Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Used ComboFix to remove RootKit infection and now no internet


  • This topic is locked This topic is locked
49 replies to this topic

#1 mchas

mchas

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 12 February 2012 - 11:53 PM

After spending hours trying to troubleshoot this myself, I decided to ask the experts here for help.

Computer was infected with what I think was a virus, tried running AVG and MalwareBytes, didn't fix the problem, then ran ComboFix, seemed to have removed the virus but now the internet connection is not working.

Any help is appreciated!

Log from DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 20:37:31 on 2012-02-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1804 [GMT -8:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\aol\1228796784\ee\aolsoftware.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Administrator\Desktop\FSS.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\system32\notepad.exe
C:\Users\Administrator\Desktop\gmer\gmer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1228796784\ee\AOLSoftware.exe
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATABXAEUAMwAtAFYASgAzAEsASAAtAFAANABSAFIAUgAtAFIAMAAyAEYATgAtADIAVwAwAEsAOQA"&"inst=NwA3AC0ANAAyADAAMQAzADcANQAzADkALQBUADIAMAAtAFUAOAA1ACsAMQAtAEIAQQArADEALQBLAFYAMwArADcALQBYAEwAKwAxAC0ARgBQADkAKwA2AC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQAtAEQARABUACsAOQAwADUAMAAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0ARgA5ADAATQAxADIAQQBOACsAMwAtAEYAOQAwAE0AMQAyAEEAKwAxAC0ARgA5ADAATQAxADIAQQBCACsAMQAtAFUAOQA1ACsAMQAtAEYAOQAwAE0AMQAyAEEAVABCACsAMQAtAEYAOQAwAE0AMQAyAEIAKwAxAC0ARgBVAEkAKwAyAC0ARgA5ADAAVABCACsAMgA"&"prod=90"&"ver=9.0.894
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\BILLMIND.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\agremind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quicke~1.lnk - c:\quickenw\QWDLLS.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\jvfy9o2k.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B70a32d3f-fed8-417c-afbb-65b65e3df7cc%7D&mid=789dd6973790e27196e81fe15c535d48-a7b206c05ecb71d28b9b921af621ba8dd14f2097&ds=AVG&v=10.0.0.7&lang=us&pr=fr&d=2011-12-13%2014%3A29%3A48&sap=ku&q=
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\epicplay\npEpicHost.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-2-10 245760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
S2 NecUsb3;USB3 Service;c:\windows\system32\svchost.exe -k NecUsb3Sevic [2008-1-20 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-13 02:21:45 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-13 02:09:50 -------- d-----w- C:\ComboFix
2012-02-13 00:59:54 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2012-02-13 00:28:00 -------- d-----w- c:\users\administrator\appdata\local\Hewlett-Packard
2012-02-13 00:27:18 -------- d-----w- c:\users\administrator\appdata\local\Mozilla
2012-02-11 05:58:10 -------- d-----w- C:\Brother
2012-02-11 05:58:01 -------- d-----w- c:\program files\Browny02
2012-02-11 05:49:06 -------- d-----w- c:\program files\MSXML 4.0
2012-02-11 05:48:41 -------- d-----w- c:\programdata\Brother
2012-02-11 04:54:24 98816 ----a-w- c:\windows\sed.exe
2012-02-11 04:54:24 518144 ----a-w- c:\windows\SWREG.exe
2012-02-11 04:54:24 256000 ----a-w- c:\windows\PEV.exe
2012-02-11 04:54:24 208896 ----a-w- c:\windows\MBR.exe
2012-02-11 04:37:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 04:37:39 -------- d-----w- c:\programdata\Malwarebytes
2012-02-11 04:37:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-07 23:49:35 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-01 03:39:14 9728 ----a-w- c:\windows\system32\lsass.exe
2012-02-01 03:39:14 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-01 03:39:14 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-01 03:39:14 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-02-01 03:39:14 278528 ----a-w- c:\windows\system32\schannel.dll
2012-02-01 03:39:14 1259008 ----a-w- c:\windows\system32\lsasrv.dll
.
==================== Find3M ====================
.
2012-02-13 00:57:48 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll
.
============= FINISH: 20:37:54.03 ===============


LOG FROM FSS:

Farbar Service Scanner Version: 12-02-2012 01
Ran by Administrator (administrator) on 12-02-2012 at 20:00:46
Running from "C:\Users\Administrator\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2008-01-20 18:23] - [2008-01-20 18:23] - 0272952 ____A (Microsoft Corporation) 4575AA12561C5648483403541D0D7F2B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Attach file from DDS is attached.

Thank you in advance!

I know it can take a while for a response, but I just wanted to make sure my post was in the correct format. If not, please advise. Thank you!

EDIT: Posts merged, and yes it is in the correct format. Good luck. ~Budapest

Attached Files


Edited by Budapest, 14 February 2012 - 04:55 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 AM

Posted 17 February 2012 - 08:59 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 mchas

mchas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 17 February 2012 - 11:09 PM

Still here and haven't made any changes since my post. Ready for your help, thanks in advance!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 AM

Posted 18 February 2012 - 02:25 PM

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Unless you kept the log (in which case please post it) can you run the command below which will get me a log of what happened when you ran Combofix.

Please go to start -> Run.

Copy and paste the bold line in the run-box and click OK:

cmd /c dir /a/s/b C:\QooBox >log.txt & log.txt

A text file opens up, copy and paste the content to your reply.
Posted Image
m0le is a proud member of UNITE

#5 mchas

mchas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 18 February 2012 - 06:13 PM

Here is the requested log. I am also remembering (from a week or so ago now) that I think I deleted two registry keys related to winsock, if that sounds right. I was desperately trying to find older threads with suggestions and that was one of the things I came across and tried.

C:\QooBox\Add-Remove Programs.txt
C:\QooBox\BackEnv
C:\QooBox\ComboFix-quarantined-files.txt
C:\QooBox\ComboFix2.txt
C:\QooBox\Quarantine
C:\QooBox\SnapShot@2012-02-11_05.19.17.dat
C:\QooBox\Quarantine\C
C:\QooBox\Quarantine\catchme.log
C:\QooBox\Quarantine\Registry_backups
C:\QooBox\Quarantine\C\Users
C:\QooBox\Quarantine\C\Windows
C:\QooBox\Quarantine\C\Users\Jeri
C:\QooBox\Quarantine\C\Users\Jeri\AppData
C:\QooBox\Quarantine\C\Users\Jeri\AppData\Roaming
C:\QooBox\Quarantine\C\Users\Jeri\AppData\Roaming\Desktopicon
C:\QooBox\Quarantine\C\Users\Jeri\AppData\Roaming\Desktopicon\config.ini.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$
C:\QooBox\Quarantine\C\Windows\system32
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\2102319966.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\497539548.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\@.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\cfg.ini.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\Desktop.ini.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\L
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\oemid.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\U
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\version.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\L\qnbwvoto.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\U\00000001.@.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\U\00000002.@.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\U\00000004.@.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\U\80000000.@.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\U\80000004.@.vir
C:\QooBox\Quarantine\C\Windows\$NtUninstallKB3473$\419894422\U\80000032.@.vir
C:\QooBox\Quarantine\C\Windows\system32\Drivers
C:\QooBox\Quarantine\C\Windows\system32\jucheck.exe.vir
C:\QooBox\Quarantine\C\Windows\system32\jusched.exe.vir
C:\QooBox\Quarantine\C\Windows\system32\Drivers\avgtdix.sys.vir
C:\QooBox\Quarantine\Registry_backups\AddRemove-AOL Toolbar 5.0.reg.dat
C:\QooBox\Quarantine\Registry_backups\HKLM-Run-ROC_roc_dec12.reg.dat
C:\QooBox\Quarantine\Registry_backups\tcpip.reg
C:\QooBox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
C:\QooBox\Quarantine\Registry_backups\URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C}.reg.dat
C:\QooBox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 AM

Posted 18 February 2012 - 06:27 PM

Combofix removed files which have triggered your infection (a rootkit called ZeroAccess) to kill your internet connection

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#7 mchas

mchas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 18 February 2012 - 06:49 PM

No threats found. Here is the log:


15:43:39.0451 2460 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
15:43:39.0454 2460 ============================================================
15:43:39.0455 2460 Current date / time: 2012/02/18 15:43:39.0454
15:43:39.0455 2460 SystemInfo:
15:43:39.0455 2460
15:43:39.0455 2460 OS Version: 6.0.6002 ServicePack: 2.0
15:43:39.0455 2460 Product type: Workstation
15:43:39.0455 2460 ComputerName: JERI-PC
15:43:39.0455 2460 UserName: Administrator
15:43:39.0455 2460 Windows directory: C:\Windows
15:43:39.0455 2460 System windows directory: C:\Windows
15:43:39.0455 2460 Processor architecture: Intel x86
15:43:39.0455 2460 Number of processors: 2
15:43:39.0455 2460 Page size: 0x1000
15:43:39.0455 2460 Boot type: Normal boot
15:43:39.0455 2460 ============================================================
15:43:39.0796 2460 Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:43:39.0797 2460 Drive \Device\Harddisk1\DR6 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:43:40.0119 2460 \Device\Harddisk0\DR0:
15:43:40.0129 2460 MBR used
15:43:40.0129 2460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x28840B09
15:43:40.0129 2460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x28840B48, BlocksNum 0x1671E79
15:43:40.0129 2460 \Device\Harddisk1\DR6:
15:43:40.0130 2460 MBR used
15:43:40.0130 2460 \Device\Harddisk1\DR6\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2E937C82
15:43:40.0186 2460 Initialize success
15:43:40.0186 2460 ============================================================
15:43:46.0777 3004 ============================================================
15:43:46.0777 3004 Scan started
15:43:46.0777 3004 Mode: Manual;
15:43:46.0777 3004 ============================================================
15:43:46.0982 3004 .smb - ok
15:43:46.0996 3004 .tdx - ok
15:43:47.0099 3004 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:43:47.0101 3004 ACPI - ok
15:43:47.0151 3004 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:43:47.0155 3004 adp94xx - ok
15:43:47.0180 3004 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:43:47.0183 3004 adpahci - ok
15:43:47.0205 3004 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:43:47.0206 3004 adpu160m - ok
15:43:47.0224 3004 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:43:47.0226 3004 adpu320 - ok
15:43:47.0302 3004 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:43:47.0305 3004 AFD - ok
15:43:47.0367 3004 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:43:47.0368 3004 agp440 - ok
15:43:47.0387 3004 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:43:47.0388 3004 aic78xx - ok
15:43:47.0411 3004 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:43:47.0412 3004 aliide - ok
15:43:47.0441 3004 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:43:47.0442 3004 amdagp - ok
15:43:47.0463 3004 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:43:47.0464 3004 amdide - ok
15:43:47.0480 3004 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:43:47.0481 3004 AmdK7 - ok
15:43:47.0502 3004 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
15:43:47.0503 3004 AmdK8 - ok
15:43:47.0597 3004 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:43:47.0598 3004 arc - ok
15:43:47.0629 3004 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:43:47.0630 3004 arcsas - ok
15:43:47.0659 3004 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:47.0660 3004 AsyncMac - ok
15:43:47.0707 3004 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:43:47.0707 3004 atapi - ok
15:43:47.0766 3004 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:43:47.0766 3004 Beep - ok
15:43:47.0802 3004 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:43:47.0802 3004 blbdrive - ok
15:43:47.0872 3004 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:43:47.0873 3004 bowser - ok
15:43:47.0900 3004 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:43:47.0901 3004 BrFiltLo - ok
15:43:47.0918 3004 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:43:47.0918 3004 BrFiltUp - ok
15:43:47.0943 3004 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:43:47.0944 3004 Brserid - ok
15:43:47.0964 3004 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:43:47.0966 3004 BrSerWdm - ok
15:43:48.0002 3004 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:43:48.0003 3004 BrUsbMdm - ok
15:43:48.0021 3004 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:43:48.0022 3004 BrUsbSer - ok
15:43:48.0064 3004 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:43:48.0064 3004 BTHMODEM - ok
15:43:48.0328 3004 catchme - ok
15:43:48.0411 3004 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:43:48.0412 3004 cdfs - ok
15:43:48.0474 3004 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:43:48.0475 3004 cdrom - ok
15:43:48.0520 3004 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:43:48.0521 3004 circlass - ok
15:43:48.0570 3004 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:43:48.0572 3004 CLFS - ok
15:43:48.0629 3004 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:43:48.0630 3004 cmdide - ok
15:43:48.0687 3004 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
15:43:48.0687 3004 Compbatt - ok
15:43:48.0707 3004 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:43:48.0708 3004 crcdisk - ok
15:43:48.0729 3004 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:43:48.0730 3004 Crusoe - ok
15:43:48.0817 3004 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:43:48.0818 3004 DfsC - ok
15:43:48.0946 3004 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:43:48.0947 3004 disk - ok
15:43:48.0995 3004 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:43:48.0996 3004 drmkaud - ok
15:43:49.0058 3004 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:43:49.0063 3004 DXGKrnl - ok
15:43:49.0101 3004 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:43:49.0102 3004 E1G60 - ok
15:43:49.0219 3004 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:43:49.0221 3004 Ecache - ok
15:43:49.0294 3004 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:43:49.0298 3004 elxstor - ok
15:43:49.0370 3004 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:43:49.0371 3004 ErrDev - ok
15:43:49.0451 3004 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:43:49.0453 3004 exfat - ok
15:43:49.0500 3004 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:43:49.0503 3004 fastfat - ok
15:43:49.0592 3004 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:43:49.0593 3004 fdc - ok
15:43:49.0640 3004 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:43:49.0641 3004 FileInfo - ok
15:43:49.0667 3004 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:43:49.0668 3004 Filetrace - ok
15:43:49.0690 3004 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:49.0691 3004 flpydisk - ok
15:43:49.0741 3004 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:43:49.0743 3004 FltMgr - ok
15:43:49.0776 3004 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:43:49.0777 3004 Fs_Rec - ok
15:43:49.0798 3004 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:43:49.0799 3004 gagp30kx - ok
15:43:49.0877 3004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:43:49.0877 3004 GEARAspiWDM - ok
15:43:49.0936 3004 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:43:49.0941 3004 HDAudBus - ok
15:43:49.0987 3004 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:43:49.0988 3004 HidBth - ok
15:43:50.0008 3004 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:43:50.0009 3004 HidIr - ok
15:43:50.0032 3004 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
15:43:50.0033 3004 HidUsb - ok
15:43:50.0075 3004 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:43:50.0076 3004 HpCISSs - ok
15:43:50.0131 3004 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
15:43:50.0138 3004 HSF_DP - ok
15:43:50.0173 3004 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
15:43:50.0177 3004 HSXHWBS2 - ok
15:43:50.0247 3004 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:43:50.0250 3004 HTTP - ok
15:43:50.0290 3004 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:43:50.0291 3004 i2omp - ok
15:43:50.0333 3004 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:43:50.0334 3004 i8042prt - ok
15:43:50.0361 3004 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:43:50.0364 3004 iaStorV - ok
15:43:50.0391 3004 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:43:50.0392 3004 iirsp - ok
15:43:50.0505 3004 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
15:43:50.0520 3004 IntcAzAudAddService - ok
15:43:50.0572 3004 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:43:50.0573 3004 intelide - ok
15:43:50.0609 3004 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:43:50.0610 3004 intelppm - ok
15:43:50.0659 3004 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:50.0659 3004 IpFilterDriver - ok
15:43:50.0674 3004 IpInIp - ok
15:43:50.0706 3004 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:43:50.0707 3004 IPMIDRV - ok
15:43:50.0728 3004 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:43:50.0729 3004 IPNAT - ok
15:43:50.0763 3004 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:43:50.0764 3004 IRENUM - ok
15:43:50.0789 3004 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:43:50.0790 3004 isapnp - ok
15:43:50.0860 3004 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:43:50.0862 3004 iScsiPrt - ok
15:43:50.0891 3004 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:43:50.0891 3004 iteatapi - ok
15:43:50.0912 3004 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:43:50.0913 3004 iteraid - ok
15:43:50.0946 3004 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:50.0947 3004 kbdclass - ok
15:43:50.0970 3004 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
15:43:50.0971 3004 kbdhid - ok
15:43:51.0019 3004 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:43:51.0023 3004 KSecDD - ok
15:43:51.0118 3004 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:43:51.0118 3004 lltdio - ok
15:43:51.0161 3004 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:43:51.0162 3004 LSI_FC - ok
15:43:51.0192 3004 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:43:51.0193 3004 LSI_SAS - ok
15:43:51.0214 3004 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:43:51.0216 3004 LSI_SCSI - ok
15:43:51.0242 3004 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:43:51.0243 3004 luafv - ok
15:43:51.0280 3004 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:43:51.0280 3004 mdmxsdk - ok
15:43:51.0313 3004 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:43:51.0314 3004 megasas - ok
15:43:51.0353 3004 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:43:51.0357 3004 MegaSR - ok
15:43:51.0384 3004 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:43:51.0385 3004 Modem - ok
15:43:51.0414 3004 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:43:51.0415 3004 monitor - ok
15:43:51.0441 3004 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:43:51.0442 3004 mouclass - ok
15:43:51.0464 3004 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
15:43:51.0465 3004 mouhid - ok
15:43:51.0492 3004 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:43:51.0493 3004 MountMgr - ok
15:43:51.0532 3004 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:43:51.0533 3004 mpio - ok
15:43:51.0559 3004 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:43:51.0562 3004 mpsdrv - ok
15:43:51.0597 3004 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:43:51.0598 3004 Mraid35x - ok
15:43:51.0621 3004 mrtRate - ok
15:43:51.0680 3004 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:43:51.0682 3004 MRxDAV - ok
15:43:51.0738 3004 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:51.0739 3004 mrxsmb - ok
15:43:51.0791 3004 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:51.0793 3004 mrxsmb10 - ok
15:43:51.0815 3004 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:51.0816 3004 mrxsmb20 - ok
15:43:51.0855 3004 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
15:43:51.0856 3004 msahci - ok
15:43:51.0880 3004 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:43:51.0881 3004 msdsm - ok
15:43:51.0927 3004 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:43:51.0928 3004 Msfs - ok
15:43:51.0952 3004 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:43:51.0953 3004 msisadrv - ok
15:43:52.0015 3004 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:43:52.0017 3004 MSKSSRV - ok
15:43:52.0046 3004 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:52.0047 3004 MSPCLOCK - ok
15:43:52.0070 3004 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:43:52.0070 3004 MSPQM - ok
15:43:52.0137 3004 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:43:52.0140 3004 MsRPC - ok
15:43:52.0175 3004 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:43:52.0176 3004 mssmbios - ok
15:43:52.0200 3004 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:43:52.0201 3004 MSTEE - ok
15:43:52.0252 3004 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:43:52.0253 3004 Mup - ok
15:43:52.0314 3004 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:43:52.0316 3004 NativeWifiP - ok
15:43:52.0359 3004 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:43:52.0363 3004 NDIS - ok
15:43:52.0394 3004 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:52.0395 3004 NdisTapi - ok
15:43:52.0418 3004 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:52.0420 3004 Ndisuio - ok
15:43:52.0483 3004 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:52.0484 3004 NdisWan - ok
15:43:52.0509 3004 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:43:52.0510 3004 NDProxy - ok
15:43:52.0534 3004 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:43:52.0535 3004 NetBIOS - ok
15:43:52.0589 3004 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:43:52.0591 3004 netbt - ok
15:43:52.0636 3004 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:43:52.0637 3004 nfrd960 - ok
15:43:52.0695 3004 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:43:52.0696 3004 Npfs - ok
15:43:52.0718 3004 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:43:52.0719 3004 nsiproxy - ok
15:43:52.0792 3004 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:43:52.0800 3004 Ntfs - ok
15:43:52.0829 3004 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:43:52.0829 3004 ntrigdigi - ok
15:43:52.0855 3004 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:43:52.0855 3004 Null - ok
15:43:52.0899 3004 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
15:43:52.0904 3004 NVENETFD - ok
15:43:53.0118 3004 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:43:53.0171 3004 nvlddmkm - ok
15:43:53.0244 3004 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:43:53.0245 3004 nvraid - ok
15:43:53.0290 3004 nvrd32 (6934105ecc6a19570160d794e301e595) C:\Windows\system32\drivers\nvrd32.sys
15:43:53.0292 3004 nvrd32 - ok
15:43:53.0336 3004 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
15:43:53.0337 3004 nvsmu - ok
15:43:53.0371 3004 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:43:53.0372 3004 nvstor - ok
15:43:53.0407 3004 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\drivers\nvstor32.sys
15:43:53.0409 3004 nvstor32 - ok
15:43:53.0485 3004 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:43:53.0487 3004 nv_agp - ok
15:43:53.0496 3004 NwlnkFlt - ok
15:43:53.0522 3004 NwlnkFwd - ok
15:43:53.0584 3004 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:43:53.0585 3004 ohci1394 - ok
15:43:53.0660 3004 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:43:53.0661 3004 Parport - ok
15:43:53.0709 3004 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:43:53.0710 3004 partmgr - ok
15:43:53.0736 3004 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:43:53.0736 3004 Parvdm - ok
15:43:53.0794 3004 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:43:53.0796 3004 pci - ok
15:43:53.0844 3004 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
15:43:53.0844 3004 pciide - ok
15:43:53.0879 3004 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:43:53.0880 3004 pcmcia - ok
15:43:53.0940 3004 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:43:53.0946 3004 PEAUTH - ok
15:43:53.0999 3004 pnarp (b63a3ae87ed0ac525b3aa88b39608bfc) C:\Windows\system32\DRIVERS\pnarp.sys
15:43:54.0000 3004 pnarp - ok
15:43:54.0052 3004 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:43:54.0053 3004 PptpMiniport - ok
15:43:54.0114 3004 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:43:54.0115 3004 Processor - ok
15:43:54.0147 3004 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
15:43:54.0147 3004 Ps2 - ok
15:43:54.0204 3004 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:43:54.0205 3004 PSched - ok
15:43:54.0236 3004 purendis (633cc728d6493c4263368a86928b0bfd) C:\Windows\system32\DRIVERS\purendis.sys
15:43:54.0236 3004 purendis - ok
15:43:54.0306 3004 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:43:54.0313 3004 ql2300 - ok
15:43:54.0336 3004 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:43:54.0337 3004 ql40xx - ok
15:43:54.0365 3004 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:43:54.0366 3004 QWAVEdrv - ok
15:43:54.0383 3004 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:43:54.0383 3004 RasAcd - ok
15:43:54.0407 3004 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:54.0408 3004 Rasl2tp - ok
15:43:54.0443 3004 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:54.0444 3004 RasPppoe - ok
15:43:54.0474 3004 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:43:54.0475 3004 RasSstp - ok
15:43:54.0531 3004 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:43:54.0533 3004 rdbss - ok
15:43:54.0571 3004 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:54.0572 3004 RDPCDD - ok
15:43:54.0612 3004 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:43:54.0614 3004 rdpdr - ok
15:43:54.0638 3004 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:43:54.0639 3004 RDPENCDD - ok
15:43:54.0725 3004 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:43:54.0729 3004 RDPWD - ok
15:43:54.0775 3004 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:43:54.0776 3004 rspndr - ok
15:43:54.0836 3004 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:43:54.0841 3004 sbp2port - ok
15:43:54.0891 3004 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:43:54.0892 3004 secdrv - ok
15:43:54.0933 3004 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:43:54.0934 3004 Serenum - ok
15:43:54.0958 3004 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:43:54.0960 3004 Serial - ok
15:43:54.0975 3004 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:43:54.0976 3004 sermouse - ok
15:43:55.0025 3004 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:43:55.0025 3004 sffdisk - ok
15:43:55.0049 3004 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:43:55.0049 3004 sffp_mmc - ok
15:43:55.0082 3004 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:43:55.0082 3004 sffp_sd - ok
15:43:55.0124 3004 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:43:55.0124 3004 sfloppy - ok
15:43:55.0180 3004 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:43:55.0181 3004 sisagp - ok
15:43:55.0203 3004 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:43:55.0204 3004 SiSRaid2 - ok
15:43:55.0226 3004 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:43:55.0227 3004 SiSRaid4 - ok
15:43:55.0312 3004 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:43:55.0313 3004 Smb - ok
15:43:55.0347 3004 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:43:55.0348 3004 spldr - ok
15:43:55.0405 3004 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:43:55.0408 3004 srv - ok
15:43:55.0460 3004 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:43:55.0462 3004 srv2 - ok
15:43:55.0482 3004 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:43:55.0483 3004 srvnet - ok
15:43:55.0570 3004 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
15:43:55.0571 3004 StillCam - ok
15:43:55.0607 3004 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:43:55.0607 3004 swenum - ok
15:43:55.0632 3004 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:43:55.0633 3004 Symc8xx - ok
15:43:55.0654 3004 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:43:55.0655 3004 Sym_hi - ok
15:43:55.0680 3004 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:43:55.0681 3004 Sym_u3 - ok
15:43:55.0759 3004 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:43:55.0766 3004 Tcpip - ok
15:43:55.0818 3004 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:43:55.0825 3004 Tcpip6 - ok
15:43:55.0885 3004 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:43:55.0886 3004 tcpipreg - ok
15:43:55.0919 3004 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:43:55.0920 3004 TDPIPE - ok
15:43:55.0942 3004 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:43:55.0944 3004 TDTCP - ok
15:43:55.0992 3004 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:43:55.0993 3004 tdx - ok
15:43:56.0043 3004 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:43:56.0044 3004 TermDD - ok
15:43:56.0127 3004 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:43:56.0128 3004 tssecsrv - ok
15:43:56.0153 3004 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:43:56.0154 3004 tunmp - ok
15:43:56.0204 3004 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:43:56.0205 3004 tunnel - ok
15:43:56.0239 3004 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:43:56.0240 3004 uagp35 - ok
15:43:56.0301 3004 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:43:56.0304 3004 udfs - ok
15:43:56.0366 3004 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:43:56.0367 3004 uliagpkx - ok
15:43:56.0401 3004 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:43:56.0403 3004 uliahci - ok
15:43:56.0436 3004 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:43:56.0437 3004 UlSata - ok
15:43:56.0484 3004 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:43:56.0486 3004 ulsata2 - ok
15:43:56.0518 3004 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:43:56.0519 3004 umbus - ok
15:43:56.0584 3004 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
15:43:56.0585 3004 USBAAPL - ok
15:43:56.0633 3004 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:43:56.0635 3004 usbaudio - ok
15:43:56.0684 3004 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:43:56.0686 3004 usbccgp - ok
15:43:56.0721 3004 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:43:56.0722 3004 usbcir - ok
15:43:56.0782 3004 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:43:56.0783 3004 usbehci - ok
15:43:56.0843 3004 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:43:56.0845 3004 usbhub - ok
15:43:56.0893 3004 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
15:43:56.0893 3004 usbohci - ok
15:43:56.0917 3004 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:43:56.0918 3004 usbprint - ok
15:43:56.0984 3004 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:43:56.0985 3004 USBSTOR - ok
15:43:57.0020 3004 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:43:57.0021 3004 usbuhci - ok
15:43:57.0068 3004 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:43:57.0070 3004 usbvideo - ok
15:43:57.0119 3004 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:43:57.0120 3004 vga - ok
15:43:57.0143 3004 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:43:57.0144 3004 VgaSave - ok
15:43:57.0175 3004 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:43:57.0176 3004 viaagp - ok
15:43:57.0198 3004 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:43:57.0199 3004 ViaC7 - ok
15:43:57.0231 3004 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:43:57.0232 3004 viaide - ok
15:43:57.0254 3004 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:43:57.0256 3004 volmgr - ok
15:43:57.0320 3004 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:43:57.0323 3004 volmgrx - ok
15:43:57.0370 3004 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:43:57.0373 3004 volsnap - ok
15:43:57.0411 3004 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:43:57.0413 3004 vsmraid - ok
15:43:57.0468 3004 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:43:57.0469 3004 WacomPen - ok
15:43:57.0494 3004 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:43:57.0495 3004 Wanarp - ok
15:43:57.0509 3004 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:43:57.0510 3004 Wanarpv6 - ok
15:43:57.0586 3004 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
15:43:57.0587 3004 wanatw - ok
15:43:57.0634 3004 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:43:57.0635 3004 Wd - ok
15:43:57.0677 3004 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:43:57.0681 3004 Wdf01000 - ok
15:43:57.0827 3004 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:43:57.0831 3004 winachsf - ok
15:43:57.0895 3004 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
15:43:57.0896 3004 WmiAcpi - ok
15:43:57.0971 3004 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:43:57.0972 3004 WpdUsb - ok
15:43:58.0006 3004 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:43:58.0007 3004 ws2ifsl - ok
15:43:58.0097 3004 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:43:58.0098 3004 WUDFRd - ok
15:43:58.0170 3004 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
15:43:58.0171 3004 XAudio - ok
15:43:58.0213 3004 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
15:43:58.0373 3004 \Device\Harddisk0\DR0 - ok
15:43:58.0379 3004 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk1\DR6
15:43:58.0383 3004 \Device\Harddisk1\DR6 - ok
15:43:58.0388 3004 Boot (0x1200) (433ba8400b515b8a8b0760c1ddbb047d) \Device\Harddisk0\DR0\Partition0
15:43:58.0391 3004 \Device\Harddisk0\DR0\Partition0 - ok
15:43:58.0398 3004 Boot (0x1200) (127cfd506041c24b577d6a8dad5d34a1) \Device\Harddisk0\DR0\Partition1
15:43:58.0399 3004 \Device\Harddisk0\DR0\Partition1 - ok
15:43:58.0408 3004 Boot (0x1200) (ac00e356e9ba5de9fec98b78a4086409) \Device\Harddisk1\DR6\Partition0
15:43:58.0409 3004 \Device\Harddisk1\DR6\Partition0 - ok
15:43:58.0412 3004 ============================================================
15:43:58.0412 3004 Scan finished
15:43:58.0412 3004 ============================================================
15:43:58.0430 2464 Detected object count: 0
15:43:58.0430 2464 Actual detected object count: 0
15:46:20.0050 2740 Deinitialize success

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 AM

Posted 18 February 2012 - 08:05 PM

Let's run aswMBR and see if this rootkit is still active

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#9 mchas

mchas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 18 February 2012 - 08:22 PM

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-18 17:20:19
-----------------------------
17:20:19.381 OS Version: Windows 6.0.6002 Service Pack 2
17:20:19.381 Number of processors: 2 586 0x6B02
17:20:19.382 ComputerName: JERI-PC UserName:
17:20:34.340 Initialize success
17:20:40.326 AVAST engine download error: 0
17:20:44.219 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
17:20:44.222 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 3
17:20:44.234 Disk 0 MBR read successfully
17:20:44.238 Disk 0 MBR scan
17:20:44.241 Disk 0 unknown MBR code
17:20:44.244 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 331905 MB offset 63
17:20:44.273 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11491 MB offset 679742280
17:20:44.301 Disk 0 scanning sectors +703277505
17:20:44.367 Disk 0 scanning C:\Windows\system32\drivers
17:20:50.130 Service scanning
17:20:50.617 Service .smb \? **LOCKED** 123
17:20:50.630 Service .tdx \? **LOCKED** 123
17:21:02.212 Modules scanning
17:21:06.896 Disk 0 trace - called modules:
17:21:06.915 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
17:21:06.920 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86280ac8]
17:21:06.927 3 CLASSPNP.SYS[807358b3] -> nt!IofCallDriver -> [0x85686840]
17:21:06.933 5 acpi.sys[806126bc] -> nt!IofCallDriver -> \Device\00000053[0x85686b88]
17:21:06.939 Scan finished successfully
17:21:25.473 Disk 0 MBR has been saved successfully to "J:\LOGS\MBR.dat"
17:21:25.493 The log file has been saved successfully to "J:\LOGS\aswMBR.txt"

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 AM

Posted 18 February 2012 - 09:11 PM

Nothing so far. If you have your disk then you can follow these instructions to repair your internet connection.

1. Boot up with the Vista install disc

2. You should see a screen that says "Windows is loading files"

3. After a few minutes you will get a language option. Select your language and hit next.

4. On the install screen select "Repair your computer"

5. Windows will find your copy of Vista on the machine

6. Select your copy of Vista and click next

7. Choose Startup repair and answer any questions that are asked. It may reboot the PC.

Let me know when you have completed this and of any improvements or errors you encounter.


If not, try this:

Please copy the entire contents of the codebox below into Notepad:
  • Open Notepad
  • Copy the contents of the codebox below using CTRL C

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]
  • Now return to Notepad and use CTRL V to paste the script
  • Verify that you have pasted the complete script
  • Save the Notepad file to your Desktop as FixReg.reg using Save as Type: All files
  • Locate FixReg.reg on your desktop
  • Double click to run, and when prompted Allow the file to merge with your registry
  • OK your way out.
After that, Reboot your computer.


After the reboot, we will reinstall TCP/IP
  • Go to Start the Settings and choose Network Connections
  • Right click on your normal connection icon, and choose Properties
  • Click the Install button
  • Choose Protocol then click Add
  • Click Have disk
  • In the drop down box, type in: C:\WINDOWS\INF and click OK
  • In the next dialog, click Internet Protocol (TCP/IP) then click OK
  • Click Close to leave the properties box
After that, Reboot your computer and see if you have regained your connection.
Posted Image
m0le is a proud member of UNITE

#11 mchas

mchas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 18 February 2012 - 11:50 PM

Unfortunately I don't have a Vista disk (it's one of those HP computers that came preloaded with it and has a "recovery partition", but no physical disk). I did follow the steps below for reinstalling winsock and TCP/IP, but still no luck. Any other suggestions? (In the mean time I will see if I can find someone to borrow a Vista disk from.) Thank you again!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 AM

Posted 19 February 2012 - 06:28 AM

A Vista disk would be great. Until then...

Please download MiniToolBox, save it to your desktop and run it.

Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
  • List Minidump Files.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


If that doesn't help then run this batch file for me so I can see if there's been a hack.

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

Edited by m0le, 19 February 2012 - 06:29 AM.

Posted Image
m0le is a proud member of UNITE

#13 mchas

mchas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 19 February 2012 - 01:22 PM

Still working on getting a Vista disc, but here are the two log files (still no internet connection):


MiniToolBox by Farbar Version: 18-01-2012
Ran by Administrator (administrator) on 19-02-2012 at 10:18:25
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jeri-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2
Physical Address. . . . . . . . . : 00-21-97-60-AB-BE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::317f:3cb7:a49b:da6e%13(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.218.110(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 268444055
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-89-16-0F-00-21-97-26-1E-1B
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.socal.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.Pinging with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for : Packets: Sent = 2, Received = 2, Lost = 0

(0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
13 ...00 21 97 60 ab be ...... NVIDIA nForce Networking Controller #2
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
12 ...00 00 00 00 00 00 00 e0 isatap.socal.rr.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.218.110 276
169.254.218.110 255.255.255.255 On-link 169.254.218.110 276
169.254.255.255 255.255.255.255 On-link 169.254.218.110 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.218.110 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.218.110 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 276 fe80::/64 On-link
13 276 fe80::317f:3cb7:a49b:da6e/128
On-link
1 306 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/18/2012 08:54:46 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (02/18/2012 08:52:47 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (02/18/2012 08:48:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2012 08:46:51 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/02/18 20:46:51.943]: [00000520]: ---- Monitor Thread OpenBrNetUDP_Server Error ----

Error: (02/18/2012 08:46:51 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/02/18 20:46:51.938]: [00000520]: BrMfNet:: OpenUDPServer Error

Error: (02/18/2012 08:46:51 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/02/18 20:46:51.918]: [00000520]: BrNet:: OpenUDP_Server socket INVALID

Error: (02/18/2012 08:46:51 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (02/18/2012 08:43:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2012 08:43:07 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/02/18 20:43:07.779]: [00001472]: ---- Monitor Thread OpenBrNetUDP_Server Error ----

Error: (02/18/2012 08:43:07 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/02/18 20:43:07.779]: [00001472]: BrMfNet:: OpenUDPServer Error


System errors:
=============
Error: (02/19/2012 10:17:50 AM) (Source: Service Control Manager) (User: )
Description: UPnP Device HostSSDP Discovery%%0

Error: (02/18/2012 08:54:46 PM) (Source: Service Control Manager) (User: )
Description: Print Spooler3

Error: (02/18/2012 08:52:47 PM) (Source: Service Control Manager) (User: )
Description: Print Spooler2600001Restart the service

Error: (02/18/2012 08:49:48 PM) (Source: Service Control Manager) (User: )
Description: UPnP Device HostSSDP Discovery%%0

Error: (02/18/2012 08:49:48 PM) (Source: Service Control Manager) (User: )
Description: UPnP Device HostSSDP Discovery%%0

Error: (02/18/2012 08:49:48 PM) (Source: Service Control Manager) (User: )
Description: UPnP Device HostSSDP Discovery%%0

Error: (02/18/2012 08:49:47 PM) (Source: Service Control Manager) (User: )
Description: UPnP Device HostSSDP Discovery%%0

Error: (02/18/2012 08:49:47 PM) (Source: Service Control Manager) (User: )
Description: UPnP Device HostSSDP Discovery%%0

Error: (02/18/2012 08:49:47 PM) (Source: Service Control Manager) (User: )
Description: Linksys Updater1

Error: (02/18/2012 08:49:47 PM) (Source: Service Control Manager) (User: )
Description: Print Spooler1600001Restart the service


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 2941.76 MB
Available physical RAM: 2129.15 MB
Total Pagefile: 6115.96 MB
Available Pagefile: 5290.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.23 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:324.13 GB) (Free:228.81 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.22 GB) (Free:1.53 GB) NTFS
8 Drive j: (My Passport) (Fixed) (Total:372.52 GB) (Free:113.31 GB) FAT32

========================= Users: ========================================

User accounts for \\JERI-PC

Administrator Guest Jeri

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini020712-01.dmp
C:\Windows\Minidump\Mini020812-01.dmp
C:\Windows\Minidump\Mini021012-01.dmp
C:\Windows\Minidump\Mini021212-01.dmp

**** End of log ****









Windows IP Configuration

Host Name . . . . . . . . . . . . : Jeri-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2
Physical Address. . . . . . . . . : 00-21-97-60-AB-BE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::317f:3cb7:a49b:da6e%13(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.218.110(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 268444055
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-89-16-0F-00-21-97-26-1E-1B
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.socal.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.

===========================================================================
Interface List
13 ...00 21 97 60 ab be ...... NVIDIA nForce Networking Controller #2
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
12 ...00 00 00 00 00 00 00 e0 isatap.socal.rr.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.218.110 276
169.254.218.110 255.255.255.255 On-link 169.254.218.110 276
169.254.255.255 255.255.255.255 On-link 169.254.218.110 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.218.110 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.218.110 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 276 fe80::/64 On-link
13 276 fe80::317f:3cb7:a49b:da6e/128
On-link
1 306 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#14 mchas

mchas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 19 February 2012 - 03:38 PM

Some bad news... I found a Vista disc but I don't think it's the right version because there is no "Repair my computer" option. I ended up clicking on "Next" to install it, and cancelled shortly after realizing that it was actually going to install Windows, but now I am stuck in a "startup recovery" loop. The computer restarts and goes into a system recovery mode, can't fix itself, shuts down, and does it again. Sorry to be such a pain but now I am even more stuck!

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 AM

Posted 19 February 2012 - 06:53 PM

This may be where this fix ends, mchas. I am discussing the problem with some advisors now and the boot loop may have been caused by the cancelling of the installation.

When I have firmed up the points I will post again.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users