TechSpot

After ZeroAccess removal cannot access internet with LAN, but WLAN is fine

Inactive
By ArKay99
Dec 19, 2011
  1. I've given up trying to fix this on my own, so I've come here for help. The problem machine I have is an Asus Eee PC 1005HA. It has both LAN and WLAN. About a week ago it rebooted in the middle of the night, Windows Update?, and when I opened it a radio station was playing but with no app showing on the desktop! At the time the Eee was using the WLAN. The only way I could get it to stop was to shut it down. After the reboot the station wasn't there, but a lot of programs wouldn't work. They'd start but exit immediately. I couldn't open Task Manager and I had to go into Internet Properties and manually set up the wireless to work, as it would connect but would not be able to get an ip addy from the network. I tried to download MalwareBytes but couldn't then I ran SAS_3140.com and then SuperAntiSpyware. I didn't find anything. After a reboot and running SAS_3140.com I tried downloading TDSSKill.exe and got that to dl and install. When it ran it reported it found ZeroAccess and I was able to delete it, or so I thought. Since then I've been able to surf, but only with the WLAN and not the LAN. Task Manager has started responding, and I've dl'd and installed Microsoft Security Essentials.I tried dl'ing and running ComboFix, rkill, and OTL, but still no joy with the LAN. Also when I go into Device manager and select Show Hidden Devices, several devices come up with yellow question marks and names like Mpskltf4. There is also what looks like a legitimate driver called Serial with a question mark. If I uninstall these devices, they come back slowly over a succession of reboots. I also found one called cacthme just before. I'va also tried running ComboFix in Safe Mode. No joy. I'm done shooting skeet in the dark and need some experienced help. I've been able to get through all attacks up until this one...

    So, I've joined here and have read the Updated 5-step Viruses/Spyware/Malware Preliminary Removal Instructions...

    here are the logs I've generated from the the 5 Steps

    mbam-log:
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8399

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/19/2011 2:20:53 PM
    mbam-log-2011-12-19 (14-20-53).txt

    Scan type: Quick scan
    Objects scanned: 170583
    Time elapsed: 4 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    -----------------------------------------------------------------------------

    gmer.log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-19 14:28:36
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0002
    Running: sg4fpvnt.exe; Driver: C:\DOCUME~1\Roger\LOCALS~1\Temp\kxlorpoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    -----------------------------------------------------------------------------------------------------

    dds.txt :

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Roger at 14:36:57 on 2011-12-19
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.472 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
    mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
    mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    TCP: Interfaces\{F1CCE484-BCC9-41F8-821F-FFBC110A66F6} : NameServer = 192.168.1.2
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-9-15 11448]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsl9cfd394f;MpKsl9cfd394f;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3a10e01-6e39-45dd-9a6b-e662c00dd2e0}\MpKsl9cfd394f.sys [2011-12-19 29904]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-27 38912]
    R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-4-28 39040]
    S1 MpKsl1fd33067;MpKsl1fd33067;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{20620984-178d-4180-98bb-90fdb89c1f61}\mpksl1fd33067.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{20620984-178d-4180-98bb-90fdb89c1f61}\MpKsl1fd33067.sys [?]
    S1 MpKsl2cb08668;MpKsl2cb08668;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8a42d9e3-82f3-4e8d-97b4-de9f151d759d}\mpksl2cb08668.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8a42d9e3-82f3-4e8d-97b4-de9f151d759d}\MpKsl2cb08668.sys [?]
    S1 MpKslb7151faf;MpKslb7151faf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6b94e92-f98f-451a-a499-0bf39d878a6a}\mpkslb7151faf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6b94e92-f98f-451a-a499-0bf39d878a6a}\MpKslb7151faf.sys [?]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\roger\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\roger\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\roger\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\roger\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-25 136176]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-11 1684736]
    S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\amustor.sys --> c:\windows\system32\drivers\AmUStor.SYS [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-25 136176]
    S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-8-20 1015424]
    S3 TOO;TOO;\??\c:\program files\asus\liveupdate\genport.sys --> c:\program files\asus\liveupdate\genport.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-19 19:29:43 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3a10e01-6e39-45dd-9a6b-e662c00dd2e0}\MpKsl9cfd394f.sys
    2011-12-19 19:29:39 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3a10e01-6e39-45dd-9a6b-e662c00dd2e0}\offreg.dll
    2011-12-19 19:29:35 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3a10e01-6e39-45dd-9a6b-e662c00dd2e0}\mpengine.dll
    2011-12-19 19:15:11 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-19 19:15:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-19 17:12:29 -------- d-----w- C:\_OTL
    2011-12-19 05:43:25 -------- d-sha-r- C:\cmdcons
    2011-12-18 23:54:22 98816 ----a-w- c:\windows\sed.exe
    2011-12-18 23:54:22 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-18 23:54:22 256000 ----a-w- c:\windows\PEV.exe
    2011-12-18 23:54:22 208896 ----a-w- c:\windows\MBR.exe
    2011-12-18 21:50:09 -------- d-----w- c:\documents and settings\roger\Tracing
    2011-12-15 19:01:32 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-12-14 20:46:13 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-12-14 20:46:13 215920 ----a-w- c:\windows\system32\muweb.dll
    2011-12-14 20:46:13 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2011-12-14 17:57:01 -------- d-----w- c:\program files\Microsoft Security Client
    2011-12-14 04:51:09 -------- d--h--w- c:\windows\PIF
    2011-12-14 02:46:38 96640 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys
    2011-12-14 02:46:38 96640 ----a-w- c:\windows\system32\drivers\b57xp32.sys
    2011-12-14 02:19:08 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ==================== Find3M ====================
    .
    2011-12-14 17:25:07 44544 ----a-w- c:\windows\system32\drivers\fips.sys
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-02 20:43:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-10-02 20:43:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 14:37:18.70 ===============

    ----------------------------------------------------------------------------------------------------

    attach.txt :

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/17/2009 12:54:13 PM
    System Uptime: 12/19/2011 1:46:52 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | 1005HA
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1599/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 72 GiB total, 59.479 GiB free.
    D: is FIXED (NTFS) - 72 GiB total, 71.933 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP65: 10/2/2011 10:36:10 PM - Software Distribution Service 3.0
    RP66: 10/3/2011 1:01:06 AM - Software Distribution Service 3.0
    RP67: 11/30/2011 6:44:09 PM - System Checkpoint
    RP68: 12/7/2011 5:42:51 PM - System Checkpoint
    RP69: 12/8/2011 6:17:13 PM - System Checkpoint
    RP70: 12/9/2011 7:20:43 PM - System Checkpoint
    RP71: 12/11/2011 1:38:34 PM - Software Distribution Service 3.0
    RP72: 12/13/2011 12:34:43 PM - Software Distribution Service 3.0
    RP73: 12/13/2011 10:22:59 PM - Software Distribution Service 3.0
    RP74: 12/13/2011 10:52:54 PM - Installed Microsoft Fix it 50267
    RP75: 12/14/2011 12:02:00 AM - Software Distribution Service 3.0
    RP76: 12/14/2011 12:33:43 AM - Software Distribution Service 3.0
    RP77: 12/14/2011 9:13:09 AM - Installed Windows Defender
    RP78: 12/14/2011 9:31:55 AM - Removed Windows Defender
    RP79: 12/14/2011 9:46:38 AM - Installed Windows Defender
    RP80: 12/14/2011 10:17:23 AM - Installed Windows Defender
    RP81: 12/14/2011 10:28:17 AM - Installed Windows Defender
    RP82: 12/14/2011 10:34:01 AM - Removed LiveUpdate.
    RP83: 12/14/2011 10:53:11 AM - Removed Windows Defender
    RP84: 12/14/2011 11:14:23 AM - Installed Windows Defender
    RP85: 12/14/2011 12:33:03 PM - Removed Windows Defender
    RP86: 12/14/2011 12:35:36 PM - Installed Windows Defender
    RP87: 12/14/2011 12:37:20 PM - Software Distribution Service 3.0
    RP88: 12/14/2011 12:54:28 PM - Removed Windows Defender
    RP89: 12/14/2011 1:00:45 PM - Software Distribution Service 3.0
    RP90: 12/15/2011 1:03:13 PM - System Checkpoint
    RP91: 12/15/2011 2:01:02 PM - Software Distribution Service 3.0
    RP92: 12/16/2011 2:02:06 PM - Software Distribution Service 3.0
    RP93: 12/17/2011 2:02:13 PM - Software Distribution Service 3.0
    RP94: 12/18/2011 2:11:48 AM - Software Distribution Service 3.0
    RP95: 12/18/2011 11:55:58 AM - Software Distribution Service 3.0
    RP96: 12/18/2011 6:20:25 PM - Removed Windows Live Sign-in Assistant
    RP97: 12/18/2011 6:20:52 PM - Removed Windows Live Sync
    RP98: 12/18/2011 6:22:35 PM - Removed Windows Live Upload Tool
    RP99: 12/18/2011 8:12:37 PM - Software Distribution Service 3.0
    RP100: 12/19/2011 2:26:34 AM - Software Distribution Service 3.0
    RP101: 12/19/2011 9:12:48 AM - Software Distribution Service 3.0
    RP102: 12/19/2011 11:41:08 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.3
    Asus ACPI Driver
    ASUS USB2.0 UVC VGA WebCam
    ASUSUpdate for Eee PC
    Atheros Client Installation Program
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Compatibility Pack for the 2007 Office system
    Data Sync
    Eee Docking 1.3.6.0
    EeeSplendid
    EzMessenger
    FontResizer
    Google Chrome
    Google Update Helper
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Ralink RT2860 Wireless LAN Card
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype web features
    Skype™ 4.1
    Super Hybrid Engine
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USB2.0 UVC Camera Device
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/19/2011 12:57:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsUpIO Fips intelppm MpFilter
    12/19/2011 12:12:30 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    12/19/2011 11:28:25 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error: The dependency service or group failed to start.
    12/19/2011 11:28:25 AM, error: Service Control Manager [7001] - The NetBios over Tcpip service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.
    12/19/2011 11:28:25 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.
    12/19/2011 11:28:25 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.
    12/19/2011 11:28:25 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: The dependency service or group failed to start.
    12/19/2011 11:28:25 AM, error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
    12/19/2011 11:21:01 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
    12/19/2011 11:20:49 AM, error: Workstation [5728] - Could not load any transport.
    12/19/2011 1:02:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
    12/18/2011 8:31:55 PM, error: Service Control Manager [7000] - The TOO service failed to start due to the following error: The system cannot find the file specified.
    12/18/2011 8:31:55 PM, error: Service Control Manager [7000] - The DETECT service failed to start due to the following error: The system cannot find the file specified.
    12/18/2011 7:28:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsUpIO Fips intelppm MpFilter SASDIFSV SASKUTIL
    12/18/2011 7:27:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    12/18/2011 7:27:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/18/2011 6:22:38 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    12/18/2011 6:06:19 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
    12/18/2011 12:39:08 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
    .
    ==== End Of File ===========================

    ---------------------------------------------------------------------------------------------
     
  2. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  3. ArKay99

    ArKay99 TS Rookie Topic Starter

    With LAN connected :

    Farbar Service Scanner
    Ran by Roger (administrator) on 19-12-2011 at 21:09:22
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    ********************************************************

    Service Check:
    ==============

    File Check:
    ===========
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

    Connection Status:
    ==================
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Attempt to access Yahoo IP returend error: Yahoo IP is offline

    **** End of log ****
     
  4. ArKay99

    ArKay99 TS Rookie Topic Starter

    With WLAN enabled:

    Farbar Service Scanner
    Ran by Roger (administrator) on 19-12-2011 at 21:16:01
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    ********************************************************

    Service Check:
    ==============

    File Check:
    ===========
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

    Connection Status:
    ==================
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.

    **** End of log ****
     
  5. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    That looks fine.

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices
    • List Users, Partitions and Memory size
    Click Go and post the result.
     
  6. ArKay99

    ArKay99 TS Rookie Topic Starter

    MiniToolKit run with LAN enabled:

    MiniToolBox by Farbar
    Ran by Roger (administrator) on 19-12-2011 at 21:25:58
    Microsoft Windows XP Home Edition Service Pack 3 (X86)

    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.
    ========================= Hosts content: =================================

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    Atheros AR8132 PCI-E Fast Ethernet Controller = Local Area Connection (Connected)
    Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Media disconnected)


    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Wireless Network Connection"

    set address name="Wireless Network Connection" source=dhcp
    set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
    set wins name="Wireless Network Connection" source=dhcp

    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=static addr=192.168.1.6 mask=255.255.255.0
    set address name="Local Area Connection" gateway=192.168.1.1 gwmetric=0
    set dns name="Local Area Connection" source=static addr=192.168.1.2 register=PRIMARY
    set wins name="Local Area Connection" source=static addr=none


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : asus-netbook

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Wireless Network Connection:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter

    Physical Address. . . . . . . . . : 00-25-D3-68-67-CC



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller

    Physical Address. . . . . . . . . : 90-E6-BA-13-8A-D7

    Dhcp Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 192.168.1.6

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DNS Servers . . . . . . . . . . . : 192.168.1.2

    Server: UnKnown
    Address: 192.168.1.2

    Name: google.com
    Addresses: 74.125.227.52, 74.125.227.50, 74.125.227.49, 74.125.227.51
    74.125.227.48



    Pinging google.com [74.125.227.50] with 32 bytes of data:



    Request timed out.

    Request timed out.



    Ping statistics for 74.125.227.50:

    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

    Server: UnKnown
    Address: 192.168.1.2

    Name: yahoo.com
    Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43



    Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



    Request timed out.

    Request timed out.



    Ping statistics for 98.139.180.149:

    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

    Server: UnKnown
    Address: 192.168.1.2

    Name: bleepingcomputer.com
    Address: 208.43.87.2



    Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



    Request timed out.

    Request timed out.



    Ping statistics for 208.43.87.2:

    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



    Pinging 127.0.0.1 with 32 bytes of data:



    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x3 ...00 25 d3 68 67 cc ...... Atheros AR9285 Wireless Network Adapter - Packet Scheduler Miniport
    0x30002 ...90 e6 ba 13 8a d7 ...... Atheros AR8132 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    192.168.1.0 255.255.255.0 192.168.1.6 192.168.1.6 20
    192.168.1.6 255.255.255.255 127.0.0.1 127.0.0.1 20
    192.168.1.255 255.255.255.255 192.168.1.6 192.168.1.6 20
    224.0.0.0 240.0.0.0 192.168.1.6 192.168.1.6 20
    255.255.255.255 255.255.255.255 192.168.1.6 192.168.1.6 1
    255.255.255.255 255.255.255.255 192.168.1.6 3 1
    Default Gateway: 192.168.1.1
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
    Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
    Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (12/19/2011 01:27:02 PM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/19/2011 00:59:34 PM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/19/2011 10:36:57 AM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/19/2011 09:30:16 AM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/19/2011 01:40:53 AM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/19/2011 01:14:37 AM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/19/2011 00:50:21 AM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/18/2011 08:31:56 PM) (Source: Application Error) (User: )
    Description: Faulting application liveupdate.exe, version 0.0.0.0, faulting module liveupdate.exe, version 0.0.0.0, fault address 0x00011049.
    Processing media-specific event for [liveupdate.exe!ws!]

    Error: (12/18/2011 05:34:13 PM) (Source: Windows Live Messenger) (User: )
    Description: msnmsgr.exe14.0.8064.206498cf586msnmsgr.exe14.0.8064.206498cf586000093588

    Error: (12/18/2011 03:35:02 PM) (Source: MPSampleSubmission) (User: )
    Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.7903.0, P3 1.117.1293.0, P4 1.117.1293.0, P5 virtool_win32_obfuscator.tt, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.


    System errors:
    =============
    Error: (12/19/2011 06:00:52 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (12/19/2011 01:47:24 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (12/19/2011 01:36:17 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (12/19/2011 01:35:32 PM) (Source: DCOM) (User: SYSTEM)
    Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (12/19/2011 01:26:26 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    AsUpIO
    Fips
    intelppm
    MpFilter

    Error: (12/19/2011 01:25:08 PM) (Source: DCOM) (User: SYSTEM)
    Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (12/19/2011 01:24:51 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (12/19/2011 01:18:33 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (12/19/2011 01:17:25 PM) (Source: Service Control Manager) (User: )
    Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

    Error: (12/19/2011 01:06:10 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.


    Microsoft Office Sessions:
    =========================

    ========================= Devices: ================================


    ========================= Memory info: ===================================

    Percentage of memory in use: 43%
    Total physical RAM: 1015.17 MB
    Available physical RAM: 574.37 MB
    Total Pagefile: 2441.72 MB
    Available Pagefile: 2075.05 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1969.5 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:72.06 GB) (Free:59.49 GB) NTFS
    2 Drive d: () (Fixed) (Total:72.05 GB) (Free:71.93 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\ASUS-NETBOOK

    Administrator ASPNET Guest
    HelpAssistant Roger SUPPORT_388945a0


    **** End of log ****
     
  7. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    I can see couple of things....

    Go Start>Run, type in:
    services.msc
    Click OK.

    1. Find "Netlogon" service, make sure its "Startup type" is set to "Disabled".
    Let me know what you had there.

    2. Find "DHCP Client" service, make sure its "Startup type" is set to "Automatic".
    Let me know what you had there.

    If you had to make any changes restart computer.
     
  8. ArKay99

    ArKay99 TS Rookie Topic Starter

    1: Net Logon was Automatic, now set to Disabled

    2: DHCP Client was Automatic, left as is.

    Rebooted.
     
  9. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Make sure, your settings are correct.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
    6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
    7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
    [​IMG]
    Make sure "DNS" tab looks like this:
    [​IMG]
    Make sure "WINS" tab looks like this:
    [​IMG]
    8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
    If you made any changes OK your way out.

    Let me know if any changes were needed.

    If you changed anything restart computer.
     
  10. ArKay99

    ArKay99 TS Rookie Topic Starter

    I had my LAN addy set to a static IP 192.168.1.6, subnet mask was 255.255.255.0, and default gateway was set to 192.168.1.1. I set the IP address properties as you illustrated. The LAN is now on DHCP and the DNS is also. The DNS and WIN tabs were confirmed to be set the way your pic showed.

    Internet Connections->Connections->LAN settings did not have Automatically detect settings checked (for static ip), it is now checked. No other box is checked on that page.

    Ok'd out.

    restarted computer
     
  11. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Any positive changes?
     
     
  12. ArKay99

    ArKay99 TS Rookie Topic Starter

    still no joy. What is interesting is that if I ping 192.168.1.1 with th LAN connection it times out, but I can ping the other computers. Since my router is at 192.168.1.1 I assume that is why I have no internet. I can ping my router from all the other computers in my network.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Re-run MiniToolbox...

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Users, Partitions and Memory size
    Click Go and post the result.
     
  14. ArKay99

    ArKay99 TS Rookie Topic Starter

    MiniToolBox by Farbar
    Ran by Roger (administrator) on 20-12-2011 at 00:48:53
    Microsoft Windows XP Home Edition Service Pack 3 (X86)

    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.
    ========================= Hosts content: =================================

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    Atheros AR8132 PCI-E Fast Ethernet Controller = Local Area Connection (Connected)
    Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Media disconnected)


    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=dhcp register=PRIMARY
    set wins name="Local Area Connection" source=dhcp

    # Interface IP Configuration for "Wireless Network Connection"

    set address name="Wireless Network Connection" source=dhcp
    set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
    set wins name="Wireless Network Connection" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : asus-netbook

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : tech.futuretek.org



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . : tech.futuretek.org

    Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller

    Physical Address. . . . . . . . . : 90-E6-BA-13-8A-D7

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.11

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.2

    DNS Servers . . . . . . . . . . . : 192.168.1.2

    Primary WINS Server . . . . . . . : 192.168.1.2

    Lease Obtained. . . . . . . . . . : Tuesday, December 20, 2011 12:29:41 AM

    Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM



    Ethernet adapter Wireless Network Connection:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter

    Physical Address. . . . . . . . . : 00-25-D3-68-67-CC

    Server: UnKnown
    Address: 192.168.1.2

    Name: google.com.futuretek.org
    Address: 208.91.197.77



    Pinging google.com [74.125.227.50] with 32 bytes of data:



    Request timed out.

    Request timed out.



    Ping statistics for 74.125.227.50:

    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

    Server: UnKnown
    Address: 192.168.1.2

    Name: yahoo.com.futuretek.org
    Address: 208.91.197.77



    Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



    Request timed out.

    Request timed out.



    Ping statistics for 72.30.2.43:

    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

    Server: UnKnown
    Address: 192.168.1.2

    Name: bleepingcomputer.com.futuretek.org
    Address: 208.91.197.77



    Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



    Request timed out.

    Request timed out.



    Ping statistics for 208.43.87.2:

    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



    Pinging 127.0.0.1 with 32 bytes of data:



    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...90 e6 ba 13 8a d7 ...... Atheros AR8132 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
    0x3 ...00 25 d3 68 67 cc ...... Atheros AR9285 Wireless Network Adapter - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 20
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    192.168.1.0 255.255.255.0 192.168.1.11 192.168.1.11 20
    192.168.1.11 255.255.255.255 127.0.0.1 127.0.0.1 20
    192.168.1.255 255.255.255.255 192.168.1.11 192.168.1.11 20
    224.0.0.0 240.0.0.0 192.168.1.11 192.168.1.11 20
    255.255.255.255 255.255.255.255 192.168.1.11 192.168.1.11 1
    255.255.255.255 255.255.255.255 192.168.1.11 3 1
    Default Gateway: 192.168.1.1
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
    Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
    Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (12/19/2011 01:27:02 PM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/19/2011 00:59:34 PM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/19/2011 10:36:57 AM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/19/2011 09:30:16 AM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/19/2011 01:40:53 AM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/19/2011 01:14:37 AM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/19/2011 00:50:21 AM) (Source: Application Error) (User: )
    Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
    Processing media-specific event for [pev.3xe!ws!]

    Error: (12/18/2011 08:31:56 PM) (Source: Application Error) (User: )
    Description: Faulting application liveupdate.exe, version 0.0.0.0, faulting module liveupdate.exe, version 0.0.0.0, fault address 0x00011049.
    Processing media-specific event for [liveupdate.exe!ws!]

    Error: (12/18/2011 05:34:13 PM) (Source: Windows Live Messenger) (User: )
    Description: msnmsgr.exe14.0.8064.206498cf586msnmsgr.exe14.0.8064.206498cf586000093588

    Error: (12/18/2011 03:35:02 PM) (Source: MPSampleSubmission) (User: )
    Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.7903.0, P3 1.117.1293.0, P4 1.117.1293.0, P5 virtool_win32_obfuscator.tt, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.


    System errors:
    =============
    Error: (12/19/2011 06:00:52 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (12/19/2011 01:47:24 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (12/19/2011 01:36:17 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (12/19/2011 01:35:32 PM) (Source: DCOM) (User: SYSTEM)
    Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (12/19/2011 01:26:26 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    AsUpIO
    Fips
    intelppm
    MpFilter

    Error: (12/19/2011 01:25:08 PM) (Source: DCOM) (User: SYSTEM)
    Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (12/19/2011 01:24:51 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (12/19/2011 01:18:33 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (12/19/2011 01:17:25 PM) (Source: Service Control Manager) (User: )
    Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

    Error: (12/19/2011 01:06:10 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.


    Microsoft Office Sessions:
    =========================

    ========================= Memory info: ===================================

    Percentage of memory in use: 37%
    Total physical RAM: 1015.17 MB
    Available physical RAM: 637.17 MB
    Total Pagefile: 2441.72 MB
    Available Pagefile: 2147.05 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1965.44 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:72.06 GB) (Free:59.49 GB) NTFS
    2 Drive d: () (Fixed) (Total:72.05 GB) (Free:71.93 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\ASUS-NETBOOK

    Administrator ASPNET Guest
    HelpAssistant Roger SUPPORT_388945a0

    **** End of log ****

    A possible point of note...
    If I open my router and look at the DHCP Client List it is showing me an IP address of 192.168.1.12 for MAC Address 00:25:D3:68:67:CC, but I the netbook reports it's 192.168.1.10. This is for the Wireless card, but it works. The LAN card shows an address of 192.168.1.11 on the netbook and doesn't show up on the router. I have the router range set from 192.168.1.10 to 192.168.1.14 . I also have a wireless printer that comes up as 192.168.1.11 in the router. I can't tell what it is from it's panel though.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    At this points all settings look fine.

    Please tell me more about your settings, especially what exactly you mean by LAN and WLAN.
     
  16. ArKay99

    ArKay99 TS Rookie Topic Starter

    Hi Broni. Yes I agree, all settings look fine. What I mean by LAN and WLAN is LAN is wired ethernet and WLAN is wireless ethernet. So, I can reach my router which is at IP 192.168.1.1 with the wireless adapter in the netbook using ping, and all internet is fine, however with the wired adapter, ping times out on 192.168.1.1. However the wired adapter CAN ping all my other machines in the network. They are all set to static IP's. Domain controller is set to 192.168.1.2, workstation 1 is set to 192.168.1.3, workstation 2 is at 192.168.1.4, I have a Mac Pro set up for Music production only set at 192.168.1.5. I used to have the wired adapter in the netbook set to 192.168.1.6, now it's running on DHCP (range is 192.168.1.10 - 192.168.1.20) ipconfig reveals the wireless adapter is set to 192.168.1.10 and the wired adapter is set to 192.168.1.11. Finally I have a printer/fax/copier running wireless but set to 192.168.1.8. All metrics on all machines are set to automatic except for the domain controller which is set to 2, and the router metric is set to 1.

    Everything is working perfectly everywhere except for the darned wired card in the netbook. I'm wondering if a re-install of the TCP/IP stack and/or a driver re-install is in order. However, Farbar shows the MD5's of the drivers and TCP/IP stack are correct. I'm wondering if the hardware has a fault. This is the most vexxing problem I've dealt with.

    I primarily use the netbook for Skyping with collaborators around the world, and the wireless works ok. I'd like to use the wired connection because the wireless can only 'go 54mbps as opposied to 100mbps.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    I'm thinking it may be something wrong with wired port/adapter (I'm not a hardware person and I'm not sure how that part is actually build in).
    Another thought would be reinstalling wired adapter driver (not Windows file but a real driver downloaded from Asus site).
    Try that first.

    Then....

    Let's run couple more scans....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  18. ArKay99

    ArKay99 TS Rookie Topic Starter

    Hi Broni. Back at it...

    Installed LAN driver from ASUS.

    A possible point of note. When I ran aswMBR it had 2 items that weren't in the graphic in your post. 1 was a checkbox that was checked labeled something like "Monitor disk IO" , and under that was a dropdown with some options, Quick Scan, C:\, [...], and none. I chose C:\ and left the checkbox checked.

    ComboFix ran ok, but at about stage 2 or 3 a box came up stating that a program pev.com (I believe) had ended and asked if I wanted to send the report to Microsoft. I just closed it and let ComboFix continue. when it got to the end of the scan, the computer rebooted and ComboFix was up running in it's window and then prepared it's report. I hope that's the way it's supposed to run, however, I'm giving you that info in case it's not. Here are the scans...

    aswMBR.log:

    aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-21 14:02:04
    -----------------------------
    14:02:04.343 OS Version: Windows 5.1.2600 Service Pack 3
    14:02:04.343 Number of processors: 2 586 0x1C02
    14:02:04.343 ComputerName: ASUS-NETBOOK UserName: Roger
    14:02:05.109 Initialize success
    14:02:14.781 AVAST engine defs: 11122101
    14:03:05.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    14:03:05.375 Disk 0 Vendor: ST916031 0002 Size: 152627MB BusType: 3
    14:03:05.421 Disk 0 MBR read successfully
    14:03:05.421 Disk 0 MBR scan
    14:03:05.484 Disk 0 Windows XP default MBR code
    14:03:05.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 73790 MB offset 63
    14:03:05.531 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 73782 MB offset 151123455
    14:03:05.578 Disk 0 Partition 3 00 1C Hidd FAT32 LBA MSDOS5.0 5004 MB offset 302230845
    14:03:05.609 Disk 0 Partition 4 00 EF EFI FAT A1311 47 MB offset 312480315
    14:03:05.640 Disk 0 scanning sectors +312576705
    14:03:05.828 Disk 0 scanning C:\WINDOWS\system32\drivers
    14:03:39.562 Service scanning
    14:03:39.890 Service MpKsl5a36a657 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE15A894-57CF-43C2-8943-0539F920CE9F}\MpKsl5a36a657.sys **LOCKED** 32
    14:03:40.546 Modules scanning
    14:04:28.265 Disk 0 trace - called modules:
    14:04:28.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
    14:04:28.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8656c030]
    14:04:28.375 3 CLASSPNP.SYS[f75c8fd7] -> nt!IofCallDriver -> \Device\0000005f[0x8653d890]
    14:04:28.406 5 ACPI.sys[f745f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86554028]
    14:04:28.906 AVAST engine scan C:\
    15:13:09.281 Scan finished successfully
    15:14:12.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Roger\Desktop\MBR.dat"
    15:14:12.593 The log file has been saved successfully to "C:\Documents and Settings\Roger\Desktop\aswMBR.txt"

    ---------------------------------------------------------------------------------------------------

    ComboFix 11-12-21.02 - Roger 12/21/2011 15:58:28.8.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.652 [GMT -5:00]
    Running from: c:\documents and settings\Roger\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\oobe\isperror
    c:\windows\system32\oobe\isperror\ispcnerr.htm
    c:\windows\system32\oobe\isperror\ispdtone.htm
    c:\windows\system32\oobe\isperror\isphdshk.htm
    c:\windows\system32\oobe\isperror\ispins.htm
    c:\windows\system32\oobe\isperror\ispnoanw.htm
    c:\windows\system32\oobe\isperror\isppberr.htm
    c:\windows\system32\oobe\isperror\ispphbsy.htm
    c:\windows\system32\oobe\isperror\ispsbusy.htm
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-21 21:05 . 2011-12-21 21:05 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE15A894-57CF-43C2-8943-0539F920CE9F}\offreg.dll
    2011-12-21 15:08 . 2011-12-21 15:09 -------- d-----w- c:\documents and settings\Roger\Application Data\Download Manager
    2011-12-21 14:45 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE15A894-57CF-43C2-8943-0539F920CE9F}\mpengine.dll
    2011-12-20 02:20 . 2011-12-20 05:48 -------- d-----w- c:\program files\MiniToolBox
    2011-12-20 02:06 . 2011-12-20 02:16 -------- d-----w- c:\program files\FarBar
    2011-12-19 19:15 . 2011-12-19 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-19 19:15 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-19 17:12 . 2011-12-19 17:12 -------- d-----w- C:\_OTL
    2011-12-18 21:50 . 2011-12-18 23:06 -------- d-----w- c:\documents and settings\Roger\Tracing
    2011-12-15 19:01 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-12-14 20:46 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-12-14 20:46 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2011-12-14 17:57 . 2011-12-14 17:57 -------- d-----w- c:\program files\Microsoft Security Client
    2011-12-14 14:58 . 2011-12-19 00:28 -------- d-----w- c:\documents and settings\Administrator
    2011-12-14 04:51 . 2011-12-14 04:51 -------- d--h--w- c:\windows\PIF
    2011-12-14 02:46 . 2001-08-17 17:11 96640 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys
    2011-12-14 02:46 . 2001-08-17 17:11 96640 ----a-w- c:\windows\system32\drivers\b57xp32.sys
    2011-12-14 02:19 . 2011-11-15 19:29 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-30 20:07 . 2011-12-19 03:45 -------- d-----w- c:\documents and settings\Roger\Application Data\skypePM
    2011-11-30 19:30 . 2011-12-19 03:47 -------- d-----w- c:\documents and settings\Roger\Application Data\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-19 01:46 . 2011-12-19 01:46 398762 ----a-w- c:\windows\1005HA-ASUS-1401.zip
    2011-12-14 17:25 . 2009-08-11 13:03 44544 ----a-w- c:\windows\system32\drivers\fips.sys
    2011-11-23 13:25 . 2009-08-11 13:03 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2009-08-11 13:03 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2009-08-11 13:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2009-08-11 13:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2009-08-11 13:03 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2009-08-11 13:03 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2009-08-11 13:03 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13 . 2009-08-11 13:03 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2009-08-11 13:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-02 20:43 . 2011-09-25 17:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-10-02 20:43 . 2011-09-25 17:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-09-28 07:06 . 2009-08-11 13:03 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41 . 2009-08-11 13:03 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41 . 2009-08-11 13:03 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-19_06.03.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-21 21:04 . 2011-12-21 21:04 16384 c:\windows\temp\Perflib_Perfdata_e18.dat
    + 2009-08-11 13:03 . 2011-12-21 20:55 73730 c:\windows\system32\perfc009.dat
    + 2009-04-28 01:59 . 2009-03-03 02:03 38912 c:\windows\system32\drivers\l1c51x86.sys
    - 2009-04-28 01:59 . 2009-03-02 05:03 38912 c:\windows\system32\drivers\l1c51x86.sys
    - 2009-08-11 19:01 . 2007-06-20 12:14 75776 c:\windows\system32\Atheros_L1e\DriUpdate32.exe
    + 2009-08-11 19:01 . 2007-06-21 09:14 75776 c:\windows\system32\Atheros_L1e\DriUpdate32.exe
    - 2011-12-18 17:06 . 2011-12-18 17:06 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
    + 2011-12-20 06:53 . 2011-12-20 06:53 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
    + 2009-08-11 19:59 . 2011-12-20 06:53 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    - 2009-08-11 19:59 . 2011-12-18 17:04 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    - 2009-08-11 19:59 . 2011-12-18 17:04 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    + 2009-08-11 19:59 . 2011-12-20 06:53 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    - 2009-08-11 19:59 . 2011-12-18 17:04 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    + 2009-08-11 19:59 . 2011-12-20 06:53 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-12-20 06:53 . 2011-12-20 06:53 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    - 2011-12-18 17:05 . 2011-12-18 17:05 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2008-10-25 13:18 . 2008-10-25 13:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONFILTER.DLL
    + 2008-10-25 13:18 . 2008-10-25 13:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
    + 2006-10-27 05:58 . 2006-10-27 05:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
    + 2009-08-11 13:03 . 2011-12-21 20:55 444644 c:\windows\system32\perfh009.dat
    + 2010-08-04 20:13 . 2010-08-04 20:13 686080 c:\windows\Installer\5b2032.msp
    + 2009-05-26 23:53 . 2009-05-26 23:53 579072 c:\windows\Installer\5b1f8e.msp
    + 2010-07-23 06:03 . 2010-07-23 06:03 338432 c:\windows\Installer\5b1f4e.msp
    - 2009-08-11 19:59 . 2011-12-18 17:04 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
    + 2009-08-11 19:59 . 2011-12-20 06:53 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
    + 2009-08-11 19:59 . 2011-12-20 06:53 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
    - 2009-08-11 19:59 . 2011-12-18 17:04 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
    - 2009-08-11 19:59 . 2011-12-18 17:04 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
    + 2009-08-11 19:59 . 2011-12-20 06:53 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
    + 2009-08-11 19:59 . 2011-12-20 06:53 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
    - 2009-08-11 19:59 . 2011-12-18 17:04 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
    + 2009-04-03 23:11 . 2009-04-03 23:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WINWORD.EXE
    + 2011-12-18 17:02 . 2011-12-18 17:02 350064 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PPTPIA.DLL
    + 2009-04-03 23:04 . 2009-04-03 23:04 521064 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\POWERPNT.EXE
    + 2008-10-25 12:52 . 2008-10-25 12:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
    + 2008-10-25 12:52 . 2008-10-25 12:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
    + 2008-11-04 09:13 . 2008-11-04 09:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSCONV97.DLL
    + 2010-06-08 22:44 . 2010-06-08 22:44 705984 c:\windows\Downloaded Program Files\Manager.exe
    + 2011-12-20 06:52 . 2011-12-20 06:52 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    + 2009-08-18 04:33 . 2009-08-18 04:33 1193832 c:\windows\system32\FM20.DLL
    + 2011-11-01 18:34 . 2011-11-01 18:34 1552384 c:\windows\Installer\5b20d1.msp
    + 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\5b20b4.msp
    + 2011-11-01 18:34 . 2011-11-01 18:34 4250112 c:\windows\Installer\5b20ab.msp
    + 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\5b2083.msp
    + 2010-02-21 06:03 . 2010-02-21 06:03 4472832 c:\windows\Installer\5b207a.msp
    + 2010-08-13 23:02 . 2010-08-13 23:02 2545664 c:\windows\Installer\5b2053.msp
    + 2011-08-10 22:42 . 2011-08-10 22:42 7070208 c:\windows\Installer\5b203b.msp
    + 2010-08-13 23:00 . 2010-08-13 23:00 9404928 c:\windows\Installer\5b2020.msp
    + 2009-08-05 12:49 . 2009-08-05 12:49 3457024 c:\windows\Installer\5b200c.msp
    + 2010-03-24 23:54 . 2010-03-24 23:54 2516992 c:\windows\Installer\5b1ff8.msp
    + 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\5b1fd2.msp
    + 2011-11-01 18:34 . 2011-11-01 18:34 2247168 c:\windows\Installer\5b1fc4.msp
    + 2011-11-11 21:14 . 2011-11-11 21:14 9096192 c:\windows\Installer\5b1fb2.msp
    + 2009-10-16 12:08 . 2009-10-16 12:08 2237952 c:\windows\Installer\5b1fa0.msp
    + 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\5b1f69.msp
    + 2009-08-18 18:08 . 2009-08-18 18:08 1373696 c:\windows\Installer\5b1f60.msp
    + 2011-11-11 21:15 . 2011-11-11 21:15 1795584 c:\windows\Installer\5b1f3c.msp
    + 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\5b1f16.msp
    + 2011-11-11 21:16 . 2011-11-11 21:16 8458240 c:\windows\Installer\5b1efe.msp
    - 2009-08-11 19:59 . 2011-12-18 17:04 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    + 2009-08-11 19:59 . 2011-12-20 06:53 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-11-21 08:12 . 2008-11-21 08:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VVIEWER.DLL
    + 2008-10-25 14:35 . 2008-10-25 14:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL
    + 2008-08-26 03:50 . 2008-08-26 03:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL
    + 2008-11-10 07:41 . 2008-11-10 07:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PPTVIEW.EXE
    + 2009-04-03 23:04 . 2009-04-03 23:04 8468840 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PPCORE.DLL
    + 2009-03-06 09:00 . 2009-03-06 09:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONMAIN.DLL
    + 2008-11-10 15:49 . 2008-11-10 15:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONLIBS.DLL
    + 2008-11-25 03:16 . 2008-11-25 03:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTE.EXE
    + 2009-03-06 09:26 . 2009-03-06 09:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
    + 2009-04-03 02:44 . 2009-04-03 02:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\GRAPH.EXE
    + 2008-11-21 04:06 . 2008-11-21 04:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\FM20.DLL
    + 2009-04-03 22:57 . 2009-04-03 22:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12CNV.DLL
    + 2009-04-02 19:35 . 2009-04-02 19:35 1787216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PPCNV.DLL
    + 2009-02-05 16:36 . 2009-02-05 16:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OGL.DLL
    + 2009-04-03 23:21 . 2009-04-03 23:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OARTCONV.DLL
    + 2009-04-03 23:21 . 2009-04-03 23:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6425\OART.DLL
    + 2009-04-03 23:11 . 2009-04-03 23:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WWLIB.DLL
    + 2009-04-03 23:11 . 2009-04-03 23:11 18330984 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\EXCEL.EXE
    + 2009-04-03 23:01 . 2009-04-03 23:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNV.EXE
    + 2009-04-03 23:46 . 2009-04-03 23:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\MSO.DLL
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
    "RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
    "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]
    "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
    "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
    "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-11 376832]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-10-02 20:43 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\explorer.exe"= %windir%\explorer.exe
    "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
    "d:\\PaltalkTest\\paltalk.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [9/15/2010 6:31 AM 11448]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/27/2009 8:59 PM 38912]
    R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/28/2009 12:47 AM 39040]
    S1 MpKsl1fd33067;MpKsl1fd33067;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20620984-178D-4180-98BB-90FDB89C1F61}\MpKsl1fd33067.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20620984-178D-4180-98BB-90FDB89C1F61}\MpKsl1fd33067.sys [?]
    S1 MpKsl2cb08668;MpKsl2cb08668;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A42D9E3-82F3-4E8D-97B4-DE9F151D759D}\MpKsl2cb08668.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A42D9E3-82F3-4E8D-97B4-DE9F151D759D}\MpKsl2cb08668.sys [?]
    S1 MpKslb7151faf;MpKslb7151faf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6B94E92-F98F-451A-A499-0BF39D878A6A}\MpKslb7151faf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6B94E92-F98F-451A-A499-0BF39D878A6A}\MpKslb7151faf.sys [?]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Roger\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Roger\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Roger\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Roger\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/25/2011 12:41 PM 136176]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/11/2009 2:00 PM 1684736]
    S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS --> c:\windows\system32\drivers\AmUStor.SYS [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/25/2011 12:41 PM 136176]
    S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [8/20/2009 7:24 AM 1015424]
    S3 TOO;TOO;\??\c:\program files\ASUS\LiveUpdate\genport.sys --> c:\program files\ASUS\LiveUpdate\genport.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-25 17:41]
    .
    2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-25 17:41]
    .
    2011-12-21 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
    .
    2011-12-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3178314362-3638122774-3651420168-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
    .
    2011-12-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3178314362-3638122774-3651420168-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    TCP: DhcpNameServer = 192.168.1.2
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-21 16:05
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3178314362-3638122774-3651420168-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2420)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\igfxext.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-21 16:08:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-21 21:08
    ComboFix2.txt 2011-12-19 18:39
    ComboFix3.txt 2011-12-19 18:09
    ComboFix4.txt 2011-12-19 15:45
    ComboFix5.txt 2011-12-21 20:57
    .
    Pre-Run: 63,396,732,928 bytes free
    Post-Run: 63,445,798,912 bytes free
    .
    - - End Of File - - B736F8484E788E22A882FAEEE784057E
     
  19. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Not much there.

    At this point....

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
  20. ArKay99

    ArKay99 TS Rookie Topic Starter

    Agreed. Thank you so much for your help.
     
  21. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    You're very welcome [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.