Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

no internet - XP Antivirus 2012 aftermath


  • Please log in to reply
5 replies to this topic

#1 redlite32

redlite32

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 18 January 2012 - 09:47 PM

I loaded MBAM from memory stick and ran. It seems to have taken care of the virus but I can not get on the internet. I loaded Combofix from memory stick and ran. It indicated a rootkit but could not go further due to no internet availability.
When trying to Diagnose Connection Problems it comes back with "Windows detected a problem with the Winsock provider catalog on this computer across the network. Windows will not correct the problem.
Any help will is appreciated. Note a lack of experience on my part. Go slow!

Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 PM

Posted 21 January 2012 - 10:00 PM

Download

FSS

Launch it

* Click on "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.

Download

TDSSkiller

Launch it Click on "Scan".Please post the LOG report


Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

Good luck

#3 redlite32

redlite32
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 23 January 2012 - 11:51 PM

Ran the suggested items. No change to the computer. Here are the results:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Bill Sheffer (administrator) on 23-01-2012 at 19:04:24
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec service is OK.


Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors
IE proxy is enabled.



File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) kl2(12) NetBT(5) NETIMFLT01060034(10) PSched(7) Tcpip(3)
0x0C0000000C000000040000000100000002000000030000000B00000005000000060000000700000008000000090000000A000000


**** End of log

TDSSkiller ran but I can not copy the log report. Is there specific info you are after or should I type the complete report?

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-23 23:03:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000074 WDC_WD1600AAJS-22WAA0 rev.58.01D58
Running: uwlgdwd1.exe; Driver: C:\DOCUME~1\BILLSH~1\LOCALS~1\Temp\kwdyipod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB4BC7558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB4BC7E5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB4BC8C90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB4BC91DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB4BC8138]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xB4BC63C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB4BC90C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB4BC7146]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB4BC8F94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB4BC72EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB4BC92FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB4BC7AE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB4BC902A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB4BCA9E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB4BC69D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB4BC6D86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB4BC85BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB4BCBBEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB4BC6ED2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB4BC6F6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB4BC83C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB4BCAAD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB4BC63A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB4BC63B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB4BCB23C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB4BC7096]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB4BC9270]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB4BC7EDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB4BC6588]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB4BC9150]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB4BC7794]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB4BCAFD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB4BC9390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB4BC7686]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB4BC7002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB4BC6C3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB4BCB576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB4BC6864]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB4BCAE68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB4BC6AF4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB4BC5DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB4BC96F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB4BC95BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB4BCA77C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB4BC6156]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB4BCBA90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB4BC5D76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB4BC89D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB4BC7D00]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB4BCA01C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB4BCAC72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB4BCB6C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB4BC66DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB4BCB7B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB4BCB8F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB4BCA906]
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Protection driver/Panda Security, S.L.) ZwTerminateProcess [0xB1E6B654]
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Protection driver/Panda Security, S.L.) ZwTerminateThread [0xB1E6AC2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB4BCB41A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB4BC7A1A]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B4BB9FE6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B4BBA3C2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 5 Bytes [D4, AA, BC, B4, A4]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D6E 8050460A 6 Bytes [BC, B4, B6, 63, BC, B4]
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [F4, 6A, BC, B4, DE, 5D, BC, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [B8, B7, BC, B4, F2, B8, BC, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8930380, 0x2468FD, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B95CBDC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B95CBDC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [613473FB] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6134732D] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61346BCD] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6134736D] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [61345FBC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [613473FB] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6134732D] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61346BCD] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6134736D] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61345FBC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [613473AD] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [613473FB] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6134736D] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6134732D] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61346BCD] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [613467E4] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [613467E4] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61345EF7] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61345E26] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61345E64] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61345FBC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6134732D] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6134736D] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61346BCD] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [613473FB] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [613473AD] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346057] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61345E64] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [613467E4] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61345EF7] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [613467E4] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61345FC2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61345E26] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134609C] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4068] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [61346142] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)
Device \FileSystem\Fastfat \FatCdrom ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)
Device \FileSystem\Fastfat \Fat ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

---- EOF - GMER 1.0.15 ----



Thanks,
Bill

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 PM

Posted 24 January 2012 - 12:07 AM

If TDSSkiller log is clean,then its ok

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Launch farbar service scanner and type

ipsec.sys in search BOX and click on search files

Post the generated log

#5 redlite32

redlite32
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 24 January 2012 - 07:07 PM

Here is the log from aswMBR:


aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-24 18:30:29
-----------------------------
18:30:29.312 OS Version: Windows 5.1.2600 Service Pack 3
18:30:29.312 Number of processors: 2 586 0x6B02
18:30:29.312 ComputerName: UC032320082BS UserName: Bill Sheffer
18:30:29.953 Initialize success
18:31:18.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000074
18:31:18.484 Disk 0 Vendor: WDC_WD1600AAJS-22WAA0 58.01D58 Size: 152626MB BusType: 3
18:31:18.500 Disk 0 MBR read successfully
18:31:18.500 Disk 0 MBR scan
18:31:18.500 Disk 0 Windows XP default MBR code
18:31:18.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
18:31:18.500 Disk 0 scanning sectors +312576705
18:31:18.562 Disk 0 scanning C:\WINDOWS\system32\drivers
18:31:26.468 Service scanning
18:31:26.750 Service .ipsec \? **LOCKED** 123
18:31:26.765 Service .serial \? **LOCKED** 123
18:31:26.921 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
18:31:26.921 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
18:31:26.921 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
18:31:27.437 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
18:31:27.453 Service MpKsl13833c97 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B847858E-CC9C-4007-9EEB-64D6BF9F2F5B}\MpKsl13833c97.sys **LOCKED** 32
18:31:28.140 Modules scanning
18:31:32.843 Disk 0 trace - called modules:
18:31:32.843
18:31:32.843 Scan finished successfully
18:37:37.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bill Sheffer\Desktop\MBR.dat"
18:37:37.546 The log file has been saved successfully to "C:\Documents and Settings\Bill Sheffer\Desktop\aswMBR.txt"

Note that I launched and updated data files from the memory stick in a good computer. I then took the memory stick to the bad computer and loaded the aswMBR to the desktop. When I ran it, it asked to update the data files again. Since this machine will not go on the internet, I am not sure it the new data files went from the memory stick to the bad computer.

Farbar Service Scanner Version: 18-01-2012 01
Ran by Bill Sheffer (administrator) on 24-01-2012 at 18:58:40
Microsoft Windows XP Service Pack 3 (X86)

************************************************
================== Search: "ipsec.sys" ===================

C:\WINDOWS\system32\dllcache\ipsec.sys
[2008-02-12 14:48] - [2008-04-13 14:19] - 0075264 ___AC (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008-04-13 14:19] - [2008-04-13 14:19] - 0075264 ____N (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2009-05-16 19:15] - [2004-08-04 07:00] - 0074752 ____C (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

====== End Of Search ======

In the FSS launch box, only the Internet Services box is checked. Is this correct?

Thanks for your help,
Bill

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 PM

Posted 24 January 2012 - 08:43 PM

Browse to this path

C:\WINDOWS\ServicePackFiles\i386

Copy ipsec.sys from the folder and paste it in C:/Windows/system32/drivers folder

Restart your PC and check your internet.

Please post the new FSS log

good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users