[RESOLVED] Internet Connection is Dialing Itself

Printable View

Show 40 post(s) from this thread on one page

July 3rd, 2011, 09:20 PM
Broni

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
https://discussions.virtualdr.com/

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
https://discussions.virtualdr.com/

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
July 3rd, 2011, 10:43 PM
davidgsmith

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-07-03 21:37:13
-----------------------------
21:37:13.109 OS Version: Windows 5.1.2600 Service Pack 3
21:37:13.109 Number of processors: 1 586 0x304
21:37:13.109 ComputerName: COMPUTER1 UserName: Dave
21:37:13.718 Initialize success
21:44:25.078 AVAST engine defs: 11070301
21:55:37.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:55:37.078 Disk 0 Vendor: WDC_WD800EB-00DJF0 77.07W77 Size: 76319MB BusType: 3
21:55:39.078 Disk 0 MBR read successfully
21:55:39.078 Disk 0 MBR scan
21:55:39.078 Disk 0 Windows XP default MBR code
21:55:41.078 Disk 0 scanning sectors +156280320
21:55:41.093 Disk 0 scanning C:\WINDOWS\system32\drivers
21:56:01.875 Service scanning
21:56:02.734 Disk 0 trace - called modules:
21:56:02.734 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
21:56:02.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863a0ab8]
21:56:02.734 3 CLASSPNP.SYS[f74d7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x863cdd98]
21:56:03.234 AVAST engine scan C:\WINDOWS
22:34:02.281 File: C:\WINDOWS\system32\t5ql.dll **INFECTED** Win32:Malware-gen
22:36:30.750 AVAST engine scan C:\Documents and Settings\Dave
22:40:42.468 AVAST engine scan C:\Documents and Settings\All Users
22:42:05.375 Scan finished successfully
22:42:18.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dave\Desktop\MBR.dat"
22:42:18.750 The log file has been saved successfully to "C:\Documents and Settings\Dave\Desktop\aswMBR.txt"
July 3rd, 2011, 10:52 PM
Broni

MBR seems to be fine, but let's reset it.

Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

(If it asks you if you are sure then say "Y".)

exit

Reboot computer.

Post fresh aswMBR log.
July 3rd, 2011, 11:04 PM
davidgsmith

Tomorrow
Later :)
July 3rd, 2011, 11:17 PM
Broni

OK...
July 4th, 2011, 07:53 AM
davidgsmith

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-07-04 06:11:49
-----------------------------
06:11:49.765 OS Version: Windows 5.1.2600 Service Pack 3
06:11:49.765 Number of processors: 1 586 0x304
06:11:49.765 ComputerName: COMPUTER1 UserName: Dave
06:11:51.218 Initialize success
06:12:03.937 AVAST engine defs: 11070301
06:12:07.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:12:07.125 Disk 0 Vendor: WDC_WD800EB-00DJF0 77.07W77 Size: 76319MB BusType: 3
06:12:09.125 Disk 0 MBR read successfully
06:12:09.125 Disk 0 MBR scan
06:12:09.125 Disk 0 Windows XP default MBR code
06:12:11.125 Disk 0 scanning sectors +156280320
06:12:11.140 Disk 0 scanning C:\WINDOWS\system32\drivers
06:12:31.781 Service scanning
06:12:32.812 Disk 0 trace - called modules:
06:12:32.828 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
06:12:32.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86388ab8]
06:12:32.828 3 CLASSPNP.SYS[f74d7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86369b00]
06:12:33.265 AVAST engine scan C:\WINDOWS
06:51:49.828 File: C:\WINDOWS\system32\t5ql.dll **INFECTED** Win32:Malware-gen
06:54:11.125 AVAST engine scan C:\Documents and Settings\Dave
06:59:44.359 AVAST engine scan C:\Documents and Settings\All Users
07:01:02.734 Scan finished successfully
07:50:24.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dave\Desktop\MBR.dat"
07:50:24.796 The log file has been saved successfully to "C:\Documents and Settings\Dave\Desktop\aswMBR.txt"

note: when I ran fixmbr I got a warning that my mbr had some inconsistencies in it. I forget the exact verbage.
July 4th, 2011, 09:18 AM
davidgsmith

Broni,
I am beginning to back-up all my data, and make sure I have all necessary drivers I will need to reinstall. :rolleyes:

You have tried very hard to get to the bottom of this problem, but it seems we're not getting anywhere. If you do not see a definitive and effective route to get rid of these trojans, then I suggest we throw in the towel and I will reload. It's almost to the point where in the time spent so far on this I'd almost be done reloading.

I admire your dedication to my and other peoples problems.:)
Thank you,
Dave
July 4th, 2011, 12:16 PM
Broni

OK, give me fresh GMER log.

Show 40 post(s) from this thread on one page