Previous Topic Next Topic

No internet

Closed
Mitch - Feb 15, 2012 at 09:19 AM
 Anonymous User - Feb 19, 2012 at 05:30 PM
Hello,
On my XP machine I had a bunch of viruses. Went to microsft site and used the removal tool there. Now when I try to log on to the internet using IE it says no connection. I know it is working because we have 2 other computer on the router and they work fine. Used the diagnostics and it says its a winsok problem and do I want it to repair it, click yes, says its repaired and need to re-boot, so I reboot and same thing happens. Any help will be much appreciated, thanks.


Related:

21 responses

Answer 1 / 21
Anonymous User
Feb 15, 2012 at 09:28 AM
I'm not sure if your PC is clean,lets try to fix your Internet connection and then scan for any remaining infections

Download(copy from another PC)

https://download.bleepingcomputer.com/farbar/FSS.exe

Checkmark

Internet Services

Click on Scan.
Please copy and paste the log to your reply.
0
Answer 2 / 21
Mitch
Feb 15, 2012 at 09:48 AM
Thank you very much for your reply. I will have to find a floppy to copy it to then load on other machine because the email is messed up now also. I had a virus named email-worm.brontok, w32.blaster. worm, and backdoor.win32.scrap.p.

The microsft scan said it got it all but ever since then IE and outlook will not work.
0
Answer 3 / 21
Mitch
Feb 15, 2012 at 04:41 PM
This is the scan result.

Farbar Service Scanner Version: 14-02-2012
Ran by Mitch (administrator) on 15-02-2012 at 16:37:56
Running from "C:\Documents and Settings\Mitch\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\afd.sys is missing.
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 06:00] - [2008-04-13 13:21] - 0162816 ___AC () 38B0DED53BD402704C662B4CCC698AFD

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****
0
Answer 4 / 21
Anonymous User
Feb 15, 2012 at 05:41 PM
From your log i can guess that you're still infected

Download

https://support.kaspersky.com/downloads/utils/tdsskiller.exe

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Launch FSS again and type

netbt.sys in search BOX

click on search files

Post the generated log

Launch FSS again and type

afd.sys in search BOX

click on search files

Post the generated log
0

Didn't find the answer you are looking for?

Ask a question
Answer 5 / 21
Mitch
Feb 17, 2012 at 05:22 PM
This is the first log
22:58:31.0453 3776 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
22:58:31.0468 3776 ============================================================
22:58:31.0468 3776 Current date / time: 2012/02/15 22:58:31.0468
22:58:31.0468 3776 SystemInfo:
22:58:31.0468 3776
22:58:31.0468 3776 OS Version: 5.1.2600 ServicePack: 3.0
22:58:31.0468 3776 Product type: Workstation
22:58:31.0468 3776 ComputerName: HEARTLAN-EB5815
22:58:31.0468 3776 UserName: Mitch
22:58:31.0468 3776 Windows directory: C:\WINDOWS
22:58:31.0468 3776 System windows directory: C:\WINDOWS
22:58:31.0468 3776 Processor architecture: Intel x86
22:58:31.0468 3776 Number of processors: 1
22:58:31.0468 3776 Page size: 0x1000
22:58:31.0468 3776 Boot type: Normal boot
22:58:31.0468 3776 ============================================================
22:58:33.0093 3776 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B20000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:58:33.0093 3776 Drive \Device\Harddisk2\DR10 - Size: 0x4A85D55C00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:58:33.0390 3776 \Device\Harddisk0\DR0:
22:58:33.0390 3776 MBR used
22:58:33.0390 3776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
22:58:33.0390 3776 \Device\Harddisk2\DR10:
22:58:33.0468 3776 MBR used
22:58:33.0468 3776 \Device\Harddisk2\DR10\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
22:58:33.0515 3776 Initialize success
22:58:33.0515 3776 ============================================================
22:58:57.0296 3340 ============================================================
22:58:57.0296 3340 Scan started
22:58:57.0296 3340 Mode: Manual; TDLFS;
22:58:57.0296 3340 ============================================================
22:58:57.0859 3340 Abiosdsk - ok
22:58:57.0890 3340 abp480n5 - ok
22:58:57.0984 3340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:58:57.0984 3340 ACPI - ok
22:58:58.0062 3340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:58:58.0062 3340 ACPIEC - ok
22:58:58.0109 3340 adpu160m - ok
22:58:58.0171 3340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:58:58.0171 3340 aec - ok
22:58:58.0218 3340 AFD - ok
22:58:58.0265 3340 Aha154x - ok
22:58:58.0312 3340 aic78u2 - ok
22:58:58.0359 3340 aic78xx - ok
22:58:58.0437 3340 AliIde - ok
22:58:58.0484 3340 amsint - ok
22:58:58.0546 3340 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:58:58.0546 3340 Arp1394 - ok
22:58:58.0640 3340 asc - ok
22:58:58.0687 3340 asc3350p - ok
22:58:58.0734 3340 asc3550 - ok
22:58:58.0890 3340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:58:58.0890 3340 AsyncMac - ok
22:58:58.0968 3340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:58:58.0968 3340 atapi - ok
22:58:59.0015 3340 Atdisk - ok
22:58:59.0093 3340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:58:59.0093 3340 Atmarpc - ok
22:58:59.0187 3340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:58:59.0187 3340 audstub - ok
22:58:59.0328 3340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:58:59.0328 3340 Beep - ok
22:58:59.0453 3340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:58:59.0453 3340 cbidf2k - ok
22:58:59.0500 3340 cd20xrnt - ok
22:58:59.0562 3340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:58:59.0562 3340 Cdaudio - ok
22:58:59.0625 3340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:58:59.0640 3340 Cdfs - ok
22:58:59.0734 3340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:58:59.0734 3340 Cdrom - ok
22:58:59.0781 3340 Changer - ok
22:58:59.0859 3340 CmdIde - ok
22:58:59.0953 3340 Cpqarray - ok
22:59:00.0062 3340 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
22:59:00.0062 3340 ctsfm2k - ok
22:59:00.0125 3340 dac2w2k - ok
22:59:00.0171 3340 dac960nt - ok
22:59:00.0250 3340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:59:00.0250 3340 Disk - ok
22:59:00.0312 3340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:59:00.0328 3340 dmboot - ok
22:59:00.0375 3340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:59:00.0390 3340 dmio - ok
22:59:00.0437 3340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:59:00.0437 3340 dmload - ok
22:59:00.0546 3340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:59:00.0546 3340 DMusic - ok
22:59:00.0625 3340 dpti2o - ok
22:59:00.0687 3340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:59:00.0687 3340 drmkaud - ok
22:59:00.0812 3340 FarStoneFireWallDrive - ok
22:59:00.0890 3340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:59:00.0890 3340 Fastfat - ok
22:59:00.0984 3340 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\drivers\fasttx2k.sys
22:59:00.0984 3340 fasttx2k - ok
22:59:01.0062 3340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:59:01.0062 3340 Fdc - ok
22:59:01.0093 3340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:59:01.0125 3340 Fips - ok
22:59:01.0203 3340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:59:01.0203 3340 Flpydisk - ok
22:59:01.0281 3340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:59:01.0281 3340 FltMgr - ok
22:59:01.0390 3340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:59:01.0390 3340 Fs_Rec - ok
22:59:01.0484 3340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:59:01.0484 3340 Ftdisk - ok
22:59:01.0546 3340 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
22:59:01.0546 3340 gagp30kx - ok
22:59:01.0609 3340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:59:01.0609 3340 Gpc - ok
22:59:01.0765 3340 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:59:01.0765 3340 hidusb - ok
22:59:01.0875 3340 hpn - ok
22:59:01.0968 3340 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:59:01.0984 3340 HPZid412 - ok
22:59:02.0015 3340 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:59:02.0015 3340 HPZipr12 - ok
22:59:02.0109 3340 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:59:02.0109 3340 HPZius12 - ok
22:59:02.0203 3340 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:59:02.0203 3340 HSFHWBS2 - ok
22:59:02.0343 3340 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:59:02.0359 3340 HSF_DP - ok
22:59:02.0453 3340 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
22:59:02.0453 3340 HTTP - ok
22:59:02.0515 3340 i2omgmt - ok
22:59:02.0562 3340 i2omp - ok
22:59:02.0625 3340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:59:02.0625 3340 i8042prt - ok
22:59:02.0781 3340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:59:02.0796 3340 Imapi - ok
22:59:02.0875 3340 ini910u - ok
22:59:02.0953 3340 IntelIde - ok
22:59:03.0000 3340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:59:03.0000 3340 Ip6Fw - ok
22:59:03.0062 3340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:59:03.0062 3340 IpFilterDriver - ok
22:59:03.0156 3340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:59:03.0156 3340 IpInIp - ok
22:59:03.0234 3340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:59:03.0250 3340 IpNat - ok
22:59:03.0296 3340 IPSec (19dd19fb992d6bf67811913b6feae577) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:59:03.0312 3340 IPSec ( Virus.Win32.ZAccess.c ) - infected
22:59:03.0312 3340 IPSec - detected Virus.Win32.ZAccess.c (0)
22:59:03.0359 3340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:59:03.0359 3340 IRENUM - ok
22:59:03.0453 3340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:59:03.0453 3340 isapnp - ok
22:59:03.0562 3340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:59:03.0562 3340 Kbdclass - ok
22:59:03.0640 3340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:59:03.0656 3340 kmixer - ok
22:59:03.0734 3340 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
22:59:03.0734 3340 KSecDD - ok
22:59:03.0812 3340 lbrtfdc - ok
22:59:03.0921 3340 Leapfrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\WINDOWS\system32\DRIVERS\btblan.sys
22:59:03.0921 3340 Leapfrog-USBLAN - ok
22:59:04.0109 3340 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:59:04.0109 3340 mdmxsdk - ok
22:59:04.0203 3340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:59:04.0203 3340 mnmdd - ok
22:59:04.0328 3340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:59:04.0328 3340 Modem - ok
22:59:04.0375 3340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:59:04.0375 3340 Mouclass - ok
22:59:04.0484 3340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:59:04.0484 3340 mouhid - ok
22:59:04.0531 3340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:59:04.0531 3340 MountMgr - ok
22:59:04.0546 3340 mraid35x - ok
22:59:04.0625 3340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:59:04.0625 3340 MRxDAV - ok
22:59:04.0703 3340 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:59:04.0750 3340 MRxSmb - ok
22:59:04.0843 3340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:59:04.0843 3340 Msfs - ok
22:59:04.0921 3340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:59:04.0921 3340 MSKSSRV - ok
22:59:05.0015 3340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:59:05.0031 3340 MSPCLOCK - ok
22:59:05.0078 3340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:59:05.0078 3340 MSPQM - ok
22:59:05.0125 3340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:59:05.0125 3340 mssmbios - ok
22:59:05.0187 3340 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:59:05.0203 3340 Mup - ok
22:59:05.0312 3340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:59:05.0312 3340 NDIS - ok
22:59:05.0359 3340 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:59:05.0375 3340 NdisTapi - ok
22:59:05.0453 3340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:59:05.0453 3340 Ndisuio - ok
22:59:05.0500 3340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:59:05.0500 3340 NdisWan - ok
22:59:05.0578 3340 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:59:05.0578 3340 NDProxy - ok
22:59:05.0718 3340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:59:05.0718 3340 NetBIOS - ok
22:59:05.0828 3340 NetBT (5fceec0c9e066c614884ec833f0b5f99) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:59:05.0828 3340 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 5fceec0c9e066c614884ec833f0b5f99, Fake md5: 38b0ded53bd402704c662b4ccc698afd
22:59:05.0843 3340 NetBT ( ForgedFile.Multi.Generic ) - warning
22:59:05.0843 3340 NetBT - detected ForgedFile.Multi.Generic (1)
22:59:05.0968 3340 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:59:05.0984 3340 NIC1394 - ok
22:59:06.0078 3340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:59:06.0078 3340 Npfs - ok
22:59:06.0156 3340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:59:06.0187 3340 Ntfs - ok
22:59:06.0250 3340 NTIDrvr (15a72d5b8f0b6a718207f14bd5ebb8ff) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
22:59:06.0265 3340 NTIDrvr - ok
22:59:06.0421 3340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:59:06.0421 3340 Null - ok
22:59:06.0546 3340 nv (2282ad3b19b00967c6e48531c25bfe01) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:59:06.0640 3340 nv - ok
22:59:06.0796 3340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:59:06.0796 3340 NwlnkFlt - ok
22:59:06.0828 3340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:59:06.0828 3340 NwlnkFwd - ok
22:59:06.0875 3340 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:59:06.0875 3340 ohci1394 - ok
22:59:06.0953 3340 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
22:59:06.0953 3340 ossrv - ok
22:59:07.0046 3340 P17 (abfb35446f754702f7edba131a2b43fe) C:\WINDOWS\system32\drivers\P17.sys
22:59:07.0062 3340 P17 - ok
22:59:07.0203 3340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:59:07.0203 3340 Parport - ok
22:59:07.0281 3340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:59:07.0281 3340 PartMgr - ok
22:59:07.0328 3340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:59:07.0328 3340 ParVdm - ok
22:59:07.0406 3340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:59:07.0406 3340 PCI - ok
22:59:07.0437 3340 PCIDump - ok
22:59:07.0484 3340 PCIIde - ok
22:59:07.0546 3340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:59:07.0546 3340 Pcmcia - ok
22:59:07.0640 3340 PDCOMP - ok
22:59:07.0687 3340 PDFRAME - ok
22:59:07.0718 3340 PDRELI - ok
22:59:07.0765 3340 PDRFRAME - ok
22:59:07.0812 3340 perc2 - ok
22:59:07.0875 3340 perc2hib - ok
22:59:08.0015 3340 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
22:59:08.0015 3340 PfModNT - ok
22:59:08.0140 3340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:59:08.0140 3340 PptpMiniport - ok
22:59:08.0250 3340 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:59:08.0250 3340 Processor - ok
22:59:08.0343 3340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:59:08.0359 3340 PSched - ok
22:59:08.0421 3340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:59:08.0421 3340 Ptilink - ok
22:59:08.0468 3340 ql1080 - ok
22:59:08.0500 3340 Ql10wnt - ok
22:59:08.0531 3340 ql12160 - ok
22:59:08.0578 3340 ql1240 - ok
22:59:08.0609 3340 ql1280 - ok
22:59:08.0687 3340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:59:08.0687 3340 RasAcd - ok
22:59:08.0750 3340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:59:08.0765 3340 Rasl2tp - ok
22:59:08.0828 3340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:59:08.0828 3340 RasPppoe - ok
22:59:08.0843 3340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:59:08.0875 3340 Raspti - ok
22:59:08.0937 3340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:59:08.0937 3340 Rdbss - ok
22:59:08.0984 3340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:59:08.0984 3340 RDPCDD - ok
22:59:09.0093 3340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:59:09.0093 3340 rdpdr - ok
22:59:09.0203 3340 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:59:09.0203 3340 RDPWD - ok
22:59:09.0296 3340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:59:09.0296 3340 redbook - ok
22:59:09.0531 3340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:59:09.0531 3340 Secdrv - ok
22:59:09.0609 3340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:59:09.0609 3340 serenum - ok
22:59:09.0687 3340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:59:09.0687 3340 Serial - ok
22:59:09.0828 3340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:59:09.0828 3340 Sfloppy - ok
22:59:09.0906 3340 Simbad - ok
22:59:09.0953 3340 Sparrow - ok
22:59:10.0046 3340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:59:10.0046 3340 splitter - ok
22:59:10.0109 3340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:59:10.0109 3340 sr - ok
22:59:10.0203 3340 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
22:59:10.0203 3340 Srv - ok
22:59:10.0281 3340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:59:10.0281 3340 swenum - ok
22:59:10.0328 3340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:59:10.0328 3340 swmidi - ok
22:59:10.0406 3340 symc810 - ok
22:59:10.0437 3340 symc8xx - ok
22:59:10.0468 3340 sym_hi - ok
22:59:10.0531 3340 sym_u3 - ok
22:59:10.0593 3340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:59:10.0593 3340 sysaudio - ok
22:59:10.0703 3340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:59:10.0718 3340 Tcpip - ok
22:59:10.0765 3340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:59:10.0765 3340 TDPIPE - ok
22:59:10.0812 3340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:59:10.0812 3340 TDTCP - ok
22:59:10.0921 3340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:59:10.0921 3340 TermDD - ok
22:59:11.0015 3340 TosIde - ok
22:59:11.0078 3340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:59:11.0093 3340 Udfs - ok
22:59:11.0125 3340 ultra - ok
22:59:11.0187 3340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:59:11.0203 3340 Update - ok
22:59:11.0296 3340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:59:11.0296 3340 usbccgp - ok
22:59:11.0343 3340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:59:11.0343 3340 usbehci - ok
22:59:11.0421 3340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:59:11.0437 3340 usbhub - ok
22:59:11.0453 3340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:59:11.0453 3340 usbprint - ok
22:59:11.0500 3340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:59:11.0500 3340 usbscan - ok
22:59:11.0531 3340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:59:11.0531 3340 USBSTOR - ok
22:59:11.0625 3340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:59:11.0625 3340 usbuhci - ok
22:59:11.0703 3340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:59:11.0703 3340 VgaSave - ok
22:59:11.0796 3340 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
22:59:11.0796 3340 viaagp1 - ok
22:59:11.0843 3340 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
22:59:11.0843 3340 ViaIde - ok
22:59:11.0890 3340 viasraid (1493f351e5a4b915fb5bbb735c14004b) C:\WINDOWS\system32\DRIVERS\viasraid.sys
22:59:11.0890 3340 viasraid - ok
22:59:11.0953 3340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:59:11.0953 3340 VolSnap - ok
22:59:12.0109 3340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:59:12.0109 3340 Wanarp - ok
22:59:12.0140 3340 WDICA - ok
22:59:12.0218 3340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:59:12.0218 3340 wdmaud - ok
22:59:12.0328 3340 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:59:12.0343 3340 winachsf - ok
22:59:12.0640 3340 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:59:12.0640 3340 WS2IFSL - ok
22:59:12.0718 3340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:59:12.0718 3340 WudfPf - ok
22:59:12.0781 3340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:59:12.0781 3340 WudfRd - ok
22:59:12.0906 3340 yukonwxp (a81a1f8c2a50f72fda9c686aa85bf151) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
22:59:12.0906 3340 yukonwxp - ok
22:59:13.0015 3340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:59:13.0203 3340 \Device\Harddisk0\DR0 - ok
22:59:13.0531 3340 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR10
22:59:13.0750 3340 \Device\Harddisk2\DR10 - ok
22:59:13.0781 3340 Boot (0x1200) (038c0967f153ce63cdfbb8a3bac69b24) \Device\Harddisk0\DR0\Partition0
22:59:13.0781 3340 \Device\Harddisk0\DR0\Partition0 - ok
22:59:13.0796 3340 Boot (0x1200) (336e2911bbcf2fcec0cd334627fce150) \Device\Harddisk2\DR10\Partition0
22:59:13.0796 3340 \Device\Harddisk2\DR10\Partition0 - ok
22:59:13.0812 3340 ============================================================
22:59:13.0812 3340 Scan finished
22:59:13.0812 3340 ============================================================
22:59:13.0875 1296 Detected object count: 2
22:59:13.0875 1296 Actual detected object count: 2
0
Answer 6 / 21
Mitch
Feb 17, 2012 at 05:24 PM
second log
Farbar Service Scanner Version: 14-02-2012
Ran by Mitch (administrator) on 15-02-2012 at 23:10:31
Microsoft Windows XP Professional Service Pack 3 (X86)

************************************************
======== Search: "netbt.sys" =========

C:\WINDOWS\system32\drivers\netbt.sys
[2004-08-04 06:00] - [2008-04-13 13:21] - 0162816 ___AC () 38B0DED53BD402704C662B4CCC698AFD

C:\WINDOWS\system32\dllcache\netbt.sys
[2004-08-04 06:00] - [2008-04-13 13:21] - 0162816 ___AC (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008-04-13 13:21] - [2008-04-13 13:21] - 0162816 ____C (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2009-06-11 08:55] - [2004-08-04 06:00] - 0162816 ____C (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

====== End Of Search ======
0
Answer 7 / 21
Mitch
Feb 17, 2012 at 05:25 PM
3rd log
Farbar Service Scanner Version: 14-02-2012
Ran by Mitch (administrator) on 15-02-2012 at 23:13:45
Microsoft Windows XP Professional Service Pack 3 (X86)

************************************************
======== Search: "afd.sys" =========

C:\WINDOWS\system32\dllcache\afd.sys
[2004-08-04 06:00] - [2008-08-14 04:04] - 0138496 ___AC (Microsoft Corporation) 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008-04-13 13:19] - [2008-04-13 13:19] - 0138112 ____C (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2009-06-11 08:55] - [2004-08-04 06:00] - 0138496 ____C (Microsoft Corporation) 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2009-06-11 09:12] - [2008-08-14 04:34] - 0138496 ___AC (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008-06-20 05:48] - [2008-06-20 05:48] - 0138496 ___AC (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A

====== End Of Search ======
0
Answer 8 / 21
Mitch
Feb 17, 2012 at 05:26 PM
Once again, My wife and I thank you so much for checking this out :)
0
Answer 9 / 21
Anonymous User
Feb 17, 2012 at 08:03 PM
TDSSkiller log contents are incomplete.I want you to run it again

Restart the PC and follow the steps

Press windows +R key and type

notepad and click ok


copy the following scipt 


@ECHO OFF
COPY /Y C:\WINDOWS\ServicePackFiles\i386\netbt.sys C:\WINDOWS\system32\drivers\netbt.sys
DEL %0



Save it as

filename:fix.bat
save as:All files

Run the BAT file

Now go to

C:\WINDOWS\ServicePackFiles\i386\afd.sys

copy the afd.sys file from the location and paste it in


C:\WINDOWS\system32\drivers


Restart the PC and check your browser

Post the new FSS log
0
Answer 10 / 21
Mitch
Feb 18, 2012 at 11:01 AM
This is the re-do on the TDSSkiller, rest to follow.
10:36:06.0828 2500 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
10:36:06.0890 2500 ============================================================
10:36:06.0890 2500 Current date / time: 2012/02/18 10:36:06.0890
10:36:06.0890 2500 SystemInfo:
10:36:06.0890 2500
10:36:06.0890 2500 OS Version: 5.1.2600 ServicePack: 3.0
10:36:06.0890 2500 Product type: Workstation
10:36:06.0890 2500 ComputerName: HEARTLAN-EB5815
10:36:06.0890 2500 UserName: Mitch
10:36:06.0890 2500 Windows directory: C:\WINDOWS
10:36:06.0890 2500 System windows directory: C:\WINDOWS
10:36:06.0890 2500 Processor architecture: Intel x86
10:36:06.0890 2500 Number of processors: 1
10:36:06.0890 2500 Page size: 0x1000
10:36:06.0890 2500 Boot type: Normal boot
10:36:06.0890 2500 ============================================================
10:36:07.0468 2500 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B20000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
10:36:07.0468 2500 \Device\Harddisk0\DR0:
10:36:07.0468 2500 MBR used
10:36:07.0468 2500 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
10:36:07.0515 2500 Initialize success
10:36:07.0515 2500 ============================================================
10:37:17.0906 3084 ============================================================
10:37:17.0906 3084 Scan started
10:37:17.0906 3084 Mode: Manual; TDLFS;
10:37:17.0906 3084 ============================================================
10:37:18.0093 3084 Abiosdsk - ok
10:37:18.0140 3084 abp480n5 - ok
10:37:18.0234 3084 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:37:18.0234 3084 ACPI - ok
10:37:18.0296 3084 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:37:18.0296 3084 ACPIEC - ok
10:37:18.0343 3084 adpu160m - ok
10:37:18.0406 3084 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:37:18.0406 3084 aec - ok
10:37:18.0453 3084 AFD - ok
10:37:18.0500 3084 Aha154x - ok
10:37:18.0546 3084 aic78u2 - ok
10:37:18.0578 3084 aic78xx - ok
10:37:18.0625 3084 AliIde - ok
10:37:18.0656 3084 amsint - ok
10:37:18.0703 3084 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:37:18.0703 3084 Arp1394 - ok
10:37:18.0828 3084 asc - ok
10:37:18.0890 3084 asc3350p - ok
10:37:18.0937 3084 asc3550 - ok
10:37:19.0078 3084 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:37:19.0078 3084 AsyncMac - ok
10:37:19.0296 3084 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:37:19.0296 3084 atapi - ok
10:37:19.0343 3084 Atdisk - ok
10:37:19.0531 3084 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:37:19.0546 3084 Atmarpc - ok
10:37:19.0796 3084 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:37:19.0796 3084 audstub - ok
10:37:19.0906 3084 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:37:19.0906 3084 Beep - ok
10:37:20.0078 3084 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:37:20.0093 3084 cbidf2k - ok
10:37:20.0140 3084 cd20xrnt - ok
10:37:20.0250 3084 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:37:20.0250 3084 Cdaudio - ok
10:37:20.0343 3084 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:37:20.0343 3084 Cdfs - ok
10:37:20.0453 3084 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:37:20.0453 3084 Cdrom - ok
10:37:20.0531 3084 Changer - ok
10:37:20.0609 3084 CmdIde - ok
10:37:20.0765 3084 Cpqarray - ok
10:37:21.0000 3084 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
10:37:21.0000 3084 ctsfm2k - ok
10:37:21.0093 3084 dac2w2k - ok
10:37:21.0187 3084 dac960nt - ok
10:37:21.0421 3084 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:37:21.0421 3084 Disk - ok
10:37:21.0593 3084 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:37:21.0625 3084 dmboot - ok
10:37:21.0765 3084 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:37:21.0765 3084 dmio - ok
10:37:21.0828 3084 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:37:21.0828 3084 dmload - ok
10:37:21.0937 3084 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:37:21.0937 3084 DMusic - ok
10:37:22.0156 3084 dpti2o - ok
10:37:22.0343 3084 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:37:22.0343 3084 drmkaud - ok
10:37:22.0515 3084 FarStoneFireWallDrive - ok
10:37:22.0640 3084 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:37:22.0640 3084 Fastfat - ok
10:37:22.0703 3084 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\drivers\fasttx2k.sys
10:37:22.0703 3084 fasttx2k - ok
10:37:22.0781 3084 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:37:22.0781 3084 Fdc - ok
10:37:22.0828 3084 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:37:22.0828 3084 Fips - ok
10:37:22.0953 3084 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:37:22.0953 3084 Flpydisk - ok
10:37:23.0000 3084 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:37:23.0015 3084 FltMgr - ok
10:37:23.0078 3084 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:37:23.0078 3084 Fs_Rec - ok
10:37:23.0140 3084 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:37:23.0156 3084 Ftdisk - ok
10:37:23.0218 3084 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
10:37:23.0234 3084 gagp30kx - ok
10:37:23.0312 3084 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:37:23.0312 3084 Gpc - ok
10:37:23.0453 3084 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:37:23.0468 3084 hidusb - ok
10:37:23.0578 3084 hpn - ok
10:37:23.0687 3084 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:37:23.0687 3084 HPZid412 - ok
10:37:23.0734 3084 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:37:23.0734 3084 HPZipr12 - ok
10:37:23.0796 3084 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:37:23.0796 3084 HPZius12 - ok
10:37:23.0859 3084 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
10:37:23.0859 3084 HSFHWBS2 - ok
10:37:23.0937 3084 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
10:37:23.0968 3084 HSF_DP - ok
10:37:24.0062 3084 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
10:37:24.0078 3084 HTTP - ok
10:37:24.0140 3084 i2omgmt - ok
10:37:24.0171 3084 i2omp - ok
10:37:24.0265 3084 i8042prt (49574e6539c2f460f54328391abbd243) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:37:24.0265 3084 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 49574e6539c2f460f54328391abbd243, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
10:37:24.0265 3084 i8042prt ( Virus.Win32.ZAccess.c ) - infected
10:37:24.0265 3084 i8042prt - detected Virus.Win32.ZAccess.c (0)
10:37:24.0359 3084 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:37:24.0359 3084 Imapi - ok
10:37:24.0453 3084 ini910u - ok
10:37:24.0515 3084 IntelIde - ok
10:37:24.0562 3084 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:37:24.0578 3084 Ip6Fw - ok
10:37:24.0625 3084 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:37:24.0625 3084 IpFilterDriver - ok
10:37:24.0718 3084 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:37:24.0718 3084 IpInIp - ok
10:37:24.0765 3084 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:37:24.0765 3084 IpNat - ok
10:37:24.0843 3084 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:37:24.0843 3084 IPSec - ok
10:37:24.0875 3084 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:37:24.0875 3084 IRENUM - ok
10:37:24.0953 3084 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:37:24.0968 3084 isapnp - ok
10:37:25.0000 3084 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:37:25.0000 3084 Kbdclass - ok
10:37:25.0093 3084 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:37:25.0093 3084 kmixer - ok
10:37:25.0187 3084 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
10:37:25.0203 3084 KSecDD - ok
10:37:25.0250 3084 lbrtfdc - ok
10:37:25.0359 3084 Leapfrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\WINDOWS\system32\DRIVERS\btblan.sys
10:37:25.0359 3084 Leapfrog-USBLAN - ok
10:37:25.0500 3084 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:37:25.0500 3084 mdmxsdk - ok
10:37:25.0593 3084 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:37:25.0593 3084 mnmdd - ok
10:37:25.0718 3084 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:37:25.0718 3084 Modem - ok
10:37:25.0765 3084 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:37:25.0765 3084 Mouclass - ok
10:37:25.0843 3084 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:37:25.0843 3084 mouhid - ok
10:37:25.0890 3084 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:37:25.0890 3084 MountMgr - ok
10:37:25.0937 3084 mraid35x - ok
10:37:26.0015 3084 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:37:26.0015 3084 MRxDAV - ok
10:37:26.0109 3084 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:37:26.0109 3084 MRxSmb - ok
10:37:26.0265 3084 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:37:26.0265 3084 Msfs - ok
10:37:26.0328 3084 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:37:26.0328 3084 MSKSSRV - ok
10:37:26.0390 3084 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:37:26.0390 3084 MSPCLOCK - ok
10:37:26.0437 3084 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:37:26.0437 3084 MSPQM - ok
10:37:26.0500 3084 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:37:26.0500 3084 mssmbios - ok
10:37:26.0640 3084 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:37:26.0640 3084 Mup - ok
10:37:26.0734 3084 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:37:26.0734 3084 NDIS - ok
10:37:26.0812 3084 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:37:26.0812 3084 NdisTapi - ok
10:37:26.0843 3084 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:37:26.0843 3084 Ndisuio - ok
10:37:26.0890 3084 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:37:26.0890 3084 NdisWan - ok
10:37:26.0953 3084 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:37:26.0953 3084 NDProxy - ok
10:37:27.0093 3084 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:37:27.0093 3084 NetBIOS - ok
10:37:27.0234 3084 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:37:27.0234 3084 NIC1394 - ok
10:37:27.0312 3084 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:37:27.0312 3084 Npfs - ok
10:37:27.0375 3084 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:37:27.0390 3084 Ntfs - ok
10:37:27.0468 3084 NTIDrvr (15a72d5b8f0b6a718207f14bd5ebb8ff) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
10:37:27.0468 3084 NTIDrvr - ok
10:37:27.0562 3084 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:37:27.0562 3084 Null - ok
10:37:27.0734 3084 nv (2282ad3b19b00967c6e48531c25bfe01) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:37:27.0828 3084 nv - ok
10:37:27.0906 3084 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:37:27.0906 3084 NwlnkFlt - ok
10:37:28.0000 3084 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:37:28.0015 3084 NwlnkFwd - ok
10:37:28.0078 3084 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:37:28.0078 3084 ohci1394 - ok
10:37:28.0171 3084 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
10:37:28.0187 3084 ossrv - ok
10:37:28.0265 3084 P17 (abfb35446f754702f7edba131a2b43fe) C:\WINDOWS\system32\drivers\P17.sys
10:37:28.0281 3084 P17 - ok
10:37:28.0375 3084 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:37:28.0390 3084 Parport - ok
10:37:28.0468 3084 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:37:28.0468 3084 PartMgr - ok
10:37:28.0515 3084 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:37:28.0515 3084 ParVdm - ok
10:37:28.0578 3084 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:37:28.0578 3084 PCI - ok
10:37:28.0625 3084 PCIDump - ok
10:37:28.0671 3084 PCIIde - ok
10:37:28.0734 3084 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:37:28.0734 3084 Pcmcia - ok
10:37:28.0781 3084 PDCOMP - ok
10:37:28.0828 3084 PDFRAME - ok
10:37:28.0875 3084 PDRELI - ok
10:37:28.0921 3084 PDRFRAME - ok
10:37:28.0968 3084 perc2 - ok
10:37:29.0015 3084 perc2hib - ok
10:37:29.0140 3084 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
10:37:29.0156 3084 PfModNT - ok
10:37:29.0296 3084 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:37:29.0296 3084 PptpMiniport - ok
10:37:29.0328 3084 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:37:29.0343 3084 Processor - ok
10:37:29.0421 3084 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:37:29.0421 3084 PSched - ok
10:37:29.0484 3084 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:37:29.0484 3084 Ptilink - ok
10:37:29.0531 3084 ql1080 - ok
10:37:29.0562 3084 Ql10wnt - ok
10:37:29.0625 3084 ql12160 - ok
10:37:29.0703 3084 ql1240 - ok
10:37:29.0796 3084 ql1280 - ok
10:37:29.0843 3084 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:37:29.0843 3084 RasAcd - ok
10:37:29.0953 3084 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:37:29.0953 3084 Rasl2tp - ok
10:37:30.0015 3084 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:37:30.0015 3084 RasPppoe - ok
10:37:30.0078 3084 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:37:30.0078 3084 Raspti - ok
10:37:30.0125 3084 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:37:30.0140 3084 Rdbss - ok
10:37:30.0187 3084 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:37:30.0203 3084 RDPCDD - ok
10:37:30.0312 3084 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:37:30.0328 3084 rdpdr - ok
10:37:30.0406 3084 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:37:30.0406 3084 RDPWD - ok
10:37:30.0500 3084 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:37:30.0500 3084 redbook - ok
10:37:30.0734 3084 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:37:30.0734 3084 Secdrv - ok
10:37:30.0828 3084 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:37:30.0828 3084 serenum - ok
10:37:30.0921 3084 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:37:30.0921 3084 Serial - ok
10:37:31.0046 3084 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:37:31.0046 3084 Sfloppy - ok
10:37:31.0125 3084 Simbad - ok
10:37:31.0171 3084 Sparrow - ok
10:37:31.0265 3084 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:37:31.0265 3084 splitter - ok
10:37:31.0359 3084 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:37:31.0359 3084 sr - ok
10:37:31.0437 3084 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
10:37:31.0453 3084 Srv - ok
10:37:31.0609 3084 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:37:31.0609 3084 swenum - ok
10:37:31.0656 3084 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:37:31.0656 3084 swmidi - ok
10:37:31.0750 3084 symc810 - ok
10:37:31.0796 3084 symc8xx - ok
10:37:31.0828 3084 sym_hi - ok
10:37:31.0875 3084 sym_u3 - ok
10:37:31.0953 3084 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:37:31.0953 3084 sysaudio - ok
10:37:32.0062 3084 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:37:32.0062 3084 Tcpip - ok
10:37:32.0156 3084 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:37:32.0171 3084 TDPIPE - ok
10:37:32.0234 3084 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:37:32.0234 3084 TDTCP - ok
10:37:32.0296 3084 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:37:32.0296 3084 TermDD - ok
10:37:32.0375 3084 TosIde - ok
10:37:32.0484 3084 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:37:32.0500 3084 Udfs - ok
10:37:32.0546 3084 ultra - ok
10:37:32.0609 3084 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:37:32.0625 3084 Update - ok
10:37:32.0734 3084 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:37:32.0750 3084 usbccgp - ok
10:37:32.0796 3084 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:37:32.0796 3084 usbehci - ok
10:37:32.0828 3084 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:37:32.0828 3084 usbhub - ok
10:37:32.0890 3084 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:37:32.0890 3084 usbprint - ok
10:37:32.0921 3084 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:37:32.0937 3084 usbscan - ok
10:37:32.0984 3084 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:37:32.0984 3084 USBSTOR - ok
10:37:33.0046 3084 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:37:33.0046 3084 usbuhci - ok
10:37:33.0125 3084 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:37:33.0125 3084 VgaSave - ok
10:37:33.0203 3084 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
10:37:33.0203 3084 viaagp1 - ok
10:37:33.0250 3084 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
10:37:33.0250 3084 ViaIde - ok
10:37:33.0296 3084 viasraid (1493f351e5a4b915fb5bbb735c14004b) C:\WINDOWS\system32\DRIVERS\viasraid.sys
10:37:33.0312 3084 viasraid - ok
10:37:33.0343 3084 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:37:33.0375 3084 VolSnap - ok
10:37:33.0484 3084 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:37:33.0484 3084 Wanarp - ok
10:37:33.0531 3084 WDICA - ok
10:37:33.0593 3084 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:37:33.0593 3084 wdmaud - ok
10:37:33.0750 3084 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:37:33.0750 3084 winachsf - ok
10:37:34.0015 3084 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:37:34.0015 3084 WS2IFSL - ok
10:37:34.0093 3084 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:37:34.0093 3084 WudfPf - ok
10:37:34.0156 3084 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:37:34.0156 3084 WudfRd - ok
10:37:34.0312 3084 yukonwxp (a81a1f8c2a50f72fda9c686aa85bf151) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
10:37:34.0312 3084 yukonwxp - ok
10:37:34.0421 3084 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:37:34.0671 3084 \Device\Harddisk0\DR0 - ok
10:37:34.0703 3084 Boot (0x1200) (038c0967f153ce63cdfbb8a3bac69b24) \Device\Harddisk0\DR0\Partition0
10:37:34.0703 3084 \Device\Harddisk0\DR0\Partition0 - ok
10:37:34.0703 3084 ============================================================
10:37:34.0703 3084 Scan finished
10:37:34.0703 3084 ============================================================
10:37:34.0781 3076 Detected object count: 1
10:37:34.0781 3076 Actual detected object count: 1
10:38:05.0687 3076 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - copied to quarantine
10:38:12.0187 3076 Backup copy found, using it..
10:38:12.0218 3076 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
10:38:14.0609 3076 i8042prt ( Virus.Win32.ZAccess.c ) - User select action: Cure
0
Answer 11 / 21
Mitch
Feb 18, 2012 at 11:43 AM
This is the FSS report.
Farbar Service Scanner Version: 14-02-2012
Ran by Mitch (administrator) on 18-02-2012 at 11:36:44
Running from "C:\Documents and Settings\Mitch\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open NetBt registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****
0
Answer 12 / 21
Anonymous User
Feb 18, 2012 at 12:19 PM
Download

http://speedy.sh/hrQvm/netbt.reg

Launch it,click YES when you get a prompt

Restart the PC and let me know if you can browse

We need to run some more tools after retreiving your internet connection to remove zero access rootkit
0
Answer 13 / 21
Mitch
Feb 18, 2012 at 01:41 PM
No I cannot browse.
0
Answer 14 / 21
Anonymous User
Feb 18, 2012 at 02:48 PM
can you post the new FSS log
0
Answer 15 / 21
Mitch
Feb 19, 2012 at 11:51 AM
New FSS log.
Farbar Service Scanner Version: 14-02-2012
Ran by Mitch (administrator) on 18-02-2012 at 15:41:54
Running from "C:\Documents and Settings\Mitch\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****
0
Answer 16 / 21
Anonymous User
Feb 19, 2012 at 12:00 PM
Your LOG shows that you are able to connect to internet now

Do you still have issues?

If yes

Download the fixit

https://support.microsoft.com/en-us/help/2970908/how-to-use-microsoft-easy-fix-solutions

Run it,and restart the PC

Let me know if you can browse now
0
Answer 17 / 21
Mitch
Feb 19, 2012 at 01:55 PM
Still cant browse, ran the network diagnostics, it said "Hostname www.microsoft.com could not be resolved (error code 0x2afc) could be either gateway or DNS issue"

I re-set the router, checked all cables. I ran the FSS again and same log came up as before.
0
Answer 18 / 21
Anonymous User
Feb 19, 2012 at 02:38 PM
Download

http://files.snapfiles.com/localdl936/WinsockxpFix.exe

Launch it ,Click on FIX

Restart your PC after it gets completed

Check your browser.If that doesnt work try this


Please copy the entire contents of the codebox below into Notepad: 


REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]





Open a notepad ,copy the script,save it as

Filename:fixme.reg
save as type:All files


Launch it and click YES to add it to registry

After that, Reboot your computer.

After the restart,

Go to control panel- Network Connections
Right click on your normal connection icon, and choose Properties
Click the Install button
Choose Protocol then click Add
Click Have disk
In the drop down box, type in: C:\WINDOWS\INF and click OK
In the next dialog, click Internet Protocol (TCP/IP) then click OK
Click Close to leave the properties box

After that, restart your computer and see if you can browse now.


Good luck
0
Answer 19 / 21
Mitch
Feb 19, 2012 at 04:38 PM
The snapfiles didnt work, adding in the notepad stuff now. I must have been really really messed up with the viruses. If I hadn't found this website, I probably would have thrown it out the window, still might have to :(
0
Answer 20 / 21
Mitch
Feb 19, 2012 at 04:59 PM
Tried all of it and still can't browse. Has any of the logs Ive shown showed when the viruses were installed? I can see some dates but I don't know if thats the date the virus was created or when it was put on my machine.

As you can tell, I'm very lacking in computer knowledge. Had what I thought was a good virus protector on but seems it let a lot through.
0
  • 1
  • 2

Similar discussions

DNS probe finished no internet on Mac
garymota -
Kelly -

17 responses
Internet connected but webpages won't load
Sarah86 -
ieviqs -

31 responses
Wifi connected but can't open any websites
notit novice -
ali_sayafan -

31 responses
My internet is not working for any of the site except Gmail
issunil -
junglee -

14 responses
Have internet connection, browser won't load pages
Lilbruno -
tiana258 -

21 responses