Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

RootKit Activity and Network Adapter unplugged etc.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

RootKit Activity and Network Adapter unplugged etc.

Unread postby vexed » June 16th, 2011, 11:36 am

Good Morning,

I have a windows xp computer that is running Malwarebytes that has detected rootkit activity.
Malwarebytes isnt able to remove the problem although it says it does, as soon as I reboot
its back to reporting rootkit activity. The network adapter keeps popping up unplugged and
then plugged in, then it goes to limited connectivity then it will asign the ip 167.* (dont
remember the full ip but I know its private and not used.) Also I was going throug the eventlogs
and noticed "Beep" in the kernel has malfunctioned.
I had a friend come over and take a look. It seems like he just ran combofix and left. Heck I could
have done that myself, but I know that isnt the answer to the problem. Everything was working fine about 2
days ago. Not sure how this happend. :?:

-----------------------
DDS LOGS
-----------------------
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Tina at 9:49:32 on 2011-06-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1469 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\mssql7\binn\sqlmangr.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
Trusted Zone: gmail.com\www
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tina\application data\mozilla\firefox\profiles\luvn5dgl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_resu ... &keywords=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 seckeys;seckeys;c:\windows\system32\drivers\SECKEYS.sys [2011-4-7 3136]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-7-14 14976]
S1 MpKsl0e0bcbbf;MpKsl0e0bcbbf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2048e5dc-21fc-4168-bb04-53decf758842}\mpksl0e0bcbbf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2048e5dc-21fc-4168-bb04-53decf758842}\MpKsl0e0bcbbf.sys [?]
S1 MpKsl3e779fac;MpKsl3e779fac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{147f6b6e-ad60-4337-ba31-78581c7e0ab8}\mpksl3e779fac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{147f6b6e-ad60-4337-ba31-78581c7e0ab8}\MpKsl3e779fac.sys [?]
S1 MpKsl45aceefe;MpKsl45aceefe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{147f6b6e-ad60-4337-ba31-78581c7e0ab8}\mpksl45aceefe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{147f6b6e-ad60-4337-ba31-78581c7e0ab8}\MpKsl45aceefe.sys [?]
S1 MpKsl58e28975;MpKsl58e28975;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2048e5dc-21fc-4168-bb04-53decf758842}\MpKsl58e28975.sys [2011-6-15 28752]
S1 MpKsl64fa1fae;MpKsl64fa1fae;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b72068a5-70ec-4c04-9cbb-c666ea3112ed}\mpksl64fa1fae.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b72068a5-70ec-4c04-9cbb-c666ea3112ed}\MpKsl64fa1fae.sys [?]
S1 MpKsl7cd7b7ad;MpKsl7cd7b7ad;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9da719e8-1316-47d8-936c-69250ef7465d}\mpksl7cd7b7ad.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9da719e8-1316-47d8-936c-69250ef7465d}\MpKsl7cd7b7ad.sys [?]
S2 DnscacheWSearch;DNS Client DnscacheWSearch;c:\windows\system32\adsldpq.exe srv --> c:\windows\system32\adsldpq.exe srv [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-3-17 34760]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-3-17 24416]
.
=============== Created Last 30 ================
.
2011-06-16 14:03:35 208896 ----a-w- c:\windows\MBR.exe
2011-06-16 14:03:34 98816 ----a-w- c:\windows\sed.exe
2011-06-16 14:03:34 518144 ----a-w- c:\windows\SWREG.exe
2011-06-16 14:03:34 256512 ----a-w- c:\windows\PEV.exe
2011-06-16 13:08:34 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-06-16 13:08:34 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-06-16 13:08:24 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-06-16 13:08:24 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-06-15 21:28:19 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2048e5dc-21fc-4168-bb04-53decf758842}\MpKslfe285719.sys
2011-06-15 21:00:47 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2048e5dc-21fc-4168-bb04-53decf758842}\MpKsl58e28975.sys
2011-06-15 20:22:41 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2048e5dc-21fc-4168-bb04-53decf758842}\MpKsle2cafdc9.sys
2011-06-15 19:56:27 -------- d-----w- c:\windows\Recent
2011-06-02 13:13:05 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-06-02 13:12:29 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2048e5dc-21fc-4168-bb04-53decf758842}\mpengine.dll
2011-05-26 13:42:42 -------- d-----w- c:\program files\msn gaming zone
2011-05-25 21:50:26 54016 ----a-w- c:\windows\system32\drivers\tewca.sys
2011-05-25 20:20:47 73216 ----a-w- c:\windows\system32\avwav.dll
2011-05-25 20:20:47 44544 ----a-w- c:\windows\system32\hticons.dll
2011-05-25 20:20:47 28160 ----a-w- c:\program files\windows nt\hypertrm.exe
2011-05-25 20:20:47 227840 ----a-w- c:\windows\system32\avtapi.dll
2011-05-25 20:20:47 16384 ----a-w- c:\windows\system32\avmeter.dll
2011-05-25 20:20:47 138752 ----a-w- c:\windows\system32\sndvol32.exe
2011-05-25 20:20:47 13312 ----a-w- c:\program files\windows nt\htrn_jis.dll
2011-05-25 20:20:46 56832 ----a-w- c:\windows\system32\sol.exe
2011-05-25 20:20:46 35328 ----a-w- c:\windows\system32\winchat.exe
2011-05-25 20:20:45 55296 ----a-w- c:\windows\system32\freecell.exe
2011-05-25 20:20:45 126976 ----a-w- c:\windows\system32\mshearts.exe
2011-05-25 20:20:45 119808 ----a-w- c:\windows\system32\winmine.exe
2011-05-25 18:07:27 -------- d-----w- C:\3e535aa8bfc63c9fe56ca0f94e7a6e
2011-05-25 16:26:52 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2011-05-25 16:26:15 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-05-25 16:26:15 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2011-05-25 16:26:15 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-05-25 16:26:15 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-05-25 16:26:15 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2011-05-25 16:26:15 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2011-05-25 16:26:15 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-05-25 16:26:15 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-05-25 16:26:15 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-05-25 16:26:15 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-05-25 16:23:53 82501 -c--a-w- c:\windows\system32\dllcache\bckg.dll
2011-05-25 14:17:56 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-23 21:30:13 -------- d-----w- C:\Windows XP Recovery
2011-05-23 21:03:50 4224 ----a-w- c:\windows\system32\beep.sys
2011-05-18 14:48:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-18 13:20:26 -------- d-----w- c:\program files\Microsoft Security Client
.
==================== Find3M ====================
.
2011-05-26 18:03:21 0 ----a-w- c:\windows\Inahijukijad.bin
2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-11 14:29:51 198878 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800BB-75FRA0 rev.77.07W77 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A85E6F0]<<
c:\docume~1\tina\locals~1\temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a864a10]; MOV EAX, [0x8a864a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A90EAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A8C8830]
\Driver\atapi[0x8A90B030] -> IRP_MJ_CREATE -> 0x8A85E6F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A85E53B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 9:50:31.17 ===============

ATTACH

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/18/2004 6:50:05 PM
System Uptime: 6/16/2011 9:08:56 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 54.114 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 699 GiB total, 244.29 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: USB camera
Device ID: USB\VID_0C45&PID_608F&MI_00\6&D853152&0&0000
Manufacturer:
Name: USB camera
PNP Device ID: USB\VID_0C45&PID_608F&MI_00\6&D853152&0&0000
Service:
.
Class GUID:
Description: WD SES Device USB Device
Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1008\575835314137304530373339&1
Manufacturer:
Name: WD SES Device USB Device
PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1008\575835314137304530373339&1
Service:
.
==== System Restore Points ===================
.
RP1: 5/24/2011 10:49:07 AM - System Checkpoint
RP2: 5/24/2011 3:47:36 PM - none
RP3: 5/25/2011 11:30:19 AM - Current Restore Point
RP4: 5/25/2011 11:55:07 AM - Removed XP Repair Pro 2006
RP5: 5/25/2011 1:10:23 PM - Installed Windows Internet Explorer 8.
RP6: 6/1/2011 9:32:18 AM - System Checkpoint
RP7: 6/2/2011 9:46:10 AM - System Checkpoint
RP8: 1/21/2004 4:50:45 PM - System Checkpoint
RP9: 6/15/2011 10:48:32 AM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Apple Software Update
Audacity 1.2.6
Brother HL-5240
CAB Scoring Program
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Conexant SmartHSFi V.9x 56K DF PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
DeskTopBinder - SmartDeviceMonitor for Client
GearDrvs
Helper 7.6.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IBM ViaVoice Personal 8.0 - US English
IClient
IClient_II
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 14
K-Lite Mega Codec Pack 7.0.0
LAME v3.98.2 for Audacity
LAN-Fax Utilities
Malwarebytes' Anti-Malware
MHS Clarke Sex History Questionnarie - Revised
MHS Professional Tool Suite
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting 2007
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Office XP Standard for Students and Teachers
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Journal Viewer
Microsoft Windows Script Host
Mozilla Firefox 4.0.1 (x86 en-US)
MSDE
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero - Burning Rom
OGA Notifier 2.0.0048.0
Olympus DSS Player Pro
Photo Pos Pro
PowerDVD
PowerQuest Drive Image 2002
Quicken 2002 Basic
Report Writer for the WJ III
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
WJ III Compuscore and Profiles Program 2.0
WJ III Normative Update Compuscore and Profiles Program
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
6/16/2011 9:41:14 AM, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.
6/16/2011 9:11:33 AM, error: Service Control Manager [7022] - The IPv6 Helper Service service hung on starting.
6/15/2011 4:27:58 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
6/15/2011 3:48:50 PM, error: PSched [14103] - QoS [Adapter {97E4D3F8-D21C-4375-B960-2E864F0C378D}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
6/15/2011 3:32:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep Fips intelppm MpFilter OMCI seckeys
6/15/2011 3:32:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/15/2011 3:31:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/15/2011 3:04:28 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/15/2011 1:30:19 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1097.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
6/15/2011 1:30:19 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1097.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
6/15/2011 1:30:19 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1097.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
6/15/2011 1:30:19 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1097.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
6/15/2011 1:30:06 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1097.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
6/15/2011 1:28:14 PM, error: Service Control Manager [7034] - The DM1Service service terminated unexpectedly. It has done this 1 time(s).
6/15/2011 1:25:18 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/15/2011 1:20:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
.
==== End Of File ===========================
vexed
Active Member
 
Posts: 1
Joined: June 16th, 2011, 10:17 am
Advertisement
Register to Remove

Re: RootKit Activity and Network Adapter unplugged etc.

Unread postby Gary R » June 18th, 2011, 10:49 am

From the entries in your logs, I see you are posting for help for a "Business" computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The sections ....
.... explain why we do not offer help for such computers.

This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware