Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet connection


  • Please log in to reply
17 replies to this topic

#1 mtdewdski

mtdewdski

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 February 2012 - 01:02 PM

I ran a virus scan the other night with Microsoft Security Essentials and found TrojanDropper:Win32/Sirefef.B on the NetBT driver and a Java Exploit. They were deleted by the program and now I have no connection. My network is still running and can be accessed by other computers. My ip is all zeros. ipconfig/renew comes back with "The RPC server is unavailable." I guess the NetBT driver is jacked somehow, too, but I don't know enough to figure this stuff out myself.
Affected computer:
-Wired connection to Cable internet
-Windows XP Pro SP3

I ran MiniToolBox and FSS, logs below:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Administrator (administrator) on 20-02-2012 at 10:57:26
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : jerkbox

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.ut.comcast.net.

Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet

Physical Address. . . . . . . . . : 00-24-21-EE-F4-AE

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 75.75.76.76

75.75.75.75

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 21 ee f4 ae ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/20/2012 09:17:54 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/20/2012 08:48:49 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/16/2012 11:26:06 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/16/2012 10:41:16 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/16/2012 09:44:31 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/16/2012 09:19:10 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/16/2012 09:11:32 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/16/2012 08:57:49 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/16/2012 08:32:53 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/16/2012 08:00:43 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (02/20/2012 08:48:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.1825.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/20/2012 08:48:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.1825.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/20/2012 08:48:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.1825.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/20/2012 08:48:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.1825.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/20/2012 08:48:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.1825.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/20/2012 08:42:38 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (02/20/2012 08:42:38 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (02/20/2012 08:41:16 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%2001

Error: (02/20/2012 08:41:16 AM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%2001

Error: (02/20/2012 08:41:16 AM) (Source: Service Control Manager) (User: )
Description: The NetBios over Tcpip service failed to start due to the following error:
%%2001


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 3455.17 MB
Available physical RAM: 2386.63 MB
Total Pagefile: 5338.49 MB
Available Pagefile: 4564.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.72 MB

========================= Partitions: =====================================

1 Drive c: (Programs) (Fixed) (Total:146.48 GB) (Free:87.4 GB) NTFS
4 Drive f: (Downloads) (Fixed) (Total:97.65 GB) (Free:87.85 GB) NTFS
5 Drive g: (Storage) (Fixed) (Total:687.37 GB) (Free:316.76 GB) NTFS
6 Drive h: (KEVINTAYLOR) (Removable) (Total:0.46 GB) (Free:0.46 GB) FAT32

========================= Users: ========================================

User accounts for \\JERKBOX

Administrator Guest HelpAssistant
SUPPORT_388945a0 UpdatusUser


**** End of log ****







Farbar Service Scanner Version: 14-02-2012
Ran by Administrator (administrator) on 20-02-2012 at 10:58:07
Running from "H:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is set to Auto. The default start type is System.
The ImagePath of NetBt service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 05:00] - [2012-02-16 00:06] - 0162816 ____A () 505753B49EC1A3625281CA79F5EFB28C

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

Edited by hamluis, 20 February 2012 - 05:16 PM.
Moved from Networking to Am I Infected.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 AM

Posted 20 February 2012 - 01:40 PM

Launch FSS again and type

netbt.sys in search BOX and click on search files

Post the generated log

#3 mtdewdski

mtdewdski
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 February 2012 - 02:07 PM

Farbar Service Scanner Version: 14-02-2012
Ran by Administrator (administrator) on 20-02-2012 at 12:05:34
Microsoft Windows XP Professional Service Pack 3 (X86)

************************************************
======== Search: "netbt.sys" =========

C:\WINDOWS\system32\drivers\netbt.sys
[2004-08-04 05:00] - [2012-02-16 00:06] - 0162816 ____A () 505753B49EC1A3625281CA79F5EFB28C

C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008-04-13 12:21] - [2008-04-13 12:21] - 0162816 ____N (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2011-04-08 21:52] - [2004-08-04 05:00] - 0162816 ____C (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

====== End Of Search ======

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 AM

Posted 20 February 2012 - 03:15 PM

Press windows +R key and type

notepad and click ok


copy the following scipt


@ECHO OFF
COPY /Y C:\WINDOWS\ServicePackFiles\i386\netbt.sys C:\WINDOWS\system32\drivers\netbt.sys
DEL %0


Save it as

filename:fix.bat
save as:All files

Run the BAT file

Restart the PC and post the new FSS log

#5 mtdewdski

mtdewdski
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 February 2012 - 03:49 PM

Farbar Service Scanner Version: 14-02-2012
Ran by Administrator (administrator) on 20-02-2012 at 13:44:57
Running from "C:\Documents and Settings\Administrator\Desktop\New Folder"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is set to Auto. The default start type is System.
The ImagePath of NetBt service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 05:00] - [2012-02-16 00:06] - 0162816 ____A () 505753B49EC1A3625281CA79F5EFB28C

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

#6 mtdewdski

mtdewdski
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 February 2012 - 03:59 PM

sorry, i copied and pasted and it put all text on one line with no spaces. I'm redoing it. will post results.

#7 mtdewdski

mtdewdski
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 February 2012 - 04:01 PM

Ethernet is now connected, here are the scan results:

Farbar Service Scanner Version: 14-02-2012
Ran by Administrator (administrator) on 20-02-2012 at 13:57:47
Running from "H:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 AM

Posted 20 February 2012 - 04:05 PM

Can you browse now?

#9 mtdewdski

mtdewdski
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 February 2012 - 04:25 PM

I can browse, but Microsoft Security Essentials won't update. It says:
"Virus and spyware definitions update failed
Security Essentials could not check for virus and spyware definition updates due to an Internet or network connectivity issue.
Click Help for more information about this problem.
Error code:0x80070424
Error description: Security Essentials couldn't install the definition updates. Please try again later."

However, Adobe Flash Player and Malwarebytes both updated successfully. Ad-aware updated, then unexpectedly closed. It said it created a report about the crash, but I can't find it.

May just be a problem on the microsoft side?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 AM

Posted 20 February 2012 - 04:58 PM

Download

http://download.microsoft.com/download/E/2/3/E237A32D-E0A9-4863-B864-9E820C1C6F9A/MicrosoftFixit.wu.Run.exe

Run the fixit,restart the PC

To be on safer side before running registry fixes i would suggest you to

Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt

Press WIndows+R key and type

regedit and click ok


Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Right-Click Root and select Permissions

Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.

Download

http://www.mediafire.com/?t9wgoubg0y38ej5

http://www.mediafire.com/?vc1fk4m9x5aj4pq

Launch the reg files

Post the new FSS log

Edited by narenxp, 20 February 2012 - 05:23 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 AM

Posted 20 February 2012 - 05:03 PM

I will report this topic to moderators to move it to AM i infected forum

I guess that PC might still be infected.

#12 hamluis

hamluis

    Moderator


  • Moderator
  • 55,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:12 AM

Posted 20 February 2012 - 05:15 PM

Known situation, see http://support.microsoft.com/kb/968002 .

Louis

#13 mtdewdski

mtdewdski
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 February 2012 - 05:33 PM

That seems to have done the trick. Should I post a new FSS log?

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 AM

Posted 20 February 2012 - 06:13 PM

Yes please,also

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#15 mtdewdski

mtdewdski
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 February 2012 - 10:06 PM

Farbar Service Scanner Version: 14-02-2012
Ran by Administrator (administrator) on 20-02-2012 at 20:04:16
Running from "C:\Documents and Settings\Administrator\Desktop\New Folder"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****


17:00:34.0875 2100 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
17:00:35.0328 2100 ============================================================
17:00:35.0328 2100 Current date / time: 2012/02/20 17:00:35.0328
17:00:35.0328 2100 SystemInfo:
17:00:35.0328 2100
17:00:35.0328 2100 OS Version: 5.1.2600 ServicePack: 3.0
17:00:35.0328 2100 Product type: Workstation
17:00:35.0328 2100 ComputerName: JERKBOX
17:00:35.0328 2100 UserName: Administrator
17:00:35.0328 2100 Windows directory: C:\WINDOWS
17:00:35.0328 2100 System windows directory: C:\WINDOWS
17:00:35.0328 2100 Processor architecture: Intel x86
17:00:35.0328 2100 Number of processors: 4
17:00:35.0328 2100 Page size: 0x1000
17:00:35.0328 2100 Boot type: Normal boot
17:00:35.0328 2100 ============================================================
17:00:36.0656 2100 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:00:36.0687 2100 \Device\Harddisk0\DR0:
17:00:36.0687 2100 MBR used
17:00:36.0687 2100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
17:00:36.0703 2100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0xC34F28D
17:00:36.0718 2100 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E845F3D, BlocksNum 0x55EBBBC3
17:00:36.0828 2100 Initialize success
17:00:36.0828 2100 ============================================================
17:00:55.0203 2976 ============================================================
17:00:55.0203 2976 Scan started
17:00:55.0203 2976 Mode: Manual; TDLFS;
17:00:55.0203 2976 ============================================================
17:00:55.0406 2976 .cdrom - ok
17:00:55.0484 2976 Abiosdsk - ok
17:00:55.0500 2976 abp480n5 - ok
17:00:55.0531 2976 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:00:55.0531 2976 ACPI - ok
17:00:55.0546 2976 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:00:55.0546 2976 ACPIEC - ok
17:00:55.0546 2976 adpu160m - ok
17:00:55.0578 2976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:00:55.0578 2976 aec - ok
17:00:55.0625 2976 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:00:55.0625 2976 AFD - ok
17:00:55.0625 2976 Aha154x - ok
17:00:55.0640 2976 aic78u2 - ok
17:00:55.0640 2976 aic78xx - ok
17:00:55.0656 2976 AliIde - ok
17:00:55.0703 2976 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:00:55.0734 2976 Ambfilt - ok
17:00:55.0750 2976 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
17:00:55.0750 2976 AmdPPM - ok
17:00:55.0750 2976 amsint - ok
17:00:55.0765 2976 asc - ok
17:00:55.0781 2976 asc3350p - ok
17:00:55.0796 2976 asc3550 - ok
17:00:55.0812 2976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:00:55.0828 2976 AsyncMac - ok
17:00:55.0828 2976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:00:55.0828 2976 atapi - ok
17:00:55.0843 2976 Atdisk - ok
17:00:55.0859 2976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:00:55.0859 2976 Atmarpc - ok
17:00:55.0875 2976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:00:55.0890 2976 audstub - ok
17:00:55.0906 2976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:00:55.0906 2976 Beep - ok
17:00:55.0937 2976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:00:55.0937 2976 cbidf2k - ok
17:00:55.0953 2976 cd20xrnt - ok
17:00:55.0968 2976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:00:55.0968 2976 Cdaudio - ok
17:00:55.0984 2976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:00:55.0984 2976 Cdfs - ok
17:00:56.0000 2976 cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:00:56.0031 2976 cdrom - ok
17:00:56.0046 2976 Changer - ok
17:00:56.0062 2976 CmdIde - ok
17:00:56.0078 2976 Cpqarray - ok
17:00:56.0093 2976 dac2w2k - ok
17:00:56.0109 2976 dac960nt - ok
17:00:56.0125 2976 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:00:56.0125 2976 Disk - ok
17:00:56.0156 2976 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:00:56.0156 2976 dmboot - ok
17:00:56.0171 2976 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:00:56.0171 2976 dmio - ok
17:00:56.0187 2976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:00:56.0187 2976 dmload - ok
17:00:56.0203 2976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:00:56.0203 2976 DMusic - ok
17:00:56.0218 2976 dpti2o - ok
17:00:56.0234 2976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:00:56.0234 2976 drmkaud - ok
17:00:56.0265 2976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:00:56.0265 2976 Fastfat - ok
17:00:56.0281 2976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:00:56.0281 2976 Fdc - ok
17:00:56.0281 2976 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:00:56.0296 2976 Fips - ok
17:00:56.0359 2976 FLASHSYS (d3d9311624edd435f42cda7eaa0a6aed) C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys
17:00:56.0359 2976 FLASHSYS - ok
17:00:56.0359 2976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:00:56.0359 2976 Flpydisk - ok
17:00:56.0375 2976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:00:56.0375 2976 FltMgr - ok
17:00:56.0390 2976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:00:56.0390 2976 Fs_Rec - ok
17:00:56.0406 2976 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:00:56.0406 2976 Ftdisk - ok
17:00:56.0421 2976 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:00:56.0421 2976 GEARAspiWDM - ok
17:00:56.0437 2976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:00:56.0437 2976 Gpc - ok
17:00:56.0453 2976 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:00:56.0453 2976 HDAudBus - ok
17:00:56.0484 2976 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:00:56.0484 2976 HidUsb - ok
17:00:56.0500 2976 hpn - ok
17:00:56.0546 2976 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:00:56.0546 2976 HPZid412 - ok
17:00:56.0562 2976 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:00:56.0562 2976 HPZipr12 - ok
17:00:56.0593 2976 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:00:56.0593 2976 HPZius12 - ok
17:00:56.0625 2976 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:00:56.0625 2976 HTTP - ok
17:00:56.0640 2976 i2omgmt - ok
17:00:56.0640 2976 i2omp - ok
17:00:56.0656 2976 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:00:56.0671 2976 i8042prt - ok
17:00:56.0687 2976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:00:56.0687 2976 Imapi - ok
17:00:56.0703 2976 ini910u - ok
17:00:56.0796 2976 IntcAzAudAddService (2b1cddfe53715372b2677ace12fc9fe5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:00:56.0812 2976 IntcAzAudAddService - ok
17:00:56.0828 2976 IntelIde - ok
17:00:56.0843 2976 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:00:56.0843 2976 Ip6Fw - ok
17:00:56.0859 2976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:00:56.0859 2976 IpFilterDriver - ok
17:00:56.0875 2976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:00:56.0875 2976 IpInIp - ok
17:00:56.0890 2976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:00:56.0890 2976 IpNat - ok
17:00:56.0890 2976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:00:56.0921 2976 IPSec - ok
17:00:56.0937 2976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:00:56.0937 2976 IRENUM - ok
17:00:56.0953 2976 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:00:56.0953 2976 isapnp - ok
17:00:56.0968 2976 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:00:56.0968 2976 Kbdclass - ok
17:00:56.0968 2976 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:00:56.0984 2976 kbdhid - ok
17:00:57.0000 2976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:00:57.0000 2976 kmixer - ok
17:00:57.0015 2976 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:00:57.0015 2976 KSecDD - ok
17:00:57.0046 2976 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
17:00:57.0046 2976 Lavasoft Kernexplorer - ok
17:00:57.0062 2976 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:00:57.0062 2976 Lbd - ok
17:00:57.0062 2976 lbrtfdc - ok
17:00:57.0093 2976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:00:57.0093 2976 mnmdd - ok
17:00:57.0125 2976 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:00:57.0125 2976 Modem - ok
17:00:57.0156 2976 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
17:00:57.0171 2976 Monfilt - ok
17:00:57.0171 2976 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:00:57.0171 2976 Mouclass - ok
17:00:57.0187 2976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:00:57.0187 2976 MountMgr - ok
17:00:57.0203 2976 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:00:57.0203 2976 MpFilter - ok
17:00:57.0281 2976 MpKslebc3d527 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BF1F969-3164-4406-BB4D-E0D7A7136241}\MpKslebc3d527.sys
17:00:57.0281 2976 MpKslebc3d527 - ok
17:00:57.0296 2976 mraid35x - ok
17:00:57.0312 2976 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:00:57.0328 2976 MRxDAV - ok
17:00:57.0328 2976 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:00:57.0343 2976 MRxSmb - ok
17:00:57.0359 2976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:00:57.0359 2976 Msfs - ok
17:00:57.0359 2976 MSICDSetup - ok
17:00:57.0375 2976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:00:57.0390 2976 MSKSSRV - ok
17:00:57.0390 2976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:00:57.0390 2976 MSPCLOCK - ok
17:00:57.0406 2976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:00:57.0406 2976 MSPQM - ok
17:00:57.0406 2976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:00:57.0406 2976 mssmbios - ok
17:00:57.0437 2976 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:00:57.0437 2976 Mup - ok
17:00:57.0437 2976 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:00:57.0437 2976 NDIS - ok
17:00:57.0453 2976 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:00:57.0453 2976 NdisTapi - ok
17:00:57.0484 2976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:00:57.0484 2976 Ndisuio - ok
17:00:57.0484 2976 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:00:57.0484 2976 NdisWan - ok
17:00:57.0500 2976 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:00:57.0500 2976 NDProxy - ok
17:00:57.0515 2976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:00:57.0515 2976 NetBIOS - ok
17:00:57.0546 2976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:00:57.0562 2976 NetBT - ok
17:00:57.0593 2976 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
17:00:57.0593 2976 nm - ok
17:00:57.0609 2976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:00:57.0609 2976 Npfs - ok
17:00:57.0625 2976 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:00:57.0640 2976 Ntfs - ok
17:00:57.0656 2976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:00:57.0656 2976 Null - ok
17:00:57.0843 2976 nv (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:00:57.0984 2976 nv - ok
17:00:58.0000 2976 NVENETFD (a12ec731bb00adad2d016d41c1f18fa4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:00:58.0000 2976 NVENETFD - ok
17:00:58.0015 2976 NVHDA (e10aacc565e0a8b76ac4fb912343d38e) C:\WINDOWS\system32\drivers\nvhda32.sys
17:00:58.0015 2976 NVHDA - ok
17:00:58.0046 2976 nvnetbus (5dc6a149897820de315916b6ec984ec9) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:00:58.0046 2976 nvnetbus - ok
17:00:58.0062 2976 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
17:00:58.0375 2976 NVR0Dev - ok
17:00:58.0390 2976 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
17:00:58.0390 2976 nvsmu - ok
17:00:58.0421 2976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:00:58.0421 2976 NwlnkFlt - ok
17:00:58.0421 2976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:00:58.0421 2976 NwlnkFwd - ok
17:00:58.0468 2976 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:00:58.0468 2976 Parport - ok
17:00:58.0484 2976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:00:58.0484 2976 PartMgr - ok
17:00:58.0500 2976 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:00:58.0500 2976 ParVdm - ok
17:00:58.0500 2976 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:00:58.0500 2976 PCI - ok
17:00:58.0515 2976 PCIDump - ok
17:00:58.0531 2976 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:00:58.0531 2976 PCIIde - ok
17:00:58.0546 2976 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:00:58.0546 2976 Pcmcia - ok
17:00:58.0562 2976 PDCOMP - ok
17:00:58.0562 2976 PDFRAME - ok
17:00:58.0578 2976 PDRELI - ok
17:00:58.0578 2976 PDRFRAME - ok
17:00:58.0593 2976 perc2 - ok
17:00:58.0593 2976 perc2hib - ok
17:00:58.0640 2976 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
17:00:58.0640 2976 pnarp - ok
17:00:58.0671 2976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:00:58.0671 2976 PptpMiniport - ok
17:00:58.0671 2976 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:00:58.0671 2976 Processor - ok
17:00:58.0687 2976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:00:58.0687 2976 PSched - ok
17:00:58.0718 2976 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
17:00:58.0718 2976 PSI - ok
17:00:58.0750 2976 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\WINDOWS\system32\Drivers\pssdk41.sys
17:00:58.0781 2976 PsSdk41 - ok
17:00:58.0812 2976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:00:58.0812 2976 Ptilink - ok
17:00:58.0828 2976 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
17:00:58.0828 2976 purendis - ok
17:00:58.0843 2976 ql1080 - ok
17:00:58.0843 2976 Ql10wnt - ok
17:00:58.0859 2976 ql12160 - ok
17:00:58.0859 2976 ql1240 - ok
17:00:58.0875 2976 ql1280 - ok
17:00:58.0890 2976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:00:58.0890 2976 RasAcd - ok
17:00:58.0906 2976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:00:58.0906 2976 Rasl2tp - ok
17:00:58.0921 2976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:00:58.0921 2976 RasPppoe - ok
17:00:58.0921 2976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:00:58.0921 2976 Raspti - ok
17:00:58.0937 2976 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:00:58.0937 2976 Rdbss - ok
17:00:58.0953 2976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:00:58.0953 2976 RDPCDD - ok
17:00:58.0968 2976 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:00:58.0968 2976 rdpdr - ok
17:00:59.0000 2976 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:00:59.0000 2976 RDPWD - ok
17:00:59.0015 2976 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:00:59.0031 2976 redbook - ok
17:00:59.0046 2976 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:00:59.0046 2976 ROOTMODEM - ok
17:00:59.0093 2976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:00:59.0093 2976 Secdrv - ok
17:00:59.0109 2976 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:00:59.0109 2976 serenum - ok
17:00:59.0125 2976 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:00:59.0156 2976 Serial - ok
17:00:59.0203 2976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:00:59.0203 2976 Sfloppy - ok
17:00:59.0203 2976 Simbad - ok
17:00:59.0234 2976 Sparrow - ok
17:00:59.0250 2976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:00:59.0250 2976 splitter - ok
17:00:59.0265 2976 sptd - ok
17:00:59.0265 2976 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:00:59.0265 2976 sr - ok
17:00:59.0281 2976 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:00:59.0296 2976 Srv - ok
17:00:59.0296 2976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:00:59.0312 2976 swenum - ok
17:00:59.0328 2976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:00:59.0328 2976 swmidi - ok
17:00:59.0328 2976 symc810 - ok
17:00:59.0343 2976 symc8xx - ok
17:00:59.0359 2976 sym_hi - ok
17:00:59.0359 2976 sym_u3 - ok
17:00:59.0375 2976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:00:59.0375 2976 sysaudio - ok
17:00:59.0390 2976 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:00:59.0390 2976 Tcpip - ok
17:00:59.0421 2976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:00:59.0421 2976 TDPIPE - ok
17:00:59.0437 2976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:00:59.0437 2976 TDTCP - ok
17:00:59.0453 2976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:00:59.0453 2976 TermDD - ok
17:00:59.0468 2976 TosIde - ok
17:00:59.0500 2976 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
17:00:59.0500 2976 tunmp - ok
17:00:59.0515 2976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:00:59.0515 2976 Udfs - ok
17:00:59.0515 2976 ultra - ok
17:00:59.0531 2976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:00:59.0546 2976 Update - ok
17:00:59.0562 2976 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:00:59.0593 2976 USBAAPL - ok
17:00:59.0609 2976 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:00:59.0609 2976 usbccgp - ok
17:00:59.0609 2976 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:00:59.0609 2976 usbehci - ok
17:00:59.0625 2976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:00:59.0625 2976 usbhub - ok
17:00:59.0640 2976 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:00:59.0640 2976 usbohci - ok
17:00:59.0656 2976 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:00:59.0656 2976 usbprint - ok
17:00:59.0671 2976 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:00:59.0671 2976 usbscan - ok
17:00:59.0703 2976 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
17:00:59.0703 2976 usbsermpt - ok
17:00:59.0718 2976 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:00:59.0718 2976 USBSTOR - ok
17:00:59.0734 2976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:00:59.0734 2976 VgaSave - ok
17:00:59.0750 2976 ViaIde - ok
17:00:59.0750 2976 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:00:59.0750 2976 VolSnap - ok
17:00:59.0765 2976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:00:59.0765 2976 Wanarp - ok
17:00:59.0781 2976 WDICA - ok
17:00:59.0796 2976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:00:59.0796 2976 wdmaud - ok
17:00:59.0828 2976 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:00:59.0828 2976 WmiAcpi - ok
17:00:59.0859 2976 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:00:59.0875 2976 WpdUsb - ok
17:00:59.0890 2976 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:00:59.0890 2976 WudfPf - ok
17:00:59.0906 2976 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:00:59.0906 2976 WudfRd - ok
17:00:59.0921 2976 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:01:00.0125 2976 \Device\Harddisk0\DR0 - ok
17:01:00.0125 2976 Boot (0x1200) (c6038f5b5df5356f47094f9dc33b9a28) \Device\Harddisk0\DR0\Partition0
17:01:00.0125 2976 \Device\Harddisk0\DR0\Partition0 - ok
17:01:00.0140 2976 Boot (0x1200) (1943462dcd95802d30b0dadd133b155f) \Device\Harddisk0\DR0\Partition1
17:01:00.0140 2976 \Device\Harddisk0\DR0\Partition1 - ok
17:01:00.0156 2976 Boot (0x1200) (e826f17f9b09f85885a3f0d949dc8cf9) \Device\Harddisk0\DR0\Partition2
17:01:00.0156 2976 \Device\Harddisk0\DR0\Partition2 - ok
17:01:00.0156 2976 ============================================================
17:01:00.0156 2976 Scan finished
17:01:00.0156 2976 ============================================================
17:01:00.0171 3040 Detected object count: 0
17:01:00.0171 3040 Actual detected object count: 0
17:01:54.0875 3240 Deinitialize success


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-20 19:05:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-17 WDC_WD1001FALS-00E3A0 rev.05.01D05
Running: j488wkjz.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwddypow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB80F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB80F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB69E33A0, 0x83C195, 0xE8000020]
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01215B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04F60001
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A00F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 719D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WS2_32.dll!send 71AB4C27 6 Bytes JMP 719A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71910F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WS2_32.dll!recv 71AB676F 6 Bytes JMP 71970F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71940F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 718E0F5A

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB17801$\1089242403 0 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070 0 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070\bckfg.tmp 850 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070\keywords 0 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070\L(2) 0 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070\L(2)\jzoybjgb 162816 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070\U(2) 0 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070\U(2)\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070\U(2)\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070\U(2)\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070\U(2)\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070\U(2)\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB17801$\3146776070\U(2)\80000032.@ 98304 bytes

---- EOF - GMER 1.0.15 ----


aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-20 19:06:05
-----------------------------
19:06:05.109 OS Version: Windows 5.1.2600 Service Pack 3
19:06:05.109 Number of processors: 4 586 0x502
19:06:05.109 ComputerName: JERKBOX UserName:
19:06:05.468 Initialize success
19:06:09.781 AVAST engine defs: 12022002
19:06:12.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-17
19:06:12.218 Disk 0 Vendor: WDC_WD1001FALS-00E3A0 05.01D05 Size: 953869MB BusType: 3
19:06:12.234 Disk 0 MBR read successfully
19:06:12.250 Disk 0 MBR scan
19:06:12.250 Disk 0 Windows XP default MBR code
19:06:12.250 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
19:06:12.250 Disk 0 Partition - 00 0F Extended LBA 803861 MB offset 307194930
19:06:12.296 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99998 MB offset 307194993
19:06:12.296 Disk 0 Partition - 00 05 Extended 703863 MB offset 511991550
19:06:12.312 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 703863 MB offset 511991613
19:06:12.328 Disk 0 scanning sectors +1953504000
19:06:12.531 Disk 0 scanning C:\WINDOWS\system32\drivers
19:06:45.531 Service scanning
19:06:45.671 Service .cdrom \* **LOCKED** 123
19:06:48.890 Service MSICDSetup D:\CDriver.sys **LOCKED** 21
19:06:53.593 Modules scanning
19:07:38.843 Disk 0 trace - called modules:
19:07:38.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:07:38.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae3fab8]
19:07:38.875 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000074[0x8ae6c9e8]
19:07:38.890 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-17[0x8aefbd98]
19:07:39.234 AVAST engine scan C:\WINDOWS
19:08:33.390 AVAST engine scan C:\WINDOWS\system32
19:17:24.515 AVAST engine scan C:\WINDOWS\system32\drivers
19:18:37.453 AVAST engine scan C:\Documents and Settings\Administrator
19:36:55.546 AVAST engine scan C:\Documents and Settings\All Users
19:37:59.437 Scan finished successfully
20:00:36.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\New Folder\MBR.dat"
20:00:36.828 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\New Folder\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users