Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix and now I can't connect to the Internet


  • This topic is locked This topic is locked
12 replies to this topic

#1 Lionheartjf

Lionheartjf

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 29 November 2011 - 10:35 PM

Based on a posting I saw at Yahoo Answers, I ran Combofix to get rid of the ping.exe virus that had infected my computer. I assumed that the disclaimers were pretty standard and didn't expect to have the negative effects on my computer that I'm now having. This has turned out to be a HUGE mistake on my part and I wish I had come here first instead of relying on the Yahoo Answers solution without researching further.

Since running Combofix, I've been unable to connect to the internet. My network connection says it has "limited or no connectivity" and I've tried a number of things posted in other forums in an attempt to fix the IP issue that I'm having. I've tried to do the following:


Rebooted
Repaired the network connection (Can't renew the IP address)
Made sure the following boxes were checked: Elect "Obtain IP address automatically" and "Obtain DNS automatically" on the TCP/IP Properties.
Unplugged the modem and router
Connected the computer directly to the modem
System Restore to a restore point before I ran Combofix
Ran LSPFix
Ran the following commands:

ipconfig /release
ipconfig /renew
(I ran some others related to ipconfig and winsock but can't remember them all now)



I'm at my wit's end and need some help. Here is the DDS and GMER logs. I've attached the DDS attach.txt file as well.

Thanks in advance for your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Jason Fauss at 14:52:59 on 2011-11-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1823 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\LexisNexis\PMCommonAPI\PMCommonAPI.exe
C:\Program Files\LexisNexis\Mobility\LexisNexis.PM.Mobility.AccessModule.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PCLAW\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Notice Me\NoticeMe.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\Jason Fauss\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\EZ-Filing\ezfiling.exe
C:\Program Files\EZ-Filing\ezframe.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\HTC\HTC Sync\Sync Manager\syncindicator.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\LexisNexis\PCLaw\PCLAW32.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://privateaccess.rejis.org/Citrix/XenApp/auth/preLoginMessage.aspx
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DeskBandHelper Class: {9e0b5480-4ff0-4fee-818b-d4db0f220d64} - c:\program files\lexisnexis\pclaw\plietool.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: PCLaw Web Timer: {0e1230f8-ea50-42a9-983c-d22abc2eed4b} - c:\program files\lexisnexis\pclaw\plietool.dll
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [NoticeMe] c:\program files\notice me\NoticeMe.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jasonf~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jason fauss\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\jasonf~1\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer3\HDDCameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {91d9cee5-3906-40f7-b51a-9b013b59c826} - {836ece4e-a83a-404a-9433-6b15a66cb0fc} - c:\program files\lexisnexis\pclaw\plietool.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {9d2169e0-0775-4080-9b4e-90fce9945b4a} - {2741ca04-5b65-4b10-afc0-4e8387fe6bde} - c:\program files\lexisnexis\pclaw\plietool.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: PLLiveUpWeb - hxxp://support.pclaw.com/PLLiveUpWeb.CAB
DPF: PLLiveUpWeb2 - hxxp://support.pclaw.com/PLLiveUpWeb2.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282429334907
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jason fauss\application data\mozilla\firefox\profiles\3bp0c2pe.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 CLDTVHNService;CLDTVHNService;c:\program files\directv\directv\kernel\dmp\CLDTVHNService.exe [2009-9-17 75048]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-20 136176]
R2 LexisNexis Practice Management Common API;LexisNexis Practice Management Common API;c:\program files\lexisnexis\pmcommonapi\PMCommonAPI.exe [2011-5-27 12104]
R2 LNPM_Mobility_DataService;LexisNexis Practice Management Mobility Data Service;c:\program files\lexisnexis\mobility\LexisNexis.PM.Mobility.AccessModule.exe [2011-5-27 89464]
R2 MSSQL$PCLAW;MSSQL$PCLAW;c:\program files\microsoft sql server\mssql$pclaw\binn\sqlservr.exe -spclaw --> c:\program files\microsoft sql server\mssql$pclaw\binn\sqlservr.exe -sPCLAW [?]
R2 ntk_dtv;ntk_dtv;c:\program files\directv\directv\kernel\dmp\ntk_dtv.sys [2009-9-17 119792]
R2 PCLaw Link Service;PCLaw Link Service;c:\progra~1\lexisn~1\pclaw\PLSVCLNK.EXE [2010-8-25 78672]
R2 PCLaw Log Service;PCLaw Log Service;c:\progra~1\lexisn~1\pclaw\PLSVCLOG.exe [2010-8-25 1438544]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2010-8-21 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2010-8-21 43480]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2010-8-21 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2010-8-21 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2010-8-21 235200]
S0 cerc6;cerc6; [x]
S1 MpKsl3d8088d8;MpKsl3d8088d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{faad0df1-d444-4971-bbe5-e85a0b7ba96e}\mpksl3d8088d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{faad0df1-d444-4971-bbe5-e85a0b7ba96e}\MpKsl3d8088d8.sys [?]
S1 nxiuyxib;nxiuyxib;\??\c:\windows\system32\drivers\nxiuyxib.sys --> c:\windows\system32\drivers\nxiuyxib.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\jasonf~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\jasonf~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\jasonf~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\jasonf~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-20 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-10-29 24576]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [2002-11-28 39048]
S3 SQLAgent$PCLAW;SQLAgent$PCLAW;c:\program files\microsoft sql server\mssql$pclaw\binn\sqlagent.exe -i pclaw --> c:\program files\microsoft sql server\mssql$pclaw\binn\sqlagent.EXE -i PCLAW [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-29 18:38:43 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a007786d-cb47-4e97-b7f1-250c15dec531}\offreg.dll
2011-11-29 06:37:59 388096 ----a-r- c:\documents and settings\jason fauss\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-29 06:37:59 -------- d-----w- c:\program files\Trend Micro
2011-11-29 05:53:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-29 05:53:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-29 04:28:39 -------- d-----w- C:\RECYCLER(3)
2011-11-29 04:23:27 -------- d-----w- c:\documents and settings\jason fauss\application data\SUPERAntiSpyware.com
2011-11-29 04:23:27 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-29 02:36:44 -------- d-sha-r- C:\cmdcons
2011-11-29 02:34:02 518144 ----a-w- c:\windows\SWREG.exe
2011-11-29 02:34:02 256000 ----a-w- c:\windows\PEV.exe
2011-11-29 02:34:02 208896 ----a-w- c:\windows\MBR.exe
2011-11-29 02:34:01 98816 ----a-w- c:\windows\sed.exe
2011-11-28 06:52:47 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a007786d-cb47-4e97-b7f1-250c15dec531}\mpengine.dll
2011-11-28 06:43:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-28 06:39:04 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-28 04:43:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-28 04:43:10 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-27 14:05:52 -------- d-----w- c:\windows\system32\MpEngineStore
.
==================== Find3M ====================
.
2011-11-18 14:29:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 08:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:54:04.82 ===============







GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-29 16:42:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925042 rev.DE13
Running: rm8iyy5w.exe; Driver: C:\DOCUME~1\JASONF~1\LOCALS~1\Temp\uwkiafoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8167360, 0x377D1D, 0xE8000020]
init C:\WINDOWS\system32\Drivers\OEM13Afx.sys entry point in "init" section [0xAB637310]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2936] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2936] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\00001190 \GLOBAL??\392e573e 86F34880

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 PM

Posted 04 December 2011 - 10:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/429992 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Lionheartjf

Lionheartjf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 05 December 2011 - 11:39 AM

I still can't connect to the internet and haven't tried to do anything in the last week to correct the problem.

Here is the most recent DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Jason Fauss at 23:14:17 on 2011-12-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1507 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\LexisNexis\PMCommonAPI\PMCommonAPI.exe
C:\Program Files\LexisNexis\Mobility\LexisNexis.PM.Mobility.AccessModule.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PCLAW\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Notice Me\NoticeMe.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\Jason Fauss\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\HTC\HTC Sync\Sync Manager\syncindicator.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\EZ-Filing\ezframe.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Evernote\Evernote\Evernote.exe
C:\Program Files\Evernote\Evernote\EvernoteTray.exe
C:\Program Files\LexisNexis\PCLaw\PCLAW32.EXE
c:\program files\itunes\itunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://privateaccess.rejis.org/Citrix/XenApp/auth/preLoginMessage.aspx
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DeskBandHelper Class: {9e0b5480-4ff0-4fee-818b-d4db0f220d64} - c:\program files\lexisnexis\pclaw\plietool.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: PCLaw Web Timer: {0e1230f8-ea50-42a9-983c-d22abc2eed4b} - c:\program files\lexisnexis\pclaw\plietool.dll
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [NoticeMe] c:\program files\notice me\NoticeMe.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jasonf~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jason fauss\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\jasonf~1\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer3\HDDCameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {91d9cee5-3906-40f7-b51a-9b013b59c826} - {836ece4e-a83a-404a-9433-6b15a66cb0fc} - c:\program files\lexisnexis\pclaw\plietool.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {9d2169e0-0775-4080-9b4e-90fce9945b4a} - {2741ca04-5b65-4b10-afc0-4e8387fe6bde} - c:\program files\lexisnexis\pclaw\plietool.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: PLLiveUpWeb - hxxp://support.pclaw.com/PLLiveUpWeb.CAB
DPF: PLLiveUpWeb2 - hxxp://support.pclaw.com/PLLiveUpWeb2.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282429334907
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jason fauss\application data\mozilla\firefox\profiles\3bp0c2pe.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jason fauss\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jason fauss\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\jason fauss\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 CLDTVHNService;CLDTVHNService;c:\program files\directv\directv\kernel\dmp\CLDTVHNService.exe [2009-9-17 75048]
R2 LexisNexis Practice Management Common API;LexisNexis Practice Management Common API;c:\program files\lexisnexis\pmcommonapi\PMCommonAPI.exe [2011-5-27 12104]
R2 LNPM_Mobility_DataService;LexisNexis Practice Management Mobility Data Service;c:\program files\lexisnexis\mobility\LexisNexis.PM.Mobility.AccessModule.exe [2011-5-27 89464]
R2 MSSQL$PCLAW;MSSQL$PCLAW;c:\program files\microsoft sql server\mssql$pclaw\binn\sqlservr.exe -spclaw --> c:\program files\microsoft sql server\mssql$pclaw\binn\sqlservr.exe -sPCLAW [?]
R2 ntk_dtv;ntk_dtv;c:\program files\directv\directv\kernel\dmp\ntk_dtv.sys [2009-9-17 119792]
R2 PCLaw Link Service;PCLaw Link Service;c:\progra~1\lexisn~1\pclaw\PLSVCLNK.EXE [2010-8-25 78672]
R2 PCLaw Log Service;PCLaw Log Service;c:\progra~1\lexisn~1\pclaw\PLSVCLOG.exe [2010-8-25 1438544]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2010-8-21 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2010-8-21 43480]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2010-8-21 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2010-8-21 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2010-8-21 235200]
S0 cerc6;cerc6; [x]
S1 MpKsl3d8088d8;MpKsl3d8088d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{faad0df1-d444-4971-bbe5-e85a0b7ba96e}\mpksl3d8088d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{faad0df1-d444-4971-bbe5-e85a0b7ba96e}\MpKsl3d8088d8.sys [?]
S1 nxiuyxib;nxiuyxib;\??\c:\windows\system32\drivers\nxiuyxib.sys --> c:\windows\system32\drivers\nxiuyxib.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\jasonf~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\jasonf~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\jasonf~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\jasonf~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-20 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-20 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-10-29 24576]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [2002-11-28 39048]
S3 SQLAgent$PCLAW;SQLAgent$PCLAW;c:\program files\microsoft sql server\mssql$pclaw\binn\sqlagent.exe -i pclaw --> c:\program files\microsoft sql server\mssql$pclaw\binn\sqlagent.EXE -i PCLAW [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-01 02:16:20 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a007786d-cb47-4e97-b7f1-250c15dec531}\offreg.dll
2011-11-29 21:27:41 -------- d-----w- C:\ComboFix
2011-11-29 06:37:59 388096 ----a-r- c:\documents and settings\jason fauss\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-29 06:37:59 -------- d-----w- c:\program files\Trend Micro
2011-11-29 05:53:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-29 05:53:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-29 04:23:27 -------- d-----w- c:\documents and settings\jason fauss\application data\SUPERAntiSpyware.com
2011-11-29 04:23:27 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-29 02:36:44 -------- d-sha-r- C:\cmdcons
2011-11-29 02:34:02 518144 ----a-w- c:\windows\SWREG.exe
2011-11-29 02:34:02 256000 ----a-w- c:\windows\PEV.exe
2011-11-29 02:34:02 208896 ----a-w- c:\windows\MBR.exe
2011-11-29 02:34:01 98816 ----a-w- c:\windows\sed.exe
2011-11-28 06:52:47 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a007786d-cb47-4e97-b7f1-250c15dec531}\mpengine.dll
2011-11-28 06:43:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-28 06:39:04 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-28 04:43:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-28 04:43:10 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-27 14:05:52 -------- d-----w- c:\windows\system32\MpEngineStore
.
==================== Find3M ====================
.
2011-11-18 14:29:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 08:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 23:15:01.45 ===============


Here is the most recent GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-05 07:24:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925042 rev.DE13
Running: rm8iyy5w.exe; Driver: C:\DOCUME~1\JASONF~1\LOCALS~1\Temp\uwkiafoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7C6C360, 0x377D1D, 0xE8000020]
init C:\WINDOWS\system32\Drivers\OEM13Afx.sys entry point in "init" section [0xB34B3310]
? C:\DOCUME~1\JASONF~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1432] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1432] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[4556] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[4556] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[6060] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[6060] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\00001336 \GLOBAL??\392e573e 89B99880

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 1060

---- EOF - GMER 1.0.15 ----

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:22 AM

Posted 06 December 2011 - 04:58 PM

Hello Lionheartjf,

Welcome to this forum and apologies for the delay.

When doing step 2 and step 3 please make sure the computer is (preferably wired) connected to internet.

  • Please go to Add/Remove Programs on control panel and uninstall Spybot - Search & Destroy otherwise it interferes with out fixes. Let it remove any file or backup made. You may install it again when we are done.
  • Please download Farbar Service Scanner and run it on the computer with the issue.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List installed programs.
    • List Users, Partitions and Memory size.
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.


#5 Lionheartjf

Lionheartjf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 07 December 2011 - 11:39 AM

FSS:

Farbar Service Scanner
Ran by Jason Fauss (administrator) on 07-12-2011 at 10:34:17
Microsoft Windows XP Service Pack 3 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2008-04-14 06:00] - [2008-10-16 08:43] - 0138496 ____A () 42F9108922FA7E9E62C080C5ABA7F193

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable








MiniToolBox by Farbar
Ran by Jason Fauss (administrator) on 07-12-2011 at 10:35:22
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : jason-abf0638a9

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 00-21-70-CD-76-98



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN

Physical Address. . . . . . . . . : 00-21-5C-86-9A-71

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.52.31

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 21 70 cd 76 98 ...... Realtek PCIe GBE Family Controller
0x10004 ...00 21 5c 86 9a 71 ...... Intel® Wireless WiFi Link 4965AGN
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.52.31 169.254.52.31 20
169.254.52.31 255.255.255.255 127.0.0.1 127.0.0.1 20
169.254.255.255 255.255.255.255 169.254.52.31 169.254.52.31 20
224.0.0.0 240.0.0.0 169.254.52.31 169.254.52.31 20
255.255.255.255 255.255.255.255 169.254.52.31 169.254.52.31 1
255.255.255.255 255.255.255.255 169.254.52.31 10003 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/07/2011 10:34:09 AM) (Source: Application Error) (User: )
Description: Faulting application belkinsetup.exe, version 4.0.5.22963, faulting module msvcr90.dll, version 9.0.30729.5570, fault address 0x0005beae.
Processing media-specific event for [belkinsetup.exe!ws!]

Error: (12/07/2011 10:29:39 AM) (Source: MSSQL$PCLAW) (User: )
Description: Socket(MSAFD Tcpip [TCP/IP]) : Error 10050

Error: (12/07/2011 10:29:37 AM) (Source: LexisNexis Mobility Data Service) (User: )
Description: LexisNexis.PM.Mobility.AccessModule.AccessModule - Unable to load service profile for data service [37108149-dfb2-4add-89b2-ac74f7e29d81]. Verify that the CAPI service is up and available at https://jason-abf0638a9:60000/lnpmapi.

Error: (12/07/2011 10:29:35 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (12/07/2011 10:23:02 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/07/2011 08:53:43 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/06/2011 10:13:35 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/05/2011 10:58:16 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/05/2011 10:28:06 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/05/2011 10:20:11 AM) (Source: Application Error) (User: )
Description: Faulting application belkinsetup.exe, version 4.0.5.22963, faulting module msvcr90.dll, version 9.0.30729.5570, fault address 0x0005beae.
Processing media-specific event for [belkinsetup.exe!ws!]


System errors:
=============
Error: (12/07/2011 10:35:34 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (12/07/2011 10:35:34 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (12/07/2011 10:35:04 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (12/07/2011 10:35:02 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (12/07/2011 10:34:32 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (12/07/2011 10:34:32 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (12/07/2011 10:34:02 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (12/07/2011 10:34:02 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (12/07/2011 10:33:32 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (12/07/2011 10:33:32 AM) (Source: DCOM) (User: Jason Fauss)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (11/01/2011 11:17:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 42938 seconds with 1020 seconds of active time. This session ended with a crash.

Error: (07/17/2011 09:27:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 308119 seconds with 6660 seconds of active time. This session ended with a crash.

Error: (07/09/2011 07:15:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 219758 seconds with 7020 seconds of active time. This session ended with a crash.

Error: (02/04/2011 11:01:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 12857 seconds with 420 seconds of active time. This session ended with a crash.

Error: (01/17/2011 00:37:30 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 321552 seconds with 8580 seconds of active time. This session ended with a crash.

Error: (01/06/2011 01:36:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8134 seconds with 1560 seconds of active time. This session ended with a crash.

Error: (11/10/2010 09:50:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 865 seconds with 180 seconds of active time. This session ended with a crash.

Error: (08/24/2010 02:19:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17490 seconds with 2940 seconds of active time. This session ended with a crash.

Error: (08/23/2010 08:11:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/23/2010 08:10:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.4)
Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.4.6)
Adobe Acrobat 9.4.6 - CPSID_83708
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.2 (Version: 9.2.0)
Advanced Audio FX Engine
Advanced Video FX Engine
AiO_Scan (Version: 50.0.227.000)
AiOSoftware (Version: 47.0.1.000)
Amazon MP3 Downloader 1.0.10
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Belkin Setup and Router Monitor
BitTorrent (Version: 7.2.0)
Bonjour (Version: 2.0.5.0)
Carbonite (Version: 4.0.4 build 806 (Mar-03-2011))
CDDRV_Installer (Version: 4.60)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: 7.1.102.7)
Dell Webcam Center
Dell Webcam Manager
Digital Voice Editor 3 (Version: 3.3.01.11240)
DIRECTV2PC Playback Advisor (Version: 1.0)
DIRECTV2PC™ (Version: 2.0.5717)
Dolphin Futures XPS Viewer version 1.1.0 (Version: 1.1.0)
DVD Architect Studio 5.0 (Version: 5.0.128)
Enterprise (Version: 50.0.227.000)
Evernote v. 4.5.1 (Version: 4.5.1.5432)
EZ-Filing® (Version: 18.0.0.0)
Fax (Version: 47.0.1.000)
Fingerprint Reader Suite 5.6 (Version: 5.6.2.3476)
FlipShare (Version: 5.10.25.0)
Folder Marker v 1.4 (Version: 1.4)
Google Calendar Sync
Google Earth Plug-in (Version: 6.1.0.5001)
Google Talk Plugin (Version: 2.5.8.4958)
Google Update Helper (Version: 1.3.21.79)
HandBrake 0.9.5 (Version: 0.9.5)
HiJackThis (Version: 1.0.0)
HP Extended Capabilities 4.7 (Version: 4.7)
HP Image Zone 4.7 (Version: 4.7)
HP LaserJet P2050 Series 6.0 (Version: 6.0)
HP Product Assistant (Version: 2.0.0.0)
HP Product Detection (Version: 10.7.9.0)
HP PSC & OfficeJet 4.7
HP PSC & Officejet 5.3.B Corporate Edition
hppFonts (Version: 001.001.00061)
HTC Driver Installer (Version: 2.0.7.018)
HTC Sync (Version: 2.0.40)
ImageMixer3 (Version: 3.00.006)
Intel® PROSet/Wireless Software (Version: 11.01.0000)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
KhalInstallWrapper (Version: 2.00.0000)
LAN-Fax Utilities
Laptop Integrated Webcam Driver (1.00.01.0108)
LeapFrog Connect (Version: 2.9.1.11093)
LeapFrog My Pals Plugin (Version: 2.8.7.11034)
LexisNexis PCLaw
Live! Cam Avatar Creator (Version: 4.6.0817.1)
Live! Cam Avatar v1.0 (Version: 1.0)
Logitech Registration (Version: 0.70.206)
Logitech SetPoint (Version: 4.80)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 45.4.158.000)
mCore (Version: 9.24.0000)
mDriver (Version: 9.24.0000)
mDrWiFi (Version: 9.24.0000)
mHlpDell (Version: 9.24.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server Desktop Engine (PCLAW) (Version: 8.00.761)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
mIWA (Version: 9.24.0000)
mLogView (Version: 9.24.0000)
mMHouse (Version: 9.24.0000)
MobileMe Control Panel (Version: 3.1.6.0)
Mobility Access Manager (Version: 11.30.001)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
mPfMgr (Version: 9.24.0000)
mPfWiz (Version: 9.24.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 9.24.0000)
mSSO (Version: 9.24.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 9.24.0000)
mZConfig (Version: 9.24.0000)
Notice Me (Version: 1.00.000)
NVIDIA Drivers
O2Micro Flash Memory Card Reader Driver (x86) (Version: 3.17)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Photo DVD Maker Professional 8.30 (Version: 8.30)
Picasa 3 (Version: 3.8)
PowerDVD (Version: 8.1)
QFolder (Version: 1.00.0000)
QuickSet (Version: 8.3.18)
QuickTime (Version: 7.69.80.9)
Readme (Version: 47.0.1.000)
Realtek High Definition Audio Driver (Version: 5.10.0.5628)
Scan (Version: 5.2.0.0)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.169)
Taskbar Shuffle version 2.5 (Version: 2.5)
The Weather Channel Desktop 6
The Weather Channel Toolbar
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Vegas Movie Studio HD Platinum 10.0 (Version: 10.0.179)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 3070.36 MB
Available physical RAM: 2185.16 MB
Total Pagefile: 4955.41 MB
Available Pagefile: 4090.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.09 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.84 GB) (Free:13.04 GB) NTFS
3 Drive e: () (Removable) (Total:1.95 GB) (Free:1.59 GB) FAT

========================= Users: ========================================

User accounts for \\JASON-ABF0638A9

Administrator ASPNET Guest
HelpAssistant Jason Fauss SUPPORT_388945a0


**** End of log ****

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:22 AM

Posted 07 December 2011 - 11:45 AM

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#7 Lionheartjf

Lionheartjf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 07 December 2011 - 01:21 PM

It did require a reboot after it ran. It listed "cure" for the one thing that popped up and I allowed it to continue. I am now able to access the internet again from this machine!

Here's the log. If you think there are additional things I should do, please let me know but as far as I can tell, the problem has been solved.


12:05:12.0015 3776 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
12:05:12.0031 3776 ============================================================
12:05:12.0031 3776 Current date / time: 2011/12/07 12:05:12.0031
12:05:12.0031 3776 SystemInfo:
12:05:12.0031 3776
12:05:12.0031 3776 OS Version: 5.1.2600 ServicePack: 3.0
12:05:12.0031 3776 Product type: Workstation
12:05:12.0031 3776 ComputerName: JASON-ABF0638A9
12:05:12.0031 3776 UserName: Jason Fauss
12:05:12.0031 3776 Windows directory: C:\WINDOWS
12:05:12.0031 3776 System windows directory: C:\WINDOWS
12:05:12.0031 3776 Processor architecture: Intel x86
12:05:12.0031 3776 Number of processors: 2
12:05:12.0031 3776 Page size: 0x1000
12:05:12.0031 3776 Boot type: Normal boot
12:05:12.0031 3776 ============================================================
12:05:14.0750 3776 Initialize success
12:05:20.0515 5548 ============================================================
12:05:20.0515 5548 Scan started
12:05:20.0515 5548 Mode: Manual;
12:05:20.0515 5548 ============================================================
12:05:22.0500 5548 Abiosdsk - ok
12:05:22.0687 5548 abp480n5 - ok
12:05:22.0984 5548 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:05:22.0984 5548 ACPI - ok
12:05:23.0203 5548 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:05:23.0203 5548 ACPIEC - ok
12:05:23.0250 5548 adpu160m - ok
12:05:23.0312 5548 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:05:23.0328 5548 aec - ok
12:05:23.0390 5548 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:05:23.0390 5548 AegisP - ok
12:05:23.0484 5548 AFD (42f9108922fa7e9e62c080c5aba7f193) C:\WINDOWS\System32\drivers\afd.sys
12:05:23.0484 5548 AFD ( Rootkit.Win32.ZAccess.k ) - infected
12:05:23.0484 5548 AFD - detected Rootkit.Win32.ZAccess.k (0)
12:05:23.0500 5548 AFGMp50 - ok
12:05:23.0546 5548 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
12:05:23.0546 5548 AFGSp50 - ok
12:05:23.0562 5548 Aha154x - ok
12:05:23.0562 5548 aic78u2 - ok
12:05:23.0578 5548 aic78xx - ok
12:05:23.0609 5548 AliIde - ok
12:05:23.0625 5548 amsint - ok
12:05:23.0671 5548 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:05:23.0671 5548 ApfiltrService - ok
12:05:23.0750 5548 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
12:05:23.0750 5548 APPDRV - ok
12:05:23.0859 5548 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:05:23.0859 5548 Arp1394 - ok
12:05:23.0921 5548 asc - ok
12:05:23.0984 5548 asc3350p - ok
12:05:24.0046 5548 asc3550 - ok
12:05:24.0125 5548 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:05:24.0125 5548 AsyncMac - ok
12:05:24.0218 5548 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:05:24.0218 5548 atapi - ok
12:05:24.0281 5548 Atdisk - ok
12:05:24.0328 5548 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:05:24.0328 5548 Atmarpc - ok
12:05:24.0421 5548 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:05:24.0421 5548 audstub - ok
12:05:24.0515 5548 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:05:24.0515 5548 Beep - ok
12:05:24.0687 5548 catchme - ok
12:05:24.0718 5548 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:05:24.0718 5548 cbidf2k - ok
12:05:24.0796 5548 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:05:24.0796 5548 CCDECODE - ok
12:05:24.0875 5548 cd20xrnt - ok
12:05:24.0984 5548 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:05:24.0984 5548 Cdaudio - ok
12:05:25.0093 5548 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:05:25.0093 5548 Cdfs - ok
12:05:25.0156 5548 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:05:25.0156 5548 Cdrom - ok
12:05:25.0218 5548 cerc6 - ok
12:05:25.0281 5548 Changer - ok
12:05:25.0375 5548 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:05:25.0375 5548 CmBatt - ok
12:05:25.0437 5548 CmdIde - ok
12:05:25.0500 5548 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:05:25.0500 5548 Compbatt - ok
12:05:25.0562 5548 Cpqarray - ok
12:05:25.0640 5548 dac2w2k - ok
12:05:25.0640 5548 dac960nt - ok
12:05:25.0718 5548 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:05:25.0718 5548 Disk - ok
12:05:25.0859 5548 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:05:25.0890 5548 dmboot - ok
12:05:25.0906 5548 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:05:25.0906 5548 dmio - ok
12:05:25.0921 5548 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:05:25.0921 5548 dmload - ok
12:05:26.0000 5548 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:05:26.0000 5548 DMusic - ok
12:05:26.0062 5548 dpti2o - ok
12:05:26.0171 5548 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:05:26.0171 5548 drmkaud - ok
12:05:26.0265 5548 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:05:26.0265 5548 Fastfat - ok
12:05:26.0359 5548 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:05:26.0359 5548 Fdc - ok
12:05:26.0468 5548 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:05:26.0468 5548 Fips - ok
12:05:26.0500 5548 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:05:26.0500 5548 Flpydisk - ok
12:05:26.0578 5548 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:05:26.0578 5548 FltMgr - ok
12:05:26.0593 5548 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:05:26.0593 5548 Fs_Rec - ok
12:05:26.0625 5548 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:05:26.0625 5548 Ftdisk - ok
12:05:26.0656 5548 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:05:26.0656 5548 GEARAspiWDM - ok
12:05:26.0750 5548 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:05:26.0750 5548 Gpc - ok
12:05:26.0828 5548 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:05:26.0828 5548 HDAudBus - ok
12:05:26.0921 5548 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:05:26.0921 5548 HidUsb - ok
12:05:26.0984 5548 hpn - ok
12:05:27.0093 5548 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:05:27.0093 5548 HPZid412 - ok
12:05:27.0171 5548 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:05:27.0171 5548 HPZipr12 - ok
12:05:27.0265 5548 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:05:27.0265 5548 HPZius12 - ok
12:05:27.0343 5548 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
12:05:27.0343 5548 HTCAND32 - ok
12:05:27.0453 5548 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:05:27.0468 5548 HTTP - ok
12:05:27.0531 5548 i2omgmt - ok
12:05:27.0609 5548 i2omp - ok
12:05:27.0718 5548 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:05:27.0718 5548 i8042prt - ok
12:05:27.0859 5548 iastor (80c633722da72e97f3f5b3b11325696d) C:\WINDOWS\system32\drivers\iastor.sys
12:05:27.0875 5548 iastor - ok
12:05:27.0921 5548 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\WINDOWS\system32\Drivers\ICDUSB2.sys
12:05:27.0921 5548 ICDUSB2 - ok
12:05:27.0984 5548 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:05:28.0000 5548 Imapi - ok
12:05:28.0046 5548 ini910u - ok
12:05:28.0343 5548 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:05:28.0406 5548 IntcAzAudAddService - ok
12:05:28.0421 5548 IntelIde - ok
12:05:28.0453 5548 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:05:28.0453 5548 intelppm - ok
12:05:28.0468 5548 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:05:28.0484 5548 Ip6Fw - ok
12:05:28.0484 5548 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:05:28.0500 5548 IpFilterDriver - ok
12:05:28.0500 5548 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:05:28.0500 5548 IpInIp - ok
12:05:28.0546 5548 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:05:28.0546 5548 IpNat - ok
12:05:28.0562 5548 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:05:28.0562 5548 IPSec - ok
12:05:28.0609 5548 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:05:28.0609 5548 IRENUM - ok
12:05:28.0625 5548 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:05:28.0625 5548 isapnp - ok
12:05:28.0640 5548 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:05:28.0656 5548 Kbdclass - ok
12:05:28.0687 5548 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:05:28.0687 5548 kbdhid - ok
12:05:28.0718 5548 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:05:28.0718 5548 kmixer - ok
12:05:28.0750 5548 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:05:28.0750 5548 KSecDD - ok
12:05:28.0765 5548 lbrtfdc - ok
12:05:28.0859 5548 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
12:05:28.0859 5548 LHidFilt - ok
12:05:28.0875 5548 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
12:05:28.0875 5548 LMouFilt - ok
12:05:28.0921 5548 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:05:28.0921 5548 mnmdd - ok
12:05:28.0953 5548 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:05:28.0953 5548 Modem - ok
12:05:28.0984 5548 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:05:28.0984 5548 Mouclass - ok
12:05:29.0046 5548 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:05:29.0046 5548 mouhid - ok
12:05:29.0062 5548 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:05:29.0062 5548 MountMgr - ok
12:05:29.0109 5548 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:05:29.0109 5548 MpFilter - ok
12:05:29.0171 5548 MpKsl3d8088d8 - ok
12:05:29.0171 5548 mraid35x - ok
12:05:29.0187 5548 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:05:29.0203 5548 MRxDAV - ok
12:05:29.0265 5548 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:05:29.0296 5548 MRxSmb - ok
12:05:29.0312 5548 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:05:29.0312 5548 Msfs - ok
12:05:29.0359 5548 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:05:29.0359 5548 MSKSSRV - ok
12:05:29.0375 5548 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:05:29.0375 5548 MSPCLOCK - ok
12:05:29.0390 5548 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:05:29.0390 5548 MSPQM - ok
12:05:29.0453 5548 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:05:29.0453 5548 mssmbios - ok
12:05:29.0484 5548 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:05:29.0500 5548 MSTEE - ok
12:05:29.0500 5548 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
12:05:29.0500 5548 Mup - ok
12:05:29.0515 5548 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:05:29.0531 5548 NABTSFEC - ok
12:05:29.0578 5548 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:05:29.0593 5548 NDIS - ok
12:05:29.0640 5548 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:05:29.0640 5548 NdisIP - ok
12:05:29.0687 5548 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:05:29.0703 5548 NdisTapi - ok
12:05:29.0750 5548 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:05:29.0765 5548 Ndisuio - ok
12:05:29.0781 5548 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:05:29.0781 5548 NdisWan - ok
12:05:29.0812 5548 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:05:29.0812 5548 NDProxy - ok
12:05:29.0812 5548 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:05:29.0828 5548 NetBIOS - ok
12:05:29.0843 5548 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:05:29.0843 5548 NetBT - ok
12:05:29.0984 5548 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
12:05:30.0031 5548 NETw4x32 - ok
12:05:30.0109 5548 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:05:30.0109 5548 NIC1394 - ok
12:05:30.0125 5548 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:05:30.0125 5548 Npfs - ok
12:05:30.0156 5548 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:05:30.0187 5548 Ntfs - ok
12:05:30.0234 5548 ntk_dtv (8ad12622c7fa674cb9979e3448ab89c6) C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys
12:05:30.0234 5548 ntk_dtv - ok
12:05:30.0296 5548 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:05:30.0296 5548 Null - ok
12:05:30.0531 5548 nv (e036d93b0e073650cf6cf826cd9e1fbe) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:05:30.0687 5548 nv - ok
12:05:30.0750 5548 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:05:30.0750 5548 NwlnkFlt - ok
12:05:30.0765 5548 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:05:30.0765 5548 NwlnkFwd - ok
12:05:30.0796 5548 nxiuyxib - ok
12:05:30.0859 5548 O2MDRDR (d51942f12090fc947ca8aa01736dade2) C:\WINDOWS\system32\DRIVERS\o2media.sys
12:05:30.0875 5548 O2MDRDR - ok
12:05:30.0875 5548 O2SDRDR (97e494165ce16ea3762114ba64faf332) C:\WINDOWS\system32\DRIVERS\o2sd.sys
12:05:30.0875 5548 O2SDRDR - ok
12:05:30.0906 5548 OEM13Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM13Afx.sys
12:05:30.0906 5548 OEM13Afx - ok
12:05:30.0921 5548 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
12:05:30.0921 5548 OEM13Vfx - ok
12:05:30.0953 5548 OEM13Vid (8d9d3b1b24105796c9b9b1473dec2d70) C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
12:05:30.0953 5548 OEM13Vid - ok
12:05:30.0968 5548 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:05:30.0968 5548 ohci1394 - ok
12:05:31.0031 5548 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:05:31.0046 5548 Parport - ok
12:05:31.0046 5548 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:05:31.0046 5548 PartMgr - ok
12:05:31.0093 5548 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:05:31.0093 5548 ParVdm - ok
12:05:31.0109 5548 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:05:31.0109 5548 PCI - ok
12:05:31.0125 5548 PCIDump - ok
12:05:31.0140 5548 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:05:31.0140 5548 PCIIde - ok
12:05:31.0187 5548 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:05:31.0187 5548 Pcmcia - ok
12:05:31.0218 5548 PDCOMP - ok
12:05:31.0234 5548 PDFRAME - ok
12:05:31.0234 5548 PDRELI - ok
12:05:31.0250 5548 PDRFRAME - ok
12:05:31.0265 5548 perc2 - ok
12:05:31.0265 5548 perc2hib - ok
12:05:31.0296 5548 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:05:31.0296 5548 PptpMiniport - ok
12:05:31.0312 5548 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:05:31.0328 5548 PSched - ok
12:05:31.0390 5548 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:05:31.0390 5548 Ptilink - ok
12:05:31.0421 5548 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:05:31.0421 5548 PxHelp20 - ok
12:05:31.0421 5548 ql1080 - ok
12:05:31.0437 5548 Ql10wnt - ok
12:05:31.0437 5548 ql12160 - ok
12:05:31.0453 5548 ql1240 - ok
12:05:31.0468 5548 ql1280 - ok
12:05:31.0468 5548 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:05:31.0468 5548 RasAcd - ok
12:05:31.0500 5548 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:05:31.0500 5548 Rasl2tp - ok
12:05:31.0531 5548 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:05:31.0531 5548 RasPppoe - ok
12:05:31.0546 5548 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:05:31.0546 5548 Raspti - ok
12:05:31.0562 5548 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:05:31.0578 5548 Rdbss - ok
12:05:31.0578 5548 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:05:31.0578 5548 RDPCDD - ok
12:05:31.0671 5548 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:05:31.0671 5548 rdpdr - ok
12:05:31.0750 5548 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
12:05:31.0750 5548 RDPWD - ok
12:05:31.0796 5548 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:05:31.0796 5548 redbook - ok
12:05:31.0875 5548 RTLE8023xp (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:05:31.0875 5548 RTLE8023xp - ok
12:05:31.0953 5548 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:05:31.0953 5548 s24trans - ok
12:05:32.0015 5548 SASDIFSV - ok
12:05:32.0046 5548 SASKUTIL - ok
12:05:32.0093 5548 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:05:32.0093 5548 sdbus - ok
12:05:32.0093 5548 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:05:32.0093 5548 Secdrv - ok
12:05:32.0156 5548 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:05:32.0156 5548 Serial - ok
12:05:32.0187 5548 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:05:32.0187 5548 Sfloppy - ok
12:05:32.0203 5548 Simbad - ok
12:05:32.0234 5548 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:05:32.0234 5548 SLIP - ok
12:05:32.0250 5548 Sparrow - ok
12:05:32.0296 5548 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:05:32.0296 5548 splitter - ok
12:05:32.0375 5548 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:05:32.0375 5548 sr - ok
12:05:32.0453 5548 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:05:32.0468 5548 Srv - ok
12:05:32.0515 5548 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:05:32.0515 5548 streamip - ok
12:05:32.0515 5548 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:05:32.0515 5548 swenum - ok
12:05:32.0562 5548 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:05:32.0562 5548 swmidi - ok
12:05:32.0578 5548 symc810 - ok
12:05:32.0593 5548 symc8xx - ok
12:05:32.0609 5548 sym_hi - ok
12:05:32.0609 5548 sym_u3 - ok
12:05:32.0656 5548 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:05:32.0671 5548 sysaudio - ok
12:05:32.0734 5548 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:05:32.0734 5548 Tcpip - ok
12:05:32.0796 5548 TcUsb (58e3eb5a5c78740c5870eee6648ccc46) C:\WINDOWS\system32\Drivers\tcusb.sys
12:05:32.0796 5548 TcUsb - ok
12:05:32.0843 5548 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:05:32.0843 5548 TDPIPE - ok
12:05:32.0859 5548 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:05:32.0875 5548 TDTCP - ok
12:05:32.0906 5548 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:05:32.0906 5548 TermDD - ok
12:05:32.0921 5548 TosIde - ok
12:05:32.0968 5548 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:05:32.0984 5548 Udfs - ok
12:05:32.0984 5548 ultra - ok
12:05:33.0046 5548 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:05:33.0046 5548 Update - ok
12:05:33.0109 5548 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:05:33.0109 5548 USBAAPL - ok
12:05:33.0125 5548 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:05:33.0125 5548 usbccgp - ok
12:05:33.0171 5548 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:05:33.0171 5548 usbehci - ok
12:05:33.0187 5548 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:05:33.0187 5548 usbhub - ok
12:05:33.0234 5548 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:05:33.0234 5548 usbprint - ok
12:05:33.0281 5548 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:05:33.0296 5548 usbscan - ok
12:05:33.0343 5548 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:05:33.0343 5548 USBSTOR - ok
12:05:33.0359 5548 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:05:33.0359 5548 usbuhci - ok
12:05:33.0468 5548 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:05:33.0484 5548 usbvideo - ok
12:05:33.0500 5548 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:05:33.0500 5548 VgaSave - ok
12:05:33.0500 5548 ViaIde - ok
12:05:33.0531 5548 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:05:33.0531 5548 VolSnap - ok
12:05:33.0546 5548 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:05:33.0562 5548 Wanarp - ok
12:05:33.0640 5548 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:05:33.0640 5548 Wdf01000 - ok
12:05:33.0656 5548 WDICA - ok
12:05:33.0718 5548 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:05:33.0718 5548 wdmaud - ok
12:05:33.0765 5548 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:05:33.0781 5548 WmiAcpi - ok
12:05:33.0828 5548 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:05:33.0843 5548 WSTCODEC - ok
12:05:33.0890 5548 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:05:33.0890 5548 WudfPf - ok
12:05:33.0906 5548 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:05:33.0906 5548 WudfRd - ok
12:05:33.0968 5548 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:05:34.0062 5548 \Device\Harddisk0\DR0 - ok
12:05:34.0078 5548 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR7
12:05:34.0953 5548 \Device\Harddisk1\DR7 - ok
12:05:34.0953 5548 Boot (0x1200) (700856f8f94c915357fda13919cf6407) \Device\Harddisk0\DR0\Partition0
12:05:34.0953 5548 \Device\Harddisk0\DR0\Partition0 - ok
12:05:34.0968 5548 Boot (0x1200) (42bdc39bb44a42dd4d26ca181da49175) \Device\Harddisk1\DR7\Partition0
12:05:34.0968 5548 \Device\Harddisk1\DR7\Partition0 - ok
12:05:34.0968 5548 ============================================================
12:05:34.0968 5548 Scan finished
12:05:34.0968 5548 ============================================================
12:05:34.0968 5488 Detected object count: 1
12:05:34.0968 5488 Actual detected object count: 1
12:06:32.0312 5488 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
12:06:33.0781 5488 Backup copy found, using it..
12:06:33.0781 5488 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
12:06:35.0625 5488 AFD ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
12:07:12.0234 5828 Deinitialize success

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:22 AM

Posted 07 December 2011 - 01:40 PM

Great. :thumbup2:

  • Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
    • Look for "Java Platform, Standard Edition".
    • Click the "Download JRE" button to the right.
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • From the list, select your OS and Platform (32-bit or 64-bit).
    • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
    • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
    To disable the JQS service if you don't want to use it:
    • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    • Click Ok and reboot your computer.
  • To Clear the Java Runtime Environment (JRE) cache, do this:
    • Click Start > Settings > Control Panel.
    • Double-click the Java icon.
      -The Java Control Panel appears.
    • Click "Settings" under Temporary Internet Files.
      -The Temporary Files Settings dialog box appears.
    • Click "Delete Files".
      -The Delete Temporary Files dialog box appears.
      -There are three options on this window to clear the cache.
    • Make sure all the options are checked.
    • Click "OK" on Delete Temporary Files window.
      -Note: This deletes all the Downloaded Applications and Applets from the cache.
    • Click "OK" on Temporary Files Settings window.
    • Close the Java Control Panel.
    You can also view these instructions along with screenshots here.
  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please tell me how is the computer running now.


#9 Lionheartjf

Lionheartjf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 07 December 2011 - 04:52 PM

I'm not sure which version of Java 7 to download. Which one of these do I choose? I don't see a choice for 32 bit Windows XP.

Product / File Description File Size Download
Linux x86 19.91 MB jre-7u1-linux-i586.rpm
Linux x86 32.19 MB jre-7u1-linux-i586.tar.gz
Linux x64 20.22 MB jre-7u1-linux-x64.rpm
Linux x64 30.85 MB jre-7u1-linux-x64.tar.gz
Solaris x86 34.96 MB jre-7u1-solaris-i586.tar.gz
Solaris SPARC 39.28 MB jre-7u1-solaris-sparc.tar.gz
Solaris SPARC 64-bit 12.01 MB jre-7u1-solaris-sparcv9.tar.gz
Solaris x64 9.05 MB jre-7u1-solaris-x64.tar.gz
Windows x86 Online 0.85 MB jre-7u1-windows-i586-iftw.exe
Windows x86 19.43 MB jre-7u1-windows-i586-s.exe
Windows x86 Offline 19.26 MB jre-7u1-windows-i586.exe
Windows x64 20.33 MB jre-7u1-windows-x64.exe

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:22 AM

Posted 07 December 2011 - 04:56 PM

x32 is another name for x86:

Windows x86 Offline 19.26 MB jre-7u1-windows-i586.exe

#11 Lionheartjf

Lionheartjf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 08 December 2011 - 01:58 AM

I ran the Java update and here's the MBAM log. Everything seems to be running well and some of the issues I was having before (couldn't run Windows Update) are now functional again. Thanks for your help!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8331

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/8/2011 00:51:25
mbam-log-2011-12-08 (00-51-25).txt

Scan type: Quick scan
Objects scanned: 171771
Time elapsed: 16 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:22 AM

Posted 08 December 2011 - 02:11 AM

It looks good. :thumbup2:

  • It is important to uninstall ComboFix.

    If you don't have ComboFix download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    Disable your antivirus temporarily, rename ComboFix to Uninstall and double-click to run it.

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.
  • You may delete any tool or log we used from your computer.
Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.
Happy Surfing Lionheartjf.:)

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:22 AM

Posted 14 December 2011 - 05:40 AM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users