Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Rootkit.zeroaccess


  • This topic is locked This topic is locked
42 replies to this topic

#1 raskol22

raskol22

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 30 November 2011 - 03:19 PM

This is my first post on Bleeping Computer, so if I do anything wrong please inform me. I believe I am infected with a rootkit.zeroaccess. About a week ago, I was browsing Firefox and Avast detected a malicious URL (malicious URL detected popup in the right corner). I have run Malwarebytes, SuperAntiSpyware, and Avast scans (complete as well as boot-scans), but nothing was found. I am no longer able to connect to the internet from the infected computer. It looks connected but I can't access the internet through Firefox or IE and I cannot update anything. Also, my Avast web shield services have stopped and I cannot turn them back on (when I try I get an avast error 10050). I had a similar problem close to 6 months ago, but was able to correct the problem, but this rootkit seems over my head.
Thanks in advance for any help or advice you can offer.

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Sean Kavanagh at 12:07:37 on 2011-11-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.507 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Documents and Settings\Sean Kavanagh\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [F.lux] "c:\documents and settings\sean kavanagh\local settings\apps\f.lux\flux.exe" /noshow
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTg2NTI3Nzg1LVQxLUtWMys3LUJBKzEtWEwrMS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1MSUMrNzctU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsx"&"prod=90"&"ver=10.0.1325
StartupFolder: c:\docume~1\seanka~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asuswi~1.lnk - c:\program files\asus wifi-ap solo\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231447478804
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.128.128.128
TCP: Interfaces\{4D1820E6-29D9-4685-A5DD-D4F8637FF855} : DhcpNameServer = 10.128.128.128
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sean kavanagh\application data\mozilla\firefox\profiles\itqf5y8r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-20 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-20 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-20 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-20 44768]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-5 821080]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2009-1-8 16168]
R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2011-6-5 140848]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-4-30 225856]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-1-8 332928]
S0 npmg;npmg;c:\windows\system32\drivers\dulkyay.sys --> c:\windows\system32\drivers\dulkyay.sys [?]
S2 CachemanService;Cacheman Service;c:\program files\cacheman\cachemanserv.exe --> c:\program files\cacheman\CachemanServ.exe [?]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-1-8 13532]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
.
=============== Created Last 30 ================
.
2011-11-25 16:07:31 -------- dc----w- C:\TDSSKiller_Quarantine
2011-11-20 19:31:29 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-20 19:31:15 41184 ----a-w- c:\windows\avastSS.scr
2011-11-20 09:20:43 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-19 04:04:44 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-19 04:04:40 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:08:25.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 AM

Posted 30 November 2011 - 04:48 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#3 raskol22

raskol22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 01 December 2011 - 10:48 PM

Here is the TDSSKiller report. Eight medium risk files were detected, but nothing terrible.


http://politicalticker.blogs.cnn.com/2011/11/29/bachmann-on-flip-floppers/13:31:21.0078 3056 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:31:21.0093 3056 ============================================================
13:31:21.0093 3056 Current date / time: 2011/12/01 13:31:21.0093
13:31:21.0093 3056 SystemInfo:
13:31:21.0093 3056
13:31:21.0093 3056 OS Version: 5.1.2600 ServicePack: 3.0
13:31:21.0093 3056 Product type: Workstation
13:31:21.0093 3056 ComputerName: SEAN-A8221132D7
13:31:21.0093 3056 UserName: Sean Kavanagh
13:31:21.0093 3056 Windows directory: C:\WINDOWS
13:31:21.0093 3056 System windows directory: C:\WINDOWS
13:31:21.0093 3056 Processor architecture: Intel x86
13:31:21.0093 3056 Number of processors: 2
13:31:21.0093 3056 Page size: 0x1000
13:31:21.0093 3056 Boot type: Normal boot
13:31:21.0093 3056 ============================================================
13:31:21.0375 3056 Initialize success
13:31:26.0187 3100 ============================================================
13:31:26.0187 3100 Scan started
13:31:26.0187 3100 Mode: Manual; SigCheck; TDLFS;
13:31:26.0187 3100 ============================================================
13:31:26.0406 3100 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:31:26.0593 3100 Aavmker4 - ok
13:31:26.0609 3100 Abiosdsk - ok
13:31:26.0609 3100 abp480n5 - ok
13:31:26.0687 3100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:31:26.0937 3100 ACPI - ok
13:31:26.0968 3100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:31:27.0109 3100 ACPIEC - ok
13:31:27.0125 3100 adpu160m - ok
13:31:27.0140 3100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:31:27.0281 3100 aec - ok
13:31:27.0328 3100 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:31:27.0343 3100 AegisP ( UnsignedFile.Multi.Generic ) - warning
13:31:27.0343 3100 AegisP - detected UnsignedFile.Multi.Generic (1)
13:31:27.0390 3100 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:31:27.0421 3100 AFD - ok
13:31:27.0421 3100 Aha154x - ok
13:31:27.0437 3100 aic78u2 - ok
13:31:27.0453 3100 aic78xx - ok
13:31:27.0468 3100 AliIde - ok
13:31:27.0500 3100 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:31:27.0515 3100 AmdK8 - ok
13:31:27.0531 3100 amsint - ok
13:31:27.0578 3100 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:31:27.0718 3100 Arp1394 - ok
13:31:27.0718 3100 asc - ok
13:31:27.0734 3100 asc3350p - ok
13:31:27.0734 3100 asc3550 - ok
13:31:27.0765 3100 AsIO (19a1dac5bc607c212e8a94c05886ed52) C:\WINDOWS\system32\drivers\AsIO.sys
13:31:27.0781 3100 AsIO ( UnsignedFile.Multi.Generic ) - warning
13:31:27.0781 3100 AsIO - detected UnsignedFile.Multi.Generic (1)
13:31:27.0812 3100 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:31:27.0843 3100 aswFsBlk - ok
13:31:27.0843 3100 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
13:31:27.0875 3100 aswMon2 - ok
13:31:27.0890 3100 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
13:31:27.0921 3100 aswRdr - ok
13:31:27.0953 3100 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
13:31:28.0000 3100 aswSnx - ok
13:31:28.0046 3100 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
13:31:28.0078 3100 aswSP - ok
13:31:28.0109 3100 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
13:31:28.0125 3100 aswTdi - ok
13:31:28.0156 3100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:31:28.0265 3100 AsyncMac - ok
13:31:28.0312 3100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:31:28.0437 3100 atapi - ok
13:31:28.0453 3100 Atdisk - ok
13:31:28.0484 3100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:31:28.0593 3100 Atmarpc - ok
13:31:28.0640 3100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:31:28.0765 3100 audstub - ok
13:31:28.0812 3100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:31:28.0968 3100 Beep - ok
13:31:28.0968 3100 catchme - ok
13:31:29.0015 3100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:31:29.0171 3100 cbidf2k - ok
13:31:29.0171 3100 cd20xrnt - ok
13:31:29.0234 3100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:31:29.0359 3100 Cdaudio - ok
13:31:29.0390 3100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:31:29.0515 3100 Cdfs - ok
13:31:29.0531 3100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:31:29.0656 3100 Cdrom - ok
13:31:29.0671 3100 Changer - ok
13:31:29.0687 3100 CmdIde - ok
13:31:29.0718 3100 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
13:31:29.0750 3100 COMMONFX.DLL - ok
13:31:29.0765 3100 Cpqarray - ok
13:31:29.0812 3100 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
13:31:29.0875 3100 CT20XUT.DLL - ok
13:31:29.0937 3100 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
13:31:29.0968 3100 ctac32k - ok
13:31:30.0000 3100 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
13:31:30.0046 3100 ctaud2k - ok
13:31:30.0062 3100 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
13:31:30.0125 3100 CTAUDFX.DLL - ok
13:31:30.0171 3100 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
13:31:30.0203 3100 ctdvda2k - ok
13:31:30.0250 3100 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
13:31:30.0281 3100 CTEAPSFX.DLL - ok
13:31:30.0312 3100 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
13:31:30.0343 3100 CTEDSPFX.DLL - ok
13:31:30.0343 3100 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
13:31:30.0375 3100 CTEDSPIO.DLL - ok
13:31:30.0390 3100 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
13:31:30.0421 3100 CTEDSPSY.DLL - ok
13:31:30.0468 3100 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
13:31:30.0484 3100 CTERFXFX.DLL - ok
13:31:30.0546 3100 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
13:31:30.0625 3100 CTEXFIFX.DLL - ok
13:31:30.0656 3100 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
13:31:30.0671 3100 CTHWIUT.DLL - ok
13:31:30.0703 3100 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
13:31:30.0718 3100 ctprxy2k - ok
13:31:30.0734 3100 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
13:31:30.0781 3100 CTSBLFX.DLL - ok
13:31:30.0796 3100 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
13:31:30.0828 3100 ctsfm2k - ok
13:31:30.0828 3100 dac2w2k - ok
13:31:30.0843 3100 dac960nt - ok
13:31:30.0906 3100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:31:31.0031 3100 Disk - ok
13:31:31.0062 3100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:31:31.0203 3100 dmboot - ok
13:31:31.0218 3100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:31:31.0343 3100 dmio - ok
13:31:31.0390 3100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:31:31.0515 3100 dmload - ok
13:31:31.0562 3100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:31:31.0703 3100 DMusic - ok
13:31:31.0703 3100 dpti2o - ok
13:31:31.0718 3100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:31:31.0843 3100 drmkaud - ok
13:31:31.0843 3100 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
13:31:31.0875 3100 emupia - ok
13:31:31.0906 3100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:31:32.0046 3100 Fastfat - ok
13:31:32.0078 3100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:31:32.0203 3100 Fdc - ok
13:31:32.0234 3100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:31:32.0359 3100 Fips - ok
13:31:32.0359 3100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:31:32.0484 3100 Flpydisk - ok
13:31:32.0531 3100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:31:32.0671 3100 FltMgr - ok
13:31:32.0703 3100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:31:32.0828 3100 Fs_Rec - ok
13:31:32.0843 3100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:31:33.0000 3100 Ftdisk - ok
13:31:33.0000 3100 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:31:33.0125 3100 gameenum - ok
13:31:33.0171 3100 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:31:33.0171 3100 GEARAspiWDM - ok
13:31:33.0187 3100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:31:33.0328 3100 Gpc - ok
13:31:33.0359 3100 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
13:31:33.0406 3100 ha10kx2k - ok
13:31:33.0437 3100 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
13:31:33.0468 3100 hap16v2k - ok
13:31:33.0500 3100 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
13:31:33.0546 3100 hap17v2k - ok
13:31:33.0578 3100 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:31:33.0703 3100 HidUsb - ok
13:31:33.0718 3100 hpn - ok
13:31:33.0734 3100 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:31:33.0781 3100 HPZid412 - ok
13:31:33.0796 3100 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:31:33.0812 3100 HPZipr12 - ok
13:31:33.0843 3100 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:31:33.0875 3100 HPZius12 - ok
13:31:33.0906 3100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:31:33.0953 3100 HTTP - ok
13:31:33.0953 3100 i2omgmt - ok
13:31:33.0968 3100 i2omp - ok
13:31:33.0984 3100 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:31:34.0109 3100 i8042prt - ok
13:31:34.0140 3100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:31:34.0250 3100 Imapi - ok
13:31:34.0265 3100 ini910u - ok
13:31:34.0281 3100 IntelIde - ok
13:31:34.0328 3100 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:31:34.0453 3100 Ip6Fw - ok
13:31:34.0500 3100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:31:34.0625 3100 IpFilterDriver - ok
13:31:34.0640 3100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:31:34.0750 3100 IpInIp - ok
13:31:34.0750 3100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:31:34.0875 3100 IpNat - ok
13:31:34.0890 3100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:31:35.0000 3100 IRENUM - ok
13:31:35.0015 3100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:31:35.0125 3100 isapnp - ok
13:31:35.0156 3100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:31:35.0265 3100 Kbdclass - ok
13:31:35.0281 3100 KeyScrambler (8f1bb80d589affb9c5e9cd7544251b29) C:\WINDOWS\system32\drivers\keyscrambler.sys
13:31:35.0343 3100 KeyScrambler - ok
13:31:35.0359 3100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:31:35.0484 3100 kmixer - ok
13:31:35.0515 3100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:31:35.0531 3100 KSecDD - ok
13:31:35.0546 3100 lbrtfdc - ok
13:31:35.0593 3100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:31:35.0734 3100 mnmdd - ok
13:31:35.0734 3100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:31:35.0843 3100 Modem - ok
13:31:35.0859 3100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:31:35.0968 3100 Mouclass - ok
13:31:35.0984 3100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:31:36.0140 3100 mouhid - ok
13:31:36.0156 3100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:31:36.0265 3100 MountMgr - ok
13:31:36.0281 3100 mraid35x - ok
13:31:36.0296 3100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:31:36.0406 3100 MRxDAV - ok
13:31:36.0468 3100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:31:36.0484 3100 MRxSmb - ok
13:31:36.0500 3100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:31:36.0625 3100 Msfs - ok
13:31:36.0640 3100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:31:36.0750 3100 MSKSSRV - ok
13:31:36.0781 3100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:31:36.0890 3100 MSPCLOCK - ok
13:31:36.0890 3100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:31:37.0015 3100 MSPQM - ok
13:31:37.0031 3100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:31:37.0140 3100 mssmbios - ok
13:31:37.0187 3100 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
13:31:37.0187 3100 MTsensor - ok
13:31:37.0234 3100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:31:37.0250 3100 Mup - ok
13:31:37.0265 3100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:31:37.0390 3100 NDIS - ok
13:31:37.0421 3100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:31:37.0437 3100 NdisTapi - ok
13:31:37.0453 3100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:31:37.0578 3100 Ndisuio - ok
13:31:37.0609 3100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:31:37.0734 3100 NdisWan - ok
13:31:37.0750 3100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:31:37.0765 3100 NDProxy - ok
13:31:37.0781 3100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:31:37.0890 3100 NetBIOS - ok
13:31:37.0921 3100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:31:38.0031 3100 NetBT - ok
13:31:38.0093 3100 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:31:38.0203 3100 NIC1394 - ok
13:31:38.0218 3100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:31:38.0343 3100 Npfs - ok
13:31:38.0343 3100 npmg - ok
13:31:38.0375 3100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:31:38.0484 3100 Ntfs - ok
13:31:38.0531 3100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:31:38.0687 3100 Null - ok
13:31:38.0984 3100 nv (18281a647f8d2a0afd00f4a9f52c59f4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:31:39.0296 3100 nv - ok
13:31:39.0328 3100 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
13:31:39.0343 3100 nvata - ok
13:31:39.0375 3100 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:31:39.0390 3100 NVENETFD - ok
13:31:39.0421 3100 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:31:39.0437 3100 nvnetbus - ok
13:31:39.0468 3100 NVTCP (57d0fb1b75420db651a71d5517afdf8a) C:\WINDOWS\system32\DRIVERS\NVTcp.sys
13:31:39.0484 3100 NVTCP ( UnsignedFile.Multi.Generic ) - warning
13:31:39.0484 3100 NVTCP - detected UnsignedFile.Multi.Generic (1)
13:31:39.0531 3100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:31:39.0687 3100 NwlnkFlt - ok
13:31:39.0718 3100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:31:39.0875 3100 NwlnkFwd - ok
13:31:39.0890 3100 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:31:40.0000 3100 ohci1394 - ok
13:31:40.0031 3100 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
13:31:40.0046 3100 ossrv - ok
13:31:40.0093 3100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:31:40.0203 3100 Parport - ok
13:31:40.0218 3100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:31:40.0343 3100 PartMgr - ok
13:31:40.0359 3100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:31:40.0500 3100 ParVdm - ok
13:31:40.0515 3100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:31:40.0625 3100 PCI - ok
13:31:40.0625 3100 PCIDump - ok
13:31:40.0656 3100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:31:40.0812 3100 PCIIde - ok
13:31:40.0828 3100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:31:40.0953 3100 Pcmcia - ok
13:31:40.0984 3100 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
13:31:40.0984 3100 pcouffin ( UnsignedFile.Multi.Generic ) - warning
13:31:40.0984 3100 pcouffin - detected UnsignedFile.Multi.Generic (1)
13:31:41.0000 3100 PDCOMP - ok
13:31:41.0000 3100 PDFRAME - ok
13:31:41.0015 3100 PDRELI - ok
13:31:41.0015 3100 PDRFRAME - ok
13:31:41.0031 3100 perc2 - ok
13:31:41.0046 3100 perc2hib - ok
13:31:41.0078 3100 PfDetNT (6dabb70783ef470492adb7b9a6e60bf3) C:\WINDOWS\system32\drivers\PfModNT.sys
13:31:41.0109 3100 PfDetNT - ok
13:31:41.0203 3100 PfFilter (8512a7a19959218711f884eecc1dbaeb) C:\Program Files\IObit\Protected Folder\pffilter.sys
13:31:41.0234 3100 PfFilter - ok
13:31:41.0265 3100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:31:41.0390 3100 PptpMiniport - ok
13:31:41.0406 3100 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:31:41.0515 3100 Processor - ok
13:31:41.0531 3100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:31:41.0656 3100 PSched - ok
13:31:41.0687 3100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:31:41.0843 3100 Ptilink - ok
13:31:41.0875 3100 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:31:41.0906 3100 PxHelp20 - ok
13:31:41.0921 3100 ql1080 - ok
13:31:41.0921 3100 Ql10wnt - ok
13:31:41.0937 3100 ql12160 - ok
13:31:41.0953 3100 ql1240 - ok
13:31:41.0953 3100 ql1280 - ok
13:31:41.0984 3100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:31:42.0140 3100 RasAcd - ok
13:31:42.0171 3100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:31:42.0281 3100 Rasl2tp - ok
13:31:42.0296 3100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:31:42.0406 3100 RasPppoe - ok
13:31:42.0406 3100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:31:42.0593 3100 Raspti - ok
13:31:42.0625 3100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:31:42.0750 3100 Rdbss - ok
13:31:42.0765 3100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:31:42.0921 3100 RDPCDD - ok
13:31:42.0968 3100 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:31:42.0984 3100 RDPWD - ok
13:31:43.0015 3100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:31:43.0125 3100 redbook - ok
13:31:43.0171 3100 RT25USBAP (9c377dbf9d2d19098db935dc1e8361a3) C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
13:31:43.0187 3100 RT25USBAP ( UnsignedFile.Multi.Generic ) - warning
13:31:43.0187 3100 RT25USBAP - detected UnsignedFile.Multi.Generic (1)
13:31:43.0234 3100 RTLWUSB (5a850259b849a899990379a75460a4eb) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
13:31:43.0250 3100 RTLWUSB - ok
13:31:43.0343 3100 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:31:43.0375 3100 SASDIFSV - ok
13:31:43.0421 3100 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:31:43.0437 3100 SASKUTIL - ok
13:31:43.0500 3100 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
13:31:43.0609 3100 sbp2port - ok
13:31:43.0640 3100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:31:43.0750 3100 Secdrv - ok
13:31:43.0781 3100 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:31:43.0906 3100 serenum - ok
13:31:43.0921 3100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:31:44.0031 3100 Serial - ok
13:31:44.0046 3100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:31:44.0171 3100 Sfloppy - ok
13:31:44.0203 3100 SI3132 (0b9b5c6df6226497ef4819b6e1b2efd5) C:\WINDOWS\system32\DRIVERS\SI3132.sys
13:31:44.0234 3100 SI3132 - ok
13:31:44.0250 3100 SiFilter (ad29a80543c63e5b3588d118fb327e22) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
13:31:44.0265 3100 SiFilter - ok
13:31:44.0281 3100 Simbad - ok
13:31:44.0281 3100 SiRemFil (b19efe5e45ae31f3c3e4c4f0f9da3c49) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
13:31:44.0312 3100 SiRemFil - ok
13:31:44.0343 3100 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
13:31:44.0343 3100 SjyPkt ( UnsignedFile.Multi.Generic ) - warning
13:31:44.0343 3100 SjyPkt - detected UnsignedFile.Multi.Generic (1)
13:31:44.0359 3100 Sparrow - ok
13:31:44.0390 3100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:31:44.0500 3100 splitter - ok
13:31:44.0531 3100 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
13:31:44.0531 3100 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
13:31:44.0531 3100 sptd ( LockedFile.Multi.Generic ) - warning
13:31:44.0531 3100 sptd - detected LockedFile.Multi.Generic (1)
13:31:44.0546 3100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:31:44.0656 3100 sr - ok
13:31:44.0671 3100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:31:44.0718 3100 Srv - ok
13:31:44.0765 3100 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
13:31:44.0781 3100 StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:31:44.0781 3100 StarOpen - detected UnsignedFile.Multi.Generic (1)
13:31:44.0828 3100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:31:44.0937 3100 swenum - ok
13:31:44.0953 3100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:31:45.0062 3100 swmidi - ok
13:31:45.0078 3100 symc810 - ok
13:31:45.0093 3100 symc8xx - ok
13:31:45.0093 3100 sym_hi - ok
13:31:45.0109 3100 sym_u3 - ok
13:31:45.0125 3100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:31:45.0234 3100 sysaudio - ok
13:31:45.0296 3100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:31:45.0312 3100 Tcpip - ok
13:31:45.0343 3100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:31:45.0453 3100 TDPIPE - ok
13:31:45.0484 3100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:31:45.0625 3100 TDTCP - ok
13:31:45.0640 3100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:31:45.0765 3100 TermDD - ok
13:31:45.0765 3100 TosIde - ok
13:31:45.0796 3100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:31:45.0906 3100 Udfs - ok
13:31:45.0921 3100 ultra - ok
13:31:45.0953 3100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:31:46.0078 3100 Update - ok
13:31:46.0125 3100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:31:46.0234 3100 usbccgp - ok
13:31:46.0281 3100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:31:46.0390 3100 usbehci - ok
13:31:46.0406 3100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:31:46.0515 3100 usbhub - ok
13:31:46.0546 3100 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:31:46.0656 3100 usbohci - ok
13:31:46.0703 3100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:31:46.0812 3100 usbprint - ok
13:31:46.0875 3100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:31:46.0984 3100 usbscan - ok
13:31:47.0031 3100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:31:47.0156 3100 USBSTOR - ok
13:31:47.0171 3100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:31:47.0281 3100 VgaSave - ok
13:31:47.0296 3100 ViaIde - ok
13:31:47.0312 3100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:31:47.0421 3100 VolSnap - ok
13:31:47.0437 3100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:31:47.0593 3100 Wanarp - ok
13:31:47.0609 3100 WDICA - ok
13:31:47.0625 3100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:31:47.0750 3100 wdmaud - ok
13:31:47.0812 3100 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:31:47.0953 3100 WS2IFSL - ok
13:31:47.0984 3100 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:31:48.0078 3100 \Device\Harddisk0\DR0 - ok
13:31:48.0093 3100 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR6
13:31:48.0281 3100 \Device\Harddisk1\DR6 - ok
13:31:48.0281 3100 Boot (0x1200) (8127b871c46ae9ae8c3d17e320573af3) \Device\Harddisk0\DR0\Partition0
13:31:48.0281 3100 \Device\Harddisk0\DR0\Partition0 - ok
13:31:48.0281 3100 Boot (0x1200) (830ddbe28b527d0859b98211a6e76762) \Device\Harddisk1\DR6\Partition0
13:31:48.0281 3100 \Device\Harddisk1\DR6\Partition0 - ok
13:31:48.0281 3100 ============================================================
13:31:48.0281 3100 Scan finished
13:31:48.0281 3100 ============================================================
13:31:48.0390 3092 Detected object count: 8
13:31:48.0390 3092 Actual detected object count: 8
13:31:54.0859 3092 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:54.0859 3092 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:54.0859 3092 AsIO ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:54.0859 3092 AsIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:54.0859 3092 NVTCP ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:54.0859 3092 NVTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:54.0859 3092 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:54.0859 3092 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:54.0859 3092 RT25USBAP ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:54.0859 3092 RT25USBAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:54.0859 3092 SjyPkt ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:54.0859 3092 SjyPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:54.0875 3092 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:31:54.0875 3092 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:31:54.0875 3092 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:54.0875 3092 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:56.0906 3052 Deinitialize success

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 AM

Posted 02 December 2011 - 03:10 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#5 raskol22

raskol22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 06 December 2011 - 10:15 PM

I still cannot connect to the internet (avast web shield still won't enable, can't browse). Here is the combofix log.

ComboFix 11-12-06.01 - Sean Kavanagh 12/06/2011 20:53:32.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.637 [GMT -6:00]
Running from: G:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-11-25 16:07 . 2011-11-25 16:07 -------- dc----w- C:\TDSSKiller_Quarantine
2011-11-20 19:31 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-20 19:31 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-20 19:31 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-20 19:31 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-20 19:31 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-20 19:31 . 2011-09-06 21:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-20 19:31 . 2011-09-06 21:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-20 19:31 . 2011-09-06 21:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-20 19:31 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-20 19:31 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-20 18:20 . 2011-11-20 18:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2011-11-20 09:20 . 2011-10-20 04:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-19 04:04 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-19 04:04 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2009-01-08 19:03 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-23 20:24 . 2011-07-01 04:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"F.lux"="c:\documents and settings\Sean Kavanagh\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-01 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-09 185872]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-03 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNTg2NTI3Nzg1LVQxLUtWMys3LUJBKzEtWEwrMS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1MSUMrNzctU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsx&prod=90&ver=10.0.1325" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2009-1-8 966656]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2009-12-13 1073152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/8/2009 2:51 PM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/20/2011 1:31 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/20/2011 1:31 PM 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/20/2011 1:31 PM 20568]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/5/2011 9:45 PM 821080]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [1/8/2009 1:36 PM 16168]
R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [6/5/2011 9:45 PM 140848]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [4/30/2011 4:43 PM 225856]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [1/8/2009 1:22 PM 332928]
S0 npmg;npmg;c:\windows\system32\drivers\dulkyay.sys --> c:\windows\system32\drivers\dulkyay.sys [?]
S2 CachemanService;Cacheman Service;c:\program files\Cacheman\CachemanServ.exe --> c:\program files\Cacheman\CachemanServ.exe [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/11/2010 2:45 PM 47360]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [1/8/2009 1:22 PM 13532]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 6:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2011-06-06 21:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 10.128.128.128
FF - ProfilePath - c:\documents and settings\Sean Kavanagh\Application Data\Mozilla\Firefox\Profiles\itqf5y8r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: browser.sessionstore.resume_from_crash - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-06 21:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(588)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-12-06 21:08:05
ComboFix-quarantined-files.txt 2011-12-07 03:08
ComboFix2.txt 2011-11-29 03:58
ComboFix3.txt 2011-11-29 03:26
ComboFix4.txt 2011-07-01 05:07
.
Pre-Run: 371,958,333,440 bytes free
Post-Run: 371,958,571,008 bytes free
.
- - End Of File - - F16E912F2E79875C1CA40B00292BA743

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 AM

Posted 07 December 2011 - 03:18 PM

Good evening. :)

Download Junction.zip by Mark Russinovich from here and save it to your Desktop - you'll need to unzip this one as well.

  • Copy and paste the file junction.exe into the Windows directory (C:\Windows).
  • Go to Start > Run..., copy the following into the textbox and click OK:

    • cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
  • A Command Window will open and the tool will start scanning.
  • When it's done, a text file called log.txt will appear - i'd like a copy of that in your next reply.

So long, and thanks for all the fish.

 

 


#7 raskol22

raskol22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 08 December 2011 - 12:57 PM

Here is the junction log.txt. I have to transfer the data via USB and sometimes I cannot disconnect the flash drive from the infected computer because it is being used. I do not know if this means anything but I thought I would bring it up.
Thank you


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...
Failed to open \\?\c:\\Documents and Settings\Sean Kavanagh\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Sean Kavanagh\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.




...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


..

...

...

...

...

...

...

...\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790



\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

...

...

...

...

...

...

...

...

...

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 AM

Posted 08 December 2011 - 03:16 PM

Good evening. :)

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

So long, and thanks for all the fish.

 

 


#9 raskol22

raskol22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 09 December 2011 - 11:25 AM

Here is the FSS.txt log.

Farbar Service Scanner
Ran by Sean Kavanagh (administrator) on 08-12-2011 at 22:19:46
Microsoft Windows XP Home Edition Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

**** End of log ****

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 AM

Posted 09 December 2011 - 03:36 PM

Good evening. :)

Follow the instructions here to install and run ERUNT by Lars Hederer - you are free to choose whether to have ERUNT run each time Windows boots up during the installation - personally I don't, but it is really up to you.

Once you've done the above, should your PC behave a little oddly when you run the regfix below, navigate to the folder where the back-up is stored, C:\WINDOWS\ERDNT\date by default, and double click the file erdnt.exe located there.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copy and paste the following into Notepad (Start > All Programs > Accessories > Notepad):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipsec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,70,00,73,00,65,00,63,00,2e,\
  00,73,00,79,00,73,00,00,00
"DisplayName"="IPSEC driver"
"Group"="PNP_TDI"
"Description"="IPSEC driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipsec\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipsec\Enum]
"0"="Root\\LEGACY_IPSEC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Save it to your Desktop with the following filename, including quotation marks: "reghack.reg"

Locate and double click the above file and OK the confirmation window when it appears.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reboot your PC and see if you can now connect to the internet. If you can't, run Farbar Service Scanner again and let me have the log, as before.

So long, and thanks for all the fish.

 

 


#11 raskol22

raskol22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 13 December 2011 - 08:39 PM

Hello, I'm still getting the avast! 10050 error and I still cannot connect to the internet.
Here is the FSS log again.

Farbar Service Scanner
Ran by Sean Kavanagh (administrator) on 13-12-2011 at 19:36:48
Microsoft Windows XP Home Edition Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

**** End of log ****

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 AM

Posted 14 December 2011 - 03:05 PM

Good evening. :)

Delete your copy of the Farbar Service Scanner and download a fresh copy form the same link - it's been updated.
Enter the following into the textbox and click Export Service: Dhcp;Dnscache;Tcpip
Please post the text file that should appear shortly thereafter.

So long, and thanks for all the fish.

 

 


#13 raskol22

raskol22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 15 December 2011 - 03:16 PM

Here is the new FSS report.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="DHCP Client"
"Group"="TDI"
"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,41,00,66,00,64,00,\
00,00,4e,00,65,00,74,00,42,00,54,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Manages network configuration by registering and updating IP addresses and DNS names."

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Configurations]
"Options"=hex:32,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,\
00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,00,\
00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Linkage]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Linkage\Disabled]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
00
"{4D1820E6-29D9-4685-A5DD-D4F8637FF855}"=hex:3b,00,00,00,00,00,00,00,04,00,00,\
00,00,00,00,00,b9,0e,d1,4e,00,00,e1,00,3a,00,00,00,00,00,00,00,04,00,00,00,\
00,00,00,00,b9,0e,d1,4e,00,00,a8,c0,33,00,00,00,00,00,00,00,04,00,00,00,00,\
00,00,00,b9,0e,d1,4e,00,01,51,80,06,00,00,00,00,00,00,00,04,00,00,00,00,00,\
00,00,b9,0e,d1,4e,0a,80,80,80,03,00,00,00,00,00,00,00,04,00,00,00,00,00,00,\
00,b9,0e,d1,4e,0a,80,80,80,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,\
b9,0e,d1,4e,ff,00,00,00,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,b9,\
0e,d1,4e,0a,80,80,80,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,b9,0e,\
d1,4e,05,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Parameters\Options]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Parameters\Options\1]
"KeyType"=dword:00000007
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,53,00,75,00,62,00,6e,00,\
65,00,74,00,4d,00,61,00,73,00,6b,00,4f,00,70,00,74,00,00,00,53,00,59,00,53,\
00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,43,00,\
6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,5c,00,3f,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,44,00,68,00,63,00,70,00,53,00,75,00,62,00,6e,00,65,00,74,00,4d,00,61,00,\
73,00,6b,00,4f,00,70,00,74,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Parameters\Options\15]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,44,00,6f,00,6d,00,61,00,\
69,00,6e,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,49,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,44,00,68,00,63,00,70,00,44,00,6f,00,6d,00,61,00,69,\
00,6e,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Parameters\Options\220]
"KeyType"=dword:00000003
"VendorType"=dword:00000001
"RegSendLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,\
72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,\
00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,\
54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,\
00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,\
65,00,73,00,5c,00,3f,00,5c,00,53,00,6f,00,48,00,52,00,65,00,71,00,75,00,65,\
00,73,00,74,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Parameters\Options\3]
"KeyType"=dword:00000007
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,44,00,65,00,66,00,61,00,\
75,00,6c,00,74,00,47,00,61,00,74,00,65,00,77,00,61,00,79,00,00,00,53,00,59,\
00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\
43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,3f,00,5c,00,50,00,61,00,72,00,\
61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,\
00,5c,00,44,00,68,00,63,00,70,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,\
47,00,61,00,74,00,65,00,77,00,61,00,79,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Parameters\Options\44]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,4e,\
00,65,00,74,00,42,00,54,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,3f,00,5c,00,44,00,68,00,\
63,00,70,00,4e,00,61,00,6d,00,65,00,53,00,65,00,72,00,76,00,65,00,72,00,4c,\
00,69,00,73,00,74,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,\
75,00,72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,\
00,53,00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,\
5c,00,4e,00,65,00,74,00,42,00,54,00,5c,00,41,00,64,00,61,00,70,00,74,00,65,\
00,72,00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,4e,00,61,00,6d,00,\
65,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Parameters\Options\46]
"KeyType"=dword:00000004
"RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpNodeType"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Parameters\Options\47]
"KeyType"=dword:00000001
"RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpScopeID"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Parameters\Options\6]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,4e,00,61,00,6d,00,65,00,\
53,00,65,00,72,00,76,00,65,00,72,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,\
00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,\
72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,\
61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,44,00,68,00,63,00,70,00,4e,\
00,61,00,6d,00,65,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Parameters\Options\DhcpNetbiosOptions]
"KeyType"=dword:00000004
"OptionId"=dword:00000001
"VendorType"=dword:00000001
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,4e,\
00,65,00,74,00,42,00,54,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,3f,00,5c,00,44,00,68,00,\
63,00,70,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,4f,00,70,00,74,00,69,\
00,6f,00,6e,00,73,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
2c,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dhcp\Enum]
"0"="Root\\LEGACY_DHCP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dnscache]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00
"DisplayName"="DNS Client"
"Group"="TDI"
"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="NT AUTHORITY\\NetworkService"
"Description"="Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
00
"NegativeSOACacheTime"=dword:00000000
"NetFailureCacheTime"=dword:00000000
"MaxCacheEntryTtlLimit"=dword:00002a30
"MaxCacheTtl"=dword:00002a30
"MaxNegativeCacheTtl"=dword:00000000
"CacheHashTableSize"=dword:000000d3

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dnscache\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,\
02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,\
00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Dnscache\Enum]
"0"="Root\\LEGACY_DNSCACHE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,\
00,73,00,79,00,73,00,00,00
"DisplayName"="TCP/IP Protocol Driver"
"Group"="PNP_TDI"
"DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="TCP/IP Protocol Driver"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Linkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,33,00,33,\
00,46,00,31,00,36,00,45,00,31,00,32,00,2d,00,42,00,35,00,37,00,38,00,2d,00,\
34,00,39,00,34,00,46,00,2d,00,41,00,33,00,36,00,44,00,2d,00,44,00,32,00,34,\
00,39,00,32,00,32,00,30,00,39,00,42,00,36,00,33,00,34,00,7d,00,00,00,5c,00,\
44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,34,00,44,00,31,00,38,00,32,\
00,30,00,45,00,36,00,2d,00,32,00,39,00,44,00,39,00,2d,00,34,00,36,00,38,00,\
35,00,2d,00,41,00,35,00,44,00,44,00,2d,00,44,00,34,00,46,00,38,00,36,00,33,\
00,37,00,46,00,46,00,38,00,35,00,35,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
69,00,63,00,65,00,5c,00,7b,00,42,00,41,00,36,00,44,00,44,00,30,00,45,00,31,\
00,2d,00,36,00,35,00,37,00,46,00,2d,00,34,00,38,00,41,00,30,00,2d,00,41,00,\
42,00,44,00,37,00,2d,00,41,00,31,00,33,00,41,00,34,00,33,00,42,00,32,00,30,\
00,35,00,32,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,\
5c,00,7b,00,45,00,34,00,42,00,31,00,38,00,39,00,44,00,32,00,2d,00,31,00,42,\
00,31,00,33,00,2d,00,34,00,46,00,42,00,36,00,2d,00,41,00,46,00,36,00,44,00,\
2d,00,35,00,46,00,36,00,34,00,35,00,41,00,31,00,37,00,36,00,34,00,46,00,38,\
00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,45,00,\
33,00,42,00,33,00,46,00,42,00,41,00,31,00,2d,00,38,00,38,00,34,00,43,00,2d,\
00,34,00,38,00,31,00,35,00,2d,00,39,00,36,00,42,00,45,00,2d,00,46,00,32,00,\
46,00,33,00,45,00,31,00,34,00,44,00,38,00,42,00,31,00,35,00,7d,00,00,00,5c,\
00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,38,00,31,00,36,00,31,00,\
46,00,45,00,45,00,41,00,2d,00,34,00,39,00,42,00,39,00,2d,00,34,00,44,00,30,\
00,30,00,2d,00,42,00,35,00,42,00,32,00,2d,00,36,00,44,00,38,00,36,00,41,00,\
39,00,41,00,35,00,44,00,37,00,34,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,\
00,69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,\
70,00,00,00,00,00
"Route"=hex(7):22,00,7b,00,33,00,33,00,46,00,31,00,36,00,45,00,31,00,32,00,2d,\
00,42,00,35,00,37,00,38,00,2d,00,34,00,39,00,34,00,46,00,2d,00,41,00,33,00,\
36,00,44,00,2d,00,44,00,32,00,34,00,39,00,32,00,32,00,30,00,39,00,42,00,36,\
00,33,00,34,00,7d,00,22,00,00,00,22,00,7b,00,34,00,44,00,31,00,38,00,32,00,\
30,00,45,00,36,00,2d,00,32,00,39,00,44,00,39,00,2d,00,34,00,36,00,38,00,35,\
00,2d,00,41,00,35,00,44,00,44,00,2d,00,44,00,34,00,46,00,38,00,36,00,33,00,\
37,00,46,00,46,00,38,00,35,00,35,00,7d,00,22,00,00,00,22,00,7b,00,42,00,41,\
00,36,00,44,00,44,00,30,00,45,00,31,00,2d,00,36,00,35,00,37,00,46,00,2d,00,\
34,00,38,00,41,00,30,00,2d,00,41,00,42,00,44,00,37,00,2d,00,41,00,31,00,33,\
00,41,00,34,00,33,00,42,00,32,00,30,00,35,00,32,00,42,00,7d,00,22,00,00,00,\
22,00,7b,00,45,00,34,00,42,00,31,00,38,00,39,00,44,00,32,00,2d,00,31,00,42,\
00,31,00,33,00,2d,00,34,00,46,00,42,00,36,00,2d,00,41,00,46,00,36,00,44,00,\
2d,00,35,00,46,00,36,00,34,00,35,00,41,00,31,00,37,00,36,00,34,00,46,00,38,\
00,7d,00,22,00,00,00,22,00,7b,00,45,00,33,00,42,00,33,00,46,00,42,00,41,00,\
31,00,2d,00,38,00,38,00,34,00,43,00,2d,00,34,00,38,00,31,00,35,00,2d,00,39,\
00,36,00,42,00,45,00,2d,00,46,00,32,00,46,00,33,00,45,00,31,00,34,00,44,00,\
38,00,42,00,31,00,35,00,7d,00,22,00,00,00,22,00,7b,00,38,00,31,00,36,00,31,\
00,46,00,45,00,45,00,41,00,2d,00,34,00,39,00,42,00,39,00,2d,00,34,00,44,00,\
30,00,30,00,2d,00,42,00,35,00,42,00,32,00,2d,00,36,00,44,00,38,00,36,00,41,\
00,39,00,41,00,35,00,44,00,37,00,34,00,42,00,7d,00,22,00,00,00,22,00,4e,00,\
64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,\
00,69,00,70,00,5f,00,7b,00,33,00,33,00,46,00,31,00,36,00,45,00,31,00,32,00,\
2d,00,42,00,35,00,37,00,38,00,2d,00,34,00,39,00,34,00,46,00,2d,00,41,00,33,\
00,36,00,44,00,2d,00,44,00,32,00,34,00,39,00,32,00,32,00,30,00,39,00,42,00,\
36,00,33,00,34,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,44,00,31,00,38,00,32,00,\
30,00,45,00,36,00,2d,00,32,00,39,00,44,00,39,00,2d,00,34,00,36,00,38,00,35,\
00,2d,00,41,00,35,00,44,00,44,00,2d,00,44,00,34,00,46,00,38,00,36,00,33,00,\
37,00,46,00,46,00,38,00,35,00,35,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,42,00,41,00,\
36,00,44,00,44,00,30,00,45,00,31,00,2d,00,36,00,35,00,37,00,46,00,2d,00,34,\
00,38,00,41,00,30,00,2d,00,41,00,42,00,44,00,37,00,2d,00,41,00,31,00,33,00,\
41,00,34,00,33,00,42,00,32,00,30,00,35,00,32,00,42,00,7d,00,00,00,5c,00,44,\
00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,\
7b,00,45,00,34,00,42,00,31,00,38,00,39,00,44,00,32,00,2d,00,31,00,42,00,31,\
00,33,00,2d,00,34,00,46,00,42,00,36,00,2d,00,41,00,46,00,36,00,44,00,2d,00,\
35,00,46,00,36,00,34,00,35,00,41,00,31,00,37,00,36,00,34,00,46,00,38,00,7d,\
00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,\
69,00,70,00,5f,00,7b,00,45,00,33,00,42,00,33,00,46,00,42,00,41,00,31,00,2d,\
00,38,00,38,00,34,00,43,00,2d,00,34,00,38,00,31,00,35,00,2d,00,39,00,36,00,\
42,00,45,00,2d,00,46,00,32,00,46,00,33,00,45,00,31,00,34,00,44,00,38,00,42,\
00,31,00,35,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,31,00,36,00,31,00,46,00,45,\
00,45,00,41,00,2d,00,34,00,39,00,42,00,39,00,2d,00,34,00,44,00,30,00,30,00,\
2d,00,42,00,35,00,42,00,32,00,2d,00,36,00,44,00,38,00,36,00,41,00,39,00,41,\
00,35,00,44,00,37,00,34,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,42,00,32,00,41,\
00,30,00,34,00,32,00,36,00,34,00,2d,00,38,00,41,00,38,00,30,00,2d,00,34,00,\
39,00,35,00,35,00,2d,00,41,00,31,00,38,00,37,00,2d,00,35,00,45,00,38,00,34,\
00,41,00,37,00,44,00,44,00,33,00,39,00,30,00,32,00,7d,00,00,00,5c,00,44,00,\
65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,\
00,45,00,41,00,39,00,41,00,34,00,30,00,37,00,36,00,2d,00,46,00,34,00,42,00,\
41,00,2d,00,34,00,33,00,45,00,34,00,2d,00,38,00,45,00,42,00,39,00,2d,00,36,\
00,46,00,44,00,44,00,30,00,46,00,46,00,46,00,41,00,46,00,37,00,35,00,7d,00,\
00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters]
"NV Hostname"="sean-a8221132d7"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="sean-a8221132d7"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"DisableTaskOffload"=dword:00000000
"DisableDynamicUpdate"=dword:00000000
"TcpMaxDataRetransmissions"=dword:00000005
"TcpNumConnections"=dword:00000064
"DhcpNameServer"="10.128.128.128"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,42,00,32,00,41,00,30,00,34,00,32,00,\
36,00,34,00,2d,00,38,00,41,00,38,00,30,00,2d,00,34,00,39,00,35,00,35,00,2d,\
00,41,00,31,00,38,00,37,00,2d,00,35,00,45,00,38,00,34,00,41,00,37,00,44,00,\
44,00,33,00,39,00,30,00,32,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,\
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,45,00,41,\
00,39,00,41,00,34,00,30,00,37,00,36,00,2d,00,46,00,34,00,42,00,41,00,2d,00,\
34,00,33,00,45,00,34,00,2d,00,38,00,45,00,42,00,39,00,2d,00,36,00,46,00,44,\
00,44,00,30,00,46,00,46,00,46,00,41,00,46,00,37,00,35,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:64,42,a0,b2,80,8a,55,49,a1,87,5e,84,a7,dd,39,02,76,40,9a,ea,\
ba,f4,e4,43,8e,b9,6f,dd,0f,ff,af,75

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Adapters\{33F16E12-B578-494F-A36D-D2492209B634}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,33,00,33,00,46,00,31,00,36,00,45,00,\
31,00,32,00,2d,00,42,00,35,00,37,00,38,00,2d,00,34,00,39,00,34,00,46,00,2d,\
00,41,00,33,00,36,00,44,00,2d,00,44,00,32,00,34,00,39,00,32,00,32,00,30,00,\
39,00,42,00,36,00,33,00,34,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Adapters\{4D1820E6-29D9-4685-A5DD-D4F8637FF855}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,44,00,31,00,38,00,32,00,30,00,\
45,00,36,00,2d,00,32,00,39,00,44,00,39,00,2d,00,34,00,36,00,38,00,35,00,2d,\
00,41,00,35,00,44,00,44,00,2d,00,44,00,34,00,46,00,38,00,36,00,33,00,37,00,\
46,00,46,00,38,00,35,00,35,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Adapters\{8161FEEA-49B9-4D00-B5B2-6D86A9A5D74B}]
"LLInterface"="ARP1394"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,31,00,36,00,31,00,46,00,45,00,\
45,00,41,00,2d,00,34,00,39,00,42,00,39,00,2d,00,34,00,44,00,30,00,30,00,2d,\
00,42,00,35,00,42,00,32,00,2d,00,36,00,44,00,38,00,36,00,41,00,39,00,41,00,\
35,00,44,00,37,00,34,00,42,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Adapters\{BA6DD0E1-657F-48A0-ABD7-A13A43B2052B}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,42,00,41,00,36,00,44,00,44,00,30,00,\
45,00,31,00,2d,00,36,00,35,00,37,00,46,00,2d,00,34,00,38,00,41,00,30,00,2d,\
00,41,00,42,00,44,00,37,00,2d,00,41,00,31,00,33,00,41,00,34,00,33,00,42,00,\
32,00,30,00,35,00,32,00,42,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Adapters\{E3B3FBA1-884C-4815-96BE-F2F3E14D8B15}]
"LLInterface"="ARP1394"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,45,00,33,00,42,00,33,00,46,00,42,00,\
41,00,31,00,2d,00,38,00,38,00,34,00,43,00,2d,00,34,00,38,00,31,00,35,00,2d,\
00,39,00,36,00,42,00,45,00,2d,00,46,00,32,00,46,00,33,00,45,00,31,00,34,00,\
44,00,38,00,42,00,31,00,35,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Adapters\{E4B189D2-1B13-4FB6-AF6D-5F645A1764F8}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,45,00,34,00,42,00,31,00,38,00,39,00,\
44,00,32,00,2d,00,31,00,42,00,31,00,33,00,2d,00,34,00,46,00,42,00,36,00,2d,\
00,41,00,46,00,36,00,44,00,2d,00,35,00,46,00,36,00,34,00,35,00,41,00,31,00,\
37,00,36,00,34,00,46,00,38,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{33F16E12-B578-494F-A36D-D2492209B634}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:4b257592
"T1"=dword:4b257c9a
"T2"=dword:4b2581e0
"LeaseTerminatesTime"=dword:4b2583a2
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4D1820E6-29D9-4685-A5DD-D4F8637FF855}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="10.128.128.128"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:4ecfbd39
"T1"=dword:4ed065f9
"T2"=dword:4ed09e39
"LeaseTerminatesTime"=dword:4ed10eb9
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:6f287b18
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"MTU"=dword:000005d4
"DhcpIPAddress"="10.82.108.44"
"DhcpSubnetMask"="255.0.0.0"
"DhcpNameServer"="10.128.128.128"
"DhcpDefaultGateway"=hex(7):31,00,30,00,2e,00,31,00,32,00,38,00,2e,00,31,00,32,\
00,38,00,2e,00,31,00,32,00,38,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,30,00,2e,00,30,00,2e,00,30,\
00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8161FEEA-49B9-4D00-B5B2-6D86A9A5D74B}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B2A04264-8A80-4955-A187-5E84A7DD3902}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BA6DD0E1-657F-48A0-ABD7-A13A43B2052B}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E3B3FBA1-884C-4815-96BE-F2F3E14D8B15}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E4B189D2-1B13-4FB6-AF6D-5F645A1764F8}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):00,00
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="169.254.199.191"
"DhcpSubnetMask"="255.255.0.0"
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000000
"LeaseObtainedTime"=dword:49cfb2ec
"T1"=dword:49cfb2ec
"T2"=dword:49cfb2ec
"LeaseTerminatesTime"=dword:7fffffff
"IPAutoconfigurationAddress"="169.254.199.191"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000001
"IsServerNapAware"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{EA9A4076-F4BA-43E4-8EB9-6FDD0FFFAF75}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Performance]
"Close"="CloseTcpIpPerformanceData"
"Collect"="CollectTcpIpPerformanceData"
"Library"="Perfctrs.dll"
"Open"="OpenTcpIpPerformanceData"
"Object List"="502 510 546 582 638 658"
"WbemAdapFileSignature"=hex:db,e2,b6,23,53,66,0e,cc,a0,d7,5e,a3,07,a7,17,e9
"WbemAdapFileTime"=hex:00,a0,13,80,5e,3c,c6,01
"WbemAdapFileSize"=dword:00009c00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\ServiceProvider]
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,6f,00,63,00,6b,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"Name"="TCP/IP"
"Class"=dword:00000001
"LocalPriority"=dword:00000005
"NetbtPriority"=dword:00000008
"DnsPriority"=dword:00000007
"HostsPriority"=dword:00000006

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Tcpip\Enum]
"0"="Root\\LEGACY_TCPIP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
"INITSTARTFAILED"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Dhcp]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Dhcp\0000]
"Service"="Dhcp"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="DHCP Client"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Dnscache]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Dnscache\0000]
"Service"="Dnscache"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="DNS Client"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Tcpip]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Tcpip\0000]
"Service"="Tcpip"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="TCP/IP Protocol Driver"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\\0040"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Tcpip\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Tcpip\0000\Control]

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 AM

Posted 16 December 2011 - 04:07 PM

Good evening. :)

The problem that you have is one that has been caused by the zero access infection and is proving a pain to resolve. The following may temporarily enable you to connect to the internet, but rebooting will recreate the problem - fortunately if the fix works you can run it each time you reboot.

Copy and paste the following into Notepad (Start > All Programs > Accessories > Notepad):

net start dhcp >> output.txt
net start dnscache >> output.txt
net start tcpip >> output.txt


Save it to your Desktop with the following filename, including quotation marks: "fix.bat"

Simply double click fix.bat to run it and then check to see if you have internet access. I'd like to know what happened as well as getting a copy of the text file output.txt that you should find on your Desktop too.

If the fix works that gets us further on but obviously doesn't completely solve the issue.

So long, and thanks for all the fish.

 

 


#15 raskol22

raskol22
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 17 December 2011 - 03:42 PM

It looks to be more of the same. Avast still has the 10050 error and I can't connect to the internet.
There was a text output.txt file that appeared on my desktop but when I opened it there was nothing (no text) on it.
Another thing I found is when I try to change windows firewall settings I get a display box that reads - Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service? I then click yes but another display box pops up saying - Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service. Just thought I would point that out just in case.
Thanks for all your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users