Jimcat
-
Posts
109 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Jimcat
-
-
I followed all of the above and it worked up until I entered the command line. It came back with the following message:
'/c' is not recognized as an internal or external command, operable program or batch file.
When I get the command prompt, it is at the directory C:\Users\Jim Kasprzak 4> . Should I be in another directory? Should I be running this in safe mode? Or is this another symptom of the infection?
-
Just checked in C:\ and I see the logs from my last runs of ComboFix, Network Details, and TDSSKiller, but no file labeled "log.txt".
-
Thanks, that worked, but the result is the same as before: a window pops up very rapidly and immediately disappears. No log file pops up. Is there somewhere that it might have been written?
-
More detail on what is going on: under the start menu in Vista, I can find a program called "Run". The icon looks similar to the "Run" icon under XP. I don't know where I should input the command that you listed. If I try putting it into the "start search" box at the bottom of the start meu, the window for Junction pops up very briefly and then immediately closes. The same thing happens if I just try to run Junction on its own: it pops open and closed without doing anything as far as I can tell.
-
Windows Vista issue again: I was able to extract the files to C:\Windows, but Start>Run doesn't seem to exist under Vista.
-
Thanks for sticking with me on this. It may be a few hours before I can complete this operation.
-
This thing is pretty persistent. It looks like SystemLook is returning the same results as it did before we ran Combofix:
SystemLook 30.07.11 by jpshortstuff
Log created at 18:29 on 21/10/2011 by Jim Kasprzak 4
Administrator - Elevation successful
========== filefind ==========
Searching for "tdx.sys"
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys --a---- 71680 bytes [02:24 21/01/2008] [02:24 21/01/2008] D09276B1FAB033CE1D40DCBDF303D10F
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys --a---- 72192 bytes [10:59 11/09/2009] [05:58 20/10/2011] (Unable to calculate MD5)
-= EOF =-
-
Networking behavior is the same as before: it shows no Internet connectivity and describes the network as "Identifying".
-
Here is the Combofix log from the latest run:
ComboFix 11-10-20.08 - Jim Kasprzak 4 10/21/2011 17:47:03.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.1216 [GMT -4:00]
Running from: c:\users\Jim Kasprzak 4\Desktop\ComboFix.exe
Command switches used :: c:\users\Jim Kasprzak 4\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\Jim\AppData\Local\temp
2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\Jim Kasprzak\AppData\Local\temp
2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Local\temp
2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\Jim Kasprzak 2\AppData\Local\temp
2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-21 21:24 . 2011-10-21 21:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\offreg.dll
2011-10-21 14:44 . 2011-10-21 14:44 -------- d-----w- c:\windows\system32\vmm32
2011-10-20 01:20 . 2007-12-05 11:17 77824 ----a-w- c:\windows\system32\AERTSrv.exe
2011-10-19 01:42 . 2011-09-21 13:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\mpengine.dll
2011-10-15 11:08 . 2011-10-15 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-15 11:08 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 10:28 . 2011-10-15 10:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-14 10:24 . 2011-10-14 10:24 -------- d-----w- c:\programdata\Malwarebytes
2011-10-12 23:08 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 23:08 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 23:08 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 23:08 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 23:08 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 23:08 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 23:08 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 23:08 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 23:08 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 23:08 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-11 09:59 . 2011-10-11 10:00 -------- d-----w- c:\users\Jim Kasprzak 4
2011-10-11 09:34 . 2011-10-11 09:34 -------- d--h--w- c:\users\Jim Kasprzak 3\Tracing
2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Unity
2011-10-11 09:34 . 2010-10-20 23:36 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Windows Live Writer
2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\TaxCut
2011-10-11 09:34 . 2011-10-11 09:34 -------- d--h--w- c:\users\Jim Kasprzak 3\AppData\Roaming\Oberon Media
2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\PCDr
2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----r- c:\users\Jim Kasprzak 3\AppData\Roaming\SecuROM
2011-10-11 09:31 . 2011-10-11 09:31 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Merscom
2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\IGN_DLM
2011-10-11 09:30 . 2011-10-11 09:30 -------- d--h--w- c:\users\Jim Kasprzak 3\AppData\Roaming\funkitron
2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Facebook
2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\eMusic
2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\CyberLink
2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Amazon
2011-10-11 09:30 . 2009-12-01 02:33 8653312 ----a-w- c:\users\Jim Kasprzak 3\AppData\Roaming\DataSafeDotNet.exe
2011-10-09 17:52 . 2011-10-09 17:52 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Malwarebytes
2011-10-09 09:35 . 2011-10-09 09:35 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\McAfee
2011-10-08 19:29 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-05 00:06 . 2011-10-05 00:06 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\PlayFirst
2011-09-23 11:08 . 2011-09-23 11:08 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe
2011-09-23 11:08 . 2011-09-23 11:08 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-23 11:08 . 2011-09-23 11:08 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe
2011-09-23 11:08 . 2011-09-23 11:08 748336 ----a-w- c:\program files\Internet Explorer\iexplore.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 02:35 . 2009-09-11 10:59 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-19 01:34 . 2011-06-15 19:07 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-28 01:59 . 2011-05-14 09:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-22 10:40 . 2011-08-22 10:40 0 ---ha-w- c:\users\Jim Kasprzak 2\AppData\Local\Spituj.bin
2011-08-15 14:00 . 2010-08-25 07:51 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 14:00 . 2010-08-25 07:50 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 14:00 . 2010-08-25 07:50 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 14:00 . 2010-08-25 07:50 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 14:00 . 2010-08-25 07:50 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 14:00 . 2010-08-25 07:50 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 14:00 . 2010-08-25 07:50 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 14:00 . 2010-08-25 07:50 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 14:00 . 2010-08-25 07:50 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 14:00 . 2010-08-25 07:50 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-07-08 07:16 . 2011-08-14 18:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-08-14 19:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1317016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\Components\scheduler\Launcher.exe" [2009-02-23 165104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe" [2011-09-28 243360]
.
c:\users\Jim Kasprzak 4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-5-13 53248]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-13 07:48 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2009-03-30 66368]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [x]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 uvnc_service;UltraVNC Server;c:\programdata\UltraVNC\winvnc.exe [2008-08-31 1519168]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 148520]
S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-15 c:\windows\Tasks\Norton Security Scan for Jim Kasprzak.job
- c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-03-13 07:25]
.
2011-10-21 c:\windows\Tasks\User_Feed_Synchronization-{E31C1D6B-950E-489A-A927-F01A5C3A2B23}.job
- c:\windows\system32\msfeedssync.exe [2011-09-23 11:07]
.
2011-10-21 c:\windows\Tasks\vtscheduletask.job
- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2011-10-09 18:25]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220
FF - ProfilePath -
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a6,91,65,95,bf,8c,cc,01
.
Completion time: 2011-10-21 18:05:37
ComboFix-quarantined-files.txt 2011-10-21 22:05
ComboFix2.txt 2011-10-21 01:48
ComboFix3.txt 2011-10-20 09:34
.
Pre-Run: 57,925,611,520 bytes free
Post-Run: 57,893,535,744 bytes free
.
- - End Of File - - D0405AB30415331EF3FB8797073CEC26
-
Yes, Combofix is still installed.
-
I'm afraid even that is not working - it's saying "Access is denied. 0 files copied."
-
Turning off UAC made it worse - it doesn't even try now, it just gives me the "Destination Folder Access Denied" pop-up.
I know how to login in safe mode, but I'm not sure what I need to do to specifically "login as administrator". As far as I know, all of my user profiles have administrator access. Is there another step I need?
-
When I try to do the above:
First I see a pop-up window that says "You'll need to provide administrator permission to copy this file". I click "Continue" and I get a pop-up saying "Windows needs your permission to continue". I click "Continue" on that window and it starts copying, but then I get anothe rpop-up with the label "Destination Folder Access Denied" and it says "You need permission to perform this action".
I was pretty sure that my user profile had administrator access. What am I missing?
-
Here is the SystemLook output:
SystemLook 30.07.11 by jpshortstuff
Log created at 12:12 on 21/10/2011 by Jim Kasprzak 4
Administrator - Elevation successful
========== filefind ==========
Searching for "tdx.sys"
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys --a---- 71680 bytes [02:24 21/01/2008] [02:24 21/01/2008] D09276B1FAB033CE1D40DCBDF303D10F
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys --a---- 72192 bytes [10:59 11/09/2009] [05:58 20/10/2011] (Unable to calculate MD5)
-= EOF =-
-
Just saw your reply above. Will try the SystemLook in an hour or so.
-
Update: I did find the network drivers section. It has one item checked, presumably my current NIC driver: "Intel 825xx 10/100 Platform LAN Connect Device Rev:A00
Still stumped as to what to do next.
-
Is there a Vista doctor in the house?
There are several CD's included with my computer. There is one labeled as the operating system CD; this says "use this DVD only to reinstall the operating system", which I presume I don't want to do yet.
There is also a "Drivers and Utilities" CD which looks like what might be the most useful. I installed the console application, which has a lot of menu items, but nothing I can find labeled "Repair Options" or anything that seems to open up a command prompt.
There are a large number of drivers listed on the console, grouped under categories such as Utilities, Drivers, and Applications. Unfortunately it doesn't give file names, and I can't find anything that's obviously labeled "Ethernet card" or "Networking".
What's my next step?
-
Here is the NetworkDetails file. This is before running any operations with the restore CD.
Query Services version 2
...
[sC] QueryServiceConfig SUCCESS
SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : NSI
: Tdx
: Afd
SERVICE_START_NAME : NT Authority\LocalService
SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1075 (0x433)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[sC] QueryServiceConfig SUCCESS
SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\drivers\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 3
DISPLAY_NAME : TCP/IP Protocol Driver
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[sC] QueryServiceConfig SUCCESS
SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\system32\drivers\afd.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : Ancilliary Function Driver for Winsock
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[sC] QueryServiceConfig SUCCESS
SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\DRIVERS\netbt.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 12
DISPLAY_NAME : NETBT
DEPENDENCIES : Tdx
: tcpip
SERVICE_START_NAME :
SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[sC] QueryServiceConfig SUCCESS
SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbios.sys
LOAD_ORDER_GROUP : NetBIOSGroup
TAG : 2
DISPLAY_NAME : NetBIOS Interface
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[sC] QueryServiceConfig SUCCESS
SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService
SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1040
FLAGS :
[sC] QueryServiceConfig SUCCESS
SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tdx
SERVICE_START_NAME : NT AUTHORITY\NetworkService
SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1075 (0x433)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[sC] QueryServiceConfig SUCCESS
SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPsec Policy Agent
DEPENDENCIES : Tcpip
: bfe
SERVICE_START_NAME : NT Authority\NetworkService
SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 2940
FLAGS :
[sC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
[sC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.
[sC] QueryServiceConfig SUCCESS
SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES : SamSS
: Srv
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1124
FLAGS :
[sC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
[sC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.
[sC] QueryServiceConfig SUCCESS
SERVICE_NAME: RPCSS
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES : DcomLaunch
SERVICE_START_NAME : NT AUTHORITY\NetworkService
SERVICE_NAME: RPCSS
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 908
FLAGS :
-
I do have the Windows Vista CD if it turns out that I need it.
I will run the file later today - may be a couple of hours before I get the opportunity.
-
-
I did this and the device driver successfully re-installed. However, I'm still not getting connectivity. If I click on the network icon, it says "This computer is connected to Identifying..." which sounds as though it's trying to identify the network. But it's been in this state for more than five minutes, which seems unduly long for such an operation.
If it helps, I'm connecting via a Cisco Linksys Wireless-G router, model WRT54GS. Two other computers are currently connecting via this router, one wired and one wireless - the router itself has never given us any problems in the five years I've had it.
-
I don't have a "My Computer" icon but I used Windows Vista's control panel to see the device manager.
It shows my network adapter: Intel® 8256V-2 10/100 Network Connection
If I right click on the adapter icon, it gives me the options to disable or uninstall, which implies that it is enabled.
If I view properties for the adapter, device status says "The device is working properly."
Despite this, when I click on the network icon, it says I have local access only. If I click "Connect to a network", it says "Windows cannot find any additional networks."
If I click to diagnose why Windows can't find any networks, it says, "This computer does not have a wireless network adapter installed and configured."
But I never used wireless access for this computer - I always used the Ethernet adapter and cable.
Hope this provides some clues on how to fix the problem.
-
This time Combofix took a lot less time to run and didn't get any nasty pop-ups during the scan.
I manually rebooted after the log was generated. No error messages on startup (first time that has happened in days!) but unfortunately, the system still has no Internet connectivity. It doesn't seem to be recognizing the Ethernet card.
Here are the log results:
ComboFix 11-10-20.08 - Jim Kasprzak 4 10/20/2011 21:29:23.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.848 [GMT -4:00]
Running from: c:\users\Jim Kasprzak 4\Desktop\ComboFix.exe
Command switches used :: c:\users\Jim Kasprzak 4\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\c_15244.nl_"
"c:\windows\system32\drivers\pibbcaht.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\57a8a4e03131d83c7239cf6079d8cec4
c:\57a8a4e03131d83c7239cf6079d8cec4\$shtdwn$.req
c:\57a8a4e03131d83c7239cf6079d8cec4\1025\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1025\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1025\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1028\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1028\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1028\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1029\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1029\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1029\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1030\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1030\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1030\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1031\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1031\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1031\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1032\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1032\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1032\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1033\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1033\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1033\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1035\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1035\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1035\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1036\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1036\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1036\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1037\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1037\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1037\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1038\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1038\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1038\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1040\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1040\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1040\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1041\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1041\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1041\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1042\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1042\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1042\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1043\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1043\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1043\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1044\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1044\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1044\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1045\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1045\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1045\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1046\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1046\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1046\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1049\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1049\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1049\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1053\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1053\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1053\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\1055\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\1055\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\1055\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\2052\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\2052\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\2052\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\2070\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\2070\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\2070\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\3076\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\3076\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\3076\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\3082\eula.rtf
c:\57a8a4e03131d83c7239cf6079d8cec4\3082\LocalizedData.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\3082\SetupResources.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\DHtmlHeader.html
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Print.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate1.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate2.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate3.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate4.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate5.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate6.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate7.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate8.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Save.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Setup.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\stop.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\SysReqMet.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\SysReqNotMet.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\warn.ico
c:\57a8a4e03131d83c7239cf6079d8cec4\header.bmp
c:\57a8a4e03131d83c7239cf6079d8cec4\NDP40-KB2572078.msp
c:\57a8a4e03131d83c7239cf6079d8cec4\ParameterInfo.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\Setup.exe
c:\57a8a4e03131d83c7239cf6079d8cec4\SetupEngine.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\SetupUi.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\SetupUi.xsd
c:\57a8a4e03131d83c7239cf6079d8cec4\SplashScreen.bmp
c:\57a8a4e03131d83c7239cf6079d8cec4\sqmapi.dll
c:\57a8a4e03131d83c7239cf6079d8cec4\Strings.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\UiInfo.xml
c:\57a8a4e03131d83c7239cf6079d8cec4\watermark.bmp
C:\a006e82503421d9c66
c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}
c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}\chrome.manifest
c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}\chrome\content\_cfg.js
c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}\chrome\content\overlay.xul
c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}\install.rdf
c:\windows\system32\c_15244.nl_
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Jim\AppData\Local\temp
2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Jim Kasprzak\AppData\Local\temp
2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Local\temp
2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Jim Kasprzak 2\AppData\Local\temp
2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-20 22:46 . 2011-10-20 22:46 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\offreg.dll
2011-10-20 01:20 . 2007-12-05 11:17 77824 ----a-w- c:\windows\system32\AERTSrv.exe
2011-10-19 01:42 . 2011-09-21 13:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\mpengine.dll
2011-10-15 11:08 . 2011-10-15 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-15 11:08 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 10:28 . 2011-10-15 10:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-14 10:24 . 2011-10-14 10:24 -------- d-----w- c:\programdata\Malwarebytes
2011-10-12 23:08 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 23:08 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 23:08 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 23:08 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 23:08 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 23:08 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 23:08 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 23:08 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 23:08 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 23:08 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-11 09:59 . 2011-10-11 10:00 -------- d-----w- c:\users\Jim Kasprzak 4
2011-10-11 09:34 . 2011-10-11 09:34 -------- d--h--w- c:\users\Jim Kasprzak 3\Tracing
2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Unity
2011-10-11 09:34 . 2010-10-20 23:36 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Windows Live Writer
2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\TaxCut
2011-10-11 09:34 . 2011-10-11 09:34 -------- d--h--w- c:\users\Jim Kasprzak 3\AppData\Roaming\Oberon Media
2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\PCDr
2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----r- c:\users\Jim Kasprzak 3\AppData\Roaming\SecuROM
2011-10-11 09:31 . 2011-10-11 09:31 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Merscom
2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\IGN_DLM
2011-10-11 09:30 . 2011-10-11 09:30 -------- d--h--w- c:\users\Jim Kasprzak 3\AppData\Roaming\funkitron
2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Facebook
2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\eMusic
2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\CyberLink
2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Amazon
2011-10-11 09:30 . 2009-12-01 02:33 8653312 ----a-w- c:\users\Jim Kasprzak 3\AppData\Roaming\DataSafeDotNet.exe
2011-10-09 17:52 . 2011-10-09 17:52 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Malwarebytes
2011-10-09 09:35 . 2011-10-09 09:35 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\McAfee
2011-10-08 19:29 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-05 00:06 . 2011-10-05 00:06 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\PlayFirst
2011-09-23 11:08 . 2011-09-23 11:08 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe
2011-09-23 11:08 . 2011-09-23 11:08 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-23 11:08 . 2011-09-23 11:08 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe
2011-09-23 11:08 . 2011-09-23 11:08 748336 ----a-w- c:\program files\Internet Explorer\iexplore.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 02:35 . 2009-09-11 10:59 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-19 01:34 . 2011-06-15 19:07 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-28 01:59 . 2011-05-14 09:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-22 10:40 . 2011-08-22 10:40 0 ---ha-w- c:\users\Jim Kasprzak 2\AppData\Local\Spituj.bin
2011-08-15 14:00 . 2010-08-25 07:51 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 14:00 . 2010-08-25 07:50 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 14:00 . 2010-08-25 07:50 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 14:00 . 2010-08-25 07:50 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 14:00 . 2010-08-25 07:50 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 14:00 . 2010-08-25 07:50 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 14:00 . 2010-08-25 07:50 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 14:00 . 2010-08-25 07:50 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 14:00 . 2010-08-25 07:50 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 14:00 . 2010-08-25 07:50 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-07-08 07:16 . 2011-08-14 18:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-08-14 19:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1317016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\Components\scheduler\Launcher.exe" [2009-02-23 165104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe" [2011-09-28 243360]
.
c:\users\Jim Kasprzak 4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-5-13 53248]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-13 07:48 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2009-03-30 66368]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [x]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 uvnc_service;UltraVNC Server;c:\programdata\UltraVNC\winvnc.exe [2008-08-31 1519168]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 148520]
S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-15 c:\windows\Tasks\Norton Security Scan for Jim Kasprzak.job
- c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-03-13 07:25]
.
2011-10-21 c:\windows\Tasks\User_Feed_Synchronization-{E31C1D6B-950E-489A-A927-F01A5C3A2B23}.job
- c:\windows\system32\msfeedssync.exe [2011-09-23 11:07]
.
2011-10-18 c:\windows\Tasks\vtscheduletask.job
- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2011-10-09 18:25]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 21:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a6,91,65,95,bf,8c,cc,01
.
Completion time: 2011-10-20 21:48:16
ComboFix-quarantined-files.txt 2011-10-21 01:48
ComboFix2.txt 2011-10-20 09:34
.
Pre-Run: 57,807,015,936 bytes free
Post-Run: 57,776,558,080 bytes free
.
- - End Of File - - 2223EB429952AB610428AC4BB4468369
-
Running Combofix now. Will post results tonight or tomorrow.
Malwarebytes stops running, even in safe mode
in Resolved Malware Removal Logs
Posted
Just to clarify: when you say save it "next to" junction.exe, do you mean in C:\Windows or on the desktop?