Jump to content


Photo

XP Home Security 2012 help.


  • This topic is locked This topic is locked
24 replies to this topic

#1 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 12 January 2012 - 11:32 AM

Had this rootkit and ran combo fix, but still having some issues...not able to get on the internet...wireless has limited or no connectivity..i can do a static ip on the wireless but still no internet.
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
user :: COMPANY-875B908 [administrator]

1/12/2012 9:53:08 AM
mbam-log-2012-01-12 (10-30-59).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225877
Time elapsed: 37 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{1C00DC23-4121-46C2-B0C5-6CEC8BD7748A}\RP462\A0022531.exe (Trojan.FakeAlert) -> No action taken.

(end)

I did remove the Trojan.fakealert with MWB and it then rebooted.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 9:56:48 on 2012-01-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.481 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
R1 MpKsla39a28f5;MpKsla39a28f5;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6ab3b4f-e190-4a37-9766-7ca958038d18}\MpKsla39a28f5.sys [2012-1-12 29904]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-5-14 88192]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-26 40776]
S1 MpKsl9bb61155;MpKsl9bb61155;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b910663-e638-4dee-83c2-21e4bacc1a31}\mpksl9bb61155.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b910663-e638-4dee-83c2-21e4bacc1a31}\MpKsl9bb61155.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-20 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-8-13 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-20 135664]
.
=============== Created Last 30 ================
.
2012-01-12 15:34:54 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6ab3b4f-e190-4a37-9766-7ca958038d18}\MpKsla39a28f5.sys
2012-01-12 15:34:48 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6ab3b4f-e190-4a37-9766-7ca958038d18}\offreg.dll
2012-01-12 15:34:42 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6ab3b4f-e190-4a37-9766-7ca958038d18}\mpengine.dll
2012-01-12 14:26:13 98816 ----a-w- c:\windows\sed.exe
2012-01-12 14:26:13 518144 ----a-w- c:\windows\SWREG.exe
2012-01-12 14:26:13 256000 ----a-w- c:\windows\PEV.exe
2012-01-12 14:26:13 208896 ----a-w- c:\windows\MBR.exe
2011-12-19 00:06:08 -------- d-----w- c:\windows\system32\LogFiles
.
==================== Find3M ====================
.
2012-01-12 15:52:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 9:57:00.75 ===============

Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Microsoft Security Essentials
Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Java version out of date!
Adobe Flash Player 10.3.181.34 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbam.exe
Microsoft Security Essentials msseces.exe
dds.scr
SecurityCheck.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 13 January 2012 - 12:39 AM

Hello joelw23.

Please do these important security updates:
Update Adobe Reader (uncheck the option box for McAfee scan)
Update Adobe Flash Player
Updating Java:
  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.
Enable Microsoft Security Essentials and update it.

I believe MBAM has taken care of the rogue FakeAlert.

But since it appears that you ran ComboFix at some point, download and run a new copy.
Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 13 January 2012 - 01:54 AM

Sorry, I completely overlooked your saying that you had no internet connection.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check "Include All Files" option.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log into another reply, after the ComboFix log.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#4 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 13 January 2012 - 09:36 AM

Sorry, I completely overlooked your saying that you had no internet connection.

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Check "Include All Files" option.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log into another reply, after the ComboFix log.


There was no "include all files" option for FSS, so i just checked all of the boxes and clicked scan....also, the wifi internet connection worked fine before I ran combofix and malwarebytes....

ComboFix 12-01-12.02 - user 01/13/2012 8:19.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.657 [GMT -6:00]
Running from: f:\virus software\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-12 18:00 . 2012-01-12 18:00 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7C2266F-868D-4B36-8220-B3481F78AA0D}\MpKsl91ee56e2.sys
2012-01-12 17:59 . 2012-01-12 17:59 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7C2266F-868D-4B36-8220-B3481F78AA0D}\offreg.dll
2012-01-12 17:34 . 2012-01-12 17:34 -------- d-----w- c:\documents and settings\Administrator.COMPANY-875B908\DoctorWeb
2012-01-12 17:24 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7C2266F-868D-4B36-8220-B3481F78AA0D}\mpengine.dll
2012-01-12 17:18 . 2010-10-07 12:11 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2012-01-12 17:18 . 2010-02-25 00:39 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2012-01-12 17:18 . 2010-02-25 00:37 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2011-12-19 00:06 . 2011-12-19 00:06 -------- d-----w- c:\windows\system32\LogFiles
2011-12-18 23:22 . 2011-12-18 23:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2011-06-26 23:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2008-04-14 17:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2010-05-21 22:52 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 19:20 . 2008-04-14 17:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 17:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-14 17:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-14 17:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 17:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 17:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 17:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 17:00 186880 ----a-w- c:\windows\system32\encdec.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-12_14.49.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-12 17:59 . 2012-01-12 17:59 16384 c:\windows\Temp\Perflib_Perfdata_24c.dat
+ 2008-04-14 17:00 . 2012-01-12 18:03 41238 c:\windows\system32\perfc009.dat
- 2008-04-14 17:00 . 2012-01-12 14:41 41238 c:\windows\system32\perfc009.dat
+ 2012-01-12 17:19 . 2007-08-27 17:12 745472 c:\windows\system32\ReinstallBackups\0011\DriverFiles\NETw4c32.dll
+ 2008-04-14 17:00 . 2012-01-12 18:03 315076 c:\windows\system32\perfh009.dat
- 2008-04-14 17:00 . 2012-01-12 14:41 315076 c:\windows\system32\perfh009.dat
+ 2012-01-12 17:19 . 2010-05-19 05:29 684032 c:\windows\system32\DRVSTORE\netwnx32_5FF92BC28A46A6879973B2E4D95DED1E9DEC95BE\NETwNc32.dll
+ 2012-01-12 17:18 . 2010-02-25 00:39 675840 c:\windows\system32\DRVSTORE\netwlx32_2BE482C52CE0CF8A56BFD3ACF4CED8D99910A62A\NETwLc32.dll
+ 2012-01-12 17:19 . 2007-10-31 17:23 2236544 c:\windows\system32\ReinstallBackups\0011\DriverFiles\NETw4x32.sys
+ 2012-01-12 17:19 . 2007-08-27 17:12 2777088 c:\windows\system32\ReinstallBackups\0011\DriverFiles\NETw4r32.dll
+ 2012-01-12 17:19 . 2011-08-04 00:15 7473152 c:\windows\system32\DRVSTORE\netwnx32_5FF92BC28A46A6879973B2E4D95DED1E9DEC95BE\NETwNx32.sys
+ 2012-01-12 17:19 . 2010-05-19 05:31 2760704 c:\windows\system32\DRVSTORE\netwnx32_5FF92BC28A46A6879973B2E4D95DED1E9DEC95BE\NETwNr32.dll
+ 2012-01-12 17:18 . 2010-10-07 12:11 6609920 c:\windows\system32\DRVSTORE\netwlx32_2BE482C52CE0CF8A56BFD3ACF4CED8D99910A62A\NETwLx32.sys
+ 2012-01-12 17:18 . 2010-02-25 00:37 2756608 c:\windows\system32\DRVSTORE\netwlx32_2BE482C52CE0CF8A56BFD3ACF4CED8D99910A62A\NETwLr32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-08-05 211296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 MpKsl91ee56e2;MpKsl91ee56e2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7C2266F-868D-4B36-8220-B3481F78AA0D}\MpKsl91ee56e2.sys [1/12/2012 12:00 PM 29904]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/14/2010 3:02 PM 88192]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [1/12/2012 11:18 AM 6609920]
S1 MpKsl9bb61155;MpKsl9bb61155;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B910663-E638-4DEE-83C2-21E4BACC1A31}\MpKsl9bb61155.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B910663-E638-4DEE-83C2-21E4BACC1A31}\MpKsl9bb61155.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 3:32 PM 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [8/13/2011 8:00 AM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 3:32 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL91EE56E2
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 21:32]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-13 08:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(1288)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-01-13 08:26:16
ComboFix-quarantined-files.txt 2012-01-13 14:26
.
Pre-Run: 43,404,361,728 bytes free
Post-Run: 43,393,904,640 bytes free
.
- - End Of File - - 0B5A8D9B70EA9C6463B4E5FA6E80324E
Farbar Service Scanner
Ran by user (administrator) on 13-01-2012 at 08:34:18
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2008-04-14 11:00] - [2011-08-17 07:49] - 0138496 ____A () 18E83C3FFECDEEDA041D1F4E96072AC9

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#5 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 13 January 2012 - 01:46 PM

Please download SystemLook from one of the links below and save it to your Desktop on the affected PC.
http://jpshortstuff..../SystemLook.exe
http://images.malwar.../SystemLook.exe
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
Afd.sys
NETwNc32.dll
NETwLc32.dll
NETw4x32.sys
NETw4r32.dll
NETwNx32.sys
NETwNr32.dll
NETwLx32.sys
NETwLr32.dll

:reg
HKLM\SYSTEM\CurrentControlSet\Services\AFD /s
HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD /s

Click the 'Look' button to start the scan and wait for a few minutes until the "Look" button reappears.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#6 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 13 January 2012 - 03:53 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 14:52 on 13/01/2012 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "Afd.sys"
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys --a---- 138496 bytes [23:54 15/06/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a---- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099
C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys --a---- 138496 bytes [12:25 12/10/2011] [13:41 17/08/2011] F6B7B1ECD7B41736BDB6FF4B092BCB79
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys --a---- 138496 bytes [11:48 20/06/2008] [11:48 20/06/2008] D6EE6014241D034E63C49A50CB2B442A
C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys --a---- 138496 bytes [00:03 23/05/2010] [10:34 14/08/2008] 4D43E74F2A1239D53929B82600F1971C
C:\WINDOWS\$NtUninstallKB2503665$\afd.sys -----c- 138496 bytes [11:14 16/06/2011] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 138496 bytes [11:13 14/04/2011] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7
C:\WINDOWS\$NtUninstallKB2592799$\afd.sys -----c- 138496 bytes [08:54 13/10/2011] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89
C:\WINDOWS\$NtUninstallKB951748$\afd.sys -----c- 138112 bytes [19:04 23/05/2010] [17:00 14/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\$NtUninstallKB956803$\afd.sys -----c- 138496 bytes [19:16 23/05/2010] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C
C:\WINDOWS\system32\dllcache\afd.sys -----c- 138496 bytes [17:00 14/04/2008] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\system32\drivers\afd.sys --a---- 138496 bytes [17:00 14/04/2008] [13:49 17/08/2011] 18E83C3FFECDEEDA041D1F4E96072AC9

Searching for "NETwNc32.dll"
C:\WINDOWS\system32\DRVSTORE\netwnx32_5FF92BC28A46A6879973B2E4D95DED1E9DEC95BE\NETwNc32.dll --a--c- 684032 bytes [17:19 12/01/2012] [05:29 19/05/2010] 96711A626F5158F82001723A9CFAAA16

Searching for "NETwLc32.dll"
C:\WINDOWS\system32\NETwLc32.dll --a---- 675840 bytes [17:18 12/01/2012] [00:39 25/02/2010] E58BC74AB6ADA05E1F3C9D0E58C89A7C
C:\WINDOWS\system32\DRVSTORE\netwlx32_2BE482C52CE0CF8A56BFD3ACF4CED8D99910A62A\NETwLc32.dll --a--c- 675840 bytes [17:18 12/01/2012] [00:39 25/02/2010] E58BC74AB6ADA05E1F3C9D0E58C89A7C

Searching for "NETw4x32.sys"
C:\swsetup\sp38054a\NETw4x32.sys --a---- 2236544 bytes [17:23 31/10/2007] [17:23 31/10/2007] 9EB7001200BC53DAD5BC531F0E58970E
C:\WINDOWS\system32\drivers\NETw4x32.sys --a---- 2236544 bytes [21:07 14/05/2010] [17:23 31/10/2007] 9EB7001200BC53DAD5BC531F0E58970E
C:\WINDOWS\system32\DRVSTORE\netw4x32_1426DDAE534189C5695BC55B590E3CC4806CB8B9\NETw4x32.sys --a--c- 2236544 bytes [21:07 14/05/2010] [17:23 31/10/2007] 9EB7001200BC53DAD5BC531F0E58970E
C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\NETw4x32.sys --a---- 2236544 bytes [17:19 12/01/2012] [17:23 31/10/2007] 9EB7001200BC53DAD5BC531F0E58970E

Searching for "NETw4r32.dll"
C:\swsetup\sp38054a\NETw4r32.DLL --a---- 2777088 bytes [17:12 27/08/2007] [17:12 27/08/2007] 301974DE3041E71587C64AC508719524
C:\WINDOWS\system32\NETw4r32.dll --a---- 2777088 bytes [21:07 14/05/2010] [17:12 27/08/2007] 301974DE3041E71587C64AC508719524
C:\WINDOWS\system32\DRVSTORE\netw4k32_70706BAD021A7D0154D893C52ECB78751941977B\NETw4r32.dll --a--c- 2777088 bytes [21:07 14/05/2010] [17:12 27/08/2007] 301974DE3041E71587C64AC508719524
C:\WINDOWS\system32\DRVSTORE\netw4x32_1426DDAE534189C5695BC55B590E3CC4806CB8B9\NETw4r32.dll --a--c- 2777088 bytes [21:07 14/05/2010] [17:12 27/08/2007] 301974DE3041E71587C64AC508719524
C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\NETw4r32.dll --a---- 2777088 bytes [17:19 12/01/2012] [17:12 27/08/2007] 301974DE3041E71587C64AC508719524

Searching for "NETwNx32.sys"
C:\WINDOWS\system32\DRVSTORE\netwnx32_5FF92BC28A46A6879973B2E4D95DED1E9DEC95BE\NETwNx32.sys --a--c- 7473152 bytes [17:19 12/01/2012] [00:15 04/08/2011] EE7D38C283A641BC6F53C498CE556E4C

Searching for "NETwNr32.dll"
C:\WINDOWS\system32\DRVSTORE\netwnx32_5FF92BC28A46A6879973B2E4D95DED1E9DEC95BE\NETwNr32.dll --a--c- 2760704 bytes [17:19 12/01/2012] [05:31 19/05/2010] 0A179DC2AF55FFDA31C0A55A8A6F40F9

Searching for "NETwLx32.sys"
C:\WINDOWS\system32\drivers\NETwLx32.sys --a---- 6609920 bytes [17:18 12/01/2012] [12:11 07/10/2010] 72062B53186E4A3F5FCBC41EBB62B905
C:\WINDOWS\system32\DRVSTORE\netwlx32_2BE482C52CE0CF8A56BFD3ACF4CED8D99910A62A\NETwLx32.sys --a--c- 6609920 bytes [17:18 12/01/2012] [12:11 07/10/2010] 72062B53186E4A3F5FCBC41EBB62B905

Searching for "NETwLr32.dll"
C:\WINDOWS\system32\NETwLr32.dll --a---- 2756608 bytes [17:18 12/01/2012] [00:37 25/02/2010] C1BA7954FF5F2C0287FBC78150E4FDC3
C:\WINDOWS\system32\DRVSTORE\netwlx32_2BE482C52CE0CF8A56BFD3ACF4CED8D99910A62A\NETwLr32.dll --a--c- 2756608 bytes [17:18 12/01/2012] [00:37 25/02/2010] C1BA7954FF5F2C0287FBC78150E4FDC3

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]
"DisplayName"="AFD"
"Description"="AFD Networking Support Environment"
"Group"="TDI"
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)
"ErrorControl"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Security]
"Security"=01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Enum]
"0"="Root\LEGACY_AFD\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD]
"NextInstance"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD\0000]
"Service"="AFD"
"Legacy"= 0x0000000001 (1)
"ConfigFlags"= 0x0000000020 (32)
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AFD"
"Capabilities"= 0x0000000000 (0)
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD\0000\LogConf]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD\0000\Control]
"ActiveService"="AFD"


-= EOF =-

#7 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 13 January 2012 - 04:25 PM

Please download tdsskiller.exe and save it to your Desktop on the affected PC. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#8 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 13 January 2012 - 04:38 PM

15:37:15.0203 3320 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
15:37:15.0218 3320 ============================================================
15:37:15.0218 3320 Current date / time: 2012/01/13 15:37:15.0218
15:37:15.0218 3320 SystemInfo:
15:37:15.0218 3320
15:37:15.0218 3320 OS Version: 5.1.2600 ServicePack: 3.0
15:37:15.0218 3320 Product type: Workstation
15:37:15.0218 3320 ComputerName: COMPANY-875B908
15:37:15.0218 3320 UserName: user
15:37:15.0218 3320 Windows directory: C:\WINDOWS
15:37:15.0218 3320 System windows directory: C:\WINDOWS
15:37:15.0218 3320 Processor architecture: Intel x86
15:37:15.0218 3320 Number of processors: 2
15:37:15.0218 3320 Page size: 0x1000
15:37:15.0218 3320 Boot type: Normal boot
15:37:15.0218 3320 ============================================================
15:37:15.0750 3320 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000, SectorSize: 0x200, Cylinders: 0x1E49, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K', Flags 0x00000050
15:37:15.0781 3320 Drive \Device\Harddisk1\DR7 - Size: 0xEC600000, SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:37:15.0906 3320 Initialize success
15:37:20.0859 1024 ============================================================
15:37:20.0859 1024 Scan started
15:37:20.0859 1024 Mode: Manual;
15:37:20.0859 1024 ============================================================
15:37:21.0000 1024 Abiosdsk - ok
15:37:21.0015 1024 abp480n5 - ok
15:37:21.0343 1024 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:37:21.0343 1024 ACPI - ok
15:37:21.0375 1024 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:37:21.0375 1024 ACPIEC - ok
15:37:21.0421 1024 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:37:21.0421 1024 ADIHdAudAddService - ok
15:37:21.0453 1024 adpu160m - ok
15:37:21.0453 1024 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
15:37:21.0468 1024 AEAudio - ok
15:37:21.0500 1024 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:37:21.0500 1024 aec - ok
15:37:21.0562 1024 AFD (18e83c3ffecdeeda041d1f4e96072ac9) C:\WINDOWS\System32\drivers\afd.sys
15:37:23.0109 1024 AFD - ok
15:37:23.0109 1024 Aha154x - ok
15:37:23.0125 1024 aic78u2 - ok
15:37:23.0140 1024 aic78xx - ok
15:37:23.0140 1024 AliIde - ok
15:37:23.0156 1024 amsint - ok
15:37:23.0203 1024 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:37:23.0203 1024 Arp1394 - ok
15:37:23.0203 1024 asc - ok
15:37:23.0218 1024 asc3350p - ok
15:37:23.0234 1024 asc3550 - ok
15:37:23.0250 1024 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:37:23.0250 1024 AsyncMac - ok
15:37:23.0296 1024 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:37:23.0296 1024 atapi - ok
15:37:23.0312 1024 Atdisk - ok
15:37:23.0328 1024 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:37:23.0328 1024 Atmarpc - ok
15:37:23.0375 1024 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:37:23.0375 1024 audstub - ok
15:37:23.0437 1024 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:37:23.0437 1024 b57w2k - ok
15:37:23.0484 1024 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:37:23.0484 1024 Beep - ok
15:37:23.0640 1024 catchme - ok
15:37:23.0703 1024 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:37:23.0703 1024 cbidf2k - ok
15:37:23.0734 1024 cd20xrnt - ok
15:37:23.0750 1024 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:37:23.0750 1024 Cdaudio - ok
15:37:23.0812 1024 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:37:23.0812 1024 Cdfs - ok
15:37:23.0859 1024 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:37:23.0906 1024 Cdrom - ok
15:37:23.0921 1024 Changer - ok
15:37:23.0968 1024 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:37:23.0968 1024 CmBatt - ok
15:37:23.0984 1024 CmdIde - ok
15:37:23.0984 1024 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:37:23.0984 1024 Compbatt - ok
15:37:24.0015 1024 Cpqarray - ok
15:37:24.0015 1024 dac2w2k - ok
15:37:24.0031 1024 dac960nt - ok
15:37:24.0062 1024 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:37:24.0062 1024 Disk - ok
15:37:24.0125 1024 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:37:24.0125 1024 dmboot - ok
15:37:24.0140 1024 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:37:24.0140 1024 dmio - ok
15:37:24.0171 1024 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:37:24.0171 1024 dmload - ok
15:37:24.0218 1024 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:37:24.0218 1024 DMusic - ok
15:37:24.0234 1024 dpti2o - ok
15:37:24.0250 1024 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:37:24.0250 1024 drmkaud - ok
15:37:24.0312 1024 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:37:24.0328 1024 Fastfat - ok
15:37:24.0375 1024 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:37:24.0375 1024 Fdc - ok
15:37:24.0421 1024 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:37:24.0421 1024 Fips - ok
15:37:24.0437 1024 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:37:24.0437 1024 Flpydisk - ok
15:37:24.0484 1024 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:37:24.0484 1024 FltMgr - ok
15:37:24.0546 1024 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
15:37:24.0593 1024 FlyUsb - ok
15:37:24.0609 1024 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:37:24.0609 1024 Fs_Rec - ok
15:37:24.0640 1024 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:37:24.0640 1024 Ftdisk - ok
15:37:24.0687 1024 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:37:24.0687 1024 GEARAspiWDM - ok
15:37:24.0750 1024 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:37:24.0750 1024 Gpc - ok
15:37:24.0796 1024 GTIPCI21 (f3c9f09aa3eda29a1c841877e7e39158) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
15:37:24.0796 1024 GTIPCI21 - ok
15:37:24.0843 1024 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:37:24.0843 1024 HDAudBus - ok
15:37:24.0859 1024 hpn - ok
15:37:24.0906 1024 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:37:24.0906 1024 HTTP - ok
15:37:24.0921 1024 i2omgmt - ok
15:37:24.0921 1024 i2omp - ok
15:37:24.0968 1024 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:37:25.0015 1024 i8042prt - ok
15:37:25.0296 1024 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:37:25.0359 1024 ialm - ok
15:37:25.0421 1024 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:37:25.0421 1024 iaStor - ok
15:37:25.0484 1024 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:37:25.0484 1024 Imapi - ok
15:37:25.0484 1024 ini910u - ok
15:37:25.0546 1024 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:37:25.0546 1024 IntelIde - ok
15:37:25.0578 1024 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:37:25.0578 1024 intelppm - ok
15:37:25.0593 1024 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:37:25.0593 1024 Ip6Fw - ok
15:37:25.0609 1024 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:37:25.0625 1024 IpFilterDriver - ok
15:37:25.0625 1024 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:37:25.0625 1024 IpInIp - ok
15:37:25.0671 1024 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:37:25.0671 1024 IpNat - ok
15:37:25.0718 1024 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:37:25.0781 1024 IPSec - ok
15:37:25.0828 1024 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:37:25.0828 1024 IRENUM - ok
15:37:25.0859 1024 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:37:25.0875 1024 isapnp - ok
15:37:25.0890 1024 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:37:25.0890 1024 Kbdclass - ok
15:37:25.0937 1024 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:37:25.0937 1024 kmixer - ok
15:37:25.0984 1024 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:37:26.0000 1024 KSecDD - ok
15:37:26.0015 1024 lbrtfdc - ok
15:37:26.0078 1024 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:37:26.0078 1024 mnmdd - ok
15:37:26.0125 1024 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:37:26.0125 1024 Modem - ok
15:37:26.0156 1024 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:37:26.0156 1024 Mouclass - ok
15:37:26.0187 1024 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:37:26.0187 1024 MountMgr - ok
15:37:26.0218 1024 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:37:26.0281 1024 MpFilter - ok
15:37:26.0390 1024 MpKsl9bb61155 - ok
15:37:26.0437 1024 MpKsld3a8ca00 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{940D7537-EDFD-457F-A95E-E746DF381AFC}\MpKsld3a8ca00.sys
15:37:26.0437 1024 MpKsld3a8ca00 - ok
15:37:26.0515 1024 mraid35x - ok
15:37:26.0687 1024 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:37:26.0687 1024 MRxDAV - ok
15:37:26.0750 1024 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:37:26.0781 1024 MRxSmb - ok
15:37:26.0796 1024 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:37:26.0796 1024 Msfs - ok
15:37:26.0843 1024 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:37:26.0843 1024 MSKSSRV - ok
15:37:26.0875 1024 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:37:26.0875 1024 MSPCLOCK - ok
15:37:26.0875 1024 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:37:26.0875 1024 MSPQM - ok
15:37:26.0937 1024 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:37:26.0937 1024 mssmbios - ok
15:37:27.0000 1024 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:37:27.0015 1024 Mup - ok
15:37:27.0062 1024 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:37:27.0062 1024 NDIS - ok
15:37:27.0125 1024 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:37:27.0140 1024 NdisTapi - ok
15:37:27.0203 1024 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:37:27.0203 1024 Ndisuio - ok
15:37:27.0234 1024 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:37:27.0234 1024 NdisWan - ok
15:37:27.0250 1024 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:37:27.0250 1024 NDProxy - ok
15:37:27.0281 1024 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:37:27.0281 1024 NetBIOS - ok
15:37:27.0312 1024 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:37:27.0359 1024 NetBT - ok
15:37:27.0500 1024 NETw4x32 (9eb7001200bc53dad5bc531f0e58970e) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
15:37:27.0531 1024 NETw4x32 - ok
15:37:27.0843 1024 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
15:37:27.0921 1024 NETwLx32 - ok
15:37:27.0968 1024 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:37:27.0968 1024 NIC1394 - ok
15:37:28.0031 1024 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:37:28.0031 1024 Npfs - ok
15:37:28.0046 1024 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:37:28.0062 1024 Ntfs - ok
15:37:28.0109 1024 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:37:28.0109 1024 Null - ok
15:37:28.0156 1024 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:37:28.0156 1024 NwlnkFlt - ok
15:37:28.0171 1024 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:37:28.0171 1024 NwlnkFwd - ok
15:37:28.0218 1024 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:37:28.0218 1024 ohci1394 - ok
15:37:28.0265 1024 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:37:28.0265 1024 Parport - ok
15:37:28.0281 1024 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:37:28.0281 1024 PartMgr - ok
15:37:28.0296 1024 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:37:28.0312 1024 ParVdm - ok
15:37:28.0328 1024 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:37:28.0328 1024 PCI - ok
15:37:28.0343 1024 PCIDump - ok
15:37:28.0359 1024 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:37:28.0359 1024 PCIIde - ok
15:37:28.0390 1024 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:37:28.0390 1024 Pcmcia - ok
15:37:28.0390 1024 PDCOMP - ok
15:37:28.0406 1024 PDFRAME - ok
15:37:28.0421 1024 PDRELI - ok
15:37:28.0437 1024 PDRFRAME - ok
15:37:28.0437 1024 perc2 - ok
15:37:28.0453 1024 perc2hib - ok
15:37:28.0500 1024 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:37:28.0500 1024 PptpMiniport - ok
15:37:28.0515 1024 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:37:28.0515 1024 PSched - ok
15:37:28.0531 1024 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:37:28.0531 1024 Ptilink - ok
15:37:28.0546 1024 ql1080 - ok
15:37:28.0562 1024 Ql10wnt - ok
15:37:28.0562 1024 ql12160 - ok
15:37:28.0578 1024 ql1240 - ok
15:37:28.0593 1024 ql1280 - ok
15:37:28.0625 1024 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:37:28.0625 1024 RasAcd - ok
15:37:28.0640 1024 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:37:28.0640 1024 Rasl2tp - ok
15:37:28.0656 1024 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:37:28.0656 1024 RasPppoe - ok
15:37:28.0671 1024 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:37:28.0671 1024 Raspti - ok
15:37:28.0703 1024 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:37:28.0750 1024 Rdbss - ok
15:37:28.0781 1024 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:37:28.0781 1024 RDPCDD - ok
15:37:28.0843 1024 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:37:28.0843 1024 rdpdr - ok
15:37:28.0890 1024 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:37:28.0890 1024 RDPWD - ok
15:37:28.0921 1024 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:37:28.0984 1024 redbook - ok
15:37:29.0046 1024 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:37:29.0046 1024 sdbus - ok
15:37:29.0093 1024 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:37:29.0093 1024 Secdrv - ok
15:37:29.0125 1024 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:37:29.0125 1024 serenum - ok
15:37:29.0140 1024 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:37:29.0218 1024 Serial - ok
15:37:29.0250 1024 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:37:29.0250 1024 Sfloppy - ok
15:37:29.0265 1024 Simbad - ok
15:37:29.0265 1024 Sparrow - ok
15:37:29.0328 1024 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:37:29.0328 1024 splitter - ok
15:37:29.0390 1024 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:37:29.0390 1024 sr - ok
15:37:29.0437 1024 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:37:29.0437 1024 Srv - ok
15:37:29.0484 1024 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:37:29.0484 1024 swenum - ok
15:37:29.0546 1024 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:37:29.0546 1024 swmidi - ok
15:37:29.0546 1024 symc810 - ok
15:37:29.0562 1024 symc8xx - ok
15:37:29.0578 1024 sym_hi - ok
15:37:29.0593 1024 sym_u3 - ok
15:37:29.0609 1024 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:37:29.0609 1024 sysaudio - ok
15:37:29.0687 1024 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:37:29.0718 1024 Tcpip - ok
15:37:29.0781 1024 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:37:29.0781 1024 TDPIPE - ok
15:37:29.0796 1024 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:37:29.0796 1024 TDTCP - ok
15:37:29.0828 1024 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:37:29.0843 1024 TermDD - ok
15:37:29.0921 1024 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\WINDOWS\system32\drivers\tifm21.sys
15:37:29.0921 1024 tifm21 - ok
15:37:29.0937 1024 TosIde - ok
15:37:30.0000 1024 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:37:30.0000 1024 Udfs - ok
15:37:30.0015 1024 ultra - ok
15:37:30.0078 1024 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:37:30.0093 1024 Update - ok
15:37:30.0140 1024 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:37:30.0156 1024 USBAAPL - ok
15:37:30.0187 1024 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:37:30.0187 1024 usbccgp - ok
15:37:30.0218 1024 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:37:30.0234 1024 usbehci - ok
15:37:30.0234 1024 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:37:30.0234 1024 usbhub - ok
15:37:30.0281 1024 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:37:30.0281 1024 usbscan - ok
15:37:30.0328 1024 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:37:30.0328 1024 USBSTOR - ok
15:37:30.0359 1024 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:37:30.0359 1024 usbuhci - ok
15:37:30.0406 1024 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:37:30.0406 1024 VgaSave - ok
15:37:30.0437 1024 ViaIde - ok
15:37:30.0468 1024 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:37:30.0468 1024 VolSnap - ok
15:37:30.0500 1024 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:37:30.0500 1024 Wanarp - ok
15:37:30.0500 1024 WDICA - ok
15:37:30.0562 1024 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:37:30.0562 1024 wdmaud - ok
15:37:30.0609 1024 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:37:30.0609 1024 WmiAcpi - ok
15:37:30.0656 1024 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:37:30.0656 1024 WS2IFSL - ok
15:37:30.0687 1024 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:37:30.0890 1024 \Device\Harddisk0\DR0 - ok
15:37:30.0906 1024 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR7
15:37:30.0921 1024 \Device\Harddisk1\DR7 - ok
15:37:30.0953 1024 Boot (0x1200) (65c6455cfc6f1076230bd3199d32583c) \Device\Harddisk0\DR0\Partition0
15:37:30.0953 1024 \Device\Harddisk0\DR0\Partition0 - ok
15:37:30.0953 1024 Boot (0x1200) (6ca37161812a2a505a093f9c48ce779f) \Device\Harddisk0\DR0\Partition1
15:37:30.0953 1024 \Device\Harddisk0\DR0\Partition1 - ok
15:37:30.0968 1024 Boot (0x1200) (ac44d32eea5f1a621d913824bd095320) \Device\Harddisk1\DR7\Partition0
15:37:30.0968 1024 \Device\Harddisk1\DR7\Partition0 - ok
15:37:30.0968 1024 ============================================================
15:37:30.0968 1024 Scan finished
15:37:30.0968 1024 ============================================================
15:37:30.0984 3552 Detected object count: 0
15:37:30.0984 3552 Actual detected object count: 0

#9 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 13 January 2012 - 04:53 PM

that one looks clean too!..WTH

#10 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 13 January 2012 - 05:15 PM

Yes. I'm sort of drawing a blank.

When you first ran ComboFix it would have created a Restore Point and also a registry backup.
Please take a look at your Restore Points and if you have one from before the trouble started, do the restore.

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. Select 'Restore my computer to an earlier time' and then click Next.

If there was no usable Restore Point:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#11 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 13 January 2012 - 05:45 PM

MiniToolBox by Farbar
Ran by user (administrator) on 13-01-2012 at 16:43:43
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : company-875b908

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet

Physical Address. . . . . . . . . : 00-17-08-38-50-B0



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-18-DE-1E-48-DB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.159.107

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 08 38 50 b0 ...... Broadcom NetLink ™ Gigabit Ethernet - Packet Scheduler Miniport
0x20003 ...00 18 de 1e 48 db ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.159.107 169.254.159.107 25
169.254.159.107 255.255.255.255 127.0.0.1 127.0.0.1 25
169.254.255.255 255.255.255.255 169.254.159.107 169.254.159.107 25
224.0.0.0 240.0.0.0 169.254.159.107 169.254.159.107 25
255.255.255.255 255.255.255.255 169.254.159.107 169.254.159.107 1
255.255.255.255 255.255.255.255 169.254.159.107 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/13/2012 08:32:09 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/12/2012 11:59:31 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (01/12/2012 11:39:22 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/12/2012 11:23:30 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/12/2012 11:12:02 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (01/12/2012 11:01:41 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (01/12/2012 10:51:08 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/12/2012 10:39:31 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (01/12/2012 10:32:59 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (01/12/2012 09:36:31 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL


System errors:
=============
Error: (01/13/2012 08:32:12 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.1307.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/13/2012 08:32:12 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.1307.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/13/2012 08:32:12 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.1307.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/13/2012 08:32:12 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.1307.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/13/2012 08:32:09 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.1307.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/13/2012 08:32:08 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (01/13/2012 08:31:39 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2147952450

Error: (01/13/2012 08:31:38 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (01/13/2012 08:31:09 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2147952450

Error: (01/13/2012 08:15:22 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================

**** End of log ****

#12 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 13 January 2012 - 05:50 PM

It connects to the wireless just fine, but won't get a correct ip address...I have set the ip and gateway manually and it connects just fine, but you can't get anywhere on the internet in IE or firefox.

#13 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 13 January 2012 - 05:51 PM

i can ping internal ip's when i set the ip manually, but no external addresses.

#14 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 13 January 2012 - 06:12 PM

So this is fixed?

wireless has limited or no connectivity


Enter this in your browser: http://74.125.224.82
Do you reach Google?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#15 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 13 January 2012 - 06:28 PM

So this is fixed?

wireless has limited or no connectivity


Enter this in your browser: http://74.125.224.82
Do you reach Google?



wireless has limited...is not fixed....just goes away when i do manual ip...

that ip didn't get me to google, but i can ping it..

#16 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 13 January 2012 - 06:47 PM

I think the problem is probably with your NIC (Network Interface Controller). Described here. Make sure it is firmly attached - remove and then reconnect. Consider replacing it.

On the off chance that it is software drivers please do this:

First back up your Registry. Run regedit.exe. With cursor at the top on 'Computer', right-click and select 'Export'. Save it to 'C:\noInternet.reg'.

Then download 'xp.zip' from here and transfer to sick PC. Open the zip file and do this for each of the included .reg files in turn:

Right click on the .reg file
Select 'Merge' and click Yes.


Then reboot.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#17 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 14 January 2012 - 06:13 PM

I think the problem is probably with your NIC (Network Interface Controller). Described here. Make sure it is firmly attached - remove and then reconnect. Consider replacing it.

On the off chance that it is software drivers please do this:

First back up your Registry. Run regedit.exe. With cursor at the top on 'Computer', right-click and select 'Export'. Save it to 'C:\noInternet.reg'.

Then download 'xp.zip' from here and transfer to sick PC. Open the zip file and do this for each of the included .reg files in turn:

Right click on the .reg file
Select 'Merge' and click Yes.


Then reboot.


This is a laptop...so no NIC that i can really mess with..

#18 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 14 January 2012 - 06:35 PM

Remove the battery. Open the case. Reseat the card and connectors.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#19 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 16 January 2012 - 11:26 AM

Remove the battery. Open the case. Reseat the card and connectors.


did the registry merge with the xp.zip but only a few files worked...all of the legacy ones wouldn't merge, neither would the netbt.


reseated the wireless card and connectors...it's working fine, connects fine, but can't get an ip from dhcp...same for the ethernet jack...

Posted Image

Posted Image

Edited by joelw23, 16 January 2012 - 11:27 AM.


#20 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 16 January 2012 - 12:07 PM

Let's have another look at the internet services and files.
Connect the ethernet and disconnect the WiFi connections.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Also - for future reference - see How to attach a screen shot.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#21 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 16 January 2012 - 07:57 PM

Farbar Service Scanner
Ran by user (administrator) on 16-01-2012 at 18:56:01
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2008-04-14 11:00] - [2011-08-17 07:49] - 0138496 ____A () 18E83C3FFECDEEDA041D1F4E96072AC9

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#22 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 16 January 2012 - 09:30 PM

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
FCopy::
C:\WINDOWS\system32\dllcache\afd.sys | C:\WINDOWS\system32\drivers\afd.sys


Save this as CFScript.txt, in the same location as ComboFix.exe
In your case this is f:\virus software\
I hope this will work from that odd location.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Reboot.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#23 joelw23

joelw23

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 17 January 2012 - 07:42 AM

That did it!!! I'm working fine now!!

Thank you for the help!




ComboFix 12-01-12.02 - user 01/16/2012 20:41:20.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.499 [GMT -6:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\afd.sys --> c:\windows\system32\drivers\afd.sys
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 02:49 . 2012-01-17 02:49 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{940D7537-EDFD-457F-A95E-E746DF381AFC}\offreg.dll
2012-01-16 16:15 . 2012-01-16 16:15 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{940D7537-EDFD-457F-A95E-E746DF381AFC}\MpKslf127a14b.sys
2012-01-13 22:48 . 2012-01-13 22:48 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2012-01-13 20:55 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{940D7537-EDFD-457F-A95E-E746DF381AFC}\mpengine.dll
2012-01-12 17:34 . 2012-01-12 17:34 -------- d-----w- c:\documents and settings\Administrator.COMPANY-875B908\DoctorWeb
2012-01-12 17:18 . 2010-10-07 12:11 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2012-01-12 17:18 . 2010-02-25 00:39 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2012-01-12 17:18 . 2010-02-25 00:37 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2011-12-19 00:06 . 2011-12-19 00:06 -------- d-----w- c:\windows\system32\LogFiles
2011-12-18 23:22 . 2011-12-18 23:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2011-06-26 23:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2008-04-14 17:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2010-05-21 22:52 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 19:20 . 2008-04-14 17:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 17:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-14 17:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-14 17:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 17:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 17:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 17:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-21 07:24 . 2012-01-13 22:48 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-12_14.49.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-17 02:48 . 2012-01-17 02:48 16384 c:\windows\temp\Perflib_Perfdata_27c.dat
+ 2008-04-14 17:00 . 2012-01-17 02:51 41238 c:\windows\system32\perfc009.dat
- 2008-04-14 17:00 . 2012-01-12 14:41 41238 c:\windows\system32\perfc009.dat
+ 2012-01-12 17:19 . 2007-08-27 17:12 745472 c:\windows\system32\ReinstallBackups\0011\DriverFiles\NETw4c32.dll
+ 2008-04-14 17:00 . 2012-01-17 02:51 315076 c:\windows\system32\perfh009.dat
- 2008-04-14 17:00 . 2012-01-12 14:41 315076 c:\windows\system32\perfh009.dat
+ 2012-01-12 17:19 . 2010-05-19 05:29 684032 c:\windows\system32\DRVSTORE\netwnx32_5FF92BC28A46A6879973B2E4D95DED1E9DEC95BE\NETwNc32.dll
+ 2012-01-12 17:18 . 2010-02-25 00:39 675840 c:\windows\system32\DRVSTORE\netwlx32_2BE482C52CE0CF8A56BFD3ACF4CED8D99910A62A\NETwLc32.dll
+ 2012-01-12 17:19 . 2007-10-31 17:23 2236544 c:\windows\system32\ReinstallBackups\0011\DriverFiles\NETw4x32.sys
+ 2012-01-12 17:19 . 2007-08-27 17:12 2777088 c:\windows\system32\ReinstallBackups\0011\DriverFiles\NETw4r32.dll
+ 2012-01-12 17:19 . 2011-08-04 00:15 7473152 c:\windows\system32\DRVSTORE\netwnx32_5FF92BC28A46A6879973B2E4D95DED1E9DEC95BE\NETwNx32.sys
+ 2012-01-12 17:19 . 2010-05-19 05:31 2760704 c:\windows\system32\DRVSTORE\netwnx32_5FF92BC28A46A6879973B2E4D95DED1E9DEC95BE\NETwNr32.dll
+ 2012-01-12 17:18 . 2010-10-07 12:11 6609920 c:\windows\system32\DRVSTORE\netwlx32_2BE482C52CE0CF8A56BFD3ACF4CED8D99910A62A\NETwLx32.sys
+ 2012-01-12 17:18 . 2010-02-25 00:37 2756608 c:\windows\system32\DRVSTORE\netwlx32_2BE482C52CE0CF8A56BFD3ACF4CED8D99910A62A\NETwLr32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-08-05 211296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 MpKslf127a14b;MpKslf127a14b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{940D7537-EDFD-457F-A95E-E746DF381AFC}\MpKslf127a14b.sys [1/16/2012 10:15 AM 29904]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/14/2010 3:02 PM 88192]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [1/12/2012 11:18 AM 6609920]
S1 MpKsl9bb61155;MpKsl9bb61155;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B910663-E638-4DEE-83C2-21E4BACC1A31}\MpKsl9bb61155.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B910663-E638-4DEE-83C2-21E4BACC1A31}\MpKsl9bb61155.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 3:32 PM 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [8/13/2011 8:00 AM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 3:32 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 21:32]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\x4nghpej.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-16 20:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2080)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Google\Update\Install\{02D3B3A6-CFE4-4F2E-8DC9-362C5D76B8E0}\GoogleToolbarInstaller_updater_signed.exe
.
**************************************************************************
.
Completion time: 2012-01-16 20:54:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 02:53
ComboFix2.txt 2012-01-13 14:26
.
Pre-Run: 43,239,510,016 bytes free
Post-Run: 43,314,745,344 bytes free
.
- - End Of File - - 82DE10DF3E7E218147EA9D596ED93152

#24 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 17 January 2012 - 12:27 PM

Great.

You don't appear to have a firewall. Please install one: Free version of Commodo is a good one.
Another good free one is Online Armor.

Please do this cleanup now.

Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

Delete the DDS files, TDSSKilller, SystemLook, MiniToolBox, xp.zip, Farbar Service Scanner, and Security Check folder from your Desktop.


Advice for malware prevention:

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Chrome is another good option.
If you are interested, Firefox may be downloaded from here
Chrome is available here: http://www.google.co...e/features.html

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#25 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 25 January 2012 - 06:58 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button