0343 0588 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
2011/08/28 17:49:23.0468 0588 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/28 17:49:23.0515 0588 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/28 17:49:23.0546 0588 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/28 17:49:23.0625 0588 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/28 17:49:23.0640 0588 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/28 17:49:23.0703 0588 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/28 17:49:23.0734 0588 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/28 17:49:23.0906 0588 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/28 17:49:23.0937 0588 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/28 17:49:23.0968 0588 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/28 17:49:23.0984 0588 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/28 17:49:24.0000 0588 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/28 17:49:24.0031 0588 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/28 17:49:24.0078 0588 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/28 17:49:24.0109 0588 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/28 17:49:24.0234 0588 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/28 17:49:24.0281 0588 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/28 17:49:24.0343 0588 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/28 17:49:24.0406 0588 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/28 17:49:24.0468 0588 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/28 17:49:24.0625 0588 winachsf (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys
2011/08/28 17:49:24.0812 0588 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/28 17:49:24.0843 0588 WSIMD (ebedf91c32fe60c724402e6f44ca3152) C:\WINDOWS\system32\DRIVERS\wsimd.sys
2011/08/28 17:49:24.0906 0588 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/28 17:49:24.0953 0588 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/28 17:49:25.0000 0588 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/28 17:49:25.0046 0588 MBR (0x1B8) (15dcabd90fdb6ac170149d3f7016babe) \Device\Harddisk0\DR0
2011/08/28 17:49:25.0078 0588 MBR (0x1B8) (9f598af91d1c5dbeffe04bc4a5e0e006) \Device\Harddisk1\DR5
2011/08/28 17:49:25.0359 0588 Boot (0x1200) (414525a34540910b0f1d89ad6bd31295) \Device\Harddisk0\DR0\Partition0
2011/08/28 17:49:25.0359 0588 ================================================================================
2011/08/28 17:49:25.0359 0588 Scan finished
2011/08/28 17:49:25.0359 0588 ================================================================================
2011/08/28 17:49:25.0375 5056 Detected object count: 0
2011/08/28 17:49:25.0375 5056 Actual detected object count: 0




Junction Log

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process...


Failed to open \\?\c:\\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied....

..
Failed to open \\?\c:\\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe: Access is denied....

.
Failed to open \\?\c:\\Program Files\M\mbam.exe: Access is denied...

...
Failed to open \\?\c:\\Program Files\Photoshop 5.5 Step-By-Step Training\Malwarebytes' Anti-Malware\mbam.bat: Access is denied..


Failed to open \\?\c:\\Program Files\Spybot - Search & Destroy\TeaTimer.exe: Access is denied..

.
Failed to open \\?\c:\\Program Files\Trend Micro\HiJackThis\HiJackThis.exe: Access is denied....

...

..No reparse points found.






#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:54 PM

Posted 28 August 2011 - 08:15 PM

Hi

Please do the following:


  • please download GrantPerms.zip and save it to your desktop.
  • Unzip the file and run GrantPerms.exe
  • Copy and paste the following in the edit box:


c:\\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db
c:\\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow
c:\\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\\Program Files\M\mbam.exe
c:\\Program Files\Photoshop 5.5 Step-By-Step Training\Malwarebytes' Anti-Malware\mbam.bat
c:\\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


  • Now Click Unlock.
  • When it is done click "OK".
  • Now click List Permissions and post the result (Perms.txt) that pops up.
  • A copy of Perms.txt will be saved in the same directory the tool is run.



NEXT



Please do the following to try and restore the internet connection:

if your network icon appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair.


Posted Image

If you have no task bar icon do this:

  • Click on the Start button.
  • Click on the Settings menu option.
  • Click on the Control Panel option.
  • When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
  • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
  • click on the Repair menu option.

Posted Image

Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.


if no luck - try this:

  • Go to Start > Control Panel, and choose Network Connections.
  • Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.
  • Click the Networking tab
  • Double-click on the Internet Protocol (TCP/IP) item.
  • Write down the settings in case you should need to change them back.
  • Select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice to get out of the properties screen and restart your computer.
  • If not prompted to reboot go ahead and reboot manually.

In I.E.
  • Check internet options settings.
  • Tools > Internet Options > Connections
  • LAN settings
  • Choose "automatically detect settings"
  • uncheck both proxy settings boxes

In FireFox
  • Click on Advanced -> Network -> Settings…
  • the No Proxy option should be selected



Next: - try this:

Go to Start > Run > type in CMD to open a command prompt.

Type in the following command in the command prompt and press Enter.


netsh int ip reset reset.log

Then also type the following command and hit enter.

netsh winsock reset catalog

Once that completes then restart the system and see then if you are able to get online.


next this -

Go to Start > Run then type: CMD into the run box

You will now see a black DOS-like screen.

Type the following at the command prompt:

IPconfig /release. (Note the space between the "g" and the slash / it needs to be there)

Hit enter Then type:

IPconfig /Renew (Note the space between the "g" and the slash / it needs to be there)

Hit enter

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 tonkinsongs

tonkinsongs
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 28 August 2011 - 08:50 PM

Perms log

GrantPerms by Farbar
Ran by Scott at 2011-08-28 18:19:23

===============================================
\\?\c:\\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\M\mbam.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\Photoshop 5.5 Step-By-Step Training\Malwarebytes' Anti-Malware\mbam.bat

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


No luck on Internet Connection as final CMD instructions came up with identical error reading for both /release and /renew - "No operation can be performed on Wireless Network Connection while it has its media disconnected. No operation can be performed on Local Area connection while it has its media disconnected.



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:54 PM

Posted 28 August 2011 - 09:06 PM

Hi

Try this:

  • Please download Winsock Fix
  • UnZip WinsockFix.zip (extract it to your desktop)
  • Run WinsockFix.exe
  • Before you choose the Fix option, please backup your registry (you can do this from within the program)
  • Now choose the Fix option
  • restart your computer

This program will clean up your TCP/IP connection and rebuild the database.

Let me know if you can now connect.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:54 PM

Posted 28 August 2011 - 09:20 PM

Hi

something else to try if winsock fix doesn't work

1. Go to the control panel & select Administrative Tools.

2. In Administrative Tools, go to Services.

3. On the Services screen, scroll down until you find Wireless Zero Configuration.

4. Startthis service.

5. Now go to Control Panel > Network Connections and right click your wireless adapter icon.

6. Right click it then choose properties and when the window opens can you click on the Wireless Networks tab.

7. From there make sure that the Use Windows to Configure my Wireless Connections box is checked then hit OK.


see if that resolves the issue

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 tonkinsongs

tonkinsongs
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 28 August 2011 - 09:27 PM

Hi, I ran the WinsockFix.exe and when I tried connecting to the internet, an error message pops up saying that the wireless radio is powered off. Do you want to power it on. I selected yes but it did not turn back on. I then went into the ThinkVantage section of my Think Pad and tried to turn it on from there and it would not turn on as well. The bluetooth turned on fine but the wireless radio would not? Do I need to just plug my cable modem into this laptop and bypass the wireless router for now?

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:54 PM

Posted 28 August 2011 - 09:34 PM

yes, try to connect directly

you may need to update the drivers for your wireless connection

check in device manager for this option:

Press the WinKey + R to open a run box > copy/paste devmgmt.msc into the open run box > press OK > Device Manager will open.

Edited by CatByte, 29 August 2011 - 03:30 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 tonkinsongs

tonkinsongs
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 28 August 2011 - 10:03 PM

Some good news. I've gotten both the Local Area Connection and the Wireless Network Connection to show being connected (used your instructions to select windows to configure the wireless connection and it fired right up.)

Tried connecting and still no luck.

#14 tonkinsongs

tonkinsongs
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 28 August 2011 - 10:47 PM

Took a chance and disable the Symantec Client Protection System and that did the trick. Internet is up and running and wireless connection seems to be working well.

Are the other steps I need to take regarding diagnostics for the RootKill that ComboFix diagnosed?

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:54 PM

Posted 29 August 2011 - 03:31 AM

Hi,

re-run ComboFix > allow it to install the Recovery Console

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users