hammondjd2
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by hammondjd2
-
-
I said I had a rootkit because that is what some of the programs that I mentioned reported to find. You should be able to see this in the logs I posted. Particularly if you look at the first scans. But as I mentioned if you look at the repeated scans of MBAR and MBAM one scan will find the Malware, the next will not, but then later it's back again. Sorry, if this is just a result of my ignorance, but I want to be sure the machine is clean. Even if clean it is still demonstrating many problems and generally not running well. So either the hacker or my attempts to get rid have resulted in damage. I'm hoping there is a way to fix that or restore it back to it's previous condition. In particular, I really need my Outlook corporate email to function properly and I want to make sure I'm not going to spread any infections to someone else.
-
Sorry, I am following your instruction, the other thing I just noticed in between while waiting for your reply.
Yes, as I mentioned in my intial post I already ran several programs to try to get rid of it before I read the instructions on the forum. They all seemed to find the malware and offer to quarantine, clean or delete but as I mentioned it's very persistent and seemd to come right back. And then of course I ran a bunch of things a year ago, when it was infected before, but that was too long ago to remember exactly. I think I ended up having to run ComboFix to get rid of it then and afterwords I started running Trend Micro RUBotted, but it didnt seem to help in avoiding this.
This is a company machine and it has Symantec Anti-Virus Protection on it as the resident AV of their choosing. It runs regular periodic scans and I update the virus definitions fairly regularly. I personally always start with MalwareBytes because I've had good success with that historically. To the best of my recollection, after that I tried some of the other TrendMicro products: RKill, rootkit buster and HiJackThis. I can't seem to find any logs for those.
Then I went the Kapersky route and tried TDSSKiller but it didn't find much. Then after reading through the forum I learned about MBAR and tried that. That seemed to work great, but as I said, it seems to keep coming back. Oh and I also ran AdwCleaner. I then ran a FRST scan in anticipation that would be required for assistance on the forum, but then when I went to post I saw the instruction for DDS logs instead. Since then you had me run RogueKiller and then TDSSKiller (again). Which leads us to the here & now. The logs I could find are attached.
-
I found it again. It was called Documentum>Checkout, Export, Logs, Temp, UCF and Viewed. It also contains the files documentum.ini and documentum.lck.
All of it was created April 26, 2013 @ 4:43:48 PM. The folders all appear to be empty though, except for the UCF folder which contains two xml files:
ucf.installs.config.xml and ucf.launcher.config.xml and the Logs folder which has 2 ucf trace logs. The UCF folder also has a sub-folder with my user name and within it a Shared folder which contains among many things a Jacob.jar and a jacob.dll and other .jar and .dll files.
All this is related to the hack, right? Should I delete or do we need this in order to know what and how to fix?
-
FYI - I found a folder structure yesterday that I think was created by the hacker. I think the Main folder was called Documentum or something like that. But the sub-folders were basically a way to organize his hacking. Files of interest, Files to upload, etc. Anyway I was trying to find it again and couldn't find it. I tried to start a search and it caused my pc to crash with a blue screen.
-
Hi. I forgot to mention after running Rogue Killer it automatically quarantined an item: PhysicalDrive0_User.dat
I posted the report from the RK scan in my last post, but what should I do with this quarantined item.
Next I ran the Kapersky TDSSKiller scan. It found some suspicious items, but nothing it classified as malicious. I didn't see any option for Cure or anything like that. I haven't run anything else since we started this process, but why do you think it is that prior to this MalwareBytes and MalwareBytes Rootkit beta were still showing that a rootkit and other malicious items were found. Do you think these are false positives? And what accounts for them to appear to be cleared and then reappear again later?
Anyway, the report from the TDSSK scan was too long to post, so I attached it.
-
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : joel.hammond [Admin rights]
Mode : Scan -- Date : 05/02/2013 10:50:21
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x89D1B1A8)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (\SystemRoot\System32\Drivers\PROCHIDE.SYS @ 0xB85BE5B0)
_INLINE_ : NtCreateKey -> HOOKED (\SystemRoot\system32\DRIVERS\aksfridge.sys @ 0xAB926470)
_INLINE_ : NtOpenKey -> HOOKED (\SystemRoot\system32\DRIVERS\aksfridge.sys @ 0xAB9080B1)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9250410AS +++++
--- User ---
[MBR] 0886b748b28d3be7108d28b3cf388cc6
[bSP] b35b0ba5bca007cd692de31987f665a0 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 236386 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 484199100 | Size: 2047 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_05022013_02d1050.txt >>
RKreport[1]_S_05022013_02d1050.txt
-
Tried to clean with multpiple programs before reading the forum instructions not to do that, so hopefully I havent done even more damage. One issue that triggered my suspicion of malware was that MS Outlook crashed and now it will not load. It gives me an error everytime I try to open it. Anyway MalwareBytes, which I used first, detected a rootkit along with 39 instances of malware, such as Trojan Agent (including Backdoor). I've tried multiple times to delete the infections, but it keeps returning. If I run it in SafeMode and then run it again it seems to be ok, but if I run it from a normal boot it detects the infections again and then if I clean it and run the program again it detects the same infections again. The machine was infected by a Backdoor rootkit almost exactly 1 year ago and I thought I got rid of it, but either way it appears to be back now. I'm hoping not only to remove the infections, but also repair any damage that may have been done, if possible. Any assistance you can offer would be greatly appreciated.
I can backup and reimage if I have to, but I'd rather avoid it if I can.
Here are the DDS logs:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/3/2010 7:56:23 PM
System Uptime: 5/2/2013 4:33:01 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0N5KHN
Processor: Intel® Core i5 CPU M 540 @ 2.53GHz | CPU 1 | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 161.527 GiB free.
D: is FIXED (FAT32) - 2 GiB total, 1.901 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: EasyTether Network Adapter
Device ID: ROOT\*EASYTETHER\0000
Manufacturer: Mobile Stream
Name: EasyTether Network Adapter
PNP Device ID: ROOT\*EASYTETHER\0000
Service: easytether
.
==== System Restore Points ===================
.
RP168: 2/1/2013 2:41:41 AM - System Checkpoint
RP169: 2/2/2013 7:45:06 AM - System Checkpoint
RP170: 2/3/2013 11:57:41 AM - System Checkpoint
RP171: 2/4/2013 3:42:48 PM - System Checkpoint
RP172: 2/5/2013 5:27:54 PM - System Checkpoint
RP173: 2/6/2013 7:43:41 PM - System Checkpoint
RP174: 2/7/2013 2:40:33 PM - Installed Java 6 Update 39
RP175: 2/8/2013 6:12:37 PM - System Checkpoint
RP176: 2/9/2013 10:26:37 PM - System Checkpoint
RP177: 2/11/2013 3:07:40 AM - System Checkpoint
RP178: 2/12/2013 3:35:07 AM - System Checkpoint
RP179: 2/13/2013 3:48:11 AM - System Checkpoint
RP180: 2/14/2013 3:00:22 AM - Software Distribution Service 3.0
RP181: 2/16/2013 7:33:24 PM - System Checkpoint
RP182: 2/17/2013 10:35:21 PM - System Checkpoint
RP183: 2/19/2013 7:30:49 AM - System Checkpoint
RP184: 2/20/2013 7:48:06 AM - System Checkpoint
RP185: 2/21/2013 11:09:17 PM - System Checkpoint
RP186: 2/24/2013 5:08:40 PM - System Checkpoint
RP187: 2/25/2013 7:06:33 PM - System Checkpoint
RP188: 2/26/2013 7:37:29 PM - System Checkpoint
RP189: 2/27/2013 12:28:00 AM - Removed LGUP.
RP190: 2/27/2013 12:28:11 AM - Installed LGUP.
RP191: 2/27/2013 12:29:06 AM - Installed LGUP_GKV_0140.
RP192: 2/27/2013 12:53:27 AM - Installed LG United Mobile Driver
RP193: 2/28/2013 1:02:22 AM - System Checkpoint
RP194: 3/1/2013 2:45:28 AM - System Checkpoint
RP195: 3/2/2013 5:46:59 AM - System Checkpoint
RP196: 3/3/2013 5:51:51 AM - System Checkpoint
RP197: 3/4/2013 8:56:37 AM - Removed Java 6 Update 33
RP198: 3/5/2013 9:31:07 AM - System Checkpoint
RP199: 3/6/2013 1:25:52 PM - System Checkpoint
RP200: 3/8/2013 4:17:46 AM - System Checkpoint
RP201: 3/10/2013 3:54:21 PM - System Checkpoint
RP202: 3/12/2013 12:09:34 AM - System Checkpoint
RP203: 3/13/2013 1:00:20 AM - Software Distribution Service 3.0
RP204: 3/14/2013 1:00:17 AM - Software Distribution Service 3.0
RP205: 3/18/2013 10:04:43 AM - System Checkpoint
RP206: 3/19/2013 1:33:40 PM - System Checkpoint
RP207: 3/20/2013 3:03:30 AM - Installed hp deskjet 3500
RP208: 3/21/2013 5:33:39 AM - System Checkpoint
RP209: 3/22/2013 9:33:39 AM - System Checkpoint
RP210: 3/23/2013 11:08:41 AM - System Checkpoint
RP211: 3/24/2013 11:10:06 AM - System Checkpoint
RP212: 3/25/2013 11:30:19 AM - System Checkpoint
RP213: 3/26/2013 3:30:19 PM - System Checkpoint
RP214: 3/27/2013 3:31:24 PM - System Checkpoint
RP215: 3/28/2013 7:30:19 PM - System Checkpoint
RP216: 3/29/2013 11:31:24 PM - System Checkpoint
RP217: 3/31/2013 3:30:18 AM - System Checkpoint
RP218: 4/1/2013 7:30:19 AM - System Checkpoint
RP219: 4/2/2013 3:30:49 PM - System Checkpoint
RP220: 4/4/2013 7:53:03 PM - System Checkpoint
RP221: 4/5/2013 10:15:54 AM - Installed LG United Mobile Driver
RP222: 4/8/2013 10:40:24 AM - System Checkpoint
RP223: 4/10/2013 3:57:37 PM - System Checkpoint
RP224: 4/11/2013 1:00:17 AM - Software Distribution Service 3.0
RP225: 4/12/2013 1:27:22 AM - System Checkpoint
RP226: 4/13/2013 5:27:21 AM - System Checkpoint
RP227: 4/14/2013 9:27:21 AM - System Checkpoint
RP228: 4/15/2013 1:27:21 PM - System Checkpoint
RP229: 4/18/2013 1:50:41 PM - System Checkpoint
RP230: 4/23/2013 6:59:43 PM - System Checkpoint
RP231: 4/24/2013 9:23:19 PM - System Checkpoint
RP232: 4/26/2013 1:23:19 AM - System Checkpoint
RP233: 4/27/2013 5:23:19 AM - System Checkpoint
RP234: 4/28/2013 9:23:19 AM - System Checkpoint
RP235: 4/29/2013 5:01:11 PM - System Checkpoint
RP236: 4/30/2013 7:06:39 PM - System Checkpoint
RP237: 5/1/2013 2:21:25 PM - Malwarebytes Anti-Rootkit Restore Point
RP238: 5/1/2013 3:38:07 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
7-Zip 9.20
AccelerometerP11
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.4
AiO_Scan
Artemis
AT&T Communication Manager
BitPim 1.0.7
Bootstrapper
CDDRV_Installer
Comneon Mobile Highspeed Modem (20) v3.32.0.0
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell Touchpad
Driver Installer
EasyTether
Enterprise
erLT
Facebook Video Calling 1.2.0.159
FileZilla Client 3.6.0.2
FindProgInstaller
Franson GpsGate 2.6
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HHD Software Serial Port Monitoring Control 2.10
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2484832)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2498911)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB945436)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958244)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
HP Deskjet 3520 series Basic Device Software
HP Deskjet 3520 series Setup Guide
HP PSC & Officejet 4.2 Corporate Edition
IDT Audio
Intel® Network Connections Drivers
Java 6 Update 39
Joyphone
Juniper Networks Network Connect 6.5.0
Juniper Networks Network Connect 7.1.11
Juniper Networks, Inc. Setup Client
K-Lite Codec Pack 4.8.5 (Standard)
KhalInstallWrapper
LG ActiveDirectory Service
LG United Mobile Driver
LG Verizon United Drivers
LG VS840 LGnPST DLL
LG VS930 LGNPST DLL
LGNPST
LGnPST for Sprint
LGNPST LGL86C DLL
LGnPST LS696 DLL
LGNPST VN271 DLL
LGNPST VS750 DLL
LGNPST_VL600
LGNPST_VN150
LGNPST_VS920
LGNPST_VX11K
LGUP
LGUP LGL86C DLL
LGUP_GKV_0140
LiveUpdate 2.6 (Symantec Corporation)
LLDM
Logitech SetPoint
Malwarebytes Anti-Malware version 1.75.0.1300
MapInfo Professional 11.0
MapXtreme v7.0.0 Runtime NCP
MEIDWriter
Metrico Wireless Datum
Microsoft .NET Framework 2.0 ?? ? - ???
Microsoft .NET Framework 2.0 Language Pack - KOR
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access database engine 2010 (English)
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME (2007)
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WinUsb 1.0
Microsoft WinUsb 2.0
Minitab 16
Minitab Software Update Manager
Minitab16
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Muse
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PANTECH PC USB Modem Software
PANTECH UML290
PANTECH USB Modem V2
PCDrafter 2012
PESQ Tools GUI 1.2
Pitney Bowes Business Insight Trial Data
PL-2303 USB-to-Serial
Privacy-i v1.0
QCAT 5.x
QFolder
QPST 2.7
QXDM Professional
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sentinel System Driver 5.41.1 (32-bit)
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
SMS Advanced Client
SoftwareManager
Symantec AntiVirus
TESTMODEWriter
Trend Micro RUBotted 2.0 Beta
UM150 Firmware Updates
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Wireless UM190 Firmware Updates
Verizon Wireless UML290 Firmware Updates
Verizon Wireless VL600 Firmware Updates
VL600 SW Upgrade Tool
VZAccess Manager
Waterwall Client for Vista
WebFldrs XP
WindCatcher
WindCatcher Plus
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPcap 4.1.2
Wireshark 1.8.5 (32-bit)
WWC
XCAL-M
.
==== Event Viewer Messages From Past Week ========
.
5/2/2013 4:33:37 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
5/2/2013 4:28:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/2/2013 4:21:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/2/2013 3:37:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bizVSerial eeCtrl Fips intelppm SAVRT SAVRTPEL SYMTDI
5/2/2013 3:37:23 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller
5/2/2013 3:37:23 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
5/2/2013 3:37:23 AM, error: Service Control Manager [7001] - The FTP Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
5/2/2013 3:36:14 AM, error: NETLOGON [5719] - No Domain Controller is available for domain LGE due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by joel.hammond at 5:14:12 on 2013-05-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2998 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WWCNT\SYSTEM\PMonitor.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Report] C:\AdwCleaner[s2].txt
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce: [Z1] cmd /c "c:\documents and settings\joel.hammond\my documents\downloads\mbar\mbar.exe" /cleanup /s
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {43D64D98-0246-4D2C-AFBE-4F0B86D2F6F9} - hxxp://weeklyboard.lge.com/binary/MTXInstaller.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347783978265
DPF: {7A868592-7D06-44CF-ADF1-EF7517BD8F3A} - hxxp://gsod.lge.com:5120/SOD/ActiveUpdate4Manager_Unicode/cabfiles/ManagerEx4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {8FC0F27C-9129-409D-8592-77776AF5DA77} - hxxp://lcglicense.lge.com/Login/NJInnoCPInstall.cab
DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - hxxp://approval.lge.com/aprWeb/epLib/webEditer/NamoWec.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {E67D7AE1-6292-48CA-9FA9-640DDF75A76F} - hxxp://gerp.lge.com:6010/sys/js/iLoader/iLoader.cab
DPF: {EAB86A04-27B5-4662-8CDC-29BC23600CAE} - hxxp://lgesus-se1q.lge.net:8088/pccheckeng/PCSecurityChecker.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://aicvpn.lge.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{31E076D7-D3D8-40D5-849D-460DCCE5C608} : DHCPNameServer = 192.168.1.1
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\filehook.sys [2010-7-7 48384]
R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\SFCDEX.sys [2010-7-2 10368]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-9-13 17072]
R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [2010-6-21 18304]
R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [2008-10-16 4992]
R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [2008-10-16 5632]
R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\SFRes.sys [2008-10-16 34688]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-9-13 42672]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-9-9 168616]
S?1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [2008-11-17 5632]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2006-4-3 14949]
S1 Protect;Protect;c:\windows\system32\drivers\protect.sys --> c:\windows\system32\drivers\Protect.sys [?]
S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-9-13 60928]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-7-27 10384]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
S2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-10-5 135168]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2013-4-30 439632]
S2 SDFA;SDFA Driver;c:\windows\system32\drivers\sdfa.SYS [2008-10-16 40960]
S2 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\sffolder.sys [2009-8-20 35072]
S2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [2010-3-25 239616]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-13 113664]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys --> c:\windows\system32\drivers\lgandbus.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys --> c:\windows\system32\drivers\lganddiag.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys --> c:\windows\system32\drivers\lgandgps.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys --> c:\windows\system32\drivers\lgandmodem.sys [?]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys --> c:\windows\system32\drivers\lgandnetadb.sys [?]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2013-2-27 23040]
S3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\drivers\lgandnetdiag2.sys [2013-2-27 23040]
S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys --> c:\windows\system32\drivers\lgandnetgps.sys [?]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2013-2-27 27776]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys --> c:\windows\system32\drivers\lgandnetndis.sys [?]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 cocdcacm2;cocdcacm2;c:\windows\system32\drivers\cocdcacm2.sys [2010-2-25 44904]
S3 cousbmi2;cousbmi2;c:\windows\system32\drivers\cousbmi2.sys [2010-2-25 43880]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-9-9 33832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-26 77624]
S3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2011-7-24 17296]
S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\fddec.sys [2009-9-23 31232]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\franson\gpsgate 2.0\GpsGateService.exe [2008-9-12 258048]
S3 hhdspmc32;HHD Software Serial Port Monitoring Control Filter Driver;c:\windows\system32\drivers\hhdspmc32.sys [2011-4-18 28744]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\ANDROIDUSB.sys [?]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-9 125696]
S3 LGEBryceBus;LGE Bryce Composite Device;c:\windows\system32\drivers\lgebrycebus.sys --> c:\windows\system32\drivers\LGEBryceBus.sys [?]
S3 LGEBrycemdm;LGE Bryce USB Device for Modem Communication;c:\windows\system32\drivers\lgebrycemdm.sys --> c:\windows\system32\drivers\LGEBrycemdm.sys [?]
S3 LGEBryceMux;%LGEBryceMux.SVCDESC%;c:\windows\system32\drivers\lgebrycemux.sys --> c:\windows\system32\drivers\LGEBryceMux.sys [?]
S3 LGEBryceNdis;%LGEBryceNdis.Service.DispName%;c:\windows\system32\drivers\lgebrycendis.sys --> c:\windows\system32\drivers\LGEBryceNdis.sys [?]
S3 LGEBryceprt;LGE Bryce USB Device for Serial Communication;c:\windows\system32\drivers\lgebryceprt.sys --> c:\windows\system32\drivers\LGEBryceprt.sys [?]
S3 LGELTEBus;LGE Composite Device;c:\windows\system32\drivers\lgeltebus.sys --> c:\windows\system32\drivers\LGELTEBus.sys [?]
S3 LGELTEmdm;LGE LTE USB Device for Modem Communication;c:\windows\system32\drivers\lgeltemdm.sys --> c:\windows\system32\drivers\LGELTEmdm.sys [?]
S3 LGELTEMux;LGE LTE Mux Enumerator ;c:\windows\system32\drivers\lgeltemux.sys --> c:\windows\system32\drivers\LGELTEMux.sys [?]
S3 LGELTENdis;LGE USB NDIS Miniport Ethernet Adapter Service;c:\windows\system32\drivers\lgeltendis.sys --> c:\windows\system32\drivers\LGELTENdis.sys [?]
S3 LGELTEprt;LGE USB Device for Serial Communication;c:\windows\system32\drivers\lgelteprt.sys --> c:\windows\system32\drivers\LGELTEprt.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-1 35144]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-1-11 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-1-11 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2011-1-11 23680]
S3 Muse;Muse USB Driver;c:\windows\system32\drivers\Muse.sys [2010-11-16 31872]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120915.008\naveng.sys [2012-9-16 92704]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120915.008\navex15.sys [2012-9-16 1601184]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2011-3-15 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2011-3-15 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2011-3-15 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2011-3-15 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2011-3-15 118800]
S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\ptumlbus.sys --> c:\windows\system32\drivers\PTUMLBUS.sys [?]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\ptumlcvsp.sys --> c:\windows\system32\drivers\PTUMLCVsp.sys [?]
S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\ptumlmdm.sys --> c:\windows\system32\drivers\PTUMLMdm.sys [?]
S3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\drivers\ptumlnet.sys --> c:\windows\system32\drivers\PTUMLNET.sys [?]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\ptumlnvsp.sys --> c:\windows\system32\drivers\PTUMLNVsp.sys [?]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\drivers\ptumlrmnet.sys --> c:\windows\system32\drivers\PTUMLRMNET.sys [?]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\ptumlvsp.sys --> c:\windows\system32\drivers\PTUMLVsp.sys [?]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2011-4-22 54544]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2011-4-22 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2011-4-22 11920]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2011-4-22 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2011-4-22 115216]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2011-4-22 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2011-4-22 160400]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [2011-7-17 103424]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~2\SMSIVZAM5.SYS [2010-4-14 32408]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-9-26 181432]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\drivers\lgusbgps.sys --> c:\windows\system32\drivers\lgusbgps.sys [?]
S3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\drivers\lgvzandnetadb.sys [2011-10-10 25856]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\drivers\lgvzandnetdiag.sys [2011-10-10 23168]
S3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;c:\windows\system32\drivers\lgvzandnetdiag2.sys [2011-10-10 23168]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\drivers\lgvzandnetmdm.sys [2011-10-10 27904]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\drivers\lgvzandnetndis.sys [2011-10-21 71040]
S3 WnsDrvr;WnsDrvr;c:\windows\system32\drivers\wnsdrvr.sys [2011-2-21 25952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WwHook;WwHook;c:\windows\system32\drivers\Wwhook.sys [2007-5-21 7867]
S4 ADAgent;ADAgent;c:\program files\lgead\ADAgentService.exe [2008-8-13 586752]
S4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
.
=============== Created Last 30 ================
.
2013-05-02 06:52:26 -------- d-----w- C:\FRST
2013-05-01 20:47:14 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-04-30 18:36:50 131720 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2013-04-30 17:36:17 -------- d-----w- c:\program files\Trend Micro
2013-04-30 07:00:28 -------- d-sh--w- C:\found.000
2013-04-29 17:57:20 -------- d-----w- c:\documents and settings\joel.hammond\application data\Malwarebytes
2013-04-26 20:43:09 -------- d-----w- c:\documents and settings\joel.hammond\Documentum
.
==================== Find3M ====================
.
2013-04-30 19:34:51 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 18:33:31 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 18:33:31 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:31:30 1876224 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 5:15:11.15 ===============
Trojan Backdoor Agent Rootkit Detected, Cleaned, then Reappears
in Resolved Malware Removal Logs
Posted
SystemLook 30.07.11 by jpshortstuff
Log created at 18:41 on 02/05/2013 by joel.hammond
(Limited User)
========== DIR ==========
c:\documents and settings\joel.hammond\Documentum - Parameters: "(none)"
---Files---
documentum.ini --a---- 94 bytes [20:43 26/04/2013] [20:43 26/04/2013]
documentum.lck --a---- 0 bytes [20:43 26/04/2013] [20:43 26/04/2013]
---Folders---
Checkout d------ [20:43 26/04/2013]
Export d------ [20:43 26/04/2013]
Logs d------ [20:43 26/04/2013]
Temp d------ [20:43 26/04/2013]
ucf d------ [20:43 26/04/2013]
Viewed d------ [20:43 26/04/2013]
-= EOF =-
I'm not familiar with Kaseya, although I do know our company puts Monitoring SW on our machines which might have the same effect.
Since I got hacked a year ago, I started noticing a program that lags on shutdown and has to be force closed by Windows. I only see the popup briefly before it closes and shuts down, but the header bar is titled "FullWindowsOwner." Have you ever come across that one before?