[Malwarebytes stops running, even in safe mode]

Just to clarify: when you say save it "next to" junction.exe, do you mean in C:\Windows or on the desktop?

[Malwarebytes stops running, even in safe mode]

I followed all of the above and it worked up until I entered the command line. It came back with the following message:

'/c' is not recognized as an internal or external command, operable program or batch file.

When I get the command prompt, it is at the directory C:\Users\Jim Kasprzak 4> . Should I be in another directory? Should I be running this in safe mode? Or is this another symptom of the infection?

[Malwarebytes stops running, even in safe mode]

Just checked in C:\ and I see the logs from my last runs of ComboFix, Network Details, and TDSSKiller, but no file labeled "log.txt".

[Malwarebytes stops running, even in safe mode]

Thanks, that worked, but the result is the same as before: a window pops up very rapidly and immediately disappears. No log file pops up. Is there somewhere that it might have been written?

[Malwarebytes stops running, even in safe mode]

More detail on what is going on: under the start menu in Vista, I can find a program called "Run". The icon looks similar to the "Run" icon under XP. I don't know where I should input the command that you listed. If I try putting it into the "start search" box at the bottom of the start meu, the window for Junction pops up very briefly and then immediately closes. The same thing happens if I just try to run Junction on its own: it pops open and closed without doing anything as far as I can tell.

[Malwarebytes stops running, even in safe mode]

Windows Vista issue again: I was able to extract the files to C:\Windows, but Start>Run doesn't seem to exist under Vista.

[Malwarebytes stops running, even in safe mode]

Thanks for sticking with me on this. It may be a few hours before I can complete this operation.

[Malwarebytes stops running, even in safe mode]

This thing is pretty persistent. It looks like SystemLook is returning the same results as it did before we ran Combofix:

SystemLook 30.07.11 by jpshortstuff

Log created at 18:29 on 21/10/2011 by Jim Kasprzak 4

Administrator - Elevation successful

========== filefind ==========

Searching for "tdx.sys"

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys --a---- 71680 bytes [02:24 21/01/2008] [02:24 21/01/2008] D09276B1FAB033CE1D40DCBDF303D10F

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys --a---- 72192 bytes [10:59 11/09/2009] [05:58 20/10/2011] (Unable to calculate MD5)

-= EOF =-

[Malwarebytes stops running, even in safe mode]

Networking behavior is the same as before: it shows no Internet connectivity and describes the network as "Identifying".

[Malwarebytes stops running, even in safe mode]

Here is the Combofix log from the latest run:

ComboFix 11-10-20.08 - Jim Kasprzak 4 10/21/2011 17:47:03.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.1216 [GMT -4:00]

Running from: c:\users\Jim Kasprzak 4\Desktop\ComboFix.exe

Command switches used :: c:\users\Jim Kasprzak 4\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))

.

.

2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp

2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\Jim\AppData\Local\temp

2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\Jim Kasprzak\AppData\Local\temp

2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Local\temp

2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\Jim Kasprzak 2\AppData\Local\temp

2011-10-21 22:02 . 2011-10-21 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-21 21:24 . 2011-10-21 21:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\offreg.dll

2011-10-21 14:44 . 2011-10-21 14:44 -------- d-----w- c:\windows\system32\vmm32

2011-10-20 01:20 . 2007-12-05 11:17 77824 ----a-w- c:\windows\system32\AERTSrv.exe

2011-10-19 01:42 . 2011-09-21 13:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\mpengine.dll

2011-10-15 11:08 . 2011-10-15 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-15 11:08 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-15 10:28 . 2011-10-15 10:28 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-14 10:24 . 2011-10-14 10:24 -------- d-----w- c:\programdata\Malwarebytes

2011-10-12 23:08 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 23:08 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 23:08 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 23:08 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-12 23:08 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-12 23:08 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-10-12 23:08 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-12 23:08 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 23:08 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 23:08 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-11 09:59 . 2011-10-11 10:00 -------- d-----w- c:\users\Jim Kasprzak 4

2011-10-11 09:34 . 2011-10-11 09:34 -------- d--h--w- c:\users\Jim Kasprzak 3\Tracing

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Unity

2011-10-11 09:34 . 2010-10-20 23:36 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Windows Live Writer

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\TaxCut

2011-10-11 09:34 . 2011-10-11 09:34 -------- d--h--w- c:\users\Jim Kasprzak 3\AppData\Roaming\Oberon Media

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\PCDr

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----r- c:\users\Jim Kasprzak 3\AppData\Roaming\SecuROM

2011-10-11 09:31 . 2011-10-11 09:31 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Merscom

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\IGN_DLM

2011-10-11 09:30 . 2011-10-11 09:30 -------- d--h--w- c:\users\Jim Kasprzak 3\AppData\Roaming\funkitron

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Facebook

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\eMusic

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\CyberLink

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Amazon

2011-10-11 09:30 . 2009-12-01 02:33 8653312 ----a-w- c:\users\Jim Kasprzak 3\AppData\Roaming\DataSafeDotNet.exe

2011-10-09 17:52 . 2011-10-09 17:52 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Malwarebytes

2011-10-09 09:35 . 2011-10-09 09:35 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\McAfee

2011-10-08 19:29 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-10-05 00:06 . 2011-10-05 00:06 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\PlayFirst

2011-09-23 11:08 . 2011-09-23 11:08 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe

2011-09-23 11:08 . 2011-09-23 11:08 161792 ----a-w- c:\windows\system32\msls31.dll

2011-09-23 11:08 . 2011-09-23 11:08 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe

2011-09-23 11:08 . 2011-09-23 11:08 748336 ----a-w- c:\program files\Internet Explorer\iexplore.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 02:35 . 2009-09-11 10:59 185856 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-10-19 01:34 . 2011-06-15 19:07 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-09-28 01:59 . 2011-05-14 09:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-22 10:40 . 2011-08-22 10:40 0 ---ha-w- c:\users\Jim Kasprzak 2\AppData\Local\Spituj.bin

2011-08-15 14:00 . 2010-08-25 07:51 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 14:00 . 2010-08-25 07:50 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 14:00 . 2010-08-25 07:50 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-08-15 14:00 . 2010-08-25 07:50 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 14:00 . 2010-08-25 07:50 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 14:00 . 2010-08-25 07:50 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 14:00 . 2010-08-25 07:50 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 14:00 . 2010-08-25 07:50 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 14:00 . 2010-08-25 07:50 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-15 14:00 . 2010-08-25 07:50 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-07-08 07:16 . 2011-08-14 18:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:01 . 2011-08-14 19:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-02 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1317016]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\Components\scheduler\Launcher.exe" [2009-02-23 165104]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe" [2011-09-28 243360]

.

c:\users\Jim Kasprzak 4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-5-13 53248]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-05-13 07:48 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiSpywareOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2009-03-30 66368]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]

R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [x]

R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R2 uvnc_service;UltraVNC Server;c:\programdata\UltraVNC\winvnc.exe [2008-08-31 1519168]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]

R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]

S2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 148520]

S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-15 c:\windows\Tasks\Norton Security Scan for Jim Kasprzak.job

- c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-03-13 07:25]

.

2011-10-21 c:\windows\Tasks\User_Feed_Synchronization-{E31C1D6B-950E-489A-A927-F01A5C3A2B23}.job

- c:\windows\system32\msfeedssync.exe [2011-09-23 11:07]

.

2011-10-21 c:\windows\Tasks\vtscheduletask.job

- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2011-10-09 18:25]

.

.

------- Supplementary Scan -------

.

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220

FF - ProfilePath -

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a6,91,65,95,bf,8c,cc,01

.

Completion time: 2011-10-21 18:05:37

ComboFix-quarantined-files.txt 2011-10-21 22:05

ComboFix2.txt 2011-10-21 01:48

ComboFix3.txt 2011-10-20 09:34

.

Pre-Run: 57,925,611,520 bytes free

Post-Run: 57,893,535,744 bytes free

.

- - End Of File - - D0405AB30415331EF3FB8797073CEC26

[Malwarebytes stops running, even in safe mode]

Yes, Combofix is still installed.

[Malwarebytes stops running, even in safe mode]

I'm afraid even that is not working - it's saying "Access is denied. 0 files copied."

[Malwarebytes stops running, even in safe mode]

Turning off UAC made it worse - it doesn't even try now, it just gives me the "Destination Folder Access Denied" pop-up.

I know how to login in safe mode, but I'm not sure what I need to do to specifically "login as administrator". As far as I know, all of my user profiles have administrator access. Is there another step I need?

[Malwarebytes stops running, even in safe mode]

When I try to do the above:

First I see a pop-up window that says "You'll need to provide administrator permission to copy this file". I click "Continue" and I get a pop-up saying "Windows needs your permission to continue". I click "Continue" on that window and it starts copying, but then I get anothe rpop-up with the label "Destination Folder Access Denied" and it says "You need permission to perform this action".

I was pretty sure that my user profile had administrator access. What am I missing?

[Malwarebytes stops running, even in safe mode]

Here is the SystemLook output:

SystemLook 30.07.11 by jpshortstuff

Log created at 12:12 on 21/10/2011 by Jim Kasprzak 4

Administrator - Elevation successful

========== filefind ==========

Searching for "tdx.sys"

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys --a---- 71680 bytes [02:24 21/01/2008] [02:24 21/01/2008] D09276B1FAB033CE1D40DCBDF303D10F

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys --a---- 72192 bytes [10:59 11/09/2009] [05:58 20/10/2011] (Unable to calculate MD5)

-= EOF =-

[Malwarebytes stops running, even in safe mode]

Just saw your reply above. Will try the SystemLook in an hour or so.

[Malwarebytes stops running, even in safe mode]

Update: I did find the network drivers section. It has one item checked, presumably my current NIC driver: "Intel 825xx 10/100 Platform LAN Connect Device Rev:A00

Still stumped as to what to do next.

[Malwarebytes stops running, even in safe mode]

Is there a Vista doctor in the house?

There are several CD's included with my computer. There is one labeled as the operating system CD; this says "use this DVD only to reinstall the operating system", which I presume I don't want to do yet.

There is also a "Drivers and Utilities" CD which looks like what might be the most useful. I installed the console application, which has a lot of menu items, but nothing I can find labeled "Repair Options" or anything that seems to open up a command prompt.

There are a large number of drivers listed on the console, grouped under categories such as Utilities, Drivers, and Applications. Unfortunately it doesn't give file names, and I can't find anything that's obviously labeled "Ethernet card" or "Networking".

What's my next step?

[Malwarebytes stops running, even in safe mode]

Here is the NetworkDetails file. This is before running any operations with the restore CD.

Query Services version 2

...

[sC] QueryServiceConfig SUCCESS

SERVICE_NAME: dhcp

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

LOAD_ORDER_GROUP : TDI

TAG : 0

DISPLAY_NAME : DHCP Client

DEPENDENCIES : NSI

: Tdx

: Afd

SERVICE_START_NAME : NT Authority\LocalService

SERVICE_NAME: dhcp

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

WIN32_EXIT_CODE : 1075 (0x433)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

[sC] QueryServiceConfig SUCCESS

SERVICE_NAME: TCPIP

TYPE : 1 KERNEL_DRIVER

START_TYPE : 1 SYSTEM_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : System32\drivers\tcpip.sys

LOAD_ORDER_GROUP : PNP_TDI

TAG : 3

DISPLAY_NAME : TCP/IP Protocol Driver

DEPENDENCIES :

SERVICE_START_NAME :

SERVICE_NAME: TCPIP

TYPE : 1 KERNEL_DRIVER

STATE : 4 RUNNING

(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

[sC] QueryServiceConfig SUCCESS

SERVICE_NAME: Afd

TYPE : 1 KERNEL_DRIVER

START_TYPE : 1 SYSTEM_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : \SystemRoot\system32\drivers\afd.sys

LOAD_ORDER_GROUP : PNP_TDI

TAG : 0

DISPLAY_NAME : Ancilliary Function Driver for Winsock

DEPENDENCIES :

SERVICE_START_NAME :

SERVICE_NAME: Afd

TYPE : 1 KERNEL_DRIVER

STATE : 4 RUNNING

(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

[sC] QueryServiceConfig SUCCESS

SERVICE_NAME: NetBT

TYPE : 1 KERNEL_DRIVER

START_TYPE : 1 SYSTEM_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : System32\DRIVERS\netbt.sys

LOAD_ORDER_GROUP : PNP_TDI

TAG : 12

DISPLAY_NAME : NETBT

DEPENDENCIES : Tdx

: tcpip

SERVICE_START_NAME :

SERVICE_NAME: NetBT

TYPE : 1 KERNEL_DRIVER

STATE : 4 RUNNING

(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

[sC] QueryServiceConfig SUCCESS

SERVICE_NAME: NetBIOS

TYPE : 2 FILE_SYSTEM_DRIVER

START_TYPE : 1 SYSTEM_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : system32\DRIVERS\netbios.sys

LOAD_ORDER_GROUP : NetBIOSGroup

TAG : 2

DISPLAY_NAME : NetBIOS Interface

DEPENDENCIES :

SERVICE_START_NAME :

SERVICE_NAME: NetBIOS

TYPE : 2 FILE_SYSTEM_DRIVER

STATE : 4 RUNNING

(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

[sC] QueryServiceConfig SUCCESS

SERVICE_NAME: Lmhosts

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

LOAD_ORDER_GROUP : TDI

TAG : 0

DISPLAY_NAME : TCP/IP NetBIOS Helper

DEPENDENCIES : NetBT

: Afd

SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: Lmhosts

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 1040

FLAGS :

[sC] QueryServiceConfig SUCCESS

SERVICE_NAME: Dnscache

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkService

LOAD_ORDER_GROUP : TDI

TAG : 0

DISPLAY_NAME : DNS Client

DEPENDENCIES : Tdx

SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: Dnscache

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

WIN32_EXIT_CODE : 1075 (0x433)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

[sC] QueryServiceConfig SUCCESS

SERVICE_NAME: PolicyAgent

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

LOAD_ORDER_GROUP :

TAG : 0

DISPLAY_NAME : IPsec Policy Agent

DEPENDENCIES : Tcpip

: bfe

SERVICE_START_NAME : NT Authority\NetworkService

SERVICE_NAME: PolicyAgent

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 2940

FLAGS :

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[sC] EnumQueryServicesStatus:OpenService FAILED 1060:

The specified service does not exist as an installed service.

[sC] QueryServiceConfig SUCCESS

SERVICE_NAME: lanmanserver

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k netsvcs

LOAD_ORDER_GROUP :

TAG : 0

DISPLAY_NAME : Server

DEPENDENCIES : SamSS

: Srv

SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanserver

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 1124

FLAGS :

[sC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[sC] EnumQueryServicesStatus:OpenService FAILED 1060:

The specified service does not exist as an installed service.

[sC] QueryServiceConfig SUCCESS

SERVICE_NAME: RPCSS

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k rpcss

LOAD_ORDER_GROUP : COM Infrastructure

TAG : 0

DISPLAY_NAME : Remote Procedure Call (RPC)

DEPENDENCIES : DcomLaunch

SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: RPCSS

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 908

FLAGS :

[Malwarebytes stops running, even in safe mode]

I do have the Windows Vista CD if it turns out that I need it.

I will run the file later today - may be a couple of hours before I get the opportunity.

[Malwarebytes stops running, even in safe mode]

Yes it is.

[Malwarebytes stops running, even in safe mode]

I did this and the device driver successfully re-installed. However, I'm still not getting connectivity. If I click on the network icon, it says "This computer is connected to Identifying..." which sounds as though it's trying to identify the network. But it's been in this state for more than five minutes, which seems unduly long for such an operation.

If it helps, I'm connecting via a Cisco Linksys Wireless-G router, model WRT54GS. Two other computers are currently connecting via this router, one wired and one wireless - the router itself has never given us any problems in the five years I've had it.

[Malwarebytes stops running, even in safe mode]

I don't have a "My Computer" icon but I used Windows Vista's control panel to see the device manager.

It shows my network adapter: Intel® 8256V-2 10/100 Network Connection

If I right click on the adapter icon, it gives me the options to disable or uninstall, which implies that it is enabled.

If I view properties for the adapter, device status says "The device is working properly."

Despite this, when I click on the network icon, it says I have local access only. If I click "Connect to a network", it says "Windows cannot find any additional networks."

If I click to diagnose why Windows can't find any networks, it says, "This computer does not have a wireless network adapter installed and configured."

But I never used wireless access for this computer - I always used the Ethernet adapter and cable.

Hope this provides some clues on how to fix the problem.

[Malwarebytes stops running, even in safe mode]

This time Combofix took a lot less time to run and didn't get any nasty pop-ups during the scan.

I manually rebooted after the log was generated. No error messages on startup (first time that has happened in days!) but unfortunately, the system still has no Internet connectivity. It doesn't seem to be recognizing the Ethernet card.

Here are the log results:

ComboFix 11-10-20.08 - Jim Kasprzak 4 10/20/2011 21:29:23.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.848 [GMT -4:00]

Running from: c:\users\Jim Kasprzak 4\Desktop\ComboFix.exe

Command switches used :: c:\users\Jim Kasprzak 4\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\c_15244.nl_"

"c:\windows\system32\drivers\pibbcaht.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\57a8a4e03131d83c7239cf6079d8cec4

c:\57a8a4e03131d83c7239cf6079d8cec4\$shtdwn$.req

c:\57a8a4e03131d83c7239cf6079d8cec4\1025\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1025\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1025\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1028\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1028\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1028\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1029\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1029\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1029\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1030\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1030\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1030\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1031\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1031\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1031\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1032\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1032\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1032\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1033\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1033\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1033\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1035\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1035\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1035\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1036\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1036\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1036\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1037\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1037\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1037\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1038\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1038\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1038\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1040\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1040\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1040\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1041\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1041\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1041\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1042\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1042\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1042\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1043\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1043\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1043\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1044\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1044\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1044\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1045\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1045\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1045\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1046\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1046\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1046\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1049\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1049\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1049\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1053\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1053\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1053\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1055\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1055\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1055\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\2052\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\2052\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\2052\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\2070\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\2070\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\2070\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\3076\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\3076\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\3076\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\3082\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\3082\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\3082\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\DHtmlHeader.html

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Print.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate1.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate2.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate3.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate4.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate5.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate6.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate7.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate8.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Save.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Setup.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\stop.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\SysReqMet.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\SysReqNotMet.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\warn.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\header.bmp

c:\57a8a4e03131d83c7239cf6079d8cec4\NDP40-KB2572078.msp

c:\57a8a4e03131d83c7239cf6079d8cec4\ParameterInfo.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\Setup.exe

c:\57a8a4e03131d83c7239cf6079d8cec4\SetupEngine.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\SetupUi.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\SetupUi.xsd

c:\57a8a4e03131d83c7239cf6079d8cec4\SplashScreen.bmp

c:\57a8a4e03131d83c7239cf6079d8cec4\sqmapi.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\Strings.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\UiInfo.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\watermark.bmp

C:\a006e82503421d9c66

c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}

c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}\chrome.manifest

c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}\chrome\content\_cfg.js

c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}\chrome\content\overlay.xul

c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}\install.rdf

c:\windows\system32\c_15244.nl_

.

.

((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))

.

.

2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp

2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Jim\AppData\Local\temp

2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Jim Kasprzak\AppData\Local\temp

2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Local\temp

2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Jim Kasprzak 2\AppData\Local\temp

2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-20 22:46 . 2011-10-20 22:46 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\offreg.dll

2011-10-20 01:20 . 2007-12-05 11:17 77824 ----a-w- c:\windows\system32\AERTSrv.exe

2011-10-19 01:42 . 2011-09-21 13:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\mpengine.dll

2011-10-15 11:08 . 2011-10-15 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-15 11:08 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-15 10:28 . 2011-10-15 10:28 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-14 10:24 . 2011-10-14 10:24 -------- d-----w- c:\programdata\Malwarebytes

2011-10-12 23:08 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 23:08 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 23:08 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 23:08 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-12 23:08 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-12 23:08 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-10-12 23:08 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-12 23:08 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 23:08 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 23:08 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-11 09:59 . 2011-10-11 10:00 -------- d-----w- c:\users\Jim Kasprzak 4

2011-10-11 09:34 . 2011-10-11 09:34 -------- d--h--w- c:\users\Jim Kasprzak 3\Tracing

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Unity

2011-10-11 09:34 . 2010-10-20 23:36 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Windows Live Writer

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\TaxCut

2011-10-11 09:34 . 2011-10-11 09:34 -------- d--h--w- c:\users\Jim Kasprzak 3\AppData\Roaming\Oberon Media

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\PCDr

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----r- c:\users\Jim Kasprzak 3\AppData\Roaming\SecuROM

2011-10-11 09:31 . 2011-10-11 09:31 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Merscom

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\IGN_DLM

2011-10-11 09:30 . 2011-10-11 09:30 -------- d--h--w- c:\users\Jim Kasprzak 3\AppData\Roaming\funkitron

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Facebook

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\eMusic

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\CyberLink

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Amazon

2011-10-11 09:30 . 2009-12-01 02:33 8653312 ----a-w- c:\users\Jim Kasprzak 3\AppData\Roaming\DataSafeDotNet.exe

2011-10-09 17:52 . 2011-10-09 17:52 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Malwarebytes

2011-10-09 09:35 . 2011-10-09 09:35 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\McAfee

2011-10-08 19:29 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-10-05 00:06 . 2011-10-05 00:06 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\PlayFirst

2011-09-23 11:08 . 2011-09-23 11:08 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe

2011-09-23 11:08 . 2011-09-23 11:08 161792 ----a-w- c:\windows\system32\msls31.dll

2011-09-23 11:08 . 2011-09-23 11:08 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe

2011-09-23 11:08 . 2011-09-23 11:08 748336 ----a-w- c:\program files\Internet Explorer\iexplore.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 02:35 . 2009-09-11 10:59 185856 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-10-19 01:34 . 2011-06-15 19:07 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-09-28 01:59 . 2011-05-14 09:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-22 10:40 . 2011-08-22 10:40 0 ---ha-w- c:\users\Jim Kasprzak 2\AppData\Local\Spituj.bin

2011-08-15 14:00 . 2010-08-25 07:51 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 14:00 . 2010-08-25 07:50 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 14:00 . 2010-08-25 07:50 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-08-15 14:00 . 2010-08-25 07:50 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 14:00 . 2010-08-25 07:50 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 14:00 . 2010-08-25 07:50 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 14:00 . 2010-08-25 07:50 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 14:00 . 2010-08-25 07:50 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 14:00 . 2010-08-25 07:50 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-15 14:00 . 2010-08-25 07:50 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-07-08 07:16 . 2011-08-14 18:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:01 . 2011-08-14 19:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-02 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1317016]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\Components\scheduler\Launcher.exe" [2009-02-23 165104]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe" [2011-09-28 243360]

.

c:\users\Jim Kasprzak 4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-5-13 53248]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-05-13 07:48 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiSpywareOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2009-03-30 66368]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]

R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [x]

R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R2 uvnc_service;UltraVNC Server;c:\programdata\UltraVNC\winvnc.exe [2008-08-31 1519168]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]

R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]

S2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 148520]

S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-15 c:\windows\Tasks\Norton Security Scan for Jim Kasprzak.job

- c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-03-13 07:25]

.

2011-10-21 c:\windows\Tasks\User_Feed_Synchronization-{E31C1D6B-950E-489A-A927-F01A5C3A2B23}.job

- c:\windows\system32\msfeedssync.exe [2011-09-23 11:07]

.

2011-10-18 c:\windows\Tasks\vtscheduletask.job

- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2011-10-09 18:25]

.

.

------- Supplementary Scan -------

.

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220

FF - ProfilePath -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-20 21:45

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a6,91,65,95,bf,8c,cc,01

.

Completion time: 2011-10-20 21:48:16

ComboFix-quarantined-files.txt 2011-10-21 01:48

ComboFix2.txt 2011-10-20 09:34

.

Pre-Run: 57,807,015,936 bytes free

Post-Run: 57,776,558,080 bytes free

.

- - End Of File - - 2223EB429952AB610428AC4BB4468369

[Malwarebytes stops running, even in safe mode]

Running Combofix now. Will post results tonight or tomorrow.