Event type mptlemetry, p1 80024402c p2 endsearch p3 search p4 1.1.1593.0 p5 mpsidwn.dll p6 1.1.1593.

Inactive-A
By Joanne montanez
Jun 8, 2013
Topic Status:
Not open for further replies.
  1. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    ========================= Devices: ================================



    Name: Video Controller (VGA Compatible)

    Description: Video Controller (VGA Compatible)

    Class Guid:

    Manufacturer:

    Service:

    Problem: : The drivers for this device are not installed. (Code 28)

    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
  2. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/



    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

    Started in : Normal mode

    User : home [Admin rights]

    Mode : Scan -- Date : 06/09/2013 01:51:37

    | ARK || FAK || MBR |



    ¤¤¤ Bad processes : 0 ¤¤¤



    ¤¤¤ Registry Entries : 5 ¤¤¤

    [Services][BLACKLIST] HKLM\[...]\ControlSet003\Services\BrowserProtect (C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) [x] -> FOUND

    [STARTUP][SUSP PATH] Seagate Product Registration.lnk @home : C:\Documents and Settings\home\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe [7] -> FOUND

    [STARTUP][SUSP PATH] tcbhn.lnk @home : C:\Documents and Settings\home\Application Data\BrowserCompanion\tcbhn.exe -> FOUND

    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (169.254.103.158:80) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND



    ¤¤¤ Particular Files / Folders: ¤¤¤



    ¤¤¤ Driver : [LOADED] ¤¤¤

    SSDT[41] : NtCreateKey @ 0x80578ACE -> HOOKED (Unknown @ 0x8714597C)

    SSDT[43] : NtCreateMutant @ 0x805840AD -> HOOKED (Unknown @ 0x8713E924)

    SSDT[47] : NtCreateProcess @ 0x805B6DB5 -> HOOKED (Unknown @ 0x8704C884)

    SSDT[48] : NtCreateProcessEx @ 0x8058BA0C -> HOOKED (Unknown @ 0x87186A3C)

    SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFAEA -> HOOKED (Unknown @ 0x8713E8EC)

    SSDT[53] : NtCreateThread @ 0x80584D59 -> HOOKED (Unknown @ 0x8714EE3C)

    SSDT[63] : NtDeleteKey @ 0x8059978F -> HOOKED (Unknown @ 0x8714590C)

    SSDT[65] : NtDeleteValueKey @ 0x805983AE -> HOOKED (Unknown @ 0x8715D9C4)

    SSDT[68] : NtDuplicateObject @ 0x8057F1A9 -> HOOKED (Unknown @ 0x8713E8B4)

    SSDT[97] : NtLoadDriver @ 0x805AF8B6 -> HOOKED (Unknown @ 0x8714ED7C)

    SSDT[122] : NtOpenProcess @ 0x8057F956 -> HOOKED (Unknown @ 0x8714491C)

    SSDT[125] : NtOpenSection @ 0x805791AE -> HOOKED (Unknown @ 0x8715D98C)

    SSDT[128] : NtOpenThread @ 0x805E4831 -> HOOKED (Unknown @ 0x871448E4)

    SSDT[192] : NtRenameKey @ 0x806569DE -> HOOKED (Unknown @ 0x8715DA34)

    SSDT[204] : NtRestoreKey @ 0x80656ED1 -> HOOKED (Unknown @ 0x8715D9FC)

    SSDT[240] : NtSetSystemInformation @ 0x805B14E8 -> HOOKED (Unknown @ 0x8713E87C)

    SSDT[247] : NtSetValueKey @ 0x805800A4 -> HOOKED (Unknown @ 0x87145944)

    SSDT[257] : NtTerminateProcess @ 0x8058E8D1 -> HOOKED (Unknown @ 0x871448AC)

    SSDT[258] : NtTerminateThread @ 0x80584986 -> HOOKED (Unknown @ 0x871459B4)

    SSDT[277] : NtWriteVirtualMemory @ 0x8058760F -> HOOKED (Unknown @ 0x8715D954)

    S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x85D75A94)

    S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x870B7FD4)



    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\WINDOWS\system32\drivers\etc\hosts



    127.0.0.1 localhost

    127.0.0.1 www.007guard.com

    127.0.0.1 007guard.com

    127.0.0.1 008i.com

    127.0.0.1 www.008k.com

    127.0.0.1 008k.com

    127.0.0.1 www.00hq.com

    127.0.0.1 00hq.com

    127.0.0.1 010402.com

    127.0.0.1 www.032439.com

    127.0.0.1 032439.com

    127.0.0.1 www.0scan.com

    127.0.0.1 0scan.com

    127.0.0.1 1000gratisproben.com

    127.0.0.1 www.1000gratisproben.com

    127.0.0.1 1001namen.com

    127.0.0.1 www.1001namen.com

    127.0.0.1 100888290cs.com

    127.0.0.1 www.100888290cs.com

    127.0.0.1 www.100sexlinks.com

    [...]





    ¤¤¤ MBR Check: ¤¤¤



    +++++ PhysicalDrive0: SAMSUNG HD502HI +++++

    --- User ---

    [MBR] 9c79fad6353dedef51d5c47d87588a1e

    [BSP] 6e3c3b93d3377cc12662a229aee850e1 : Windows XP MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476939 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!



    +++++ PhysicalDrive1: SanDisk Ultra USB Device +++++

    --- User ---

    [MBR] a124dc1f32b91ceacb765c7a5ad6ec2e

    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

    Partition table:

    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo

    User = LL1 ... OK!

    Error reading LL2 MBR!



    Finished : << RKreport[1]_S_06092013_02d0151.txt >>

    RKreport[1]_S_06092013_02d0151.txt

  3. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/



    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

    Started in : Normal mode

    User : home [Admin rights]

    Mode : Remove -- Date : 06/09/2013 01:54:25

    | ARK || FAK || MBR |



    ¤¤¤ Bad processes : 0 ¤¤¤



    ¤¤¤ Registry Entries : 5 ¤¤¤

    [Services][BLACKLIST] HKLM\[...]\ControlSet003\Services\BrowserProtect (C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) [x] -> DELETED

    [STARTUP][SUSP PATH] Seagate Product Registration.lnk @home : C:\Documents and Settings\home\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe [7] -> DELETED

    [STARTUP][SUSP PATH] tcbhn.lnk @home : C:\Documents and Settings\home\Application Data\BrowserCompanion\tcbhn.exe -> DELETED

    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (169.254.103.158:80) -> NOT REMOVED, USE PROXYFIX

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)



    ¤¤¤ Particular Files / Folders: ¤¤¤



    ¤¤¤ Driver : [LOADED] ¤¤¤

    SSDT[41] : NtCreateKey @ 0x80578ACE -> HOOKED (Unknown @ 0x8714597C)

    SSDT[43] : NtCreateMutant @ 0x805840AD -> HOOKED (Unknown @ 0x8713E924)

    SSDT[47] : NtCreateProcess @ 0x805B6DB5 -> HOOKED (Unknown @ 0x8704C884)

    SSDT[48] : NtCreateProcessEx @ 0x8058BA0C -> HOOKED (Unknown @ 0x87186A3C)

    SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFAEA -> HOOKED (Unknown @ 0x8713E8EC)

    SSDT[53] : NtCreateThread @ 0x80584D59 -> HOOKED (Unknown @ 0x8714EE3C)

    SSDT[63] : NtDeleteKey @ 0x8059978F -> HOOKED (Unknown @ 0x8714590C)

    SSDT[65] : NtDeleteValueKey @ 0x805983AE -> HOOKED (Unknown @ 0x8715D9C4)

    SSDT[68] : NtDuplicateObject @ 0x8057F1A9 -> HOOKED (Unknown @ 0x8713E8B4)

    SSDT[97] : NtLoadDriver @ 0x805AF8B6 -> HOOKED (Unknown @ 0x8714ED7C)

    SSDT[122] : NtOpenProcess @ 0x8057F956 -> HOOKED (Unknown @ 0x8714491C)

    SSDT[125] : NtOpenSection @ 0x805791AE -> HOOKED (Unknown @ 0x8715D98C)

    SSDT[128] : NtOpenThread @ 0x805E4831 -> HOOKED (Unknown @ 0x871448E4)

    SSDT[192] : NtRenameKey @ 0x806569DE -> HOOKED (Unknown @ 0x8715DA34)

    SSDT[204] : NtRestoreKey @ 0x80656ED1 -> HOOKED (Unknown @ 0x8715D9FC)

    SSDT[240] : NtSetSystemInformation @ 0x805B14E8 -> HOOKED (Unknown @ 0x8713E87C)

    SSDT[247] : NtSetValueKey @ 0x805800A4 -> HOOKED (Unknown @ 0x87145944)

    SSDT[257] : NtTerminateProcess @ 0x8058E8D1 -> HOOKED (Unknown @ 0x871448AC)

    SSDT[258] : NtTerminateThread @ 0x80584986 -> HOOKED (Unknown @ 0x871459B4)

    SSDT[277] : NtWriteVirtualMemory @ 0x8058760F -> HOOKED (Unknown @ 0x8715D954)

    S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x85D75A94)

    S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x870B7FD4)



    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\WINDOWS\system32\drivers\etc\hosts



    127.0.0.1 localhost

    127.0.0.1 www.007guard.com

    127.0.0.1 007guard.com

    127.0.0.1 008i.com

    127.0.0.1 www.008k.com

    127.0.0.1 008k.com

    127.0.0.1 www.00hq.com

    127.0.0.1 00hq.com

    127.0.0.1 010402.com

    127.0.0.1 www.032439.com

    127.0.0.1 032439.com

    127.0.0.1 www.0scan.com

    127.0.0.1 0scan.com

    127.0.0.1 1000gratisproben.com

    127.0.0.1 www.1000gratisproben.com

    127.0.0.1 1001namen.com

    127.0.0.1 www.1001namen.com

    127.0.0.1 100888290cs.com

    127.0.0.1 www.100888290cs.com

    127.0.0.1 www.100sexlinks.com

    [...]





    ¤¤¤ MBR Check: ¤¤¤



    +++++ PhysicalDrive0: SAMSUNG HD502HI +++++

    --- User ---

    [MBR] 9c79fad6353dedef51d5c47d87588a1e

    [BSP] 6e3c3b93d3377cc12662a229aee850e1 : Windows XP MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476939 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!



    +++++ PhysicalDrive1: SanDisk Ultra USB Device +++++

    --- User ---

    [MBR] a124dc1f32b91ceacb765c7a5ad6ec2e

    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

    Partition table:

    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo

    User = LL1 ... OK!

    Error reading LL2 MBR!



    Finished : << RKreport[2]_D_06092013_02d0154.txt >>

    RKreport[1]_S_06092013_02d0151.txt ; RKreport[2]_D_06092013_02d0154.txt

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/



    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

    Started in : Normal mode

    User : home [Admin rights]

    Mode : Scan -- Date : 06/09/2013 01:56:01

    | ARK || FAK || MBR |



    ¤¤¤ Bad processes : 0 ¤¤¤



    ¤¤¤ Registry Entries : 1 ¤¤¤

    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (169.254.103.158:80) -> FOUND



    ¤¤¤ Particular Files / Folders: ¤¤¤



    ¤¤¤ Driver : [LOADED] ¤¤¤

    SSDT[41] : NtCreateKey @ 0x80578ACE -> HOOKED (Unknown @ 0x8714597C)

    SSDT[43] : NtCreateMutant @ 0x805840AD -> HOOKED (Unknown @ 0x8713E924)

    SSDT[47] : NtCreateProcess @ 0x805B6DB5 -> HOOKED (Unknown @ 0x8704C884)

    SSDT[48] : NtCreateProcessEx @ 0x8058BA0C -> HOOKED (Unknown @ 0x87186A3C)

    SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFAEA -> HOOKED (Unknown @ 0x8713E8EC)

    SSDT[53] : NtCreateThread @ 0x80584D59 -> HOOKED (Unknown @ 0x8714EE3C)

    SSDT[63] : NtDeleteKey @ 0x8059978F -> HOOKED (Unknown @ 0x8714590C)

    SSDT[65] : NtDeleteValueKey @ 0x805983AE -> HOOKED (Unknown @ 0x8715D9C4)

    SSDT[68] : NtDuplicateObject @ 0x8057F1A9 -> HOOKED (Unknown @ 0x8713E8B4)

    SSDT[97] : NtLoadDriver @ 0x805AF8B6 -> HOOKED (Unknown @ 0x8714ED7C)

    SSDT[122] : NtOpenProcess @ 0x8057F956 -> HOOKED (Unknown @ 0x8714491C)

    SSDT[125] : NtOpenSection @ 0x805791AE -> HOOKED (Unknown @ 0x8715D98C)

    SSDT[128] : NtOpenThread @ 0x805E4831 -> HOOKED (Unknown @ 0x871448E4)

    SSDT[192] : NtRenameKey @ 0x806569DE -> HOOKED (Unknown @ 0x8715DA34)

    SSDT[204] : NtRestoreKey @ 0x80656ED1 -> HOOKED (Unknown @ 0x8715D9FC)

    SSDT[240] : NtSetSystemInformation @ 0x805B14E8 -> HOOKED (Unknown @ 0x8713E87C)

    SSDT[247] : NtSetValueKey @ 0x805800A4 -> HOOKED (Unknown @ 0x87145944)

    SSDT[257] : NtTerminateProcess @ 0x8058E8D1 -> HOOKED (Unknown @ 0x871448AC)

    SSDT[258] : NtTerminateThread @ 0x80584986 -> HOOKED (Unknown @ 0x871459B4)

    SSDT[277] : NtWriteVirtualMemory @ 0x8058760F -> HOOKED (Unknown @ 0x8715D954)

    S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x85D75A94)

    S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x870B7FD4)



    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\WINDOWS\system32\drivers\etc\hosts



    127.0.0.1 localhost

    127.0.0.1 www.007guard.com

    127.0.0.1 007guard.com

    127.0.0.1 008i.com

    127.0.0.1 www.008k.com

    127.0.0.1 008k.com

    127.0.0.1 www.00hq.com

    127.0.0.1 00hq.com

    127.0.0.1 010402.com

    127.0.0.1 www.032439.com

    127.0.0.1 032439.com

    127.0.0.1 www.0scan.com

    127.0.0.1 0scan.com

    127.0.0.1 1000gratisproben.com

    127.0.0.1 www.1000gratisproben.com

    127.0.0.1 1001namen.com

    127.0.0.1 www.1001namen.com

    127.0.0.1 100888290cs.com

    127.0.0.1 www.100888290cs.com

    127.0.0.1 www.100sexlinks.com

    [...]





    ¤¤¤ MBR Check: ¤¤¤



    +++++ PhysicalDrive0: SAMSUNG HD502HI +++++

    --- User ---

    [MBR] 9c79fad6353dedef51d5c47d87588a1e

    [BSP] 6e3c3b93d3377cc12662a229aee850e1 : Windows XP MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476939 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!



    +++++ PhysicalDrive1: SanDisk Ultra USB Device +++++

    --- User ---

    [MBR] a124dc1f32b91ceacb765c7a5ad6ec2e

    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

    Partition table:

    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo

    User = LL1 ... OK!

    Error reading LL2 MBR!



    Finished : << RKreport[3]_S_06092013_02d0156.txt >>

    RKreport[1]_S_06092013_02d0151.txt ; RKreport[2]_D_06092013_02d0154.txt ; RKreport[3]_S_06092013_02d0156.txt

  4. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    Malwarebytes Anti-Rootkit BETA 1.06.0.1003



    (c) Malwarebytes Corporation 2011-2012



    OS version: 5.1.2600 Windows XP Service Pack 3 x86



    Account is Administrative



    Internet Explorer version: 8.0.6001.18702



    File system is: FAT32

    Disk drives: C:\ DRIVE_FIXED

    CPU speed: 2.992000 GHz

    Memory total: 1072406528, free: 414441472



    Host not found

    Host not found

    Initializing...

    ------------ Kernel report ------------

    06/09/2013 02:11:48

    ------------ Loaded modules -----------

    \WINDOWS\system32\ntoskrnl.exe

    \WINDOWS\system32\hal.dll

    \WINDOWS\system32\KDCOM.DLL

    \WINDOWS\system32\BOOTVID.dll

    sptd.sys

    \WINDOWS\System32\Drivers\WMILIB.SYS

    \WINDOWS\System32\Drivers\SCSIPORT.SYS

    ACPI.sys

    pci.sys

    isapnp.sys

    PCIIde.sys

    \WINDOWS\System32\Drivers\PCIIDEX.SYS

    intelide.sys

    MountMgr.sys

    ftdisk.sys

    PartMgr.sys

    VolSnap.sys

    atapi.sys

    disk.sys

    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

    fltmgr.sys

    sr.sys

    KSecDD.sys

    aswKbd.sys

    Ntfs.sys

    NDIS.sys

    vvoice.sys

    vpctcom.sys

    vmodem.sys

    Mup.sys

    BMLoad.sys

    agp440.sys

    \SystemRoot\system32\DRIVERS\intelppm.sys

    \SystemRoot\system32\DRIVERS\HDAudBus.sys

    \SystemRoot\system32\DRIVERS\usbuhci.sys

    \SystemRoot\system32\DRIVERS\USBPORT.SYS

    \SystemRoot\system32\DRIVERS\usbehci.sys

    \SystemRoot\system32\drivers\cmaudio.sys

    \SystemRoot\system32\drivers\portcls.sys

    \SystemRoot\system32\drivers\drmk.sys

    \SystemRoot\system32\drivers\ks.sys

    \SystemRoot\system32\DRIVERS\i8042prt.sys

    \SystemRoot\system32\DRIVERS\kbdclass.sys

    \SystemRoot\system32\DRIVERS\fdc.sys

    \SystemRoot\system32\DRIVERS\serial.sys

    \SystemRoot\system32\DRIVERS\serenum.sys

    \SystemRoot\system32\DRIVERS\parport.sys

    \SystemRoot\System32\Drivers\cdrbsvsd.SYS

    \SystemRoot\system32\DRIVERS\imapi.sys

    \SystemRoot\system32\DRIVERS\cdrom.sys

    \SystemRoot\system32\DRIVERS\redbook.sys

    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

    \SystemRoot\system32\drivers\smwdm.sys

    \SystemRoot\system32\drivers\aeaudio.sys

    \SystemRoot\system32\drivers\sf.sys

    \SystemRoot\system32\DRIVERS\audstub.sys

    \SystemRoot\System32\Drivers\RootMdm.sys

    \SystemRoot\System32\Drivers\Modem.SYS

    \SystemRoot\system32\DRIVERS\rasl2tp.sys

    \SystemRoot\system32\DRIVERS\ndistapi.sys

    \SystemRoot\system32\DRIVERS\ndiswan.sys

    \SystemRoot\system32\DRIVERS\raspppoe.sys

    \SystemRoot\system32\DRIVERS\raspptp.sys

    \SystemRoot\system32\DRIVERS\TDI.SYS

    \SystemRoot\system32\DRIVERS\psched.sys

    \SystemRoot\system32\DRIVERS\msgpc.sys

    \SystemRoot\system32\DRIVERS\ptilink.sys

    \SystemRoot\system32\DRIVERS\raspti.sys

    \SystemRoot\system32\DRIVERS\RimSerial.sys

    \SystemRoot\system32\DRIVERS\termdd.sys

    \SystemRoot\system32\DRIVERS\mouclass.sys

    \SystemRoot\system32\DRIVERS\swenum.sys

    \SystemRoot\system32\DRIVERS\update.sys

    \SystemRoot\system32\DRIVERS\mssmbios.sys

    \SystemRoot\System32\Drivers\NDProxy.SYS

    \SystemRoot\system32\drivers\AtiHdmi.sys

    \SystemRoot\system32\DRIVERS\usbhub.sys

    \SystemRoot\system32\DRIVERS\USBD.SYS

    \SystemRoot\system32\DRIVERS\gameenum.sys

    \SystemRoot\system32\DRIVERS\flpydisk.sys

    \SystemRoot\System32\Drivers\Fs_Rec.SYS

    \SystemRoot\System32\Drivers\Null.SYS

    \SystemRoot\System32\Drivers\Beep.SYS

    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

    \SystemRoot\System32\drivers\vga.sys

    \SystemRoot\System32\drivers\VIDEOPRT.SYS

    \SystemRoot\System32\Drivers\mnmdd.SYS

    \SystemRoot\System32\DRIVERS\RDPCDD.sys

    \SystemRoot\System32\Drivers\Msfs.SYS

    \SystemRoot\System32\Drivers\Npfs.SYS

    \SystemRoot\system32\DRIVERS\rasacd.sys

    \SystemRoot\system32\DRIVERS\ipsec.sys

    \SystemRoot\system32\DRIVERS\tcpip.sys

    \??\C:\WINDOWS\system32\drivers\tcpipBM.sys

    \SystemRoot\system32\DRIVERS\netbt.sys

    \SystemRoot\system32\DRIVERS\ipnat.sys

    \SystemRoot\system32\DRIVERS\wanarp.sys

    \SystemRoot\System32\drivers\ws2ifsl.sys

    \SystemRoot\System32\drivers\afd.sys

    \SystemRoot\system32\DRIVERS\netbios.sys

    \SystemRoot\system32\DRIVERS\tmcomm.sys

    \SystemRoot\system32\DRIVERS\tmevtmgr.sys

    \SystemRoot\System32\Drivers\usbVM303.sys

    \SystemRoot\System32\Drivers\STREAM.SYS

    \SystemRoot\system32\DRIVERS\tmactmon.sys

    \SystemRoot\system32\drivers\vvftav303.sys

    \SystemRoot\system32\DRIVERS\tmtdi.sys

    \SystemRoot\system32\DRIVERS\rdbss.sys

    \SystemRoot\system32\DRIVERS\mrxsmb.sys

    \SystemRoot\System32\Drivers\Fips.SYS

    \SystemRoot\system32\DRIVERS\hidusb.sys

    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

    \SystemRoot\system32\DRIVERS\mouhid.sys

    \SystemRoot\System32\Drivers\Cdfs.SYS

    \SystemRoot\System32\Drivers\dump_atapi.sys

    \SystemRoot\System32\Drivers\dump_WMILIB.SYS

    \SystemRoot\System32\win32k.sys

    \SystemRoot\System32\drivers\Dxapi.sys

    \SystemRoot\System32\watchdog.sys

    \SystemRoot\System32\drivers\dxg.sys

    \SystemRoot\System32\drivers\dxgthk.sys

    \SystemRoot\System32\framebuf.dll

    \SystemRoot\system32\DRIVERS\nwlnkipx.sys

    \SystemRoot\system32\DRIVERS\nwlnknb.sys

    \SystemRoot\system32\DRIVERS\ndisuio.sys

    \SystemRoot\System32\ATMFD.DLL

    \SystemRoot\system32\DRIVERS\mrxdav.sys

    \SystemRoot\System32\Drivers\ParVdm.SYS

    \SystemRoot\system32\drivers\wdmaud.sys

    \SystemRoot\system32\drivers\sysaudio.sys

    \SystemRoot\system32\DRIVERS\nwlnkspx.sys

    \SystemRoot\system32\DRIVERS\srv.sys

    \SystemRoot\System32\Drivers\HTTP.sys

    \??\C:\WINDOWS\system32\PCTINDIS5.SYS

    \SystemRoot\System32\Drivers\Fastfat.SYS

    \SystemRoot\system32\DRIVERS\fetnd5bv.sys

    \SystemRoot\system32\DRIVERS\USBSTOR.SYS

    \SystemRoot\system32\drivers\kmixer.sys

    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

    \WINDOWS\system32\ntdll.dll

    ----------- End -----------

    Done!
  5. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    <<<1>>>

    Upper Device Name: \Device\Harddisk1\DR12

    Upper Device Object: 0xffffffff85c164e0

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\0000008c\

    Lower Device Object: 0xffffffff85cc3db0

    Lower Device Driver Name: \Driver\USBSTOR\

    IRP handler 0 of \Driver\USBSTOR points to an unknown module

    Unhooking enabled.

    <<<1>>>

    Upper Device Name: \Device\Harddisk1\DR12

    Upper Device Object: 0xffffffff85c164e0

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\0000008c\

    Lower Device Object: 0xffffffff85cc3db0

    Lower Device Driver Name: \Driver\USBSTOR\

    Driver name found: USBSTOR

    Initialization returned 0x0

    Load Function returned 0x0

    <<<1>>>

    Upper Device Name: \Device\Harddisk0\DR0

    Upper Device Object: 0xffffffff87334ab8

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-5\

    Lower Device Object: 0xffffffff872d3d98

    Lower Device Driver Name: \Driver\atapi\

    Driver name found: atapi

    Initialization returned 0x0

    Load Function returned 0x0

    <<<2>>>

    Device number: 0, partition: 1

    Physical Sector Size: 512

    Drive: 0, DevicePointer: 0xffffffff87334ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xffffffff872dc930, DeviceName: Unknown, DriverName: \Driver\PartMgr\

    DevicePointer: 0xffffffff87334ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    DevicePointer: 0xffffffff872f69b8, DeviceName: \Device\0000006d\, DriverName: \Driver\ACPI\

    DevicePointer: 0xffffffff872d3d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\

    ------------ End ----------

    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    Upper DeviceData: 0xffffffffe4090ba8, 0xffffffff87334ab8, 0xffffffff859a0208

    Lower DeviceData: 0xffffffffe30ac468, 0xffffffff872d3d98, 0xffffffff859c2040

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    <<<2>>>

    Device number: 0, partition: 1

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Scanning drivers directory: C:\WINDOWS\system32\drivers...

    <<<2>>>

    Device number: 0, partition: 1

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    File user open failed: C:\WINDOWS\system32\drivers\sptd.sys (0x00000020)

    Done!

    Drive 0

    Scanning MBR on drive 0...

    Inspecting partition table:

    MBR Signature: 55AA

    Disk Signature: 23658E6F



    Partition information:



    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 63 Numsec = 976773105

    Partition file system is NTFS

    Partition is bootable



    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Disk Size: 500107862016 bytes

    Sector size: 512 bytes



    Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

    Done!

    Physical Sector Size: 512

    Drive: 1, DevicePointer: 0xffffffff85c164e0, DeviceName: \Device\Harddisk1\DR12\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xffffffff8726a020, DeviceName: Unknown, DriverName: \Driver\PartMgr\

    DevicePointer: 0xffffffff85c164e0, DeviceName: \Device\Harddisk1\DR12\, DriverName: \Driver\Disk\

    DevicePointer: 0xffffffff85cc3db0, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\

    ------------ End ----------

    Alternate DeviceName: \Device\Harddisk1\DR12\, DriverName: \Driver\Disk\

    Upper DeviceData: 0xffffffffe1d6e208, 0xffffffff85c164e0, 0xffffffff85af0ab8

    Lower DeviceData: 0xffffffffe3380708, 0xffffffff85cc3db0, 0xffffffff85f3a4b8

    Drive 1

    Scanning MBR on drive 1...

    Inspecting partition table:

    MBR Signature: 55AA

    Disk Signature: 0



    Partition information:



    Partition 0 type is Other (0xc)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 32 Numsec = 31266784



    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Disk Size: 16008609792 bytes

    Sector size: 512 bytes



    Done!

    Scan finished

    Removal queue found; removal started

    Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

    Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...

    Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

    Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...

    Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...

    Removal finished

    Host not found

    =======================================















  6. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    Morning
    Yesterday was a long day :(
    And my desktop is still with no connectivity
    Event Viewer
    System
    DATE:6/9/2013 SOURCE:Dhcp
    TIME 11:19 CATEGORY:NONE
    TYPE :WARNING EVENT ID:1007
    user: n/a
    Computer:Home-52DC6E4B98
    Description:
    Your computer has automatically configured the IP addres for the
    Network Card with network addres 0040F4B1FF29. The IP address
    being used is 169.254.103.158



    Local Area connection
    is sending but no receiving
  7. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  8. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    We posted at the same time.
    Please follow my previous reply.
  9. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    My desktop can't connect to the internet
    how can I update the program if I need to, remember I am downloading from another computer
  10. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    There is nothing about updating in my instructions.
  11. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    NOTE 2. If Combofix asks you to update the program, always do so
     
  12. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Don't worry about it for now.
  13. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    What can I do? if my stop running
  14. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    My clock stop running
  15. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Restart computer to safe mode and try running Combofix from there.
  16. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    Combofix was not on my desktop on safe mode
  17. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    And I download it again on safe mode,
    my clock stop again
  18. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
    NOTE 2. Disable your antivirus program before running Windows Repair.


    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    Leave all checkmarks as they're.
    NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

    Click on Start button.

    [​IMG]

    Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
  19. Joanne montanez

    Joanne montanez Newcomer, in training Topic Starter Posts: 33

    Now I am ....
    Windows file protection is asking me for my cd-rom of Winows XP Home Edition, and my computer is 8 years old I don't have the original cd of my computer
  20. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    That indicates that there is a problem with some Windows files and this has to be fixed.
    Ask around. Some friend may have the disk.
  21. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Still with me?
  22. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.