Inactive After ZeroAccess removal cannot access internet with LAN, but WLAN is fine

[ArKay99]

I've given up trying to fix this on my own, so I've come here for help. The problem machine I have is an Asus Eee PC 1005HA. It has both LAN and WLAN. About a week ago it rebooted in the middle of the night, Windows Update?, and when I opened it a radio station was playing but with no app showing on the desktop! At the time the Eee was using the WLAN. The only way I could get it to stop was to shut it down. After the reboot the station wasn't there, but a lot of programs wouldn't work. They'd start but exit immediately. I couldn't open Task Manager and I had to go into Internet Properties and manually set up the wireless to work, as it would connect but would not be able to get an ip addy from the network. I tried to download MalwareBytes but couldn't then I ran SAS_3140.com and then SuperAntiSpyware. I didn't find anything. After a reboot and running SAS_3140.com I tried downloading TDSSKill.exe and got that to dl and install. When it ran it reported it found ZeroAccess and I was able to delete it, or so I thought. Since then I've been able to surf, but only with the WLAN and not the LAN. Task Manager has started responding, and I've dl'd and installed Microsoft Security Essentials.I tried dl'ing and running ComboFix, rkill, and OTL, but still no joy with the LAN. Also when I go into Device manager and select Show Hidden Devices, several devices come up with yellow question marks and names like Mpskltf4. There is also what looks like a legitimate driver called Serial with a question mark. If I uninstall these devices, they come back slowly over a succession of reboots. I also found one called cacthme just before. I'va also tried running ComboFix in Safe Mode. No joy. I'm done shooting skeet in the dark and need some experienced help. I've been able to get through all attacks up until this one...

So, I've joined here and have read the Updated 5-step Viruses/Spyware/Malware Preliminary Removal Instructions...

here are the logs I've generated from the the 5 Steps

mbam-log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8399

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 2:20:53 PM
mbam-log-2011-12-19 (14-20-53).txt

Scan type: Quick scan
Objects scanned: 170583
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------------------

gmer.log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-19 14:28:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0002
Running: sg4fpvnt.exe; Driver: C:\DOCUME~1\Roger\LOCALS~1\Temp\kxlorpoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

-----------------------------------------------------------------------------------------------------

dds.txt :

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Roger at 14:36:57 on 2011-12-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.472 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
TCP: Interfaces\{F1CCE484-BCC9-41F8-821F-FFBC110A66F6} : NameServer = 192.168.1.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-9-15 11448]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl9cfd394f;MpKsl9cfd394f;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3a10e01-6e39-45dd-9a6b-e662c00dd2e0}\MpKsl9cfd394f.sys [2011-12-19 29904]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-27 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-4-28 39040]
S1 MpKsl1fd33067;MpKsl1fd33067;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{20620984-178d-4180-98bb-90fdb89c1f61}\mpksl1fd33067.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{20620984-178d-4180-98bb-90fdb89c1f61}\MpKsl1fd33067.sys [?]
S1 MpKsl2cb08668;MpKsl2cb08668;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8a42d9e3-82f3-4e8d-97b4-de9f151d759d}\mpksl2cb08668.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8a42d9e3-82f3-4e8d-97b4-de9f151d759d}\MpKsl2cb08668.sys [?]
S1 MpKslb7151faf;MpKslb7151faf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6b94e92-f98f-451a-a499-0bf39d878a6a}\mpkslb7151faf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6b94e92-f98f-451a-a499-0bf39d878a6a}\MpKslb7151faf.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\roger\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\roger\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\roger\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\roger\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-25 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-11 1684736]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\amustor.sys --> c:\windows\system32\drivers\AmUStor.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-25 136176]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-8-20 1015424]
S3 TOO;TOO;\??\c:\program files\asus\liveupdate\genport.sys --> c:\program files\asus\liveupdate\genport.sys [?]
.
=============== Created Last 30 ================
.
2011-12-19 19:29:43 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3a10e01-6e39-45dd-9a6b-e662c00dd2e0}\MpKsl9cfd394f.sys
2011-12-19 19:29:39 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3a10e01-6e39-45dd-9a6b-e662c00dd2e0}\offreg.dll
2011-12-19 19:29:35 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3a10e01-6e39-45dd-9a6b-e662c00dd2e0}\mpengine.dll
2011-12-19 19:15:11 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-19 19:15:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-19 17:12:29 -------- d-----w- C:\_OTL
2011-12-19 05:43:25 -------- d-sha-r- C:\cmdcons
2011-12-18 23:54:22 98816 ----a-w- c:\windows\sed.exe
2011-12-18 23:54:22 518144 ----a-w- c:\windows\SWREG.exe
2011-12-18 23:54:22 256000 ----a-w- c:\windows\PEV.exe
2011-12-18 23:54:22 208896 ----a-w- c:\windows\MBR.exe
2011-12-18 21:50:09 -------- d-----w- c:\documents and settings\roger\Tracing
2011-12-15 19:01:32 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-12-14 20:46:13 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-12-14 20:46:13 215920 ----a-w- c:\windows\system32\muweb.dll
2011-12-14 20:46:13 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-12-14 17:57:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-14 04:51:09 -------- d--h--w- c:\windows\PIF
2011-12-14 02:46:38 96640 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys
2011-12-14 02:46:38 96640 ----a-w- c:\windows\system32\drivers\b57xp32.sys
2011-12-14 02:19:08 222080 ------w- c:\windows\system32\MpSigStub.exe
.
==================== Find3M ====================
.
2011-12-14 17:25:07 44544 ----a-w- c:\windows\system32\drivers\fips.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-02 20:43:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-02 20:43:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 14:37:18.70 ===============

----------------------------------------------------------------------------------------------------

attach.txt :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/17/2009 12:54:13 PM
System Uptime: 12/19/2011 1:46:52 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1005HA
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1599/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 72 GiB total, 59.479 GiB free.
D: is FIXED (NTFS) - 72 GiB total, 71.933 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP65: 10/2/2011 10:36:10 PM - Software Distribution Service 3.0
RP66: 10/3/2011 1:01:06 AM - Software Distribution Service 3.0
RP67: 11/30/2011 6:44:09 PM - System Checkpoint
RP68: 12/7/2011 5:42:51 PM - System Checkpoint
RP69: 12/8/2011 6:17:13 PM - System Checkpoint
RP70: 12/9/2011 7:20:43 PM - System Checkpoint
RP71: 12/11/2011 1:38:34 PM - Software Distribution Service 3.0
RP72: 12/13/2011 12:34:43 PM - Software Distribution Service 3.0
RP73: 12/13/2011 10:22:59 PM - Software Distribution Service 3.0
RP74: 12/13/2011 10:52:54 PM - Installed Microsoft Fix it 50267
RP75: 12/14/2011 12:02:00 AM - Software Distribution Service 3.0
RP76: 12/14/2011 12:33:43 AM - Software Distribution Service 3.0
RP77: 12/14/2011 9:13:09 AM - Installed Windows Defender
RP78: 12/14/2011 9:31:55 AM - Removed Windows Defender
RP79: 12/14/2011 9:46:38 AM - Installed Windows Defender
RP80: 12/14/2011 10:17:23 AM - Installed Windows Defender
RP81: 12/14/2011 10:28:17 AM - Installed Windows Defender
RP82: 12/14/2011 10:34:01 AM - Removed LiveUpdate.
RP83: 12/14/2011 10:53:11 AM - Removed Windows Defender
RP84: 12/14/2011 11:14:23 AM - Installed Windows Defender
RP85: 12/14/2011 12:33:03 PM - Removed Windows Defender
RP86: 12/14/2011 12:35:36 PM - Installed Windows Defender
RP87: 12/14/2011 12:37:20 PM - Software Distribution Service 3.0
RP88: 12/14/2011 12:54:28 PM - Removed Windows Defender
RP89: 12/14/2011 1:00:45 PM - Software Distribution Service 3.0
RP90: 12/15/2011 1:03:13 PM - System Checkpoint
RP91: 12/15/2011 2:01:02 PM - Software Distribution Service 3.0
RP92: 12/16/2011 2:02:06 PM - Software Distribution Service 3.0
RP93: 12/17/2011 2:02:13 PM - Software Distribution Service 3.0
RP94: 12/18/2011 2:11:48 AM - Software Distribution Service 3.0
RP95: 12/18/2011 11:55:58 AM - Software Distribution Service 3.0
RP96: 12/18/2011 6:20:25 PM - Removed Windows Live Sign-in Assistant
RP97: 12/18/2011 6:20:52 PM - Removed Windows Live Sync
RP98: 12/18/2011 6:22:35 PM - Removed Windows Live Upload Tool
RP99: 12/18/2011 8:12:37 PM - Software Distribution Service 3.0
RP100: 12/19/2011 2:26:34 AM - Software Distribution Service 3.0
RP101: 12/19/2011 9:12:48 AM - Software Distribution Service 3.0
RP102: 12/19/2011 11:41:08 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Asus ACPI Driver
ASUS USB2.0 UVC VGA WebCam
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Compatibility Pack for the 2007 Office system
Data Sync
Eee Docking 1.3.6.0
EeeSplendid
EzMessenger
FontResizer
Google Chrome
Google Update Helper
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Ralink RT2860 Wireless LAN Card
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype web features
Skype™ 4.1
Super Hybrid Engine
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 UVC Camera Device
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
.
==== Event Viewer Messages From Past Week ========
.
12/19/2011 12:57:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsUpIO Fips intelppm MpFilter
12/19/2011 12:12:30 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/19/2011 11:28:25 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error: The dependency service or group failed to start.
12/19/2011 11:28:25 AM, error: Service Control Manager [7001] - The NetBios over Tcpip service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.
12/19/2011 11:28:25 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.
12/19/2011 11:28:25 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.
12/19/2011 11:28:25 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: The dependency service or group failed to start.
12/19/2011 11:28:25 AM, error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
12/19/2011 11:21:01 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
12/19/2011 11:20:49 AM, error: Workstation [5728] - Could not load any transport.
12/19/2011 1:02:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
12/18/2011 8:31:55 PM, error: Service Control Manager [7000] - The TOO service failed to start due to the following error: The system cannot find the file specified.
12/18/2011 8:31:55 PM, error: Service Control Manager [7000] - The DETECT service failed to start due to the following error: The system cannot find the file specified.
12/18/2011 7:28:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsUpIO Fips intelppm MpFilter SASDIFSV SASKUTIL
12/18/2011 7:27:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/18/2011 7:27:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/18/2011 6:22:38 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/18/2011 6:06:19 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
12/18/2011 12:39:08 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
.
==== End Of File ===========================

---------------------------------------------------------------------------------------------

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

Please download Farbar Service Scanner and run it on the computer with the issue.

• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

 

[ArKay99]

With LAN connected :

Farbar Service Scanner
Ran by Roger (administrator) on 19-12-2011 at 21:09:22
Microsoft Windows XP Home Edition Service Pack 3 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline

**** End of log ****

 

[ArKay99]

With WLAN enabled:

Farbar Service Scanner
Ran by Roger (administrator) on 19-12-2011 at 21:16:01
Microsoft Windows XP Home Edition Service Pack 3 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

 

[Broni]

That looks fine.

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
• Report FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Devices
• List Users, Partitions and Memory size

Click Go and post the result.

 

[ArKay99]

MiniToolKit run with LAN enabled:

MiniToolBox by Farbar
Ran by Roger (administrator) on 19-12-2011 at 21:25:58
Microsoft Windows XP Home Edition Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR8132 PCI-E Fast Ethernet Controller = Local Area Connection (Connected)
Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.1.6 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.1.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=192.168.1.2 register=PRIMARY
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : asus-netbook

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter

Physical Address. . . . . . . . . : 00-25-D3-68-67-CC



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller

Physical Address. . . . . . . . . : 90-E6-BA-13-8A-D7

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.6

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.2

Server: UnKnown
Address: 192.168.1.2

Name: google.com
Addresses: 74.125.227.52, 74.125.227.50, 74.125.227.49, 74.125.227.51
74.125.227.48



Pinging google.com [74.125.227.50] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 74.125.227.50:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: UnKnown
Address: 192.168.1.2

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: UnKnown
Address: 192.168.1.2

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 25 d3 68 67 cc ...... Atheros AR9285 Wireless Network Adapter - Packet Scheduler Miniport
0x30002 ...90 e6 ba 13 8a d7 ...... Atheros AR8132 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.6 192.168.1.6 20
192.168.1.6 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.6 192.168.1.6 20
224.0.0.0 240.0.0.0 192.168.1.6 192.168.1.6 20
255.255.255.255 255.255.255.255 192.168.1.6 192.168.1.6 1
255.255.255.255 255.255.255.255 192.168.1.6 3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/19/2011 01:27:02 PM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/19/2011 00:59:34 PM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/19/2011 10:36:57 AM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/19/2011 09:30:16 AM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/19/2011 01:40:53 AM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/19/2011 01:14:37 AM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/19/2011 00:50:21 AM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/18/2011 08:31:56 PM) (Source: Application Error) (User: )
Description: Faulting application liveupdate.exe, version 0.0.0.0, faulting module liveupdate.exe, version 0.0.0.0, fault address 0x00011049.
Processing media-specific event for [liveupdate.exe!ws!]

Error: (12/18/2011 05:34:13 PM) (Source: Windows Live Messenger) (User: )
Description: msnmsgr.exe14.0.8064.206498cf586msnmsgr.exe14.0.8064.206498cf586000093588

Error: (12/18/2011 03:35:02 PM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.7903.0, P3 1.117.1293.0, P4 1.117.1293.0, P5 virtool_win32_obfuscator.tt, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.


System errors:
=============
Error: (12/19/2011 06:00:52 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/19/2011 01:47:24 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/19/2011 01:36:17 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/19/2011 01:35:32 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/19/2011 01:26:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AsUpIO
Fips
intelppm
MpFilter

Error: (12/19/2011 01:25:08 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/19/2011 01:24:51 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/19/2011 01:18:33 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/19/2011 01:17:25 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (12/19/2011 01:06:10 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.


Microsoft Office Sessions:
=========================

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 1015.17 MB
Available physical RAM: 574.37 MB
Total Pagefile: 2441.72 MB
Available Pagefile: 2075.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.5 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:72.06 GB) (Free:59.49 GB) NTFS
2 Drive d: () (Fixed) (Total:72.05 GB) (Free:71.93 GB) NTFS

========================= Users: ========================================

User accounts for \\ASUS-NETBOOK

Administrator ASPNET Guest
HelpAssistant Roger SUPPORT_388945a0


**** End of log ****

 

[Broni]

I can see couple of things....

Go Start>Run, type in:
services.msc
Click OK.

1. Find "Netlogon" service, make sure its "Startup type" is set to "Disabled".
Let me know what you had there.

2. Find "DHCP Client" service, make sure its "Startup type" is set to "Automatic".
Let me know what you had there.

If you had to make any changes restart computer.

 

[ArKay99]

1: Net Logon was Automatic, now set to Disabled

2: DHCP Client was Automatic, left as is.

Rebooted.

 

[Broni]

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:

Make sure "DNS" tab looks like this:

Make sure "WINS" tab looks like this:

8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.

Let me know if any changes were needed.

If you changed anything restart computer.

 

[ArKay99]

I had my LAN addy set to a static IP 192.168.1.6, subnet mask was 255.255.255.0, and default gateway was set to 192.168.1.1. I set the IP address properties as you illustrated. The LAN is now on DHCP and the DNS is also. The DNS and WIN tabs were confirmed to be set the way your pic showed.

Internet Connections->Connections->LAN settings did not have Automatically detect settings checked (for static ip), it is now checked. No other box is checked on that page.

Ok'd out.

restarted computer

 

[Broni]

Any positive changes?

 

[ArKay99]

still no joy. What is interesting is that if I ping 192.168.1.1 with th LAN connection it times out, but I can ping the other computers. Since my router is at 192.168.1.1 I assume that is why I have no internet. I can ping my router from all the other computers in my network.

 

[Broni]

Re-run MiniToolbox...

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
• Report FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Users, Partitions and Memory size

Click Go and post the result.

 

[ArKay99]

MiniToolBox by Farbar
Ran by Roger (administrator) on 20-12-2011 at 00:48:53
Microsoft Windows XP Home Edition Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR8132 PCI-E Fast Ethernet Controller = Local Area Connection (Connected)
Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : asus-netbook

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : tech.futuretek.org



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : tech.futuretek.org

Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller

Physical Address. . . . . . . . . : 90-E6-BA-13-8A-D7

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.11

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.2

DNS Servers . . . . . . . . . . . : 192.168.1.2

Primary WINS Server . . . . . . . : 192.168.1.2

Lease Obtained. . . . . . . . . . : Tuesday, December 20, 2011 12:29:41 AM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter

Physical Address. . . . . . . . . : 00-25-D3-68-67-CC

Server: UnKnown
Address: 192.168.1.2

Name: google.com.futuretek.org
Address: 208.91.197.77



Pinging google.com [74.125.227.50] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 74.125.227.50:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: UnKnown
Address: 192.168.1.2

Name: yahoo.com.futuretek.org
Address: 208.91.197.77



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: UnKnown
Address: 192.168.1.2

Name: bleepingcomputer.com.futuretek.org
Address: 208.91.197.77



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...90 e6 ba 13 8a d7 ...... Atheros AR8132 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
0x3 ...00 25 d3 68 67 cc ...... Atheros AR9285 Wireless Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.11 192.168.1.11 20
192.168.1.11 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.11 192.168.1.11 20
224.0.0.0 240.0.0.0 192.168.1.11 192.168.1.11 20
255.255.255.255 255.255.255.255 192.168.1.11 192.168.1.11 1
255.255.255.255 255.255.255.255 192.168.1.11 3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/19/2011 01:27:02 PM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/19/2011 00:59:34 PM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/19/2011 10:36:57 AM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/19/2011 09:30:16 AM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/19/2011 01:40:53 AM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/19/2011 01:14:37 AM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/19/2011 00:50:21 AM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/18/2011 08:31:56 PM) (Source: Application Error) (User: )
Description: Faulting application liveupdate.exe, version 0.0.0.0, faulting module liveupdate.exe, version 0.0.0.0, fault address 0x00011049.
Processing media-specific event for [liveupdate.exe!ws!]

Error: (12/18/2011 05:34:13 PM) (Source: Windows Live Messenger) (User: )
Description: msnmsgr.exe14.0.8064.206498cf586msnmsgr.exe14.0.8064.206498cf586000093588

Error: (12/18/2011 03:35:02 PM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.7903.0, P3 1.117.1293.0, P4 1.117.1293.0, P5 virtool_win32_obfuscator.tt, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.


System errors:
=============
Error: (12/19/2011 06:00:52 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/19/2011 01:47:24 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/19/2011 01:36:17 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/19/2011 01:35:32 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/19/2011 01:26:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AsUpIO
Fips
intelppm
MpFilter

Error: (12/19/2011 01:25:08 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/19/2011 01:24:51 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/19/2011 01:18:33 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/19/2011 01:17:25 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (12/19/2011 01:06:10 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 1015.17 MB
Available physical RAM: 637.17 MB
Total Pagefile: 2441.72 MB
Available Pagefile: 2147.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.44 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:72.06 GB) (Free:59.49 GB) NTFS
2 Drive d: () (Fixed) (Total:72.05 GB) (Free:71.93 GB) NTFS

========================= Users: ========================================

User accounts for \\ASUS-NETBOOK

Administrator ASPNET Guest
HelpAssistant Roger SUPPORT_388945a0

**** End of log ****

A possible point of note...
If I open my router and look at the DHCP Client List it is showing me an IP address of 192.168.1.12 for MAC Address 00:253:68:67:CC, but I the netbook reports it's 192.168.1.10. This is for the Wireless card, but it works. The LAN card shows an address of 192.168.1.11 on the netbook and doesn't show up on the router. I have the router range set from 192.168.1.10 to 192.168.1.14 . I also have a wireless printer that comes up as 192.168.1.11 in the router. I can't tell what it is from it's panel though.

 

[Broni]

At this points all settings look fine.

Please tell me more about your settings, especially what exactly you mean by LAN and WLAN.

 

[ArKay99]

Hi Broni. Yes I agree, all settings look fine. What I mean by LAN and WLAN is LAN is wired ethernet and WLAN is wireless ethernet. So, I can reach my router which is at IP 192.168.1.1 with the wireless adapter in the netbook using ping, and all internet is fine, however with the wired adapter, ping times out on 192.168.1.1. However the wired adapter CAN ping all my other machines in the network. They are all set to static IP's. Domain controller is set to 192.168.1.2, workstation 1 is set to 192.168.1.3, workstation 2 is at 192.168.1.4, I have a Mac Pro set up for Music production only set at 192.168.1.5. I used to have the wired adapter in the netbook set to 192.168.1.6, now it's running on DHCP (range is 192.168.1.10 - 192.168.1.20) ipconfig reveals the wireless adapter is set to 192.168.1.10 and the wired adapter is set to 192.168.1.11. Finally I have a printer/fax/copier running wireless but set to 192.168.1.8. All metrics on all machines are set to automatic except for the domain controller which is set to 2, and the router metric is set to 1.

Everything is working perfectly everywhere except for the darned wired card in the netbook. I'm wondering if a re-install of the TCP/IP stack and/or a driver re-install is in order. However, Farbar shows the MD5's of the drivers and TCP/IP stack are correct. I'm wondering if the hardware has a fault. This is the most vexxing problem I've dealt with.

I primarily use the netbook for Skyping with collaborators around the world, and the wireless works ok. I'd like to use the wired connection because the wireless can only 'go 54mbps as opposied to 100mbps.

 

[Broni]

I'm thinking it may be something wrong with wired port/adapter (I'm not a hardware person and I'm not sure how that part is actually build in).
Another thought would be reinstalling wired adapter driver (not Windows file but a real driver downloaded from Asus site).
Try that first.

Then....

Let's run couple more scans....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[ArKay99]

Hi Broni. Back at it...

Installed LAN driver from ASUS.

A possible point of note. When I ran aswMBR it had 2 items that weren't in the graphic in your post. 1 was a checkbox that was checked labeled something like "Monitor disk IO" , and under that was a dropdown with some options, Quick Scan, C:\, [...], and none. I chose C:\ and left the checkbox checked.

ComboFix ran ok, but at about stage 2 or 3 a box came up stating that a program pev.com (I believe) had ended and asked if I wanted to send the report to Microsoft. I just closed it and let ComboFix continue. when it got to the end of the scan, the computer rebooted and ComboFix was up running in it's window and then prepared it's report. I hope that's the way it's supposed to run, however, I'm giving you that info in case it's not. Here are the scans...

aswMBR.log:

aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 14:02:04
-----------------------------
14:02:04.343 OS Version: Windows 5.1.2600 Service Pack 3
14:02:04.343 Number of processors: 2 586 0x1C02
14:02:04.343 ComputerName: ASUS-NETBOOK UserName: Roger
14:02:05.109 Initialize success
14:02:14.781 AVAST engine defs: 11122101
14:03:05.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:03:05.375 Disk 0 Vendor: ST916031 0002 Size: 152627MB BusType: 3
14:03:05.421 Disk 0 MBR read successfully
14:03:05.421 Disk 0 MBR scan
14:03:05.484 Disk 0 Windows XP default MBR code
14:03:05.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 73790 MB offset 63
14:03:05.531 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 73782 MB offset 151123455
14:03:05.578 Disk 0 Partition 3 00 1C Hidd FAT32 LBA MSDOS5.0 5004 MB offset 302230845
14:03:05.609 Disk 0 Partition 4 00 EF EFI FAT A1311 47 MB offset 312480315
14:03:05.640 Disk 0 scanning sectors +312576705
14:03:05.828 Disk 0 scanning C:\WINDOWS\system32\drivers
14:03:39.562 Service scanning
14:03:39.890 Service MpKsl5a36a657 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE15A894-57CF-43C2-8943-0539F920CE9F}\MpKsl5a36a657.sys **LOCKED** 32
14:03:40.546 Modules scanning
14:04:28.265 Disk 0 trace - called modules:
14:04:28.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
14:04:28.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8656c030]
14:04:28.375 3 CLASSPNP.SYS[f75c8fd7] -> nt!IofCallDriver -> \Device\0000005f[0x8653d890]
14:04:28.406 5 ACPI.sys[f745f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86554028]
14:04:28.906 AVAST engine scan C:\
15:13:09.281 Scan finished successfully
15:14:12.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Roger\Desktop\MBR.dat"
15:14:12.593 The log file has been saved successfully to "C:\Documents and Settings\Roger\Desktop\aswMBR.txt"

---------------------------------------------------------------------------------------------------

ComboFix 11-12-21.02 - Roger 12/21/2011 15:58:28.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.652 [GMT -5:00]
Running from: c:\documents and settings\Roger\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-21 21:05 . 2011-12-21 21:05 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE15A894-57CF-43C2-8943-0539F920CE9F}\offreg.dll
2011-12-21 15:08 . 2011-12-21 15:09 -------- d-----w- c:\documents and settings\Roger\Application Data\Download Manager
2011-12-21 14:45 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE15A894-57CF-43C2-8943-0539F920CE9F}\mpengine.dll
2011-12-20 02:20 . 2011-12-20 05:48 -------- d-----w- c:\program files\MiniToolBox
2011-12-20 02:06 . 2011-12-20 02:16 -------- d-----w- c:\program files\FarBar
2011-12-19 19:15 . 2011-12-19 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-19 19:15 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-19 17:12 . 2011-12-19 17:12 -------- d-----w- C:\_OTL
2011-12-18 21:50 . 2011-12-18 23:06 -------- d-----w- c:\documents and settings\Roger\Tracing
2011-12-15 19:01 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-14 20:46 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-12-14 20:46 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-12-14 17:57 . 2011-12-14 17:57 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-14 14:58 . 2011-12-19 00:28 -------- d-----w- c:\documents and settings\Administrator
2011-12-14 04:51 . 2011-12-14 04:51 -------- d--h--w- c:\windows\PIF
2011-12-14 02:46 . 2001-08-17 17:11 96640 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys
2011-12-14 02:46 . 2001-08-17 17:11 96640 ----a-w- c:\windows\system32\drivers\b57xp32.sys
2011-12-14 02:19 . 2011-11-15 19:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-30 20:07 . 2011-12-19 03:45 -------- d-----w- c:\documents and settings\Roger\Application Data\skypePM
2011-11-30 19:30 . 2011-12-19 03:47 -------- d-----w- c:\documents and settings\Roger\Application Data\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 01:46 . 2011-12-19 01:46 398762 ----a-w- c:\windows\1005HA-ASUS-1401.zip
2011-12-14 17:25 . 2009-08-11 13:03 44544 ----a-w- c:\windows\system32\drivers\fips.sys
2011-11-23 13:25 . 2009-08-11 13:03 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2009-08-11 13:03 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2009-08-11 13:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2009-08-11 13:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-08-11 13:03 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2009-08-11 13:03 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2009-08-11 13:03 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2009-08-11 13:03 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-08-11 13:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-02 20:43 . 2011-09-25 17:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-02 20:43 . 2011-09-25 17:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-28 07:06 . 2009-08-11 13:03 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2009-08-11 13:03 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2009-08-11 13:03 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-19_06.03.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-21 21:04 . 2011-12-21 21:04 16384 c:\windows\temp\Perflib_Perfdata_e18.dat
+ 2009-08-11 13:03 . 2011-12-21 20:55 73730 c:\windows\system32\perfc009.dat
+ 2009-04-28 01:59 . 2009-03-03 02:03 38912 c:\windows\system32\drivers\l1c51x86.sys
- 2009-04-28 01:59 . 2009-03-02 05:03 38912 c:\windows\system32\drivers\l1c51x86.sys
- 2009-08-11 19:01 . 2007-06-20 12:14 75776 c:\windows\system32\Atheros_L1e\DriUpdate32.exe
+ 2009-08-11 19:01 . 2007-06-21 09:14 75776 c:\windows\system32\Atheros_L1e\DriUpdate32.exe
- 2011-12-18 17:06 . 2011-12-18 17:06 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-12-20 06:53 . 2011-12-20 06:53 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-08-11 19:59 . 2011-12-20 06:53 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-08-11 19:59 . 2011-12-18 17:04 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-08-11 19:59 . 2011-12-18 17:04 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-08-11 19:59 . 2011-12-20 06:53 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-11 19:59 . 2011-12-18 17:04 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-08-11 19:59 . 2011-12-20 06:53 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-12-20 06:53 . 2011-12-20 06:53 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-12-18 17:05 . 2011-12-18 17:05 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-10-25 13:18 . 2008-10-25 13:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 13:18 . 2008-10-25 13:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2006-10-27 05:58 . 2006-10-27 05:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2009-08-11 13:03 . 2011-12-21 20:55 444644 c:\windows\system32\perfh009.dat
+ 2010-08-04 20:13 . 2010-08-04 20:13 686080 c:\windows\Installer\5b2032.msp
+ 2009-05-26 23:53 . 2009-05-26 23:53 579072 c:\windows\Installer\5b1f8e.msp
+ 2010-07-23 06:03 . 2010-07-23 06:03 338432 c:\windows\Installer\5b1f4e.msp
- 2009-08-11 19:59 . 2011-12-18 17:04 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-08-11 19:59 . 2011-12-20 06:53 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-08-11 19:59 . 2011-12-20 06:53 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-08-11 19:59 . 2011-12-18 17:04 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-08-11 19:59 . 2011-12-18 17:04 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-08-11 19:59 . 2011-12-20 06:53 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-08-11 19:59 . 2011-12-20 06:53 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-08-11 19:59 . 2011-12-18 17:04 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-04-03 23:11 . 2009-04-03 23:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WINWORD.EXE
+ 2011-12-18 17:02 . 2011-12-18 17:02 350064 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PPTPIA.DLL
+ 2009-04-03 23:04 . 2009-04-03 23:04 521064 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\POWERPNT.EXE
+ 2008-10-25 12:52 . 2008-10-25 12:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 12:52 . 2008-10-25 12:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2008-11-04 09:13 . 2008-11-04 09:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSCONV97.DLL
+ 2010-06-08 22:44 . 2010-06-08 22:44 705984 c:\windows\Downloaded Program Files\Manager.exe
+ 2011-12-20 06:52 . 2011-12-20 06:52 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-08-18 04:33 . 2009-08-18 04:33 1193832 c:\windows\system32\FM20.DLL
+ 2011-11-01 18:34 . 2011-11-01 18:34 1552384 c:\windows\Installer\5b20d1.msp
+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\5b20b4.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 4250112 c:\windows\Installer\5b20ab.msp
+ 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\5b2083.msp
+ 2010-02-21 06:03 . 2010-02-21 06:03 4472832 c:\windows\Installer\5b207a.msp
+ 2010-08-13 23:02 . 2010-08-13 23:02 2545664 c:\windows\Installer\5b2053.msp
+ 2011-08-10 22:42 . 2011-08-10 22:42 7070208 c:\windows\Installer\5b203b.msp
+ 2010-08-13 23:00 . 2010-08-13 23:00 9404928 c:\windows\Installer\5b2020.msp
+ 2009-08-05 12:49 . 2009-08-05 12:49 3457024 c:\windows\Installer\5b200c.msp
+ 2010-03-24 23:54 . 2010-03-24 23:54 2516992 c:\windows\Installer\5b1ff8.msp
+ 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\5b1fd2.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2247168 c:\windows\Installer\5b1fc4.msp
+ 2011-11-11 21:14 . 2011-11-11 21:14 9096192 c:\windows\Installer\5b1fb2.msp
+ 2009-10-16 12:08 . 2009-10-16 12:08 2237952 c:\windows\Installer\5b1fa0.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\5b1f69.msp
+ 2009-08-18 18:08 . 2009-08-18 18:08 1373696 c:\windows\Installer\5b1f60.msp
+ 2011-11-11 21:15 . 2011-11-11 21:15 1795584 c:\windows\Installer\5b1f3c.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\5b1f16.msp
+ 2011-11-11 21:16 . 2011-11-11 21:16 8458240 c:\windows\Installer\5b1efe.msp
- 2009-08-11 19:59 . 2011-12-18 17:04 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-08-11 19:59 . 2011-12-20 06:53 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-21 08:12 . 2008-11-21 08:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VVIEWER.DLL
+ 2008-10-25 14:35 . 2008-10-25 14:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL
+ 2008-08-26 03:50 . 2008-08-26 03:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2008-11-10 07:41 . 2008-11-10 07:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PPTVIEW.EXE
+ 2009-04-03 23:04 . 2009-04-03 23:04 8468840 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PPCORE.DLL
+ 2009-03-06 09:00 . 2009-03-06 09:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 15:49 . 2008-11-10 15:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-25 03:16 . 2008-11-25 03:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2009-03-06 09:26 . 2009-03-06 09:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2009-04-03 02:44 . 2009-04-03 02:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\GRAPH.EXE
+ 2008-11-21 04:06 . 2008-11-21 04:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\FM20.DLL
+ 2009-04-03 22:57 . 2009-04-03 22:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2009-04-02 19:35 . 2009-04-02 19:35 1787216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PPCNV.DLL
+ 2009-02-05 16:36 . 2009-02-05 16:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OGL.DLL
+ 2009-04-03 23:21 . 2009-04-03 23:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2009-04-03 23:21 . 2009-04-03 23:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6425\OART.DLL
+ 2009-04-03 23:11 . 2009-04-03 23:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2009-04-03 23:11 . 2009-04-03 23:11 18330984 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\EXCEL.EXE
+ 2009-04-03 23:01 . 2009-04-03 23:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-03 23:46 . 2009-04-03 23:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\MSO.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-11 376832]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-10-02 20:43 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\PaltalkTest\\paltalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [9/15/2010 6:31 AM 11448]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/27/2009 8:59 PM 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/28/2009 12:47 AM 39040]
S1 MpKsl1fd33067;MpKsl1fd33067;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20620984-178D-4180-98BB-90FDB89C1F61}\MpKsl1fd33067.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20620984-178D-4180-98BB-90FDB89C1F61}\MpKsl1fd33067.sys [?]
S1 MpKsl2cb08668;MpKsl2cb08668;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A42D9E3-82F3-4E8D-97B4-DE9F151D759D}\MpKsl2cb08668.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A42D9E3-82F3-4E8D-97B4-DE9F151D759D}\MpKsl2cb08668.sys [?]
S1 MpKslb7151faf;MpKslb7151faf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6B94E92-F98F-451A-A499-0BF39D878A6A}\MpKslb7151faf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6B94E92-F98F-451A-A499-0BF39D878A6A}\MpKslb7151faf.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Roger\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Roger\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Roger\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Roger\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/25/2011 12:41 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/11/2009 2:00 PM 1684736]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS --> c:\windows\system32\drivers\AmUStor.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/25/2011 12:41 PM 136176]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [8/20/2009 7:24 AM 1015424]
S3 TOO;TOO;\??\c:\program files\ASUS\LiveUpdate\genport.sys --> c:\program files\ASUS\LiveUpdate\genport.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-25 17:41]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-25 17:41]
.
2011-12-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2011-12-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3178314362-3638122774-3651420168-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2011-12-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3178314362-3638122774-3651420168-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-21 16:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3178314362-3638122774-3651420168-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Completion time: 2011-12-21 16:08:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-21 21:08
ComboFix2.txt 2011-12-19 18:39
ComboFix3.txt 2011-12-19 18:09
ComboFix4.txt 2011-12-19 15:45
ComboFix5.txt 2011-12-21 20:57
.
Pre-Run: 63,396,732,928 bytes free
Post-Run: 63,445,798,912 bytes free
.
- - End Of File - - B736F8484E788E22A882FAEEE784057E

 

[Broni]

Not much there.

At this point....

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

 

[ArKay99]

Agreed. Thank you so much for your help.

 

[Broni]

You're very welcome