Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS & internet problems


  • This topic is locked This topic is locked
19 replies to this topic

#1 aurora9

aurora9

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 18 January 2012 - 12:42 AM

Installed Norton 360 on an old, unprotected desktop running XP. Norton reported Tidserv Activity 2 and instructed a download to remove it. When that did not work, I tried TDSSkiller. It appeared to have removed a rootkit (win 32 something maybe? I don't remember the full name). Norton stopped the pop up notifications for the Tidserv activity. I also ran full scan in Norton and it removed another 5 viruses. However, as part of the full scan, the live update did not run. I cannot access internet or get any program to be able to even though the computer says it is connected. From looking at some other posts with similar topics, it seems I may still have an infected computer (or something needed was removed/altered).

I completed all of the steps in the preparation guide.

The DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Run by Laurie at 22:13:34 on 2012-01-17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.192.17 [GMT -5:00]
.
AV: Norton 360 *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Upromise\dca-ua.exe
C:\Program Files\Upromise\UpromiseTray.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\windows\system32\wscntfy.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dllhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central
uSearch Bar =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll
TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Upromise Update] c:\program files\upromise\dca-ua.exe
uRun: [Upromise Tray] c:\program files\upromise\UpromiseTray.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/includes/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173539364389
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\scrabble\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab
TCP: DhcpNameServer = 192.168.1.1
Filter: text/html - {1264b793-544b-42b1-a363-39e37cf5c61c} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\laurie\application data\mozilla\firefox\profiles\a35ohns7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\laurie\application data\mozilla\firefox\profiles\a35ohns7.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\laurie\application data\mozilla\firefox\profiles\a35ohns7.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-01-17 22:20:10 -------- d-----w- C:\ERDNT
2012-01-17 17:27:50 44024 ----a-r- c:\windows\system32\drivers\SymIM.sys
2012-01-16 14:26:39 -------- d-----w- c:\documents and settings\laurie\application data\Tific
2012-01-16 14:25:15 -------- d-----w- c:\documents and settings\laurie\local settings\application data\Symantec
2012-01-15 15:31:57 -------- d-----w- c:\documents and settings\laurie\application data\FixTDSS
2012-01-15 15:31:53 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-01-12 18:03:15 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2012-01-12 18:03:14 369784 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdi.sys
2012-01-12 18:03:06 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2012-01-12 18:03:00 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys
2012-01-12 18:02:59 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys
2012-01-12 18:02:58 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2012-01-12 18:02:57 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2012-01-12 18:02:44 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys
2012-01-12 17:56:33 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2012-01-12 16:15:19 27888 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-12 16:10:03 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-01-12 16:10:02 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-12 16:09:58 -------- d-----w- c:\program files\common files\Symantec Shared
2012-01-12 16:09:57 -------- d-----w- c:\program files\Symantec
2012-01-12 16:03:56 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-01-12 15:58:13 -------- d-----w- c:\windows\system32\drivers\N360
2012-01-12 15:57:43 -------- d-----w- c:\program files\Norton 360
2012-01-12 15:57:29 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-01-12 15:52:09 -------- d-----w- c:\program files\NortonInstaller
2012-01-12 15:52:09 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2012-01-10 19:12:51 1409 ----a-w- c:\windows\QTFont.for
2012-01-09 03:34:06 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-09 03:34:05 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-09 03:34:05 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-09 03:34:05 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2011-12-31 03:33:12 24606 ----a-w- c:\windows\e9eafff.exe
.
==================== Find3M ====================
.
2012-01-15 16:30:56 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-12-18 16:01:18 227328 ----a-w- c:\windows\update.exe
2011-12-13 02:17:53 192000 ----a-w- c:\windows\file.exe
2011-11-20 16:35:56 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-11-20 16:35:56 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-11-20 16:35:54 100880 ----a-w- c:\windows\system32\Packet.dll
2011-11-17 08:59:04 12032 ----a-w- c:\windows\.exe
.
============= FINISH: 22:15:42.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 21 January 2012 - 03:40 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 aurora9

aurora9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 23 January 2012 - 09:19 PM

Hi Gringo,

A few issues I am having. I tried to run Combofix, however, it does ask for the Recovery console to be downloaded/updated. Since the internet is not working, that doesn't work. I have looked for my XP discs, but they are nowhere to be found. Can Combofix run without that step? If so, then I am having a problem with it not completing the scan after hours of letting it run. I did disable Norton and I did not click the Combofix window, so I'm not sure what else would be interfering. I am trying to get my hands on another XP recovery disc and will post again if I can get it and am able to run Combofix.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 23 January 2012 - 09:29 PM

Hello

we will get back to that in a min

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 26 January 2012 - 05:43 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 aurora9

aurora9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 27 January 2012 - 11:58 PM

This is the log from the original run of TDSSKiller (that I did before contacting this site).

11:22:51.0002 1572 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
11:22:53.0015 1572 ============================================================
11:22:53.0015 1572 Current date / time: 2012/01/15 11:22:53.0015
11:22:53.0015 1572 SystemInfo:
11:22:53.0015 1572
11:22:53.0015 1572 OS Version: 5.1.2600 ServicePack: 2.0
11:22:53.0015 1572 Product type: Workstation
11:22:53.0015 1572 ComputerName: MOM
11:22:53.0255 1572 UserName: Laurie
11:22:53.0255 1572 Windows directory: C:\windows
11:22:53.0255 1572 System windows directory: C:\windows
11:22:53.0255 1572 Processor architecture: Intel x86
11:22:53.0255 1572 Number of processors: 1
11:22:53.0255 1572 Page size: 0x1000
11:22:53.0255 1572 Boot type: Normal boot
11:22:53.0255 1572 ============================================================
11:23:25.0071 1572 Drive \Device\Harddisk0\DR0 - Size: 0x1805E2000, SectorSize: 0x200, Cylinders: 0x310, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
11:23:25.0101 1572 Drive \Device\Harddisk1\DR2 - Size: 0xF4FFE00, SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:23:25.0171 1572 Initialize success
11:23:36.0547 0632 ============================================================
11:23:36.0547 0632 Scan started
11:23:36.0547 0632 Mode: Manual;
11:23:36.0547 0632 ============================================================
11:23:38.0180 0632 3c1807pd (45a10c1601ce863f0a817c5a81d1c008) C:\windows\system32\DRIVERS\3c1807pd.sys
11:23:38.0210 0632 3c1807pd - ok
11:23:38.0600 0632 3dfxvs (b6bbe5503e6460bdfa2aecb972a07c1a) C:\windows\system32\DRIVERS\3dfxvsm.sys
11:23:38.0670 0632 3dfxvs - ok
11:23:38.0861 0632 Abiosdsk - ok
11:23:39.0011 0632 abp480n5 - ok
11:23:39.0261 0632 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\windows\system32\DRIVERS\ACPI.sys
11:23:39.0321 0632 ACPI - ok
11:23:39.0732 0632 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys
11:23:39.0742 0632 ACPIEC - ok
11:23:39.0942 0632 adpu160m - ok
11:23:40.0193 0632 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\windows\system32\drivers\aec.sys
11:23:40.0253 0632 aec - ok
11:23:40.0653 0632 AFD (55e6e1c51b6d30e54335750955453702) C:\windows\System32\drivers\afd.sys
11:23:40.0703 0632 AFD - ok
11:23:40.0964 0632 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\windows\system32\DRIVERS\agp440.sys
11:23:40.0994 0632 agp440 - ok
11:23:41.0154 0632 Aha154x - ok
11:23:41.0304 0632 aic78u2 - ok
11:23:41.0454 0632 aic78xx - ok
11:23:41.0765 0632 AliIde - ok
11:23:41.0925 0632 amsint - ok
11:23:42.0095 0632 ANPD (d33b28d9ed695ccf9520d70d825f9d85) C:\WINDOWS\system32\ANPD.sys
11:23:42.0476 0632 ANPD - ok
11:23:42.0806 0632 asc - ok
11:23:42.0957 0632 asc3350p - ok
11:23:43.0117 0632 asc3550 - ok
11:23:43.0397 0632 Aspi32 (240184299d440f175858d11ce1ce90e6) C:\windows\system32\drivers\Aspi32.sys
11:23:43.0407 0632 Aspi32 - ok
11:23:43.0628 0632 AsyncMac (02000abf34af4c218c35d257024807d6) C:\windows\system32\DRIVERS\asyncmac.sys
11:23:43.0648 0632 AsyncMac - ok
11:23:44.0078 0632 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\windows\system32\DRIVERS\atapi.sys
11:23:44.0088 0632 atapi - ok
11:23:44.0319 0632 Atdisk - ok
11:23:44.0539 0632 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\windows\system32\DRIVERS\atmarpc.sys
11:23:44.0569 0632 Atmarpc - ok
11:23:44.0839 0632 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
11:23:44.0849 0632 audstub - ok
11:23:45.0210 0632 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
11:23:45.0220 0632 Beep - ok
11:23:46.0391 0632 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
11:23:47.0233 0632 BHDrvx86 - ok
11:23:47.0553 0632 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
11:23:52.0100 0632 cbidf2k - ok
11:23:53.0201 0632 cd20xrnt - ok
11:23:53.0642 0632 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
11:23:53.0672 0632 Cdaudio - ok
11:23:54.0032 0632 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\windows\system32\drivers\Cdfs.sys
11:23:54.0173 0632 Cdfs - ok
11:23:54.0814 0632 Cdr4vsd - ok
11:23:55.0775 0632 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\windows\system32\DRIVERS\cdrom.sys
11:23:55.0835 0632 Cdrom - ok
11:23:56.0306 0632 Changer - ok
11:23:56.0776 0632 CmdIde - ok
11:23:57.0167 0632 Cpqarray - ok
11:23:57.0527 0632 dac2w2k - ok
11:23:58.0098 0632 dac960nt - ok
11:23:58.0679 0632 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\windows\system32\DRIVERS\disk.sys
11:23:58.0719 0632 Disk - ok
11:23:59.0360 0632 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\windows\system32\drivers\dmboot.sys
11:23:59.0530 0632 dmboot - ok
11:24:00.0141 0632 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\windows\system32\drivers\dmio.sys
11:24:00.0221 0632 dmio - ok
11:24:00.0872 0632 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
11:24:00.0892 0632 dmload - ok
11:24:01.0503 0632 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\windows\system32\drivers\DMusic.sys
11:24:01.0663 0632 DMusic - ok
11:24:02.0525 0632 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\windows\system32\DRIVERS\Dot4.sys
11:24:02.0755 0632 Dot4 - ok
11:24:03.0226 0632 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\windows\system32\DRIVERS\Dot4Prt.sys
11:24:03.0296 0632 Dot4Print - ok
11:24:03.0606 0632 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\windows\system32\DRIVERS\Dot4Scan.sys
11:24:03.0716 0632 Dot4Scan - ok
11:24:04.0437 0632 dpti2o - ok
11:24:04.0928 0632 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\windows\system32\drivers\drmkaud.sys
11:24:04.0968 0632 drmkaud - ok
11:24:05.0859 0632 ds1 (6cf04c9fb5bc974c0a472bc81fd56366) C:\windows\system32\drivers\ds1wdm.sys
11:24:06.0080 0632 ds1 - ok
11:24:06.0530 0632 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:24:06.0841 0632 eeCtrl - ok
11:24:07.0292 0632 EL90XBC (6e883bf518296a40959131c2304af714) C:\windows\system32\DRIVERS\el90xbc5.sys
11:24:07.0342 0632 EL90XBC - ok
11:24:07.0622 0632 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:24:07.0652 0632 EraserUtilRebootDrv - ok
11:24:08.0083 0632 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\windows\system32\drivers\Fastfat.sys
11:24:08.0163 0632 Fastfat - ok
11:24:08.0423 0632 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\windows\system32\DRIVERS\fdc.sys
11:24:08.0443 0632 Fdc - ok
11:24:08.0664 0632 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\windows\system32\drivers\Fips.sys
11:24:08.0684 0632 Fips - ok
11:24:08.0924 0632 FixTDSS (77d6ffaa3010b66fb4692532d75a585f) C:\windows\system32\drivers\FixTDSS.sys
11:24:08.0964 0632 FixTDSS - ok
11:24:09.0274 0632 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\windows\system32\DRIVERS\flpydisk.sys
11:24:09.0284 0632 Flpydisk - ok
11:24:09.0615 0632 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\windows\system32\DRIVERS\fltMgr.sys
11:24:09.0645 0632 FltMgr - ok
11:24:09.0945 0632 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
11:24:09.0975 0632 Fs_Rec - ok
11:24:10.0306 0632 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
11:24:10.0336 0632 Ftdisk - ok
11:24:10.0566 0632 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\windows\system32\drivers\gameenum.sys
11:24:10.0566 0632 gameenum - ok
11:24:10.0777 0632 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
11:24:16.0064 0632 GEARAspiWDM - ok
11:24:16.0465 0632 Gpc (c0f1d4a21de5a415df8170616703debf) C:\windows\system32\DRIVERS\msgpc.sys
11:24:16.0505 0632 Gpc - ok
11:24:16.0785 0632 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\windows\system32\DRIVERS\hidusb.sys
11:24:16.0795 0632 HidUsb - ok
11:24:16.0995 0632 hpn - ok
11:24:17.0386 0632 HTTP (cb77bb47e67e84deb17ba29632501730) C:\windows\system32\Drivers\HTTP.sys
11:24:17.0466 0632 HTTP - ok
11:24:17.0686 0632 i2omgmt - ok
11:24:17.0837 0632 i2omp - ok
11:24:18.0037 0632 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\windows\system32\DRIVERS\i8042prt.sys
11:24:18.0087 0632 i8042prt - ok
11:24:18.0488 0632 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120113.002\IDSxpx86.sys
11:24:18.0608 0632 IDSxpx86 - ok
11:24:18.0878 0632 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\windows\system32\DRIVERS\imapi.sys
11:24:18.0898 0632 Imapi - ok
11:24:19.0149 0632 ini910u - ok
11:24:19.0369 0632 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\windows\system32\DRIVERS\intelide.sys
11:24:19.0399 0632 IntelIde - ok
11:24:19.0629 0632 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\windows\system32\DRIVERS\Ip6Fw.sys
11:24:19.0669 0632 Ip6Fw - ok
11:24:19.0920 0632 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
11:24:19.0960 0632 IpFilterDriver - ok
11:24:20.0240 0632 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\windows\system32\DRIVERS\ipinip.sys
11:24:20.0250 0632 IpInIp - ok
11:24:20.0491 0632 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\windows\system32\DRIVERS\ipnat.sys
11:24:20.0531 0632 IpNat - ok
11:24:20.0781 0632 IPSec (082cc1b68ea61e43029f4f5436c3b037) C:\windows\system32\DRIVERS\ipsec.sys
11:24:21.0131 0632 IPSec ( Rootkit.Win32.ZAccess.k ) - infected
11:24:21.0131 0632 IPSec - detected Rootkit.Win32.ZAccess.k (0)
11:24:21.0462 0632 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\windows\system32\DRIVERS\irenum.sys
11:24:21.0472 0632 IRENUM - ok
11:24:21.0732 0632 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\windows\system32\DRIVERS\isapnp.sys
11:24:21.0752 0632 isapnp - ok
11:24:22.0103 0632 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\windows\system32\DRIVERS\kbdclass.sys
11:24:22.0113 0632 Kbdclass - ok
11:24:22.0373 0632 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\windows\system32\drivers\kmixer.sys
11:24:22.0423 0632 kmixer - ok
11:24:22.0664 0632 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\windows\system32\drivers\KSecDD.sys
11:24:22.0694 0632 KSecDD - ok
11:24:23.0004 0632 lbrtfdc - ok
11:24:23.0425 0632 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
11:24:23.0425 0632 mnmdd - ok
11:24:23.0655 0632 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\windows\system32\drivers\Modem.sys
11:24:23.0675 0632 Modem - ok
11:24:23.0875 0632 Mouclass (34e1f0031153e491910e12551400192c) C:\windows\system32\DRIVERS\mouclass.sys
11:24:23.0895 0632 Mouclass - ok
11:24:24.0106 0632 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys
11:24:24.0126 0632 mouhid - ok
11:24:24.0346 0632 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\windows\system32\drivers\MountMgr.sys
11:24:24.0356 0632 MountMgr - ok
11:24:24.0546 0632 mraid35x - ok
11:24:24.0767 0632 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\windows\system32\DRIVERS\mrxdav.sys
11:24:24.0857 0632 MRxDAV - ok
11:24:25.0368 0632 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\windows\system32\DRIVERS\mrxsmb.sys
11:24:25.0518 0632 MRxSmb - ok
11:24:25.0768 0632 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\windows\system32\drivers\Msfs.sys
11:24:25.0778 0632 Msfs - ok
11:24:26.0008 0632 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\windows\system32\drivers\MSKSSRV.sys
11:24:26.0008 0632 MSKSSRV - ok
11:24:26.0209 0632 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\windows\system32\drivers\MSPCLOCK.sys
11:24:26.0239 0632 MSPCLOCK - ok
11:24:26.0409 0632 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\windows\system32\drivers\MSPQM.sys
11:24:26.0419 0632 MSPQM - ok
11:24:26.0639 0632 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\windows\system32\DRIVERS\mssmbios.sys
11:24:26.0649 0632 mssmbios - ok
11:24:26.0900 0632 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\windows\system32\drivers\Mup.sys
11:24:26.0930 0632 Mup - ok
11:24:27.0310 0632 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20101201.025\NAVENG.SYS
11:24:27.0451 0632 NAVENG - ok
11:24:29.0363 0632 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20101201.025\NAVEX15.SYS
11:24:30.0875 0632 NAVEX15 - ok
11:24:31.0296 0632 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\windows\system32\drivers\NDIS.sys
11:24:31.0366 0632 NDIS - ok
11:24:31.0556 0632 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\windows\system32\DRIVERS\ndistapi.sys
11:24:31.0566 0632 NdisTapi - ok
11:24:31.0777 0632 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\windows\system32\DRIVERS\ndisuio.sys
11:24:31.0807 0632 Ndisuio - ok
11:24:32.0077 0632 NdisWan (0b90e255a9490166ab368cd55a529893) C:\windows\system32\DRIVERS\ndiswan.sys
11:24:32.0147 0632 NdisWan - ok
11:24:32.0598 0632 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\windows\system32\drivers\NDProxy.sys
11:24:32.0638 0632 NDProxy - ok
11:24:32.0888 0632 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\windows\system32\DRIVERS\netbios.sys
11:24:32.0908 0632 NetBIOS - ok
11:24:33.0129 0632 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\windows\system32\DRIVERS\netbt.sys
11:24:33.0189 0632 NetBT - ok
11:24:33.0589 0632 NPF (b9730495e0cf674680121e34bd95a73b) C:\windows\system32\drivers\NPF.sys
11:24:33.0649 0632 NPF - ok
11:24:33.0860 0632 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\windows\system32\drivers\Npfs.sys
11:24:33.0880 0632 Npfs - ok
11:24:34.0320 0632 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\windows\system32\drivers\Ntfs.sys
11:24:34.0471 0632 Ntfs - ok
11:24:34.0971 0632 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
11:24:34.0991 0632 Null - ok
11:24:35.0562 0632 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
11:24:35.0592 0632 NwlnkFlt - ok
11:24:35.0853 0632 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
11:24:35.0863 0632 NwlnkFwd - ok
11:24:36.0213 0632 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\windows\system32\DRIVERS\parport.sys
11:24:36.0233 0632 Parport - ok
11:24:36.0494 0632 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\windows\system32\drivers\PartMgr.sys
11:24:36.0504 0632 PartMgr - ok
11:24:36.0684 0632 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
11:24:36.0704 0632 ParVdm - ok
11:24:36.0924 0632 PCI (8086d9979234b603ad5bc2f5d890b234) C:\windows\system32\DRIVERS\pci.sys
11:24:36.0954 0632 PCI - ok
11:24:37.0175 0632 PCIDump - ok
11:24:37.0345 0632 PCIIde - ok
11:24:37.0545 0632 Pcmcia (82a087207decec8456fbe8537947d579) C:\windows\system32\drivers\Pcmcia.sys
11:24:40.0139 0632 Pcmcia - ok
11:24:40.0549 0632 PDCOMP - ok
11:24:41.0030 0632 PDFRAME - ok
11:24:41.0481 0632 PDRELI - ok
11:24:41.0781 0632 PDRFRAME - ok
11:24:41.0981 0632 perc2 - ok
11:24:42.0192 0632 perc2hib - ok
11:24:42.0512 0632 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\windows\system32\DRIVERS\raspptp.sys
11:24:42.0552 0632 PptpMiniport - ok
11:24:42.0793 0632 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\windows\system32\DRIVERS\processr.sys
11:24:42.0813 0632 Processor - ok
11:24:43.0173 0632 PSched (48671f327553dcf1d27f6197f622a668) C:\windows\system32\DRIVERS\psched.sys
11:24:43.0193 0632 PSched - ok
11:24:43.0544 0632 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
11:24:43.0554 0632 Ptilink - ok
11:24:43.0764 0632 ql1080 - ok
11:24:43.0914 0632 Ql10wnt - ok
11:24:44.0064 0632 ql12160 - ok
11:24:44.0255 0632 ql1240 - ok
11:24:44.0415 0632 ql1280 - ok
11:24:44.0585 0632 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
11:24:44.0595 0632 RasAcd - ok
11:24:44.0836 0632 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\windows\system32\DRIVERS\rasl2tp.sys
11:24:44.0856 0632 Rasl2tp - ok
11:24:45.0196 0632 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\windows\system32\DRIVERS\raspppoe.sys
11:24:45.0226 0632 RasPppoe - ok
11:24:45.0466 0632 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
11:24:45.0517 0632 Raspti - ok
11:24:45.0787 0632 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\windows\system32\DRIVERS\rdbss.sys
11:24:45.0837 0632 Rdbss - ok
11:24:46.0067 0632 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
11:24:46.0067 0632 RDPCDD - ok
11:24:46.0748 0632 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\windows\system32\DRIVERS\rdpdr.sys
11:24:46.0818 0632 rdpdr - ok
11:24:47.0209 0632 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\windows\system32\drivers\RDPWD.sys
11:24:47.0269 0632 RDPWD - ok
11:24:47.0610 0632 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\windows\system32\DRIVERS\redbook.sys
11:24:47.0630 0632 redbook - ok
11:24:47.0950 0632 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\windows\system32\Drivers\RootMdm.sys
11:24:47.0960 0632 ROOTMODEM - ok
11:24:48.0611 0632 rt2870 (24a0d16d170194b5812ea08542ebdb62) C:\windows\system32\DRIVERS\rt2870.sys
11:24:48.0911 0632 rt2870 - ok
11:24:49.0292 0632 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
11:24:49.0302 0632 Secdrv - ok
11:24:49.0602 0632 serenum (a2d868aeeff612e70e213c451a70cafb) C:\windows\system32\DRIVERS\serenum.sys
11:24:49.0612 0632 serenum - ok
11:24:49.0813 0632 Serial (cd9404d115a00d249f70a371b46d5a26) C:\windows\system32\DRIVERS\serial.sys
11:24:49.0833 0632 Serial - ok
11:24:50.0003 0632 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\windows\system32\drivers\Sfloppy.sys
11:24:50.0023 0632 Sfloppy - ok
11:24:50.0373 0632 Simbad - ok
11:24:50.0574 0632 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\windows\system32\DRIVERS\SONYPVU1.SYS
11:24:50.0584 0632 SONYPVU1 - ok
11:24:50.0764 0632 Sparrow - ok
11:24:50.0974 0632 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\windows\system32\drivers\splitter.sys
11:24:50.0984 0632 splitter - ok
11:24:51.0235 0632 sr (e41b6d037d6cd08461470af04500dc24) C:\windows\system32\DRIVERS\sr.sys
11:24:51.0295 0632 sr - ok
11:24:51.0876 0632 SRTSP (83726cf02eced69138948083e06b6eac) C:\windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
11:24:52.0296 0632 SRTSP - ok
11:24:52.0637 0632 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
11:24:52.0677 0632 SRTSPX - ok
11:24:53.0007 0632 Srv (20b7e396720353e4117d64d9dcb926ca) C:\windows\system32\DRIVERS\srv.sys
11:24:53.0127 0632 Srv - ok
11:24:53.0438 0632 swenum (03c1bae4766e2450219d20b993d6e046) C:\windows\system32\DRIVERS\swenum.sys
11:24:53.0448 0632 swenum - ok
11:24:53.0668 0632 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\windows\system32\drivers\swmidi.sys
11:24:53.0698 0632 swmidi - ok
11:24:53.0848 0632 symc810 - ok
11:24:54.0019 0632 symc8xx - ok
11:24:54.0449 0632 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
11:24:54.0740 0632 SymDS - ok
11:24:55.0621 0632 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
11:24:56.0492 0632 SymEFA - ok
11:24:56.0793 0632 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
11:24:56.0853 0632 SymEvent - ok
11:24:57.0784 0632 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
11:24:57.0854 0632 SymIRON - ok
11:24:58.0445 0632 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\windows\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
11:24:58.0736 0632 SYMTDI - ok
11:24:58.0926 0632 sym_hi - ok
11:24:59.0086 0632 sym_u3 - ok
11:24:59.0326 0632 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\windows\system32\drivers\sysaudio.sys
11:24:59.0346 0632 sysaudio - ok
11:24:59.0727 0632 Tcpip (90caff4b094573449a0872a0f919b178) C:\windows\system32\DRIVERS\tcpip.sys
11:24:59.0827 0632 Tcpip - ok
11:25:00.0168 0632 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\windows\system32\drivers\TDPIPE.sys
11:25:00.0188 0632 TDPIPE - ok
11:25:00.0398 0632 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\windows\system32\drivers\TDTCP.sys
11:25:00.0578 0632 TDTCP - ok
11:25:00.0849 0632 TermDD (a540a99c281d933f3d69d55e48727f47) C:\windows\system32\DRIVERS\termdd.sys
11:25:00.0869 0632 TermDD - ok
11:25:01.0159 0632 TosIde - ok
11:25:01.0459 0632 Udfs (12f70256f140cd7d52c58c7048fde657) C:\windows\system32\drivers\Udfs.sys
11:25:01.0479 0632 Udfs - ok
11:25:01.0720 0632 ultra - ok
11:25:01.0990 0632 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\windows\system32\DRIVERS\update.sys
11:25:02.0050 0632 Update - ok
11:25:02.0381 0632 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\windows\system32\DRIVERS\usbhub.sys
11:25:02.0401 0632 usbhub - ok
11:25:02.0641 0632 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\windows\system32\DRIVERS\usbscan.sys
11:25:02.0651 0632 usbscan - ok
11:25:02.0901 0632 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\windows\system32\DRIVERS\USBSTOR.SYS
11:25:02.0912 0632 USBSTOR - ok
11:25:03.0092 0632 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\windows\system32\DRIVERS\usbuhci.sys
11:25:03.0132 0632 usbuhci - ok
11:25:03.0372 0632 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\windows\System32\drivers\vga.sys
11:25:03.0392 0632 VgaSave - ok
11:25:03.0552 0632 ViaIde - ok
11:25:03.0723 0632 VolSnap (ee4660083deba849ff6c485d944b379b) C:\windows\system32\drivers\VolSnap.sys
11:25:03.0743 0632 VolSnap - ok
11:25:03.0983 0632 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\windows\system32\DRIVERS\wanarp.sys
11:25:04.0013 0632 Wanarp - ok
11:25:04.0263 0632 wanatw - ok
11:25:04.0414 0632 WDICA - ok
11:25:04.0624 0632 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\windows\system32\drivers\wdmaud.sys
11:25:04.0684 0632 wdmaud - ok
11:25:05.0195 0632 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:25:05.0916 0632 \Device\Harddisk0\DR0 - ok
11:25:06.0006 0632 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2
11:25:06.0036 0632 \Device\Harddisk1\DR2 - ok
11:25:06.0076 0632 Boot (0x1200) (3ad26f0a3b111ba57d0cb64dcf037d9f) \Device\Harddisk0\DR0\Partition0
11:25:06.0076 0632 \Device\Harddisk0\DR0\Partition0 - ok
11:25:06.0106 0632 Boot (0x1200) (d8a7219e7e5c7aa1aa6c401f7dd045d1) \Device\Harddisk1\DR2\Partition0
11:25:06.0116 0632 \Device\Harddisk1\DR2\Partition0 - ok
11:25:06.0116 0632 ============================================================
11:25:06.0116 0632 Scan finished
11:25:06.0116 0632 ============================================================
11:25:06.0236 3428 Detected object count: 1
11:25:06.0236 3428 Actual detected object count: 1
11:25:20.0136 3428 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\windows\system32\drivers\ipsec.sys) error 1813
11:26:02.0627 3428 Backup copy found, using it..
11:26:03.0769 3428 C:\windows\system32\DRIVERS\ipsec.sys - will be cured on reboot
11:26:16.0678 3428 IPSec ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
11:26:24.0729 2916 Deinitialize success


This is the log from running it today:

22:40:14.0893 2748 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
22:40:15.0744 2748 ============================================================
22:40:15.0764 2748 Current date / time: 2012/01/27 22:40:15.0744
22:40:15.0764 2748 SystemInfo:
22:40:15.0764 2748
22:40:15.0764 2748 OS Version: 5.1.2600 ServicePack: 2.0
22:40:15.0764 2748 Product type: Workstation
22:40:15.0764 2748 ComputerName: MOM
22:40:15.0864 2748 UserName: Laurie
22:40:15.0864 2748 Windows directory: C:\windows
22:40:15.0864 2748 System windows directory: C:\windows
22:40:15.0864 2748 Processor architecture: Intel x86
22:40:15.0864 2748 Number of processors: 1
22:40:15.0864 2748 Page size: 0x1000
22:40:15.0864 2748 Boot type: Normal boot
22:40:15.0864 2748 ============================================================
22:40:28.0392 2748 Drive \Device\Harddisk0\DR0 - Size: 0x1805E2000, SectorSize: 0x200, Cylinders: 0x310, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
22:40:28.0652 2748 Drive \Device\Harddisk1\DR2 - Size: 0xF4FFE00, SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:40:29.0744 2748 Initialize success
22:44:55.0286 2716 ============================================================
22:44:55.0286 2716 Scan started
22:44:55.0286 2716 Mode: Manual;
22:44:55.0286 2716 ============================================================
22:44:56.0387 2716 3c1807pd (45a10c1601ce863f0a817c5a81d1c008) C:\windows\system32\DRIVERS\3c1807pd.sys
22:44:56.0417 2716 3c1807pd - ok
22:44:56.0688 2716 3dfxvs (b6bbe5503e6460bdfa2aecb972a07c1a) C:\windows\system32\DRIVERS\3dfxvsm.sys
22:44:56.0728 2716 3dfxvs - ok
22:44:56.0898 2716 Abiosdsk - ok
22:44:57.0048 2716 abp480n5 - ok
22:44:57.0299 2716 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\windows\system32\DRIVERS\ACPI.sys
22:44:57.0349 2716 ACPI - ok
22:44:57.0529 2716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys
22:44:57.0539 2716 ACPIEC - ok
22:44:57.0669 2716 adpu160m - ok
22:44:57.0900 2716 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\windows\system32\drivers\aec.sys
22:44:57.0960 2716 aec - ok
22:44:58.0190 2716 AFD (55e6e1c51b6d30e54335750955453702) C:\windows\System32\drivers\afd.sys
22:44:58.0230 2716 AFD - ok
22:44:58.0520 2716 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\windows\system32\DRIVERS\agp440.sys
22:44:58.0540 2716 agp440 - ok
22:44:58.0701 2716 Aha154x - ok
22:44:58.0841 2716 aic78u2 - ok
22:44:58.0991 2716 aic78xx - ok
22:44:59.0161 2716 AliIde - ok
22:44:59.0322 2716 amsint - ok
22:44:59.0482 2716 asc - ok
22:44:59.0702 2716 asc3350p - ok
22:44:59.0852 2716 asc3550 - ok
22:45:00.0133 2716 Aspi32 (240184299d440f175858d11ce1ce90e6) C:\windows\system32\drivers\Aspi32.sys
22:45:00.0153 2716 Aspi32 - ok
22:45:00.0413 2716 AsyncMac (02000abf34af4c218c35d257024807d6) C:\windows\system32\DRIVERS\asyncmac.sys
22:45:00.0423 2716 AsyncMac - ok
22:45:00.0653 2716 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\windows\system32\DRIVERS\atapi.sys
22:45:00.0684 2716 atapi - ok
22:45:00.0904 2716 Atdisk - ok
22:45:01.0124 2716 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\windows\system32\DRIVERS\atmarpc.sys
22:45:01.0144 2716 Atmarpc - ok
22:45:01.0425 2716 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
22:45:01.0425 2716 audstub - ok
22:45:01.0665 2716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
22:45:01.0685 2716 Beep - ok
22:45:02.0266 2716 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
22:45:02.0506 2716 BHDrvx86 - ok
22:45:02.0877 2716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
22:45:02.0887 2716 cbidf2k - ok
22:45:03.0037 2716 cd20xrnt - ok
22:45:03.0257 2716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
22:45:03.0267 2716 Cdaudio - ok
22:45:03.0478 2716 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\windows\system32\drivers\Cdfs.sys
22:45:03.0498 2716 Cdfs - ok
22:45:03.0688 2716 Cdr4vsd - ok
22:45:03.0878 2716 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\windows\system32\DRIVERS\cdrom.sys
22:45:03.0888 2716 Cdrom - ok
22:45:04.0028 2716 Changer - ok
22:45:04.0209 2716 CmdIde - ok
22:45:04.0439 2716 Cpqarray - ok
22:45:04.0609 2716 dac2w2k - ok
22:45:04.0769 2716 dac960nt - ok
22:45:04.0990 2716 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\windows\system32\DRIVERS\disk.sys
22:45:05.0000 2716 Disk - ok
22:45:05.0340 2716 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\windows\system32\drivers\dmboot.sys
22:45:05.0430 2716 dmboot - ok
22:45:05.0781 2716 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\windows\system32\drivers\dmio.sys
22:45:05.0821 2716 dmio - ok
22:45:06.0021 2716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
22:45:06.0031 2716 dmload - ok
22:45:06.0242 2716 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\windows\system32\drivers\DMusic.sys
22:45:06.0262 2716 DMusic - ok
22:45:06.0542 2716 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\windows\system32\DRIVERS\Dot4.sys
22:45:06.0602 2716 Dot4 - ok
22:45:06.0902 2716 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\windows\system32\DRIVERS\Dot4Prt.sys
22:45:06.0912 2716 Dot4Print - ok
22:45:07.0093 2716 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\windows\system32\DRIVERS\Dot4Scan.sys
22:45:07.0103 2716 Dot4Scan - ok
22:45:07.0253 2716 dpti2o - ok
22:45:07.0463 2716 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\windows\system32\drivers\drmkaud.sys
22:45:07.0473 2716 drmkaud - ok
22:45:07.0744 2716 ds1 (6cf04c9fb5bc974c0a472bc81fd56366) C:\windows\system32\drivers\ds1wdm.sys
22:45:07.0844 2716 ds1 - ok
22:45:08.0134 2716 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:45:08.0234 2716 eeCtrl - ok
22:45:08.0565 2716 EL90XBC (6e883bf518296a40959131c2304af714) C:\windows\system32\DRIVERS\el90xbc5.sys
22:45:08.0585 2716 EL90XBC - ok
22:45:08.0745 2716 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:45:08.0775 2716 EraserUtilRebootDrv - ok
22:45:09.0166 2716 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\windows\system32\drivers\Fastfat.sys
22:45:09.0206 2716 Fastfat - ok
22:45:09.0516 2716 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\windows\system32\DRIVERS\fdc.sys
22:45:09.0526 2716 Fdc - ok
22:45:09.0757 2716 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\windows\system32\drivers\Fips.sys
22:45:09.0777 2716 Fips - ok
22:45:09.0997 2716 FixTDSS (77d6ffaa3010b66fb4692532d75a585f) C:\windows\system32\drivers\FixTDSS.sys
22:45:10.0017 2716 FixTDSS - ok
22:45:10.0267 2716 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\windows\system32\DRIVERS\flpydisk.sys
22:45:10.0277 2716 Flpydisk - ok
22:45:10.0608 2716 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\windows\system32\DRIVERS\fltMgr.sys
22:45:10.0638 2716 FltMgr - ok
22:45:10.0828 2716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
22:45:10.0828 2716 Fs_Rec - ok
22:45:11.0018 2716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
22:45:11.0068 2716 Ftdisk - ok
22:45:11.0259 2716 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\windows\system32\drivers\gameenum.sys
22:45:11.0259 2716 gameenum - ok
22:45:11.0519 2716 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:45:11.0529 2716 GEARAspiWDM - ok
22:45:11.0820 2716 Gpc (c0f1d4a21de5a415df8170616703debf) C:\windows\system32\DRIVERS\msgpc.sys
22:45:11.0830 2716 Gpc - ok
22:45:12.0100 2716 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\windows\system32\DRIVERS\hidusb.sys
22:45:12.0110 2716 HidUsb - ok
22:45:12.0270 2716 hpn - ok
22:45:12.0571 2716 HTTP (cb77bb47e67e84deb17ba29632501730) C:\windows\system32\Drivers\HTTP.sys
22:45:12.0661 2716 HTTP - ok
22:45:12.0941 2716 i2omgmt - ok
22:45:13.0091 2716 i2omp - ok
22:45:13.0302 2716 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\windows\system32\DRIVERS\i8042prt.sys
22:45:13.0322 2716 i8042prt - ok
22:45:13.0732 2716 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120113.002\IDSxpx86.sys
22:45:13.0852 2716 IDSxpx86 - ok
22:45:14.0163 2716 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\windows\system32\DRIVERS\imapi.sys
22:45:14.0173 2716 Imapi - ok
22:45:14.0443 2716 ini910u - ok
22:45:14.0804 2716 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\windows\system32\DRIVERS\intelide.sys
22:45:14.0804 2716 IntelIde - ok
22:45:15.0004 2716 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\windows\system32\DRIVERS\Ip6Fw.sys
22:45:15.0014 2716 Ip6Fw - ok
22:45:15.0234 2716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:45:15.0244 2716 IpFilterDriver - ok
22:45:15.0415 2716 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\windows\system32\DRIVERS\ipinip.sys
22:45:15.0445 2716 IpInIp - ok
22:45:15.0695 2716 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\windows\system32\DRIVERS\ipnat.sys
22:45:15.0735 2716 IpNat - ok
22:45:15.0925 2716 IPSec - ok
22:45:16.0146 2716 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\windows\system32\DRIVERS\irenum.sys
22:45:16.0156 2716 IRENUM - ok
22:45:16.0376 2716 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\windows\system32\DRIVERS\isapnp.sys
22:45:16.0396 2716 isapnp - ok
22:45:16.0717 2716 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\windows\system32\DRIVERS\kbdclass.sys
22:45:16.0727 2716 Kbdclass - ok
22:45:16.0957 2716 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\windows\system32\drivers\kmixer.sys
22:45:17.0007 2716 kmixer - ok
22:45:17.0287 2716 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\windows\system32\drivers\KSecDD.sys
22:45:17.0307 2716 KSecDD - ok
22:45:17.0518 2716 lbrtfdc - ok
22:45:17.0828 2716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
22:45:17.0848 2716 mnmdd - ok
22:45:18.0089 2716 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\windows\system32\drivers\Modem.sys
22:45:18.0099 2716 Modem - ok
22:45:18.0299 2716 Mouclass (34e1f0031153e491910e12551400192c) C:\windows\system32\DRIVERS\mouclass.sys
22:45:18.0329 2716 Mouclass - ok
22:45:18.0559 2716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys
22:45:18.0559 2716 mouhid - ok
22:45:18.0780 2716 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\windows\system32\drivers\MountMgr.sys
22:45:18.0790 2716 MountMgr - ok
22:45:18.0940 2716 mraid35x - ok
22:45:19.0170 2716 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\windows\system32\DRIVERS\mrxdav.sys
22:45:19.0230 2716 MRxDAV - ok
22:45:19.0661 2716 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\windows\system32\DRIVERS\mrxsmb.sys
22:45:19.0791 2716 MRxSmb - ok
22:45:20.0111 2716 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\windows\system32\drivers\Msfs.sys
22:45:20.0121 2716 Msfs - ok
22:45:20.0352 2716 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\windows\system32\drivers\MSKSSRV.sys
22:45:20.0362 2716 MSKSSRV - ok
22:45:20.0572 2716 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\windows\system32\drivers\MSPCLOCK.sys
22:45:20.0582 2716 MSPCLOCK - ok
22:45:20.0742 2716 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\windows\system32\drivers\MSPQM.sys
22:45:20.0752 2716 MSPQM - ok
22:45:20.0913 2716 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\windows\system32\DRIVERS\mssmbios.sys
22:45:20.0923 2716 mssmbios - ok
22:45:21.0133 2716 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\windows\system32\drivers\Mup.sys
22:45:21.0163 2716 Mup - ok
22:45:21.0443 2716 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20101201.025\NAVENG.SYS
22:45:21.0483 2716 NAVENG - ok
22:45:23.0226 2716 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20101201.025\NAVEX15.SYS
22:45:24.0688 2716 NAVEX15 - ok
22:45:25.0059 2716 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\windows\system32\drivers\NDIS.sys
22:45:25.0099 2716 NDIS - ok
22:45:25.0349 2716 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\windows\system32\DRIVERS\ndistapi.sys
22:45:25.0359 2716 NdisTapi - ok
22:45:25.0559 2716 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\windows\system32\DRIVERS\ndisuio.sys
22:45:25.0569 2716 Ndisuio - ok
22:45:25.0870 2716 NdisWan (0b90e255a9490166ab368cd55a529893) C:\windows\system32\DRIVERS\ndiswan.sys
22:45:25.0900 2716 NdisWan - ok
22:45:26.0110 2716 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\windows\system32\drivers\NDProxy.sys
22:45:26.0120 2716 NDProxy - ok
22:45:26.0320 2716 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\windows\system32\DRIVERS\netbios.sys
22:45:26.0340 2716 NetBIOS - ok
22:45:26.0601 2716 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\windows\system32\DRIVERS\netbt.sys
22:45:26.0651 2716 NetBT - ok
22:45:27.0071 2716 NPF (b9730495e0cf674680121e34bd95a73b) C:\windows\system32\drivers\NPF.sys
22:45:27.0081 2716 NPF - ok
22:45:27.0322 2716 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\windows\system32\drivers\Npfs.sys
22:45:27.0332 2716 Npfs - ok
22:45:27.0712 2716 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\windows\system32\drivers\Ntfs.sys
22:45:27.0883 2716 Ntfs - ok
22:45:28.0103 2716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
22:45:28.0113 2716 Null - ok
22:45:28.0303 2716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
22:45:28.0313 2716 NwlnkFlt - ok
22:45:28.0644 2716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
22:45:28.0674 2716 NwlnkFwd - ok
22:45:28.0994 2716 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\windows\system32\DRIVERS\parport.sys
22:45:29.0024 2716 Parport - ok
22:45:29.0235 2716 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\windows\system32\drivers\PartMgr.sys
22:45:29.0245 2716 PartMgr - ok
22:45:29.0475 2716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
22:45:29.0495 2716 ParVdm - ok
22:45:29.0735 2716 PCI (8086d9979234b603ad5bc2f5d890b234) C:\windows\system32\DRIVERS\pci.sys
22:45:29.0775 2716 PCI - ok
22:45:30.0036 2716 PCIDump - ok
22:45:30.0186 2716 PCIIde - ok
22:45:30.0436 2716 Pcmcia (82a087207decec8456fbe8537947d579) C:\windows\system32\drivers\Pcmcia.sys
22:45:30.0466 2716 Pcmcia - ok
22:45:30.0647 2716 PDCOMP - ok
22:45:30.0797 2716 PDFRAME - ok
22:45:30.0967 2716 PDRELI - ok
22:45:33.0260 2716 PDRFRAME - ok
22:45:33.0421 2716 perc2 - ok
22:45:33.0571 2716 perc2hib - ok
22:45:33.0851 2716 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\windows\system32\DRIVERS\raspptp.sys
22:45:33.0861 2716 PptpMiniport - ok
22:45:34.0122 2716 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\windows\system32\DRIVERS\processr.sys
22:45:34.0142 2716 Processor - ok
22:45:34.0432 2716 PSched (48671f327553dcf1d27f6197f622a668) C:\windows\system32\DRIVERS\psched.sys
22:45:34.0452 2716 PSched - ok
22:45:34.0712 2716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
22:45:34.0722 2716 Ptilink - ok
22:45:34.0903 2716 ql1080 - ok
22:45:35.0053 2716 Ql10wnt - ok
22:45:35.0203 2716 ql12160 - ok
22:45:35.0363 2716 ql1240 - ok
22:45:35.0524 2716 ql1280 - ok
22:45:35.0684 2716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
22:45:35.0694 2716 RasAcd - ok
22:45:35.0914 2716 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\windows\system32\DRIVERS\rasl2tp.sys
22:45:35.0924 2716 Rasl2tp - ok
22:45:36.0215 2716 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\windows\system32\DRIVERS\raspppoe.sys
22:45:36.0225 2716 RasPppoe - ok
22:45:36.0555 2716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
22:45:36.0565 2716 Raspti - ok
22:45:36.0815 2716 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\windows\system32\DRIVERS\rdbss.sys
22:45:36.0866 2716 Rdbss - ok
22:45:37.0096 2716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
22:45:37.0096 2716 RDPCDD - ok
22:45:37.0366 2716 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\windows\system32\DRIVERS\rdpdr.sys
22:45:37.0426 2716 rdpdr - ok
22:45:37.0747 2716 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\windows\system32\drivers\RDPWD.sys
22:45:37.0777 2716 RDPWD - ok
22:45:38.0037 2716 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\windows\system32\DRIVERS\redbook.sys
22:45:38.0057 2716 redbook - ok
22:45:38.0358 2716 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\windows\system32\Drivers\RootMdm.sys
22:45:38.0358 2716 ROOTMODEM - ok
22:45:38.0959 2716 rt2870 (24a0d16d170194b5812ea08542ebdb62) C:\windows\system32\DRIVERS\rt2870.sys
22:45:39.0219 2716 rt2870 - ok
22:45:39.0519 2716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
22:45:39.0529 2716 Secdrv - ok
22:45:39.0790 2716 serenum (a2d868aeeff612e70e213c451a70cafb) C:\windows\system32\DRIVERS\serenum.sys
22:45:39.0820 2716 serenum - ok
22:45:40.0000 2716 Serial (cd9404d115a00d249f70a371b46d5a26) C:\windows\system32\DRIVERS\serial.sys
22:45:40.0020 2716 Serial - ok
22:45:40.0190 2716 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\windows\system32\drivers\Sfloppy.sys
22:45:40.0190 2716 Sfloppy - ok
22:45:40.0371 2716 Simbad - ok
22:45:40.0571 2716 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\windows\system32\DRIVERS\SONYPVU1.SYS
22:45:40.0591 2716 SONYPVU1 - ok
22:45:40.0771 2716 Sparrow - ok
22:45:40.0951 2716 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\windows\system32\drivers\splitter.sys
22:45:40.0981 2716 splitter - ok
22:45:41.0212 2716 sr (e41b6d037d6cd08461470af04500dc24) C:\windows\system32\DRIVERS\sr.sys
22:45:41.0252 2716 sr - ok
22:45:41.0843 2716 SRTSP (83726cf02eced69138948083e06b6eac) C:\windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
22:45:42.0253 2716 SRTSP - ok
22:45:42.0654 2716 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
22:45:42.0684 2716 SRTSPX - ok
22:45:43.0034 2716 Srv (20b7e396720353e4117d64d9dcb926ca) C:\windows\system32\DRIVERS\srv.sys
22:45:43.0125 2716 Srv - ok
22:45:43.0435 2716 swenum (03c1bae4766e2450219d20b993d6e046) C:\windows\system32\DRIVERS\swenum.sys
22:45:43.0435 2716 swenum - ok
22:45:43.0725 2716 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\windows\system32\drivers\swmidi.sys
22:45:43.0735 2716 swmidi - ok
22:45:43.0916 2716 symc810 - ok
22:45:44.0066 2716 symc8xx - ok
22:45:44.0487 2716 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
22:45:44.0597 2716 SymDS - ok
22:45:45.0488 2716 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
22:45:46.0019 2716 SymEFA - ok
22:45:46.0289 2716 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:45:46.0329 2716 SymEvent - ok
22:45:46.0640 2716 SymIM (94a2459242a6dd0daf3baa99e96784ff) C:\windows\system32\DRIVERS\SymIM.sys
22:45:46.0660 2716 SymIM - ok
22:45:46.0730 2716 SymIMMP (94a2459242a6dd0daf3baa99e96784ff) C:\windows\system32\DRIVERS\SymIM.sys
22:45:46.0730 2716 SymIMMP - ok
22:45:47.0100 2716 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
22:45:47.0140 2716 SymIRON - ok
22:45:47.0641 2716 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\windows\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
22:45:47.0741 2716 SYMTDI - ok
22:45:47.0921 2716 sym_hi - ok
22:45:48.0062 2716 sym_u3 - ok
22:45:48.0282 2716 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\windows\system32\drivers\sysaudio.sys
22:45:48.0302 2716 sysaudio - ok
22:45:48.0733 2716 Tcpip (90caff4b094573449a0872a0f919b178) C:\windows\system32\DRIVERS\tcpip.sys
22:45:48.0843 2716 Tcpip - ok
22:45:49.0083 2716 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\windows\system32\drivers\TDPIPE.sys
22:45:49.0093 2716 TDPIPE - ok
22:45:49.0273 2716 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\windows\system32\drivers\TDTCP.sys
22:45:49.0283 2716 TDTCP - ok
22:45:49.0504 2716 TermDD (a540a99c281d933f3d69d55e48727f47) C:\windows\system32\DRIVERS\termdd.sys
22:45:49.0514 2716 TermDD - ok
22:45:49.0744 2716 TosIde - ok
22:45:49.0974 2716 Udfs (12f70256f140cd7d52c58c7048fde657) C:\windows\system32\drivers\Udfs.sys
22:45:50.0004 2716 Udfs - ok
22:45:50.0125 2716 ultra - ok
22:45:50.0425 2716 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\windows\system32\DRIVERS\update.sys
22:45:50.0485 2716 Update - ok
22:45:50.0746 2716 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\windows\system32\DRIVERS\usbhub.sys
22:45:50.0766 2716 usbhub - ok
22:45:50.0976 2716 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\windows\system32\DRIVERS\usbscan.sys
22:45:50.0986 2716 usbscan - ok
22:45:51.0186 2716 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:45:51.0226 2716 USBSTOR - ok
22:45:51.0497 2716 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\windows\system32\DRIVERS\usbuhci.sys
22:45:51.0507 2716 usbuhci - ok
22:45:51.0737 2716 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\windows\System32\drivers\vga.sys
22:45:51.0747 2716 VgaSave - ok
22:45:51.0877 2716 ViaIde - ok
22:45:52.0047 2716 VolSnap (ee4660083deba849ff6c485d944b379b) C:\windows\system32\drivers\VolSnap.sys
22:45:52.0067 2716 VolSnap - ok
22:45:52.0398 2716 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\windows\system32\DRIVERS\wanarp.sys
22:45:52.0418 2716 Wanarp - ok
22:45:52.0588 2716 wanatw - ok
22:45:52.0748 2716 WDICA - ok
22:45:52.0979 2716 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\windows\system32\drivers\wdmaud.sys
22:45:52.0999 2716 wdmaud - ok
22:45:53.0439 2716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:45:53.0870 2716 \Device\Harddisk0\DR0 - ok
22:45:53.0940 2716 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2
22:45:53.0970 2716 \Device\Harddisk1\DR2 - ok
22:45:53.0990 2716 Boot (0x1200) (3ad26f0a3b111ba57d0cb64dcf037d9f) \Device\Harddisk0\DR0\Partition0
22:45:53.0990 2716 \Device\Harddisk0\DR0\Partition0 - ok
22:45:54.0040 2716 Boot (0x1200) (b0a0032497dadc94cf12a12e53ade721) \Device\Harddisk1\DR2\Partition0
22:45:54.0040 2716 \Device\Harddisk1\DR2\Partition0 - ok
22:45:54.0050 2716 ============================================================
22:45:54.0050 2716 Scan finished
22:45:54.0050 2716 ============================================================
22:45:54.0130 2024 Detected object count: 0
22:45:54.0130 2024 Actual detected object count: 0
22:46:51.0443 0844 Deinitialize success

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 28 January 2012 - 03:35 AM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 28 January 2012 - 03:35 AM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 aurora9

aurora9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 29 January 2012 - 12:53 PM

Farbar Service Scanner Version: 18-01-2012 01
Ran by Laurie (administrator) on 29-01-2012 at 12:50:39
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec: "system32\drivers\tsk27C.tmp".


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys
[2004-08-04 07:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\windows\system32\Drivers\netbt.sys
[2004-08-04 07:00] - [2004-08-04 07:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\windows\system32\Drivers\tcpip.sys
[2004-08-04 07:00] - [2007-10-30 12:20] - 0360064 ____A (Microsoft Corporation) 90CAFF4B094573449A0872A0F919B178

C:\windows\system32\Drivers\ipsec.sys
[2004-08-04 07:00] - [2012-01-15 11:30] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\windows\system32\dnsrslvr.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\windows\system32\ipnathlp.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\windows\system32\netman.dll
[2004-08-04 07:00] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\windows\system32\wbem\WMIsvc.dll
[2007-03-03 19:00] - [2004-08-04 07:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\windows\system32\srsvc.dll
[2007-03-03 19:04] - [2004-08-04 07:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\windows\system32\Drivers\sr.sys
[2007-03-03 19:04] - [2004-08-04 07:00] - 0073472 ___AC (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\windows\system32\wscsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\windows\system32\wbem\WMIsvc.dll
[2007-03-03 19:00] - [2004-08-04 07:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\windows\system32\wuauserv.dll
[2007-03-03 19:05] - [2004-08-04 07:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\windows\system32\qmgr.dll
[2007-03-03 19:05] - [2004-08-04 07:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\windows\system32\es.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\windows\system32\cryptsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\windows\system32\svchost.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\windows\system32\rpcss.dll
[2004-08-04 07:00] - [2005-04-28 14:31] - 0395776 ____A (Microsoft Corporation) C8061F289E000703E7672916B7FE1571

C:\windows\system32\services.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 29 January 2012 - 01:51 PM

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
Posted Image
Make sure "DNS" tab looks like this:
Posted Image
Make sure "WINS" tab looks like this:
Posted Image
8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.

------------------------------------------------

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

------------------------------------------

If that doesn't work, bypass router, and connect computer straight to the modem.

---------------------------------------------

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

-------------------------------------------------------

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


----------------------------------------



If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.


-------------------------------------------------------------

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 01 February 2012 - 11:09 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 aurora9

aurora9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 02 February 2012 - 12:40 PM

---------------------------------------------

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

-------------------------------------------------------



This part kept telling me that the request is not supported and that it was unable to query host name.
____________________________________________________

DAF log:

Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 6.0.2900.2180
MPC: 76487-640
CPU: Pentium III (~500MHz)
BIOS: 9/21/2099
Memory (approx): 191MB
Uptime: 0 hour(s)
Current directory: F:\fixing mom's pc\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24
---

1/29/2012 4:37:12 PM -- Dial-a-fix : [v0.60.0.24] -- started
4:37:13 PM | Policy scan started
4:37:14 PM | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
4:38:13 PM | Deleting C:\Documents and Settings\Laurie\Local Settings\Temp...
4:38:16 PM | C:\Documents and Settings\Laurie\Local Settings\Temp could not be completely emptied, please reboot and try again
4:38:16 PM | Deleting C:\windows\temp...
4:38:19 PM | C:\windows\temp could not be completely emptied, please reboot and try again
4:38:19 PM | Deleting C:\DOCUME~1\Laurie\LOCALS~1\Temp...
4:38:22 PM | C:\DOCUME~1\Laurie\LOCALS~1\Temp could not be completely emptied, please reboot and try again
--- MSI ---
4:37:55 PM | Registered: C:\windows\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
4:38:15 PM | Unregistered: C:\windows\system32\msxml.dll
4:38:15 PM | Registered: C:\windows\system32\msxml.dll
4:38:18 PM | Unregistered: C:\windows\system32\msxml2.dll
4:38:20 PM | Registered: C:\windows\system32\msxml2.dll
4:38:21 PM | Unregistered: C:\windows\system32\msxml3.dll
4:38:29 PM | Registered: C:\windows\system32\msxml3.dll
4:38:30 PM | Unregistered: C:\windows\system32\msxml4.dll
4:38:31 PM | Registered: C:\windows\system32\msxml4.dll
4:38:34 PM | Unregistered: C:\windows\system32\qmgr.dll
4:38:37 PM | Registered: C:\windows\system32\qmgr.dll
4:38:39 PM | Unregistered: C:\windows\system32\qmgrprxy.dll
4:38:39 PM | Registered: C:\windows\system32\qmgrprxy.dll
4:38:39 PM | Unregistered: C:\windows\system32\winhttp.dll
4:38:39 PM | Registered: C:\windows\system32\winhttp.dll
4:38:42 PM | Registered: C:\windows\system32\wuapi.dll
4:38:44 PM | Unregistered: C:\windows\system32\wuaueng.dll
4:38:47 PM | Registered: C:\windows\system32\wuaueng.dll
4:38:47 PM | Unregistered: C:\windows\system32\wuaueng1.dll
4:38:47 PM | Registered: C:\windows\system32\wuaueng1.dll
4:38:52 PM | Unregistered: C:\windows\system32\wucltui.dll
4:38:52 PM | Registered: C:\windows\system32\wucltui.dll
4:38:53 PM | Unregistered: C:\windows\system32\wups.dll
4:38:53 PM | Registered: C:\windows\system32\wups.dll
4:38:54 PM | Unregistered: C:\windows\system32\wups2.dll
4:38:54 PM | Registered: C:\windows\system32\wups2.dll
4:38:54 PM | Unregistered: C:\windows\system32\wuweb.dll
4:38:55 PM | Registered: C:\windows\system32\wuweb.dll
4:38:55 PM | Registered: C:\windows\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
4:39:24 PM | Executed 'cmd.exe /c rmdir /q /s C:\windows\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
4:39:29 PM | Unregistered: C:\windows\system32\cryptdlg.dll
4:39:29 PM | Registered: C:\windows\system32\cryptdlg.dll
4:39:29 PM | Unregistered: C:\windows\system32\cryptui.dll
4:39:29 PM | Registered: C:\windows\system32\cryptui.dll
4:39:30 PM | Unregistered: C:\windows\system32\cryptext.dll
4:39:31 PM | Registered: C:\windows\system32\cryptext.dll
4:39:31 PM | Unregistered: C:\windows\system32\dssenh.dll
4:39:31 PM | Registered: C:\windows\system32\dssenh.dll
4:39:32 PM | Unregistered: C:\windows\system32\gpkcsp.dll
4:39:32 PM | Registered: C:\windows\system32\gpkcsp.dll
4:39:33 PM | Unregistered: C:\windows\system32\initpki.dll
4:42:21 PM | Registered: C:\windows\system32\initpki.dll
4:42:21 PM | Unregistered: C:\windows\system32\licdll.dll
4:42:22 PM | Registered: C:\windows\system32\licdll.dll
4:42:22 PM | Unregistered: C:\windows\system32\mssign32.dll
4:42:22 PM | Registered: C:\windows\system32\mssign32.dll
4:42:22 PM | Unregistered: C:\windows\system32\mssip32.dll
4:42:22 PM | Registered: C:\windows\system32\mssip32.dll
4:42:25 PM | Unregistered: C:\windows\system32\scardssp.dll
4:42:25 PM | Registered: C:\windows\system32\scardssp.dll
4:42:25 PM | Unregistered: C:\windows\system32\sccbase.dll
4:42:26 PM | Registered: C:\windows\system32\sccbase.dll
4:42:26 PM | Unregistered: C:\windows\system32\scecli.dll
4:42:30 PM | Registered: C:\windows\system32\scecli.dll
4:42:30 PM | Unregistered: C:\windows\system32\softpub.dll
4:42:30 PM | Registered: C:\windows\system32\softpub.dll
4:42:31 PM | Unregistered: C:\windows\system32\slbcsp.dll
4:42:31 PM | Registered: C:\windows\system32\slbcsp.dll
4:42:32 PM | Unregistered: C:\windows\system32\regwizc.dll
4:42:32 PM | Registered: C:\windows\system32\regwizc.dll
4:42:32 PM | Unregistered: C:\windows\system32\rsaenh.dll
4:42:32 PM | Registered: C:\windows\system32\rsaenh.dll
4:42:32 PM | Unregistered: C:\windows\system32\winhttp.dll
4:42:32 PM | Registered: C:\windows\system32\winhttp.dll
4:42:33 PM | Unregistered: C:\windows\system32\wintrust.dll
4:42:33 PM | Registered: C:\windows\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
4:42:36 PM | Registered: C:\windows\system32\acelpdec.ax
4:42:37 PM | Registered: C:\windows\system32\actxprxy.dll
4:42:38 PM | Registered: C:\windows\system32\asctrls.ocx
4:42:38 PM | Registered: C:\windows\system32\daxctle.ocx
4:42:39 PM | Registered: C:\windows\system32\hhctrl.ocx
4:42:39 PM | Registered: C:\windows\system32\l3codecx.ax
4:42:39 PM | Registered: C:\windows\system32\licmgr10.dll
4:42:40 PM | Registered: C:\windows\system32\mpg4ds32.ax
4:42:48 PM | Registered: C:\windows\system32\msdxm.ocx
4:42:49 PM | Registered: C:\windows\system32\plugin.ocx
4:42:49 PM | Registered: C:\windows\system32\proctexe.ocx
4:42:49 PM | Registered: C:\windows\system32\tdc.ocx
4:42:50 PM | Registered: C:\windows\system32\wshom.ocx
--- Registration: Control Panel applets ---
4:42:55 PM | DllInstalled: C:\windows\system32\inetcpl.cpl
4:42:56 PM | DllInstalled: C:\windows\system32\appwiz.cpl
4:42:56 PM | Registered: C:\windows\system32\appwiz.cpl
4:42:56 PM | DllInstalled: C:\windows\system32\nusrmgr.cpl
4:42:56 PM | Registered: C:\windows\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
4:42:58 PM | Registered: C:\windows\system32\quartz.dll
4:42:59 PM | Registered: C:\windows\system32\danim.dll
4:43:00 PM | Registered: C:\windows\system32\dmscript.dll
4:43:00 PM | Registered: C:\windows\system32\dmstyle.dll
4:43:01 PM | Registered: C:\windows\system32\dxmasf.dll
4:43:04 PM | Registered: C:\windows\system32\dxtmsft.dll
4:43:04 PM | Registered: C:\windows\system32\dxtrans.dll
4:43:04 PM | Registered: C:\windows\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
4:43:05 PM | Registered: C:\windows\system32\atl.dll
4:43:05 PM | Registered: C:\windows\system32\corpol.dll
4:43:05 PM | Registered: C:\windows\system32\jscript.dll
4:43:05 PM | Registered: C:\windows\system32\dispex.dll
4:43:06 PM | Registered: C:\windows\system32\scrrun.dll
4:43:07 PM | Registered: C:\windows\system32\scrobj.dll
4:43:07 PM | Registered: C:\windows\system32\vbscript.dll
4:43:08 PM | Registered: C:\windows\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
4:43:08 PM | Registered: C:\windows\system32\activeds.dll
4:43:09 PM | DllInstalled: C:\windows\system32\browseui.dll
4:43:09 PM | Registered: C:\windows\system32\browseui.dll
4:43:10 PM | Registered: C:\windows\system32\browsewm.dll
4:43:10 PM | Registered: C:\windows\system32\cabview.dll
4:43:11 PM | Registered: C:\windows\system32\cdfview.dll
4:43:11 PM | Registered: C:\windows\system32\clbcatex.dll
4:43:12 PM | Registered: C:\windows\system32\clbcatq.dll
4:43:12 PM | Registered: C:\windows\system32\comcat.dll
4:43:12 PM | Registered: C:\windows\system32\cscui.dll
4:43:12 PM | Registered: C:\windows\system32\credui.dll
4:43:12 PM | Registered: C:\windows\system32\datime.dll
4:43:13 PM | Registered: C:\windows\system32\devmgr.dll
4:43:13 PM | Registered: C:\windows\system32\dfsshlex.dll
4:43:14 PM | Registered: C:\windows\system32\dmdlgs.dll
4:43:14 PM | Registered: C:\windows\system32\dmdskmgr.dll
4:43:14 PM | Registered: C:\windows\system32\dmloader.dll
4:43:14 PM | Registered: C:\windows\system32\dmocx.dll
4:43:14 PM | Registered: C:\windows\system32\dmview.ocx
4:43:15 PM | DllInstalled: C:\windows\system32\dsuiext.dll
4:43:15 PM | Registered: C:\windows\system32\dsuiext.dll
4:43:15 PM | DllInstalled: C:\windows\system32\dsquery.dll
4:43:15 PM | Registered: C:\windows\system32\dsquery.dll
4:43:15 PM | Registered: C:\windows\system32\dskquoui.dll
4:43:16 PM | Registered: C:\windows\system32\els.dll
4:43:18 PM | Registered: C:\windows\system32\es.dll
4:43:18 PM | Registered: C:\windows\system32\fontext.dll
4:43:18 PM | Registered: C:\windows\system32\hlink.dll
4:43:19 PM | Registered: C:\windows\system32\hnetcfg.dll
4:43:19 PM | Registered: C:\windows\system32\iedkcs32.dll
4:43:20 PM | Registered: C:\windows\system32\iepeers.dll
4:43:21 PM | DllInstalled: C:\windows\system32\iesetup.dll
4:43:21 PM | Registered: C:\windows\system32\iesetup.dll
4:43:21 PM | Registered: C:\windows\system32\ils.dll
4:43:21 PM | Registered: C:\windows\system32\imgutil.dll
4:43:22 PM | Registered: C:\windows\system32\inetcfg.dll
4:43:22 PM | Registered: C:\windows\system32\inetcomm.dll
4:43:23 PM | DllInstalled: C:\windows\system32\inseng.dll
4:43:23 PM | Registered: C:\windows\system32\inseng.dll
4:43:23 PM | Registered: C:\windows\system32\laprxy.dll
4:43:24 PM | Registered: C:\windows\system32\lmrt.dll
4:43:25 PM | Registered: C:\windows\system32\mlang.dll
4:43:27 PM | Registered: C:\windows\system32\mmcndmgr.dll
4:43:27 PM | Registered: C:\windows\system32\mmcshext.dll
4:43:29 PM | Registered: C:\windows\system32\mscoree.dll
4:43:31 PM | DllInstalled: C:\windows\system32\mshtml.dll
4:43:33 PM | Registered: C:\windows\system32\mshtml.dll
4:43:34 PM | Registered: C:\windows\system32\mshtmled.dll
4:43:35 PM | Registered: C:\windows\system32\msieftp.dll
4:43:35 PM | Registered: C:\windows\system32\msoeacct.dll
4:43:35 PM | Registered: C:\windows\system32\msr2c.dll
4:43:36 PM | Registered: C:\windows\system32\msrating.dll
4:43:36 PM | DllInstalled: C:\windows\system32\mydocs.dll
4:43:36 PM | Registered: C:\windows\system32\mydocs.dll
4:43:37 PM | Registered: C:\windows\system32\mstime.dll
4:43:38 PM | Registered: C:\windows\system32\netcfgx.dll
4:43:38 PM | DllInstalled: C:\windows\system32\netplwiz.dll
4:43:38 PM | Registered: C:\windows\system32\netplwiz.dll
4:43:41 PM | Registered: C:\windows\system32\netman.dll
4:43:42 PM | Registered: C:\windows\system32\netshell.dll
4:43:42 PM | Registered: C:\windows\system32\ntmsevt.dll
4:43:42 PM | Registered: C:\windows\system32\ntmsmgr.dll
4:43:43 PM | DllInstalled: C:\windows\system32\ntmssvc.dll
4:43:43 PM | Registered: C:\windows\system32\ntmssvc.dll
4:43:43 PM | DllInstalled: C:\windows\system32\occache.dll
4:43:43 PM | Registered: C:\windows\system32\occache.dll
4:43:44 PM | Registered: C:\windows\system32\ole32.dll
4:43:45 PM | Registered: C:\windows\system32\oleaut32.dll
4:43:45 PM | Registered: C:\windows\system32\oleacc.dll
4:43:45 PM | Registered: C:\windows\system32\olepro32.dll
4:43:45 PM | DllInstalled: C:\windows\system32\photowiz.dll
4:43:46 PM | Registered: C:\windows\system32\photowiz.dll
4:43:46 PM | Registered: C:\windows\system32\pngfilt.dll
4:43:46 PM | Registered: C:\windows\system32\remotepg.dll
4:43:46 PM | Registered: C:\windows\system32\rpcrt4.dll
4:43:46 PM | Registered: C:\windows\system32\rshx32.dll
4:43:47 PM | Registered: C:\windows\system32\sendmail.dll
4:43:47 PM | Registered: C:\windows\system32\slayerxp.dll
4:43:54 PM | DllInstalled: C:\windows\system32\shdocvw.dll
4:43:55 PM | Registered: C:\windows\system32\shdocvw.dll
4:43:55 PM | Registered: C:\windows\system32\shell32.dll
4:44:23 PM | DllInstalled: C:\windows\system32\shell32.dll
4:44:24 PM | Registered: C:\windows\system32\shmedia.dll
4:44:24 PM | DllInstalled: C:\windows\system32\shimgvw.dll
4:44:25 PM | Registered: C:\windows\system32\shimgvw.dll
4:44:25 PM | DllInstalled: C:\windows\system32\shsvcs.dll
4:44:26 PM | Registered: C:\windows\system32\shsvcs.dll
4:44:26 PM | Registered: C:\windows\system32\srclient.dll
4:44:26 PM | Unregistered: C:\windows\system32\stobject.dll
4:44:26 PM | Registered: C:\windows\system32\stobject.dll
4:44:27 PM | DllInstalled: C:\windows\system32\themeui.dll
4:44:28 PM | Registered: C:\windows\system32\themeui.dll
4:44:28 PM | Registered: C:\windows\system32\twext.dll
4:44:30 PM | DllInstalled: C:\windows\system32\urlmon.dll
4:44:30 PM | Registered: C:\windows\system32\urlmon.dll
4:44:30 PM | Registered: C:\windows\system32\userenv.dll
4:44:30 PM | DllInstalled: C:\windows\system32\webcheck.dll
4:44:31 PM | Registered: C:\windows\system32\webcheck.dll
4:44:31 PM | Registered: C:\windows\system32\webvw.dll
4:44:32 PM | Registered: C:\windows\system32\winhttp.dll
4:44:32 PM | DllInstalled: C:\windows\system32\wininet.dll
4:44:32 PM | Registered: C:\windows\system32\zipfldr.dll
4:44:32 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
4:44:33 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
4:44:33 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
4:44:34 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
4:44:35 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
4:44:35 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
4:44:36 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
4:44:36 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
4:44:36 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
4:44:36 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
4:44:37 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
4:44:39 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll
4:44:42 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll
4:44:42 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
4:44:43 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
4:44:44 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll
4:44:45 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll
4:44:45 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
4:44:46 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
4:44:46 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
4:44:47 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
4:44:47 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll
--- Reinstall Windows Firewall ---
--- Repair permissions ---
--- Network interface reset ---
_____________________________________________________


Could not reinstall BITS b/c it request XP disc.

______________________________________________________

Also, noticed when booting, there is a missing file: boot.ini

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 02 February 2012 - 12:49 PM

Hello

I would like you to go here - http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/ and download XP.zip

open the file and double click on IpSec.reg and allow it to merge into the registry

restart the computer and check the internet

rerun FSS for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 aurora9

aurora9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 02 February 2012 - 10:07 PM

Ok,

Downloaded and ran file, computer stated the info had been added to the registry. However, upon reboot, boot.ini is now invalid (but not missing) and computer will not start normally, have to use last good configuration. Internet still an issue. Ran FSS anyways.

Farbar Service Scanner Version: 18-01-2012 01
Ran by Laurie (administrator) on 02-02-2012 at 22:00:46
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec: "system32\drivers\tsk27C.tmp".


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys
[2004-08-04 07:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\windows\system32\Drivers\netbt.sys
[2004-08-04 07:00] - [2004-08-04 07:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\windows\system32\Drivers\tcpip.sys
[2004-08-04 07:00] - [2007-10-30 12:20] - 0360064 ____A (Microsoft Corporation) 90CAFF4B094573449A0872A0F919B178

C:\windows\system32\Drivers\ipsec.sys
[2004-08-04 07:00] - [2012-01-15 11:30] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\windows\system32\dnsrslvr.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\windows\system32\ipnathlp.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\windows\system32\netman.dll
[2004-08-04 07:00] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\windows\system32\wbem\WMIsvc.dll
[2007-03-03 19:00] - [2004-08-04 07:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\windows\system32\srsvc.dll
[2007-03-03 19:04] - [2004-08-04 07:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\windows\system32\Drivers\sr.sys
[2007-03-03 19:04] - [2004-08-04 07:00] - 0073472 ___AC (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\windows\system32\wscsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\windows\system32\wbem\WMIsvc.dll
[2007-03-03 19:00] - [2004-08-04 07:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\windows\system32\wuauserv.dll
[2007-03-03 19:05] - [2004-08-04 07:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\windows\system32\qmgr.dll
[2007-03-03 19:05] - [2004-08-04 07:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\windows\system32\es.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\windows\system32\cryptsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\windows\system32\svchost.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\windows\system32\rpcss.dll
[2004-08-04 07:00] - [2005-04-28 14:31] - 0395776 ____A (Microsoft Corporation) C8061F289E000703E7672916B7FE1571

C:\windows\system32\services.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 02 February 2012 - 11:37 PM

Hello

here is what I want you to try next

1. Locate the file - C:\Windows\inf\Nettcpip.inf
  • It's important that you first make a copy of the file. Place the copy on your Desktop.
  • Once you have done that, use Notepad open the original file for editing.

Posted Image

2. Locate the [MS_TCPIP.PrimaryInstall] section.

3. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0×80.

Posted Image

4. Save the file, and then exit Notepad.

Posted Image

5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.

Posted Image Posted Image

6. On the General tab, click Install, select Protocol, and then click Add.

Posted Image

7. In the Select Network Protocols window, click Have Disk.

Posted Image

8. In the Copy manufacturer’s files from: text box, type c:\windows\inf, and then click OK.

Posted Image

9. Select Internet Protocol (TCP/IP), and then click OK.

Posted Image

Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.

10. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.

11. It is important that you restart the computer to complete the uninstall.

------------

Step #2 - Reinstall of TCP/IP

Posted Image

Take the nettcpip.inf which you have earlier copied to Desktop. Move it back to the directory C:\Windows\INF\ overwriting the existing copy. The file shall now look exactly like the sample above.

Redo sub-steps 4-11 to re-install TCP/IP
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users