Computer hijacked - please help!

[sallyb21]

I've identified a programme on my computer that is masking itself as Internet Explorer but its not the real one and I can't uninstall it. I also have the Gala Search redirect happening when I try and use Google search. When I run a full Malware Bytes scan it always crashes (but not on a quick scan). Log files attached, please help!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512

Run by Owner at 10:49:23 on 2011-12-01

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1382 [GMT 0:00]

.

AV: Internet Security Essentials *Enabled/Updated* {CE0BFF9F-547F-4E49-8CFB-5CAFBDEABDA5}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: Internet Security Essentials *Enabled*

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyServer = http=127.0.0.1:25417

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111111134202.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

uPolicies-explorer: DisallowRun = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3BE487D9-6887-4C2D-AD21-AC8EA805ACB8} : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

IFEO: image file execution options - svchost.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\sxherqky.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\mcafee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\nokia\nokia pc suite 7\bkmrksync

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 464176]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-10-2 89792]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-2 214904]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-2 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-2 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-2 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-2 166288]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-10-2 160608]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-2 150856]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-2 57600]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-2 180816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-2 59456]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-2 338176]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-10-2 83856]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S0 cerc6;cerc6; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 135664]

S2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe /embedding --> c:\progra~1\mcafee.com\vso\mcvsrte.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 135664]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-10-2 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-2 87656]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

.

=============== Created Last 30 ================

.

2011-11-30 21:31:03 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-29 21:54:08 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-25 17:52:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-19 18:18:17 -------- d-----w- c:\program files\common files\PCSuite

2011-11-19 18:18:09 -------- d-----w- c:\program files\common files\Nokia

2011-11-19 18:17:53 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-11-19 18:14:33 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2011-11-19 18:14:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2011-11-19 18:14:30 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2011-11-19 18:14:29 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2011-11-19 18:00:49 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2011-11-19 18:00:49 26112 ----a-w- c:\windows\system32\drivers\usbser.sys

2011-11-19 17:59:31 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2011-11-11 13:42:02 28760 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

.

==================== Find3M ====================

.

2011-10-18 14:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-15 13:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 13:16:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-10-15 13:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-10-15 13:16:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-10-15 13:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-10-15 13:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 13:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 13:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 13:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 13:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 13:56:22 667136 ----a-w- c:\windows\system32\SET36.tmp

2011-09-05 13:56:22 633344 ----a-w- c:\windows\system32\SET37.tmp

2011-09-05 13:56:22 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-09-05 13:56:22 37888 ----a-w- c:\windows\system32\SET38.tmp

2011-09-05 13:56:22 1510400 ----a-w- c:\windows\system32\SET3A.tmp

2011-09-05 13:56:21 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-09-05 13:56:21 3086336 ----a-w- c:\windows\system32\SET3D.tmp

2011-09-05 13:56:21 1025024 ----a-w- c:\windows\system32\SET3F.tmp

2011-09-05 12:35:09 369664 ----a-w- c:\windows\system32\html.iec

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll

.

============= FINISH: 10:50:13.75 ===============

attach.txt

[D-FRED-BROWN]

Hello sallyb21 and welcome to Malwarebytes!

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

• TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
• If an infected file is detected, the default action will be Cure, click on Continue
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  

In your next reply, please include the following (you may need to use two posts to get it all in):

• TDSSKiller_log.txt

how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

• TDSSKiller report
  
• C:\ComboFix.txt
  
• checkup.txt

How is your computer running now?

[sallyb21]

I have run the TDSSKiller application, as you suggested in the first part of your response and the report is below, as follows. The PC seems to be running OK but my McAfee virus protection software and Malware Bytes software still keep crashing and I still have a fake programme claiming to be Internet Explorer on my computer!

Here is the report:

13:51:30.0984 4052 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

13:51:31.0937 4052 ============================================================

13:51:31.0937 4052 Current date / time: 2011/12/07 13:51:31.0937

13:51:31.0937 4052 SystemInfo:

13:51:31.0937 4052

13:51:31.0937 4052 OS Version: 5.1.2600 ServicePack: 3.0

13:51:31.0953 4052 Product type: Workstation

13:51:31.0953 4052 ComputerName: DELL-5F359EDEB9

13:51:31.0953 4052 UserName: Owner

13:51:31.0953 4052 Windows directory: C:\WINDOWS

13:51:31.0953 4052 System windows directory: C:\WINDOWS

13:51:31.0953 4052 Processor architecture: Intel x86

13:51:31.0953 4052 Number of processors: 1

13:51:31.0953 4052 Page size: 0x1000

13:51:31.0953 4052 Boot type: Normal boot

13:51:31.0953 4052 ============================================================

13:51:32.0500 4052 Initialize success

13:52:13.0859 1228 ============================================================

13:52:13.0859 1228 Scan started

13:52:13.0859 1228 Mode: Manual;

13:52:13.0859 1228 ============================================================

13:52:14.0046 1228 Abiosdsk - ok

13:52:14.0078 1228 abp480n5 - ok

13:52:14.0171 1228 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:52:14.0171 1228 ACPI - ok

13:52:14.0234 1228 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:52:14.0234 1228 ACPIEC - ok

13:52:14.0281 1228 adpu160m - ok

13:52:14.0375 1228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:52:14.0375 1228 aec - ok

13:52:14.0468 1228 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:52:14.0546 1228 AFD - ok

13:52:14.0578 1228 Aha154x - ok

13:52:14.0609 1228 aic78u2 - ok

13:52:14.0671 1228 aic78xx - ok

13:52:14.0703 1228 AliIde - ok

13:52:14.0750 1228 amsint - ok

13:52:14.0796 1228 asc - ok

13:52:14.0859 1228 asc3350p - ok

13:52:14.0906 1228 asc3550 - ok

13:52:15.0015 1228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:52:15.0015 1228 AsyncMac - ok

13:52:15.0093 1228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:52:15.0093 1228 atapi - ok

13:52:15.0140 1228 Atdisk - ok

13:52:15.0171 1228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:52:15.0171 1228 Atmarpc - ok

13:52:15.0265 1228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:52:15.0265 1228 audstub - ok

13:52:15.0343 1228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:52:15.0343 1228 Beep - ok

13:52:15.0421 1228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:52:15.0421 1228 cbidf2k - ok

13:52:15.0484 1228 cd20xrnt - ok

13:52:15.0625 1228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:52:15.0625 1228 Cdaudio - ok

13:52:15.0687 1228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:52:15.0687 1228 Cdfs - ok

13:52:15.0765 1228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:52:15.0765 1228 Cdrom - ok

13:52:15.0843 1228 cerc6 - ok

13:52:15.0953 1228 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys

13:52:16.0031 1228 cfwids - ok

13:52:16.0093 1228 Changer - ok

13:52:16.0140 1228 CmdIde - ok

13:52:16.0171 1228 Cpqarray - ok

13:52:16.0203 1228 dac2w2k - ok

13:52:16.0250 1228 dac960nt - ok

13:52:16.0328 1228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:52:16.0328 1228 Disk - ok

13:52:16.0437 1228 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:52:16.0453 1228 dmboot - ok

13:52:16.0515 1228 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:52:16.0515 1228 dmio - ok

13:52:16.0578 1228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:52:16.0578 1228 dmload - ok

13:52:16.0687 1228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:52:16.0703 1228 DMusic - ok

13:52:16.0734 1228 dpti2o - ok

13:52:16.0765 1228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:52:16.0781 1228 drmkaud - ok

13:52:16.0859 1228 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:52:16.0859 1228 E100B - ok

13:52:16.0953 1228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:52:16.0968 1228 Fastfat - ok

13:52:17.0015 1228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:52:17.0015 1228 Fdc - ok

13:52:17.0093 1228 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:52:17.0093 1228 Fips - ok

13:52:17.0187 1228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

13:52:17.0187 1228 Flpydisk - ok

13:52:17.0250 1228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

13:52:17.0265 1228 FltMgr - ok

13:52:17.0312 1228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:52:17.0312 1228 Fs_Rec - ok

13:52:17.0359 1228 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:52:17.0375 1228 Ftdisk - ok

13:52:17.0421 1228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:52:17.0421 1228 Gpc - ok

13:52:17.0531 1228 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:52:17.0531 1228 hidusb - ok

13:52:17.0578 1228 hpn - ok

13:52:17.0671 1228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:52:17.0671 1228 HTTP - ok

13:52:17.0734 1228 i2omgmt - ok

13:52:17.0765 1228 i2omp - ok

13:52:17.0843 1228 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

13:52:17.0859 1228 i8042prt - ok

13:52:17.0984 1228 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

13:52:18.0093 1228 ialm - ok

13:52:18.0187 1228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:52:18.0187 1228 Imapi - ok

13:52:18.0234 1228 ini910u - ok

13:52:18.0343 1228 IntelC51 (fcab28ffd3a8964581e16455efaf81c8) C:\WINDOWS\system32\DRIVERS\IntelC51.sys

13:52:18.0406 1228 IntelC51 - ok

13:52:18.0500 1228 IntelC52 (a288e7e3a6255255b9066686d860fbc5) C:\WINDOWS\system32\DRIVERS\IntelC52.sys

13:52:18.0562 1228 IntelC52 - ok

13:52:18.0609 1228 IntelC53 (d5e5a1abf6bdba7ca49941a044f04598) C:\WINDOWS\system32\DRIVERS\IntelC53.sys

13:52:18.0671 1228 IntelC53 - ok

13:52:18.0765 1228 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:52:18.0781 1228 IntelIde - ok

13:52:18.0890 1228 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:52:18.0890 1228 intelppm - ok

13:52:18.0937 1228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

13:52:18.0937 1228 Ip6Fw - ok

13:52:19.0031 1228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:52:19.0046 1228 IpFilterDriver - ok

13:52:19.0078 1228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:52:19.0078 1228 IpInIp - ok

13:52:19.0140 1228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:52:19.0140 1228 IpNat - ok

13:52:19.0218 1228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:52:19.0218 1228 IPSec - ok

13:52:19.0281 1228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:52:19.0281 1228 IRENUM - ok

13:52:19.0406 1228 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:52:19.0406 1228 isapnp - ok

13:52:19.0468 1228 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:52:19.0468 1228 Kbdclass - ok

13:52:19.0531 1228 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:52:19.0531 1228 kbdhid - ok

13:52:19.0609 1228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:52:19.0625 1228 kmixer - ok

13:52:19.0718 1228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:52:19.0718 1228 KSecDD - ok

13:52:19.0796 1228 lbrtfdc - ok

13:52:19.0937 1228 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys

13:52:20.0015 1228 mfeapfk - ok

13:52:20.0109 1228 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys

13:52:20.0187 1228 mfeavfk - ok

13:52:20.0234 1228 mfeavfk01 - ok

13:52:20.0296 1228 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys

13:52:20.0359 1228 mfebopk - ok

13:52:20.0437 1228 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys

13:52:20.0515 1228 mfefirek - ok

13:52:20.0578 1228 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys

13:52:20.0718 1228 mfehidk - ok

13:52:20.0796 1228 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

13:52:20.0859 1228 mfendisk - ok

13:52:20.0906 1228 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

13:52:20.0906 1228 mfendiskmp - ok

13:52:20.0984 1228 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys

13:52:21.0062 1228 mferkdet - ok

13:52:21.0156 1228 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys

13:52:21.0234 1228 mfetdi2k - ok

13:52:21.0359 1228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:52:21.0359 1228 mnmdd - ok

13:52:21.0421 1228 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:52:21.0421 1228 Modem - ok

13:52:21.0500 1228 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

13:52:21.0562 1228 MODEMCSA - ok

13:52:21.0609 1228 mohfilt (c6a08c4f34b3048a73bbb2951150f98d) C:\WINDOWS\system32\DRIVERS\mohfilt.sys

13:52:21.0609 1228 mohfilt - ok

13:52:21.0671 1228 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:52:21.0671 1228 Mouclass - ok

13:52:21.0750 1228 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:52:21.0750 1228 mouhid - ok

13:52:21.0796 1228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:52:21.0796 1228 MountMgr - ok

13:52:21.0843 1228 mraid35x - ok

13:52:21.0875 1228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:52:21.0875 1228 MRxDAV - ok

13:52:21.0984 1228 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:52:22.0125 1228 MRxSmb - ok

13:52:22.0203 1228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:52:22.0203 1228 Msfs - ok

13:52:22.0281 1228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:52:22.0296 1228 MSKSSRV - ok

13:52:22.0328 1228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:52:22.0328 1228 MSPCLOCK - ok

13:52:22.0375 1228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:52:22.0375 1228 MSPQM - ok

13:52:22.0453 1228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:52:22.0453 1228 mssmbios - ok

13:52:22.0531 1228 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:52:22.0593 1228 Mup - ok

13:52:22.0703 1228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:52:22.0703 1228 NDIS - ok

13:52:22.0796 1228 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:52:22.0859 1228 NdisTapi - ok

13:52:22.0953 1228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:52:22.0953 1228 Ndisuio - ok

13:52:23.0015 1228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:52:23.0015 1228 NdisWan - ok

13:52:23.0078 1228 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:52:23.0140 1228 NDProxy - ok

13:52:23.0250 1228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:52:23.0250 1228 NetBIOS - ok

13:52:23.0296 1228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:52:23.0296 1228 NetBT - ok

13:52:23.0406 1228 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys

13:52:23.0468 1228 nmwcd - ok

13:52:23.0515 1228 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys

13:52:23.0578 1228 nmwcdc - ok

13:52:23.0687 1228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:52:23.0703 1228 Npfs - ok

13:52:23.0765 1228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:52:23.0781 1228 Ntfs - ok

13:52:23.0859 1228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:52:23.0875 1228 Null - ok

13:52:23.0953 1228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:52:23.0953 1228 NwlnkFlt - ok

13:52:24.0031 1228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:52:24.0031 1228 NwlnkFwd - ok

13:52:24.0125 1228 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:52:24.0125 1228 Parport - ok

13:52:24.0171 1228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:52:24.0171 1228 PartMgr - ok

13:52:24.0250 1228 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:52:24.0250 1228 ParVdm - ok

13:52:24.0343 1228 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

13:52:24.0406 1228 pccsmcfd - ok

13:52:24.0484 1228 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:52:24.0484 1228 PCI - ok

13:52:24.0515 1228 PCIDump - ok

13:52:24.0562 1228 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:52:24.0562 1228 PCIIde - ok

13:52:24.0656 1228 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:52:24.0671 1228 Pcmcia - ok

13:52:24.0703 1228 PDCOMP - ok

13:52:24.0734 1228 PDFRAME - ok

13:52:24.0750 1228 PDRELI - ok

13:52:24.0812 1228 PDRFRAME - ok

13:52:24.0843 1228 perc2 - ok

13:52:24.0890 1228 perc2hib - ok

13:52:25.0031 1228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:52:25.0046 1228 PptpMiniport - ok

13:52:25.0078 1228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:52:25.0093 1228 PSched - ok

13:52:25.0125 1228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:52:25.0125 1228 Ptilink - ok

13:52:25.0171 1228 ql1080 - ok

13:52:25.0187 1228 Ql10wnt - ok

13:52:25.0281 1228 ql12160 - ok

13:52:25.0312 1228 ql1240 - ok

13:52:25.0343 1228 ql1280 - ok

13:52:25.0390 1228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:52:25.0390 1228 RasAcd - ok

13:52:25.0484 1228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:52:25.0484 1228 Rasl2tp - ok

13:52:25.0515 1228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:52:25.0515 1228 RasPppoe - ok

13:52:25.0593 1228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:52:25.0609 1228 Raspti - ok

13:52:25.0671 1228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:52:25.0687 1228 Rdbss - ok

13:52:25.0718 1228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:52:25.0718 1228 RDPCDD - ok

13:52:25.0843 1228 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

13:52:25.0984 1228 RDPWD - ok

13:52:26.0093 1228 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:52:26.0093 1228 redbook - ok

13:52:26.0234 1228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:52:26.0234 1228 Secdrv - ok

13:52:26.0343 1228 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

13:52:26.0390 1228 senfilt - ok

13:52:26.0484 1228 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:52:26.0484 1228 serenum - ok

13:52:26.0531 1228 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:52:26.0531 1228 Serial - ok

13:52:26.0593 1228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:52:26.0593 1228 Sfloppy - ok

13:52:26.0671 1228 Simbad - ok

13:52:26.0765 1228 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

13:52:26.0781 1228 smwdm - ok

13:52:26.0812 1228 Sparrow - ok

13:52:26.0875 1228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:52:26.0875 1228 splitter - ok

13:52:26.0953 1228 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:52:26.0953 1228 sr - ok

13:52:27.0031 1228 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:52:27.0109 1228 Srv - ok

13:52:27.0203 1228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:52:27.0218 1228 swenum - ok

13:52:27.0296 1228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:52:27.0296 1228 swmidi - ok

13:52:27.0328 1228 symc810 - ok

13:52:27.0359 1228 symc8xx - ok

13:52:27.0390 1228 sym_hi - ok

13:52:27.0437 1228 sym_u3 - ok

13:52:27.0500 1228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:52:27.0500 1228 sysaudio - ok

13:52:27.0593 1228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:52:27.0609 1228 Tcpip - ok

[D-FRED-BROWN]

Please post the other logs as well

Also, when posting from Notepad, please uncheck the option "Word Wrap"

[sallyb21]

Here is a copy of the notepad doc "checkup.txt" :

Results of screen317's Security Check version 0.99.28

Windows XP Service Pack 3 x86

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

McAfee SecurityCenter

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player 11.1.102.55

Adobe Reader X (10.1.1)

Mozilla Firefox (8.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

[sallyb21]

This pop-up appeared just after The Microsoft Recovery Console was successfully installed - the AutoScan screen appeared and froze: "grep.3XE has encountered problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous. To see what data this report contains, click here. Send / don't send"

[D-FRED-BROWN]

Hi,

Please re-read my last post and include the ComboFix log as well.

[sallyb21]

Hi there, unfortunatley, it's not possible to complete the ComboFix instructions to get a log, as it comes up with an error (see previous post) every time we try and run it!

[D-FRED-BROWN]

Let's try the following:

Download the latest version of Kaspersky Virus Removal Tool

• Close all other applications and double-click and run the installer.
  
• When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  
• In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  
• Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  
• Select all the scanable items except for CD-ROM drives and click the Start scan button.
  
  
• If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
• After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
• In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
• If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
• In the Scan window click the Reports button and select Save to file.
• Name the report AVPT.txt, and save it to the Desktop.
• Close AVPTool.
• You will be prompted if you want to uninstall the program; click Yes.
• You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
• Copy and paste the first part of the report (Detected) that you saved in your next reply.

[sallyb21]

Thank you - I will try this tomorrow and will let you know how we get on. Your help is much appreciated!

Sally.

[D-FRED-BROWN]

Sounds good. Take all the time you need

[sallyb21]

Having uninstalled all the security, we have now succeeded in doing part two your original instructions (ComboFix) - this crashed when we tried originally on page six of the 12-page user guide. Attached is the report...

ComboFix Log File.txt

[D-FRED-BROWN]

Hi, I need you to run ComboFix from your Desktop. Please delete your existing copy of ComboFix.exe, download and run a new one from the Desktop, and attach the log it creates.

[sallyb21]

Hi there,

We have re-run from the desktop, as suggested, and have attached the report created.

Thanks!

Combofix log report 14 Dec 111.txt

[sallyb21]

One more thing, could you let me know how to reinstall MalwareBytes? We removed it before doing ComboFix as it kept on crashing. Whenever we try to download from the site, we keep getting re-directed to a site called MajorGeeks which looks very unclear and dodgy...

[D-FRED-BROWN]

MajorGeeks is a safe and legitimate mirror for Malwarebytes downloads.

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

cerc6

File::

C:\Windows\System32\Drivers\cerc6.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

[sallyb21]

Further instructions done and report attached. Installed Malwarebytes ok and run a scan - all clear. But the internet explorer icon labelled virus is still on desktop and Microsoft Internet Explorer screen keeps opening up of its own accord - it looks legit and seems to work ok. No more crashes or blue screens and computer seems to be running OK. Thank you FRED, Forum Deity!

ComboFix LOG File Dec 15, 2011.txt

[D-FRED-BROWN]

Glad to hear things are running better!

Before we move on, let's run an online scan to make sure there aren't any remnants we may have missed:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

[sallyb21]

Here are two log reports from the ESET scan we did today, as instructed. Do hope we did it ok. The instructions don't always tally with what comes up on-screen. Also, we weren't too sure about which of the internet security settings to disable - some guesswork was required... The computer is generally running much better and faster. We had to reinstall Internet Explorer to do the ESET scan and it seems to be ok. Still a pesky pop-up from time to time - but then it just disappears. Had the blue screen a couple of times (when looking at emails and security downloads) but just switched off and started again and then ok....

ESET log text 19 Dec 2011.txt

ESET log txt 19 Dec.txt

[D-FRED-BROWN]

Can you tell me what error code you are getting in the Blue Screen? Does it point to a specific file?

[sallyb21]

At the top of the screen, where it says a problem has been detected, it followed with: IROL-NOT-LESS-OR-EQUAL

Under technical information it said: xxxSTOP: 0x0000000A (0x0000001c, 0x00000002, 0x00000001, 0x8053C5A5)

I hope you can make sense of this!

[D-FRED-BROWN]

Let's see if we can figure out what the problem exactly was

• Download BlueScreenView
  
• Double click the BlueScreenView.exe file to run the program.
  
• Follow the instructions to install the program and click Finish to run the scan
  
• When the scanning is complete, select Edit and Select All
  
• Then click File and Save Selected Items.
  
• Save the report as BSOD.txt.
  
• Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply.
  

More information about the program can be found here

[sallyb21]

I've attached the Blue Screen Error report - it's very long!

Blue Screen error report.txt

[sallyb21]

Hi there, we're now getting an "AVG DIAGEX" pop-up (which says an unspecified error occorred in AVG. Would you like to send diagnostic data to the AVG Technical Support department for further analysis?). I haven't clicked on it. Have checked it on google and it looks nasty - there are various downloads on offer for fixing it which look legit but I'd like your advice first, if possible? Thank you!

[D-FRED-BROWN]

Try uninstalling and reinstalling your AVG. Let me know if that resolves the issue.

Please also delete your existing copy of ComboFix.exe, download a new one from here http://www.bleepingcomputer.com/download/anti-virus/combofix

Then, please run the new ComboFix.exe and post the log it creates (C:\ComboFix.txt). Let me know how things go