Jump to content

Winsock and/or TCP-IP issue after using Malwarebytes!


DaveTalby

Recommended Posts

Hey!

I'm sooo frustrated right now, and about ready to just toss my PC and buy a new one! I've tried every possible fix for this issue, and none are working!

I'm running XP and had some issues with various trojans/viruses, and bought the full version of MB after using the trial version for the past few months, and everything was working perfectly for a few days. I did one full scan, found a handful of trojans and a DNS-changer, and deleted them all. MB said I needed to restart my computer at that time for the changes to take effect, which I didn't do immediately. Everything was working perfectly, and I was having no issues.

Between 48-24hrs later I restarted my PC, and when it re-booted I could no longer connect to the internet! I'm using a LAN connection, and it says the network is connected and running, but when I hit the repair button under LAN status, I get the "failed to query TCP/IP settings of the connection" error. When I look under the general status tab of the LAN connection, it says 85 packets have been sent, but none received.

When I open internet explorer, i get the "cannot display webpage" error, and when i hit the diagnose connection problem button, it says "windows has detected a problem with the winsock provider catalog", and says I need to reboot to repair it. I've done this numerous times. It won't work.

These are the other recommended "fixes" I have tried...

-changing the TCP/IP properties to obtain an IP and DNS address automatically (they were always set to that anyway)

-doing both the downloadable microsoft fix it and manual TCP/IP fix, which following reboots has done nothing

-using the windows XP service pack download

-used the winsock and tcp repair utility download

-used the "netsh winsock reset catalog" and "netsh int ip reset restlog.txt"

-LSP winsock 2 repair utility found no problems

I think those were all of the fixes I tried, maybe i did a couple more, and none of them have worked! I spent about an hour reading various message board posts, reading about people having the identical problem that I have, yet the fixes that worked for them wont work for me. Very annoying, haha! The most frustrating part is that everything was working up until I restarted my computer!

Any help would be much appreciated!!

Also, I planned on posting the MBAM logs, but my SD card or the reader itself seems to be acting up on both my own computer (it was working up until a few mins ago) and the one I'm posting from. If need be, I can try and post them to this thread sometime tomorrow.

Thanks!!

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hey! Thanks for the reply.

All of the issues I'm having I mentioned in my original post, however, I forgot to mention that last week I was having issues with my computer suddenly not recognizing my USB mouse, and my SigmaTel sound card would stop working as well. I uninstalled and re-loaded both maybe two or three times each, and since then the problem hasn't arisen again.

Here are two logs from my virus scans...

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4600

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/12/2010 1:44:06 PM

mbam-log-2010-09-12 (13-44-06).txt

Scan type: Quick scan

Objects scanned: 184185

Time elapsed: 50 minute(s), 23 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 16

Memory Processes Infected:

C:\WINDOWS\Temp\Epc.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\WINDOWS\Temp\Epb.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.71,93.188.161.4 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.71,93.188.161.4 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{eb7cd610-b25a-41d1-a1b3-36a6e7aa89f8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.71,93.188.161.4 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{eb7cd610-b25a-41d1-a1b3-36a6e7aa89f8}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.71,93.188.161.4 -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\Temp\Epc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\Epb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cryptnet32.dll (Trojan.Lukicsel) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\mcugr.sys (Rootkit.Bubnix) -> Delete on reboot.

C:\WINDOWS\system32\spool\prtprocs\w32x86\SKU55.dll (Spyware.Zbot.SI) -> Delete on reboot.

C:\WINDOWS\Temp\0.8707858840566436.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\55u5m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\79mYW9u (Spyware.Zbot.SI) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\_C9.tmp (Trojan.Lukicsel) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\pdfupd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\shimg.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4600

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/16/2010 6:47:12 AM

mbam-log-2010-09-16 (06-47-12).txt

Scan type: Full scan (C:\|)

Objects scanned: 278394

Time elapsed: 1 hour(s), 37 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{49925391-7057-4107-BDB7-64CA5D991A68}\RP675\A0108934.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49925391-7057-4107-BDB7-64CA5D991A68}\RP675\A0108933.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49925391-7057-4107-BDB7-64CA5D991A68}\RP675\A0108935.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{49925391-7057-4107-BDB7-64CA5D991A68}\RP675\A0109992.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\mcugr.sys (Rootkit.Bubnix) -> Delete on reboot.

I tried to do both of those other things you told me (OTL scan and RKUnhooker), but OTL would not complete a scan. I tried it three times (as per your directions), but after about 30sec the program would freeze and at the bottom of the program window would say "scanning driver - zifowyyrlwub7". I would then have to close the window.

Here is the scan produced by the other program...

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2150400 bytes

0x804D7000 RAW 2150400 bytes

0x804D7000 WMIxWDM 2150400 bytes

0xBF186000 C:\WINDOWS\System32\igxpdx32.DLL 2097152 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xBF049000 C:\WINDOWS\System32\igxpdv32.DLL 1298432 bytes (Intel Corporation, Component GHAL Driver)

0xF66C7000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1150976 bytes (Agere Systems, SoftModem Device Driver)

0xAA635000 C:\WINDOWS\system32\drivers\sthda.sys 1126400 bytes (SigmaTel, Inc., NDRC)

0xF6840000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 1097728 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xF746D000 PCI_PNP6622 1048576 bytes

0xF746D000 sptd 1048576 bytes

0xF746D000 spya.sys 1048576 bytes

0xF7354000 mcugr.sys 794624 bytes

0xF7234000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xA9D3E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF65E2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xA92C0000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xA9367000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xA9DFB000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)

0xF7427000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xA93A8000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF7207000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xA8E02000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xA9DAE000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF667C000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)

0xF6804000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xA9E33000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xBF022000 C:\WINDOWS\System32\igxpgd32.dll 159744 bytes (Intel Corporation, Intel Graphics 2D Driver)

0xA8E7D000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xAA611000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF67E0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF66A4000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xA9DD9000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E4000 ACPI_HAL 134400 bytes

0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF72FD000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7335000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF71ED000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF731D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF7455000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xF72D4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF6651000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xA9B48000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)

0xA9A1B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF6668000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xF682C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xAA586000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xF72C1000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF72EB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF7416000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF6640000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xA8EA1000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)

0xF787E000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF694C000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xBF012000 C:\WINDOWS\System32\igxprd32.dll 65536 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)

0xF78DE000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)

0xF696C000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF777E000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF76EE000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xF69AC000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF77BE000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xA9EBB000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)

0xF76AE000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF697C000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF76FE000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF768E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF771E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF784E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF695C000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF767E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF770E000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF766E000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF774E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF76BE000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF773E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF769E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF77FE000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF698C000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF782E000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)

0xF772E000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF783E000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xA8FED000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF79CE000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xF7A2E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF79C6000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7A3E000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF78EE000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF795E000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xF79D6000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF79F6000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF7A6E000 C:\WINDOWS\System32\Drivers\StarOpen.SYS 24576 bytes

0xF79BE000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF7A1E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7A26000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF78F6000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF79E6000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF79EE000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF79DE000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7906000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xA9CFE000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0xF704E000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA9B7A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF719C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF7A7E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF71B4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF7198000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)

0xF7B26000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xF7B4A000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF705A000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF7B1E000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF71A4000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0xF7B98000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7B96000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7B6E000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7B9A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7BD4000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xF7B9C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7B90000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7B8E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7B70000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7D38000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7D8D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7C65000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7C36000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x86FD81F8 unknown_irp_handler 3592 bytes

0x861491F8 unknown_irp_handler 3592 bytes

0x85F6D1F8 unknown_irp_handler 3592 bytes

0x86D0E1F8 unknown_irp_handler 3592 bytes

0x86F6B1F8 unknown_irp_handler 3592 bytes

0x862EE1F8 unknown_irp_handler 3592 bytes

0x862DE1F8 unknown_irp_handler 3592 bytes

0x862CB1F8 unknown_irp_handler 3592 bytes

0x863FE500 unknown_irp_handler 2816 bytes

0x86D6A500 unknown_irp_handler 2816 bytes

0x86D61500 unknown_irp_handler 2816 bytes

!!!!!!!!!!!Hidden driver: 0x86302AEA ?_empty_? 1302 bytes

0x86FA7E60 unknown_irp_handler 416 bytes

0x86302EC5 unknown_irp_handler 315 bytes

!!!!!!!!!!!Hidden driver: 0x86AFFB20 ?_empty_? 0 bytes

==============================================

>Stealth

==============================================

0xF731D000 WARNING: suspicious driver modification [atapi.sys::0x86302AEA]

WARNING: Virus alike driver modification [bthpan.sys]

WARNING: Virus alike driver modification [sffp_mmc.sys]

WARNING: Virus alike driver modification [hsfdpsp2.sys]

WARNING: Virus alike driver modification [atinrvxx.sys]

WARNING: Virus alike driver modification [mup.sys]

WARNING: Virus alike driver modification [sscdmdfl.sys]

WARNING: Virus alike driver modification [ndisip.sys]

WARNING: Virus alike driver modification [sffp_sd.sys]

WARNING: Virus alike driver modification [slip.sys]

WARNING: Virus alike driver modification [sscdwh.sys]

WARNING: Virus alike driver modification [sscdwhnt.sys]

WARNING: Virus alike driver modification [irenum.sys]

WARNING: Virus alike driver modification [wadv08nt.sys]

WARNING: Virus alike driver modification [ati1mdxx.sys]

WARNING: Virus alike driver modification [acpiec.sys]

WARNING: Virus alike driver modification [cpqdap01.sys]

WARNING: Virus alike driver modification [wadv07nt.sys]

WARNING: Virus alike driver modification [mdmxsdk.sys]

WARNING: Virus alike driver modification [wadv09nt.sys]

WARNING: Virus alike driver modification [sscdcm.sys]

WARNING: Virus alike driver modification [sscdcmnt.sys]

WARNING: Virus alike driver modification [sffdisk.sys]

WARNING: Virus alike driver modification [ianswxp.sys]

WARNING: Virus alike driver modification [wadv11nt.sys]

WARNING: Virus alike driver modification [pcmcia.sys]

WARNING: Virus alike driver modification [nikedrv.sys]

WARNING: Virus alike driver modification [rio8drv.sys]

WARNING: Virus alike driver modification [riodrv.sys]

WARNING: Virus alike driver modification [ws2ifsl.sys]

WARNING: Virus alike driver modification [tdpipe.sys]

WARNING: Virus alike driver modification [ati1pdxx.sys]

WARNING: Virus alike driver modification [LVUSBSta.sys]

WARNING: Virus alike driver modification [fsvga.sys]

WARNING: Virus alike driver modification [usbvideo.sys]

WARNING: Virus alike driver modification [tunmp.sys]

WARNING: Virus alike driver modification [nwlnkflt.sys]

WARNING: Virus alike driver modification [ftdisk.sys]

WARNING: Virus alike driver modification [mtlmnt5.sys]

WARNING: Virus alike driver modification [mutohpen.sys]

WARNING: Virus alike driver modification [usb8023.sys]

WARNING: Virus alike driver modification [usb8023x.sys]

WARNING: Virus alike driver modification [slnt7554.sys]

WARNING: Virus alike driver modification [fltmgr.sys]

WARNING: Virus alike driver modification [mtlstrm.sys]

WARNING: Virus alike driver modification [slwdmsup.sys]

WARNING: Virus alike driver modification [recagent.sys]

WARNING: Virus alike driver modification [sscdmdm.sys]

WARNING: Virus alike driver modification [atinmdxx.sys]

WARNING: Virus alike driver modification [atinttxx.sys]

WARNING: Virus alike driver modification [cbidf2k.sys]

WARNING: Virus alike driver modification [rdpwd.sys]

WARNING: Virus alike driver modification [diskdump.sys]

WARNING: Virus alike driver modification [wacompen.sys]

WARNING: Virus alike driver modification [asyncmac.sys]

WARNING: Virus alike driver modification [atinpdxx.sys]

WARNING: Virus alike driver modification [smclib.sys]

WARNING: Virus alike driver modification [Hdaudio.sys]

WARNING: Virus alike driver modification [tape.sys]

WARNING: Virus alike driver modification [usbscan.sys]

WARNING: Virus alike driver modification [streamip.sys]

WARNING: Virus alike driver modification [dmio.sys]

WARNING: Virus alike driver modification [usbintel.sys]

WARNING: Virus alike driver modification [s3gnbm.sys]

WARNING: Virus alike driver modification [bthenum.sys]

WARNING: Virus alike driver modification [ccdecode.sys]

WARNING: Virus alike driver modification [ntmtlfax.sys]

WARNING: Virus alike driver modification [ndis.sys]

WARNING: Virus alike driver modification [acpi.sys]

WARNING: Virus alike driver modification [bthusb.sys]

WARNING: Virus alike driver modification [nv4_mini.sys]

WARNING: Virus alike driver modification [hidir.sys]

WARNING: Virus alike driver modification [wstcodec.sys]

WARNING: Virus alike driver modification [rdpdr.sys]

WARNING: Virus alike driver modification [partmgr.sys]

WARNING: Virus alike driver modification [rmcast.sys]

WARNING: Virus alike driver modification [secdrv.sys]

WARNING: Virus alike driver modification [ipinip.sys]

WARNING: Virus alike driver modification [ati1ttxx.sys]

WARNING: Virus alike driver modification [tsbvcap.sys]

WARNING: Virus alike driver modification [tdtcp.sys]

WARNING: Virus alike driver modification [hsfbs2s2.sys]

WARNING: Virus alike driver modification [watv06nt.sys]

WARNING: Virus alike driver modification [iqvw32.sys]

WARNING: Virus alike driver modification [pciidex.sys]

WARNING: Virus alike driver modification [sonydcam.sys]

WARNING: Virus alike driver modification [watv10nt.sys]

WARNING: Virus alike driver modification [hidbth.sys]

WARNING: Virus alike driver modification [usbcamd.sys]

WARNING: Virus alike driver modification [usbcamd2.sys]

WARNING: Virus alike driver modification [usbprint.sys]

WARNING: Virus alike driver modification [cinemst2.sys]

WARNING: Virus alike driver modification [ati1snxx.sys]

WARNING: Virus alike driver modification [bthport.sys]

WARNING: Virus alike driver modification [atinsnxx.sys]

WARNING: Virus alike driver modification [ati1xbxx.sys]

WARNING: Virus alike driver modification [rndismp.sys]

WARNING: Virus alike driver modification [rndismpx.sys]

WARNING: Virus alike driver modification [ati1raxx.sys]

WARNING: Virus alike driver modification [atmepvc.sys]

WARNING: Virus alike driver modification [atinxbxx.sys]

WARNING: Virus alike driver modification [usbccgp.sys]

WARNING: Virus alike driver modification [nwlnkfwd.sys]

WARNING: Virus alike driver modification [ati2mtaa.sys]

WARNING: Virus alike driver modification [rawwan.sys]

WARNING: Virus alike driver modification [ati1xsxx.sys]

WARNING: Virus alike driver modification [atmuni.sys]

WARNING: Virus alike driver modification [processr.sys]

WARNING: Virus alike driver modification [disk.sys]

WARNING: Virus alike driver modification [ati1tuxx.sys]

WARNING: Virus alike driver modification [bthprint.sys]

WARNING: Virus alike driver modification [ip6fw.sys]

WARNING: Virus alike driver modification [crusoe.sys]

WARNING: Virus alike driver modification [isapnp.sys]

WARNING: Virus alike driver modification [amdk6.sys]

WARNING: Virus alike driver modification [amdk7.sys]

WARNING: Virus alike driver modification [bthmodem.sys]

WARNING: Virus alike driver modification [wpdusb.sys]

WARNING: Virus alike driver modification [nmnt.sys]

WARNING: Virus alike driver modification [slntamr.sys]

WARNING: Virus alike driver modification [sisagp.sys]

WARNING: Virus alike driver modification [viaagp.sys]

WARNING: Virus alike driver modification [agp440.sys]

WARNING: Virus alike driver modification [mountmgr.sys]

WARNING: Virus alike driver modification [alim1541.sys]

WARNING: Virus alike driver modification [p3.sys]

WARNING: Virus alike driver modification [amdagp.sys]

WARNING: Virus alike driver modification [uagp35.sys]

WARNING: Virus alike driver modification [agpcpq.sys]

WARNING: Virus alike driver modification [mtxparhm.sys]

WARNING: Virus alike driver modification [gagp30kx.sys]

WARNING: Virus alike driver modification [lvcm.sys]

WARNING: Virus alike driver modification [pcouffin.sys]

WARNING: Virus alike driver modification [classpnp.sys]

WARNING: Virus alike driver modification [mspqm.sys]

WARNING: Virus alike driver modification [tosdvd.sys]

WARNING: Virus alike driver modification [atinraxx.sys]

WARNING: Virus alike driver modification [volsnap.sys]

WARNING: Virus alike driver modification [mspclock.sys]

WARNING: Virus alike driver modification [mstee.sys]

WARNING: Virus alike driver modification [atmlane.sys]

WARNING: Virus alike driver modification [nwlnkspx.sys]

WARNING: Virus alike driver modification [ati1btxx.sys]

WARNING: Virus alike driver modification [ntfs.sys]

WARNING: Virus alike driver modification [z520bus.sys]

WARNING: Virus alike driver modification [atinbtxx.sys]

WARNING: Virus alike driver modification [ss_wh.sys]

WARNING: Virus alike driver modification [ss_whnt.sys]

WARNING: Virus alike driver modification [w810wh.sys]

WARNING: Virus alike driver modification [w810whnt.sys]

WARNING: Virus alike driver modification [z520wh.sys]

WARNING: Virus alike driver modification [z520whnt.sys]

WARNING: Virus alike driver modification [vdmindvd.sys]

WARNING: Virus alike driver modification [w810bus.sys]

WARNING: Virus alike driver modification [ss_bus.sys]

WARNING: Virus alike driver modification [dmload.sys]

WARNING: Virus alike driver modification [rootmdm.sys]

WARNING: Virus alike driver modification [smbali.sys]

WARNING: Virus alike driver modification [rfcomm.sys]

WARNING: Virus alike driver modification [atmarpc.sys]

WARNING: Virus alike driver modification [usbaudio.sys]

WARNING: Virus alike driver modification [arp1394.sys]

WARNING: Virus alike driver modification [ss_cm.sys]

WARNING: Virus alike driver modification [ss_cmnt.sys]

WARNING: Virus alike driver modification [w810cm.sys]

WARNING: Virus alike driver modification [w810cmnt.sys]

WARNING: Virus alike driver modification [z520cm.sys]

WARNING: Virus alike driver modification [z520cmnt.sys]

WARNING: Virus alike driver modification [nic1394.sys]

WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]

WARNING: Virus alike driver modification [nwlnknb.sys]

WARNING: Virus alike driver modification [atinxsxx.sys]

WARNING: Virus alike driver modification [ati1rvxx.sys]

WARNING: Virus alike driver modification [mf.sys]

WARNING: Virus alike driver modification [udfs.sys]

WARNING: Virus alike driver modification [pci.sys]

WARNING: Virus alike driver modification [hsfcxts2.sys]

WARNING: Virus alike driver modification [ati2mtag.sys]

WARNING: Virus alike driver modification [bridge.sys]

WARNING: Virus alike driver modification [atintuxx.sys]

WARNING: Virus alike driver modification [sr.sys]

WARNING: Virus alike driver modification [mskssrv.sys]

WARNING: Virus alike driver modification [sONYPVU1.SYS]

WARNING: Virus alike driver modification [mcd.sys]

WARNING: File locked for read access [C:\WINDOWS\system32\drivers\mcugr.sys]

WARNING: Virus alike driver modification [WudfPf.sys]

0xAA586000 WARNING: Virus alike driver modification [ipsec.sys], 77824 bytes

WARNING: Virus alike driver modification [sdbus.sys]

WARNING: Virus alike driver modification [dmboot.sys]

WARNING: Virus alike driver modification [sscdbus.sys]

WARNING: Virus alike driver modification [z520obex.sys]

WARNING: Virus alike driver modification [WudfRd.sys]

WARNING: Virus alike driver modification [ss_mdfl.sys]

WARNING: Virus alike driver modification [w810obex.sys]

WARNING: Virus alike driver modification [w810mdfl.sys]

WARNING: Virus alike driver modification [z520mdfl.sys]

WARNING: Virus alike driver modification [z520mgmt.sys]

WARNING: Virus alike driver modification [nabtsfec.sys]

WARNING: Virus alike driver modification [w810mgmt.sys]

WARNING: Virus alike driver modification [nwlnkipx.sys]

WARNING: Virus alike driver modification [cdr4_xp.sys]

WARNING: Virus alike driver modification [z520mdm.sys]

WARNING: Virus alike driver modification [ss_mdm.sys]

WARNING: Virus alike driver modification [w810mdm.sys]

WARNING: Virus alike driver modification [slnthal.sys]

WARNING: Virus alike driver modification [scsiport.sys]

Thanks!

Link to post
Share on other sites

Hi, you have a nasty rootkit on board. Before starting to clean it, please read the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

I just attempted to use combo fix, an error message popped up (simply a grey box that said "error"), then my PC immediately shut down. Upon restart, windows loaded up and I was returned to my desktop. The start menu along the bottom did not appear, and there is a blue window on my screen that says "C:/" in the upper left corner, and on the main part says "Please wait. ComboFix is preparing to run.", with a blinking cursor underneath that. It has been sitting there for close to 5 minutes and has not done anything. What should I do?

Link to post
Share on other sites

I just attempted to use combo fix, an error message popped up (simply a grey box that said "error"), then my PC immediately shut down. Upon restart, windows loaded up and I was returned to my desktop. The start menu along the bottom did not appear, and there is a blue window on my screen that says "C:/" in the upper left corner, and on the main part says "Please wait. ComboFix is preparing to run.", with a blinking cursor underneath that. It has been sitting there for close to 5 minutes and has not done anything. What should I do?

Ok, if finally attempted to create a system restore point, and I believe it did. Now I see the popup saying I don't have the microsoft winddows recovery console, and since my internet connection is not working on that PC, I cannot download it. What now? I just googled it and the microsoft website says I can install in using the XP cd-rom, and gave directions. Should I do this?

Link to post
Share on other sites

I clicked not to attempt install (as I'm not connected to the internet), and combofix began to do a scan. After the scan, a popup appeared and said "Presence of rootkit activity", and told me to write down this information..

Service-Tcpip

File-C:\WINDOWS\System32\Drivers\tcpip.sys

It then prompted me to reboot, which it did on its own, but when it restarted I was taken to the screen to select Safe Mode, Safe Mode with networking, etc. I first chose Last known good configuration, and the system froze. I then tried Start windows normally, froze again. I have since chosen Safe Mode, and the screen freezes on this menu again. Is my computer toast? Is there anyway I can get back on there and copy my important files onto an external hard drive??

Link to post
Share on other sites

Don't worry, there are quite a few ways to recover your system, especially since you have provided me with the message combofix gave you :)

Please let me know if you have an XP CD at hand. If not, it is no problem, but I need to know this in order to decide how we are going to do the fix.

Link to post
Share on other sites

Don't worry, there are quite a few ways to recover your system, especially since you have provided me with the message combofix gave you :)

Please let me know if you have an XP CD at hand. If not, it is no problem, but I need to know this in order to decide how we are going to do the fix.

Yes, I have the XP CD sitting right in front of me. However, my computer won't reboot to windows at all. I select safemode, and it starts loading drivers, then freezes on "\WINDOWS\System32\DRIVERS\isapnp.sys", then I have to manually turn the computer off and restart. I pushed F8 and am now in the advanced options menu, with more options on how to open windows. I will leave it on this screen until you tell me otherwise.

Thank you so much, you are helping me a lot! If this gets fixed, I will gladly make a paypal donation to you (that is if i don't get my bank account hacked :) haha)

Link to post
Share on other sites

In that case, lets make a bootable CD that will allow us to run OTL so we can easily see and fix the problem.

Let's try to boot your computer using a Boot CD.

Please print this guide for future reference!

You will need a blank CD, your Windows XP install disc, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. Please tell me what error messages you got and/or what steps you got hung up on.

1. Download the PE Builder to your desktop

http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe

  • Double-Click on the PE Builder that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.

2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive

  • Double-Click on PE Builder.exe located on your desktop.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
      • Source:(path to Windows installation files)
        • Enter the path to the drive where your XP CD is located.
        • You can click on the "..." button on the right to navigate to the path as well.

        [*]Custom: (include files and folders from this directory)

        • No information is necessary, leave blank.

        [*]Output:

        • Keep the default

    • Media output
      • Choose Create ISO image

      • Do not choose Burn to CD/DVD
        • Download the RunScanner plugin and save it to your desktop

        http://www.paraglidernc.com/Files/RunScanner10025.cab

        Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner <--- Important!!!

        • Press the Plugin button on the PE Builder interface
        • Press the Add button and navigate to the location of the RunScanner plugin to install
        • Please note: If you are using a Windows XP disc with sp2 then highlight RpsSS needs to launch DComLaunch and then press Enable

        [*]When your done press Close and the PE Builder interface will re-appear

    3. Click on the "Build" button

    • You will see the Windows EULA message. Click on I Agree
    • You will now see the Build Screen. Let it run it's course
    • When the Build is finished you can click close, then exit

    4. Burn your ISO file to CD

    ==========

    Next........

    From your clean computer..

    Please download OTLPE.zip and save it to a flash drive.

    http://oldtimer.geekstogo.com/OTLPE.zip

    http://www.itxassociates.com/OT-Tools/OTLPE.zip

    Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

    ==========

    Plug your flash drive into your sick computer now and do as instructed below..

    ==========

    1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created

    • Insert the CD in to one of your CD/DVD drives.
    • Restart your computer.
      • The computer should choose to boot from the CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.

      [*]Once the desktop appears, you will receive a message asking: Do you want to start Network support?

      • Click on No

      [*]After it loads press the Go button in the lower left and do this....

      • Go
      • System
      • Display
      • Screen Resolution
      • 1024x768

      Next choose....

      • Go
      • Programs
      • A43 File Management Utility

    ==========

    In A43File Management you should see your flash drive

    Navigate to the OTLPE folder that you saved to your flash drive.

    Open the OTLPE folder and double click Start.bat.

    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTLPE should now start
      Change the following settings
      • Change Services, Drivers, Standard and Extra Registry to Use Safelist
      • Uncheck LOP and Purity check

      Please note: Stay with your computer during the course of the scan. If "Entry Point Errors" are encountered simply press "ok" and allow the program to continue. <-- Important!!

      [*]Push runscanbutton.png

      [*]A report will open named "OTL.tx"t and another will be minimized to the system tray named "Extra.txt". Save both log's to your flash drive. Copy and Paste them in your next reply.

Link to post
Share on other sites

The only other computer I have access to at this time is a macbook. Am I correct to assume that none of this will work on there, and that I will need to use a PC?

Is it possible that if I keep messing with my computer, I can eventually get it to open windows again so I can copy all of my photos and such so I can save them to an external HD? At this point I'm pretty much sold on trashing the PC and just getting a new laptop instead.

Thanks!

Link to post
Share on other sites

In that case, please try the following:

  • Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.

    [*]Your PC should now boot from your XP-CD.

    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

    [*]When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

    [*]When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

    [*]A command prompt will open

Type the following lines and press enter after each line.

cd system32\drivers

copy c:\windows\servicepackfiles\i386\tcpip.sys tcpip.sys

If you are asked to overwrite, choose Yes.

exit

Your computer will now reboot; let me know if it starts normally.

Link to post
Share on other sites

I just did everything as you said, it worked, but once it rebooted it took me back to the black screen where you choose safemode, last known good configuration, etc. I selected start windows normally, and it froze on that screen. Even the countdown clock at the bottom (that will restart windows normally unless you select another option) freezes. I'm in the process of retrying it, and will let the clock run down and see if it reboots on its own.

Link to post
Share on other sites

Try also the following commands:

cd system32\drivers

copy c:\windows\servicepackfiles\i386\ipsec.sys ipsec.sys

If you are asked to overwrite, choose Yes.

exit

If that still results in a crash, reboot in the recovery console, type fixmbr and press enter.

Confirm and when done type EXIT and press enter to reboot.

And no worries, these steps are the most obvious so far, but that doesn't mean we don't have any other tricks up our sleeve. :)

Link to post
Share on other sites

Unless you are using drive encryption, you can continue.

The worst thing that can happen at this point is that a recovery partition (if you have one) can become inaccessible, which is recoverable, or that a dual boot gets messed up (also recoverable).

As long as you have just one OS installed, you should be fine.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.