Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet after removing Windows XP Home Security 2012


  • Please log in to reply
14 replies to this topic

#1 J Moatenoa

J Moatenoa

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 12 January 2012 - 02:50 AM

At the moment, my home desktop(Windows XP Home edition) is unable to connect to my wireless modem. The windows wireless network 'repair' process stops at 'renewing the IP address'.

My computer problem started five days ago when my desktop got infected with the 'Windows XP Home Security 2012' virus.

If I remember correctly, I was on Google searching for online manga at the time.

My browser suddenly crashed and the virus pop-up(the fake windows antivirus scan) appeared on my desktop. It kept popping up no matter how many times I closed it. Plus, it disabled all my programs and webpages. Every time I tried opening any of them, the page would just redirect me back to the fake scan pop-up.

As I couldn't browse the net for solutions on this desktop, I had to go on my Iphone's browser to search it up.
It was a long search but basically what I gathered from one forum was that, if I brought up task manager and ended the 'fake scan' pop-up on my desktop, I would be able to identify the program causing the endless fake scan pop-ups, via the program disappearing from the 'processes' tab. I did just that and identified it as 'phm.exe'. I then followed further instructions to search for and delete any files with this name. This also included running a search with the exact same keyword in the registry and deleting the results.

That seemed to do the trick as the pop-ups finally ended. But, something still wasn't right.

1. I couldn't clear the Recycle Bin of those deleted files.

2. My desktop internet icon displayed "limited or no connectivity" and I was unable to go online at all despite the getting rid of the pop-ups.

I thought perhaps that I hadn't completely removed the virus.

I then searched for more solutions and found a guide to removing the virus on this website. I followed all the instructions found here: http://www.bleepingcomputer.com/virus-removal/remove-xp-home-security-2012 and it seems that the virus has been removed completely now.

However, after restarting my desktop, I'm still unable to connect to the Internet! The wireless connection remains in that same state. Essentially, I'm stuck now and am unsure of how to proceed and repair my desktop's internet connection.

Please advise on how to solve this problem. Any help is much appreciated. Thank you!

P.S. I'm using my Iphone as a 'hotspot' to post this.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:39 AM

Posted 12 January 2012 - 04:55 AM

Download

http://download.bleepingcomputer.com/farbar/FSS.exe


and run it on the infected PC.


* Click on "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.
* Please copy and paste the log to your reply

#3 J Moatenoa

J Moatenoa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 12 January 2012 - 08:54 AM

Thanks for the reply.

Here's the log.

Farbar Service Scanner
Ran by Administrator (administrator) on 13-01-2012 at 00:53:07
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-04 06:14] - [2008-08-14 20:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 06:14] - [2004-08-04 06:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 06:14] - [2008-06-20 21:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 06:14] - [2004-08-04 06:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 07:56] - [2004-08-04 07:56] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\svchost.exe
[2004-08-04 07:56] - [2004-08-04 07:56] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 07:56] - [2009-02-09 21:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28

C:\WINDOWS\system32\services.exe
[2004-08-04 07:56] - [2009-02-07 04:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:39 AM

Posted 12 January 2012 - 11:12 AM

Download

Winsock fix

Launch it ,Click on FIX

Restart your PC after it gets completed

Check your browser.If that doesnt work try this


PLEASE create a restore point before trying this

Please copy the entire contents of the codebox below into Notepad:


REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]





Open a notepad ,copy the script,save it as

Filename:winsock.reg
save as type:All files


Launch it and click YES to add it to registry

After that, Reboot your computer.

After the restart,

Go to Network Connections
Right click on your normal connection icon, and choose Properties
Click the Install button
Choose Protocol then click Add
Click Have disk
In the drop down box, type in: C:\WINDOWS\INF and click OK
In the next dialog, click Internet Protocol (TCP/IP) then click OK
Click Close to leave the properties box

After that, restart your computer and see if you can browse now.


Good luck

#5 J Moatenoa

J Moatenoa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 13 January 2012 - 09:56 AM

Hi,

Followed both sets of instructions but to no avail. The problem still remains the same and my desktop still won't connect to the Internet. It still stops at "renewing IP address".

Please advise on how to proceed. Thank you, much appreciated.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:39 AM

Posted 13 January 2012 - 10:11 AM

Download

http://go.microsoft.com/?linkid=9662461

Run the fixit

Press Windows+R key and type

cmd and click ok

Run the following commands


netsh i i r r
netsh winsock reset
ipconfig /registerdns
ipconfig /flushdns
ipconfig /release
ipconfig /renew


Press Windows+R key and type

devmgmt.msc and click ok

Expand network adapters

Right click on your network driver-Uninstall

Restart your PC and check your browser

Good luck

Edited by narenxp, 13 January 2012 - 10:12 AM.


#7 J Moatenoa

J Moatenoa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 13 January 2012 - 11:33 AM

Hi,

Followed the instructions but problem still remains.

One interesting thing I noticed though, was directly after running ipconfig /registerdns, Network Connection went from being "limited or no connectivity" to "connected".

However, there were no packets being sent or received at all and I was still unable to connect to the Internet despite this change.

Network returned to being "limited or no connectivity" after running ipconfig /release.

Proceeded with the rest of the instructions but still unable to connect after restart. Please advise?

Thanks for the replies.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:39 AM

Posted 13 January 2012 - 11:38 AM

Press Windows+ R key and type

services.msc and click ok

what is the status of dhcp client? Is it started?

Disable your antivirus or firewalls and try to browse

Can you browse in safemode with networking?

Download

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Click on SCAN ,do not fix anything.Please post the tdsskiller log

#9 J Moatenoa

J Moatenoa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 13 January 2012 - 09:17 PM

Hi,

Yes, the dhcp client is started.

Tried browsing with antivirus and firewalls disabled but problem still remains.

Also, cannot browse in safemode with networking. Network Connection still remains "limited or no connectivity".

Here is the tdsskiller log:

13:12:39.0984 3948 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:12:41.0984 3948 ============================================================
13:12:41.0984 3948 Current date / time: 2012/01/14 13:12:41.0984
13:12:41.0984 3948 SystemInfo:
13:12:41.0984 3948
13:12:41.0984 3948 OS Version: 5.1.2600 ServicePack: 2.0
13:12:41.0984 3948 Product type: Workstation
13:12:41.0984 3948 ComputerName: J-505B3AE04ABE4
13:12:41.0984 3948 UserName: Administrator
13:12:41.0984 3948 Windows directory: C:\WINDOWS
13:12:41.0984 3948 System windows directory: C:\WINDOWS
13:12:41.0984 3948 Processor architecture: Intel x86
13:12:41.0984 3948 Number of processors: 2
13:12:41.0984 3948 Page size: 0x1000
13:12:41.0984 3948 Boot type: Normal boot
13:12:41.0984 3948 ============================================================
13:12:42.0484 3948 Initialize success
13:12:49.0359 2104 ============================================================
13:12:49.0359 2104 Scan started
13:12:49.0359 2104 Mode: Manual;
13:12:49.0359 2104 ============================================================
13:12:50.0062 2104 Abiosdsk - ok
13:12:50.0078 2104 abp480n5 - ok
13:12:50.0109 2104 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:12:50.0109 2104 ACPI - ok
13:12:50.0140 2104 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:12:50.0140 2104 ACPIEC - ok
13:12:50.0140 2104 adpu160m - ok
13:12:50.0171 2104 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
13:12:50.0171 2104 aec - ok
13:12:50.0203 2104 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
13:12:50.0203 2104 AFD - ok
13:12:50.0203 2104 Aha154x - ok
13:12:50.0218 2104 aic78u2 - ok
13:12:50.0234 2104 aic78xx - ok
13:12:50.0250 2104 AliIde - ok
13:12:50.0265 2104 amsint - ok
13:12:50.0296 2104 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:12:50.0296 2104 Arp1394 - ok
13:12:50.0312 2104 asc - ok
13:12:50.0312 2104 asc3350p - ok
13:12:50.0328 2104 asc3550 - ok
13:12:50.0375 2104 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\system32\ASNDIS5.SYS
13:12:50.0375 2104 ASNDIS5 - ok
13:12:50.0390 2104 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:12:50.0390 2104 AsyncMac - ok
13:12:50.0421 2104 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:12:50.0421 2104 atapi - ok
13:12:50.0437 2104 Atdisk - ok
13:12:50.0468 2104 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:12:50.0468 2104 Atmarpc - ok
13:12:50.0484 2104 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:12:50.0484 2104 audstub - ok
13:12:50.0546 2104 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
13:12:50.0546 2104 avgio - ok
13:12:50.0562 2104 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:12:50.0562 2104 avgntflt - ok
13:12:50.0578 2104 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:12:50.0578 2104 avipbb - ok
13:12:50.0593 2104 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:12:50.0593 2104 Beep - ok
13:12:50.0625 2104 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:12:50.0625 2104 cbidf2k - ok
13:12:50.0640 2104 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:12:50.0656 2104 CCDECODE - ok
13:12:50.0656 2104 cd20xrnt - ok
13:12:50.0671 2104 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:12:50.0671 2104 Cdaudio - ok
13:12:50.0703 2104 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
13:12:50.0703 2104 Cdfs - ok
13:12:50.0734 2104 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:12:50.0734 2104 Cdrom - ok
13:12:50.0734 2104 Changer - ok
13:12:50.0750 2104 CmdIde - ok
13:12:50.0781 2104 Cpqarray - ok
13:12:50.0796 2104 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
13:12:50.0796 2104 ctljystk - ok
13:12:50.0812 2104 dac2w2k - ok
13:12:50.0812 2104 dac960nt - ok
13:12:50.0828 2104 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
13:12:50.0843 2104 Disk - ok
13:12:50.0859 2104 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
13:12:50.0859 2104 dmboot - ok
13:12:50.0875 2104 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
13:12:50.0875 2104 dmio - ok
13:12:50.0890 2104 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:12:50.0890 2104 dmload - ok
13:12:50.0906 2104 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
13:12:50.0906 2104 DMusic - ok
13:12:50.0921 2104 dpti2o - ok
13:12:50.0937 2104 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
13:12:50.0937 2104 drmkaud - ok
13:12:50.0953 2104 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
13:12:50.0953 2104 emu10k - ok
13:12:50.0968 2104 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
13:12:50.0968 2104 emu10k1 - ok
13:12:50.0984 2104 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
13:12:50.0984 2104 Fastfat - ok
13:12:51.0000 2104 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:12:51.0000 2104 Fdc - ok
13:12:51.0015 2104 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
13:12:51.0015 2104 Fips - ok
13:12:51.0031 2104 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:12:51.0031 2104 Flpydisk - ok
13:12:51.0046 2104 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:12:51.0046 2104 FltMgr - ok
13:12:51.0062 2104 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:12:51.0062 2104 Fs_Rec - ok
13:12:51.0078 2104 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:12:51.0093 2104 Ftdisk - ok
13:12:51.0109 2104 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:12:51.0109 2104 gameenum - ok
13:12:51.0125 2104 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:12:51.0125 2104 GEARAspiWDM - ok
13:12:51.0156 2104 GGSAFERDriver - ok
13:12:51.0171 2104 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:12:51.0171 2104 Gpc - ok
13:12:51.0203 2104 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
13:12:51.0203 2104 HdAudAddService - ok
13:12:51.0218 2104 HDAudBus (cbbb304dc69e0b56f789852f6455f7ec) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:12:51.0218 2104 HDAudBus - ok
13:12:51.0234 2104 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:12:51.0234 2104 hidusb - ok
13:12:51.0250 2104 hpn - ok
13:12:51.0281 2104 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
13:12:51.0281 2104 HTTP - ok
13:12:51.0296 2104 i2omgmt - ok
13:12:51.0312 2104 i2omp - ok
13:12:51.0328 2104 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\drivers\i8042prt.sys
13:12:51.0328 2104 i8042prt - ok
13:12:51.0343 2104 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:12:51.0343 2104 Imapi - ok
13:12:51.0359 2104 ini910u - ok
13:12:51.0390 2104 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:12:51.0390 2104 IntelIde - ok
13:12:51.0406 2104 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:12:51.0406 2104 intelppm - ok
13:12:51.0421 2104 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:12:51.0421 2104 Ip6Fw - ok
13:12:51.0437 2104 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:12:51.0437 2104 IpFilterDriver - ok
13:12:51.0453 2104 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:12:51.0453 2104 IpInIp - ok
13:12:51.0468 2104 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:12:51.0468 2104 IpNat - ok
13:12:51.0484 2104 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:12:51.0484 2104 IPSec - ok
13:12:51.0500 2104 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:12:51.0500 2104 IRENUM - ok
13:12:51.0531 2104 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:12:51.0531 2104 isapnp - ok
13:12:51.0546 2104 iteraid (c53360c1932904fe89c6be55378628cb) C:\WINDOWS\system32\DRIVERS\iteraid.sys
13:12:51.0546 2104 iteraid - ok
13:12:51.0578 2104 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:12:51.0578 2104 Kbdclass - ok
13:12:51.0593 2104 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:12:51.0593 2104 kbdhid - ok
13:12:51.0625 2104 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
13:12:51.0625 2104 kmixer - ok
13:12:51.0656 2104 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
13:12:51.0671 2104 KSecDD - ok
13:12:51.0687 2104 lbrtfdc - ok
13:12:51.0703 2104 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\drivers\lvusbsta.sys
13:12:51.0703 2104 LVUSBSta - ok
13:12:51.0718 2104 MBAMSwissArmy - ok
13:12:51.0734 2104 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:12:51.0734 2104 mnmdd - ok
13:12:51.0750 2104 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
13:12:51.0765 2104 Modem - ok
13:12:51.0781 2104 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:12:51.0781 2104 Mouclass - ok
13:12:51.0781 2104 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:12:51.0796 2104 mouhid - ok
13:12:51.0796 2104 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
13:12:51.0796 2104 MountMgr - ok
13:12:51.0812 2104 mraid35x - ok
13:12:51.0828 2104 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:12:51.0828 2104 MRxDAV - ok
13:12:51.0859 2104 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:12:51.0859 2104 MRxSmb - ok
13:12:51.0875 2104 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
13:12:51.0875 2104 Msfs - ok
13:12:51.0921 2104 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:12:51.0921 2104 MSKSSRV - ok
13:12:51.0921 2104 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:12:51.0937 2104 MSPCLOCK - ok
13:12:51.0937 2104 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
13:12:51.0937 2104 MSPQM - ok
13:12:51.0953 2104 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:12:51.0953 2104 mssmbios - ok
13:12:51.0968 2104 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
13:12:51.0968 2104 MSTEE - ok
13:12:52.0000 2104 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
13:12:52.0000 2104 Mup - ok
13:12:52.0031 2104 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:12:52.0031 2104 NABTSFEC - ok
13:12:52.0046 2104 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
13:12:52.0046 2104 NDIS - ok
13:12:52.0062 2104 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:12:52.0062 2104 NdisIP - ok
13:12:52.0062 2104 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:12:52.0078 2104 NdisTapi - ok
13:12:52.0093 2104 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:12:52.0093 2104 Ndisuio - ok
13:12:52.0109 2104 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:12:52.0109 2104 NdisWan - ok
13:12:52.0125 2104 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
13:12:52.0125 2104 NDProxy - ok
13:12:52.0140 2104 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys
13:12:52.0140 2104 Netaapl - ok
13:12:52.0156 2104 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:12:52.0156 2104 NetBIOS - ok
13:12:52.0171 2104 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:12:52.0171 2104 NetBT - ok
13:12:52.0203 2104 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:12:52.0203 2104 NIC1394 - ok
13:12:52.0218 2104 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
13:12:52.0218 2104 Npfs - ok
13:12:52.0250 2104 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
13:12:52.0250 2104 Ntfs - ok
13:12:52.0265 2104 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:12:52.0281 2104 Null - ok
13:12:52.0437 2104 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:12:52.0468 2104 nv - ok
13:12:52.0500 2104 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:12:52.0500 2104 NwlnkFlt - ok
13:12:52.0531 2104 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:12:52.0531 2104 NwlnkFwd - ok
13:12:52.0578 2104 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:12:52.0578 2104 ohci1394 - ok
13:12:52.0593 2104 ossrv - ok
13:12:52.0609 2104 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
13:12:52.0609 2104 Parport - ok
13:12:52.0625 2104 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
13:12:52.0625 2104 PartMgr - ok
13:12:52.0656 2104 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:12:52.0656 2104 ParVdm - ok
13:12:52.0671 2104 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
13:12:52.0671 2104 PCI - ok
13:12:52.0687 2104 PCIDump - ok
13:12:52.0687 2104 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:12:52.0687 2104 PCIIde - ok
13:12:52.0734 2104 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:12:52.0734 2104 Pcmcia - ok
13:12:52.0734 2104 PDCOMP - ok
13:12:52.0750 2104 PDFRAME - ok
13:12:52.0765 2104 PDRELI - ok
13:12:52.0781 2104 PDRFRAME - ok
13:12:52.0812 2104 pepifilter (16bc447de474a9e125db39806714f1e1) C:\WINDOWS\system32\DRIVERS\lv302af.sys
13:12:52.0812 2104 pepifilter - ok
13:12:52.0828 2104 perc2 - ok
13:12:52.0843 2104 perc2hib - ok
13:12:52.0921 2104 PID_08A0 (7a31b09c7f037a1217b658465f19bbce) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
13:12:52.0921 2104 PID_08A0 - ok
13:12:52.0968 2104 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:12:52.0968 2104 PptpMiniport - ok
13:12:53.0015 2104 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
13:12:53.0015 2104 PSched - ok
13:12:53.0031 2104 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:12:53.0031 2104 Ptilink - ok
13:12:53.0031 2104 ql1080 - ok
13:12:53.0046 2104 Ql10wnt - ok
13:12:53.0062 2104 ql12160 - ok
13:12:53.0078 2104 ql1240 - ok
13:12:53.0078 2104 ql1280 - ok
13:12:53.0093 2104 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:12:53.0093 2104 RasAcd - ok
13:12:53.0140 2104 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:12:53.0140 2104 Rasl2tp - ok
13:12:53.0156 2104 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:12:53.0156 2104 RasPppoe - ok
13:12:53.0171 2104 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:12:53.0171 2104 Raspti - ok
13:12:53.0203 2104 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:12:53.0203 2104 Rdbss - ok
13:12:53.0218 2104 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:12:53.0218 2104 RDPCDD - ok
13:12:53.0234 2104 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:12:53.0234 2104 rdpdr - ok
13:12:53.0281 2104 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
13:12:53.0281 2104 RDPWD - ok
13:12:53.0312 2104 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:12:53.0328 2104 redbook - ok
13:12:53.0375 2104 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:12:53.0375 2104 Secdrv - ok
13:12:53.0421 2104 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:12:53.0421 2104 serenum - ok
13:12:53.0453 2104 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
13:12:53.0453 2104 Serial - ok
13:12:53.0484 2104 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:12:53.0484 2104 Sfloppy - ok
13:12:53.0515 2104 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
13:12:53.0515 2104 sfman - ok
13:12:53.0531 2104 Simbad - ok
13:12:53.0546 2104 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:12:53.0546 2104 SLIP - ok
13:12:53.0562 2104 Sparrow - ok
13:12:53.0593 2104 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
13:12:53.0593 2104 splitter - ok
13:12:53.0656 2104 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
13:12:53.0656 2104 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
13:12:53.0656 2104 sptd ( LockedFile.Multi.Generic ) - warning
13:12:53.0656 2104 sptd - detected LockedFile.Multi.Generic (1)
13:12:53.0687 2104 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
13:12:53.0687 2104 sr - ok
13:12:53.0718 2104 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
13:12:53.0718 2104 Srv - ok
13:12:53.0765 2104 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:12:53.0765 2104 ssmdrv - ok
13:12:53.0812 2104 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:12:53.0812 2104 streamip - ok
13:12:53.0843 2104 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:12:53.0843 2104 swenum - ok
13:12:53.0890 2104 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
13:12:53.0890 2104 swmidi - ok
13:12:53.0906 2104 symc810 - ok
13:12:53.0906 2104 symc8xx - ok
13:12:53.0921 2104 sym_hi - ok
13:12:53.0937 2104 sym_u3 - ok
13:12:53.0953 2104 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
13:12:53.0953 2104 sysaudio - ok
13:12:54.0000 2104 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:12:54.0000 2104 Tcpip - ok
13:12:54.0046 2104 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:12:54.0046 2104 TDPIPE - ok
13:12:54.0078 2104 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
13:12:54.0078 2104 TDTCP - ok
13:12:54.0093 2104 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:12:54.0093 2104 TermDD - ok
13:12:54.0109 2104 TosIde - ok
13:12:54.0171 2104 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
13:12:54.0171 2104 Udfs - ok
13:12:54.0171 2104 ultra - ok
13:12:54.0281 2104 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\J Progams\Unlocker\UnlockerDriver5.sys
13:12:54.0281 2104 UnlockerDriver5 - ok
13:12:54.0328 2104 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
13:12:54.0328 2104 Update - ok
13:12:54.0375 2104 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:12:54.0375 2104 USBAAPL - ok
13:12:54.0406 2104 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
13:12:54.0406 2104 usbaudio - ok
13:12:54.0437 2104 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:12:54.0437 2104 usbccgp - ok
13:12:54.0453 2104 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:12:54.0453 2104 usbehci - ok
13:12:54.0468 2104 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:12:54.0484 2104 usbhub - ok
13:12:54.0500 2104 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:12:54.0500 2104 usbprint - ok
13:12:54.0546 2104 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:12:54.0546 2104 usbscan - ok
13:12:54.0593 2104 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:12:54.0593 2104 usbstor - ok
13:12:54.0640 2104 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:12:54.0640 2104 usbuhci - ok
13:12:54.0671 2104 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
13:12:54.0671 2104 VgaSave - ok
13:12:54.0687 2104 ViaIde - ok
13:12:54.0703 2104 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
13:12:54.0703 2104 VolSnap - ok
13:12:54.0765 2104 W8100XP (f47660ee2cc6161540106b6bfa207f35) C:\WINDOWS\system32\DRIVERS\mrv8ka51.sys
13:12:54.0765 2104 W8100XP - ok
13:12:54.0781 2104 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:12:54.0781 2104 Wanarp - ok
13:12:54.0828 2104 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:12:54.0843 2104 Wdf01000 - ok
13:12:54.0843 2104 WDICA - ok
13:12:54.0890 2104 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
13:12:54.0906 2104 wdmaud - ok
13:12:54.0968 2104 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:12:54.0968 2104 WSTCODEC - ok
13:12:55.0000 2104 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:12:55.0000 2104 WudfPf - ok
13:12:55.0031 2104 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:12:55.0031 2104 WudfRd - ok
13:12:55.0046 2104 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:12:55.0046 2104 \Device\Harddisk1\DR1 - ok
13:12:55.0062 2104 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
13:12:55.0062 2104 \Device\Harddisk2\DR2 - ok
13:12:55.0078 2104 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:12:55.0218 2104 \Device\Harddisk0\DR0 - ok
13:12:55.0218 2104 Boot (0x1200) (915c08a32b9633ae5f1a05eb7c2e21a7) \Device\Harddisk1\DR1\Partition0
13:12:55.0218 2104 \Device\Harddisk1\DR1\Partition0 - ok
13:12:55.0218 2104 Boot (0x1200) (f60f876d501240e61ef2ce139a3905e7) \Device\Harddisk2\DR2\Partition0
13:12:55.0218 2104 \Device\Harddisk2\DR2\Partition0 - ok
13:12:55.0218 2104 Boot (0x1200) (1f2ab53e05fb8aaf59261dde910fa885) \Device\Harddisk0\DR0\Partition0
13:12:55.0218 2104 \Device\Harddisk0\DR0\Partition0 - ok
13:12:55.0218 2104 ============================================================
13:12:55.0218 2104 Scan finished
13:12:55.0218 2104 ============================================================
13:12:55.0234 1800 Detected object count: 1
13:12:55.0234 1800 Actual detected object count: 1
13:13:08.0312 1800 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:13:08.0312 1800 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:39 AM

Posted 14 January 2012 - 12:18 AM

Your log looks clean

Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

#11 J Moatenoa

J Moatenoa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 14 January 2012 - 09:25 AM

Hi,

Here's the GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-15 01:25:02
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3250823AS rev.3.02
Running: 5x78bnrn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\agndrfoc.sys


---- System - GMER 1.0.15 ----

SSDT F7C8D42E ZwCreateKey
SSDT F7C8D424 ZwCreateThread
SSDT F7C8D433 ZwDeleteKey
SSDT F7C8D43D ZwDeleteValueKey
SSDT spqh.sys ZwEnumerateKey [0xF756DCA2]
SSDT spqh.sys ZwEnumerateValueKey [0xF756E030]
SSDT F7C8D442 ZwLoadKey
SSDT spqh.sys ZwOpenKey [0xF754F0C0]
SSDT F7C8D410 ZwOpenProcess
SSDT F7C8D415 ZwOpenThread
SSDT spqh.sys ZwQueryKey [0xF756E108]
SSDT spqh.sys ZwQueryValueKey [0xF756DF88]
SSDT F7C8D44C ZwReplaceKey
SSDT F7C8D447 ZwRestoreKey
SSDT F7C8D438 ZwSetValueKey
SSDT F7C8D41F ZwTerminateProcess

INT 0x62 ? 86F67BF8
INT 0x63 ? 86DE4BF8
INT 0x82 ? 86F67BF8
INT 0x83 ? 86DE4BF8
INT 0x94 ? 86F6AF00
INT 0x94 ? 86DE4BF8
INT 0x94 ? 86DE4BF8
INT 0x94 ? 86F6AF00
INT 0xA4 ? 86F67BF8
INT 0xA4 ? 86F67BF8
INT 0xA4 ? 86DE4BF8
INT 0xA4 ? 86F67BF8

---- Kernel code sections - GMER 1.0.15 ----

? spqh.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6D5B360, 0x32E00D, 0xE8000020]
.text USBPORT.SYS!DllUnload F6D1862C 5 Bytes JMP 86DE41D8

---- User code sections - GMER 1.0.15 ----

.text C:\J Progams\Firefox\Firefox files\firefox.exe[3448] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0040131F C:\J Progams\Firefox\Firefox files\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86F6A5E0
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7580C4C] spqh.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7580CA0] spqh.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7550040] spqh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F755013C] spqh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F75500BE] spqh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75507FC] spqh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75506D2] spqh.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86DE42D8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86FD61F8
Device \Driver\usbuhci \Device\USBPDO-0 86DE31F8
Device \Driver\usbuhci \Device\USBPDO-1 86DE31F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD81F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FD81F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FD81F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FD81F8
Device \Driver\usbuhci \Device\USBPDO-2 86DE31F8
Device \Driver\usbuhci \Device\USBPDO-3 86DE31F8
Device \Driver\usbehci \Device\USBPDO-4 86DB61F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F681F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F681F8
Device \Driver\Cdrom \Device\CdRom0 86DAA1F8
Device \Driver\atapi \Device\Ide\IdePort0 86F671F8
Device \Driver\atapi \Device\Ide\IdePort1 86F671F8
Device \Driver\atapi \Device\Ide\IdePort2 86F671F8
Device \Driver\atapi \Device\Ide\IdePort3 86F671F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 86F671F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 86F671F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F681F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4A56E24F-6C26-45C9-9BDB-AA5D3030251B} 86B761F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86B761F8
Device \Driver\NetBT \Device\NetbiosSmb 86B761F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{241170CB-7CA1-4845-A556-C2A69E14D03A} 86B761F8
Device \Driver\usbuhci \Device\USBFDO-0 86DE31F8
Device \Driver\usbuhci \Device\USBFDO-1 86DE31F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86B6C2C0
Device \Driver\usbuhci \Device\USBFDO-2 86DE31F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86B6C2C0
Device \Driver\usbuhci \Device\USBFDO-3 86DE31F8
Device \Driver\usbehci \Device\USBFDO-4 86DB61F8
Device \Driver\Ftdisk \Device\FtControl 86F681F8
Device \Driver\iteraid \Device\Scsi\iteraid1Port4Path0Target1Lun0 86FD71F8
Device \Driver\iteraid \Device\Scsi\iteraid1 86FD71F8
Device \Driver\iteraid \Device\Scsi\iteraid1Port4Path0Target0Lun0 86FD71F8
Device \FileSystem\Cdfs \Cdfs 86B9E1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\J Progams\Daemon Tools\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0x6C 0x4A 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x07 0xDF 0x7A 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x86 0xD2 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\J Progams\Daemon Tools\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0x6C 0x4A 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x07 0xDF 0x7A 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x86 0xD2 0x1C ...

---- EOF - GMER 1.0.15 ----

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:39 AM

Posted 14 January 2012 - 09:36 AM

Did you reset your router and check?

your logs looks clean and i'm not sure why you still have a internet issue?

Do this again

Press Windows+R key and type

cmd and click ok

Run the following commands


netsh i i r r
netsh winsock reset
ipconfig /flushdns
ipconfig /release
ipconfig /renew


good luck

Edited by narenxp, 14 January 2012 - 09:36 AM.


#13 J Moatenoa

J Moatenoa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 14 January 2012 - 10:29 AM

Yes! Resetting my router did the trick!

WOW! Can't believe I didn't even think of trying that first! May have saved me a whole lot of time and phone credit!

Thanks so much for all the help these past couple days! You are awesome!

One last question. What should I do with all the programs that were downloaded on my desktop?

Edited by J Moatenoa, 14 January 2012 - 10:30 AM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:39 AM

Posted 14 January 2012 - 11:08 AM

:thumbsup:

Delete Farbar service scanner,gmer and tdsskiller from the desktop

Update your antivirus,do not click on suspicious links

Safe surfing :)

#15 J Moatenoa

J Moatenoa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 14 January 2012 - 12:06 PM

Ok will do. Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users