Jump to content

Recommended Posts

Hi! I just ended a thread with Microsoft Answers. The agent said I needed help removing malware and listed several forum sites for me to choose from. So, here I am.

My text below is in three parts:

PART 1 - Describes the condition of my PC before posting to Malwarebytes forum and before following any instructions from Malwarebytes forum

PART 2 - Results after following instructions at http://forums.malwarebytes.org//index.php?showtopic=9573

ADDITIONAL INFO AND THOUGHTS

PART 1

Here is the link to the thread with Microsoft Answers:

http://answers.micro...54af4220?page=1

This thread has two pages.

I can post a summary of the Microsoft thread if you like.

Anyway, I am running:

XP Media Center Edition, Version 2002, SP3

BEFORE I started the Microsoft Answers thread, I ran:

- Malwarebytes 1.51.1.1800, Database Version 7454

- Spybot Search & Destroy 1.6.2.46, Update 8/10/2011

Neither tool found any issues.

AFTER I ended the Microsoft Answers thread, I did the following (please refer to the attached PowerPoint file):

MicrosoftScanResultAndNetworkAdapterError090411.ppt

- Ran Microsoft Safety Scanner, full scan. Removed five files. See Slide 1.

- Tried uninstalling and reinstalling the network adapter. Seems to have a problem. See Slide 2.

- Also note that unstalling McAfee and running McAfee's MCPR tool might not have completely removed McAfee Security Center. See Slide 3. There are two extra entries for the network adapter. Both refer to McAfee. Note that I had connectivity before removing McAfee. After uninstalling McAfee and running MCPR, I had no connectivity. So, I'm having to use our other PC to post messages, etc.

PART 2 - Followed Malwarebytes instructions

- Malwarebytes 1.51.1.1800, Database Version 7454 ***Ran quick scan***

Could not update to a later database because the affected PC has no network connectivity. Fortunately, I already had Malwarebytes installed before my issues started and had updated the database fairly recently. mbam-log is attached.

mbam-log-2011-09-09 (07-29-25).txt

- Update current anti-virus and run scan

I had already uninstalled McAfee Security Center as described in PART 1. Before that, I always kept McAfee up-to-date (via paid subscription) and it had not complained of any issues.

- Microsoft Safety Scanner

I had already run this tool as described in PART 1 above. Removed five files. See results in attached PowerPoint, Slide 1. I did not run the Microsoft tool again during the Malwarebytes instructions. If there is another Microsoft tool you want me to run, I would be happy to do so.

MicrosoftScanResultAndNetworkAdapterError090411.ppt

- DeFogger

Ran just fine. Log attached.

defogger_disable-090911.log

- DDS

dds.txt attached (I included the date in the filename)

dds-090911.txt

attach.txt attached (inside ZIP file, date in filename)

attach-090911.zip

attach.txt is not that large. I thought it would be larger. I hope there was no issue with running DDS. With McAfee no longer present, I assumed I had no settings that blocked scripts from running.

- GMER

ark.txt attached (inside ZIP file, date in filename)

ark-090911.zip

ark.txt also is not very large. I thought it would be larger.

ADDITIONAL INFO AND THOUGHTS

While we are working together on my issue, I will not install or change any software or settings unless instructed by you.

I have the system discs that came with the PC. So, if you need me to replace any corrupted files with the version from the system discs, I can do that with a little coaching on the procedure. :)

Thanks for your help!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by David at 7:50:10 on 2011-09-09

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1567 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Internet Content Filter\SafeEyes.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe

C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxecserv.exe

C:\WINDOWS\system32\lxeccoms.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Internet Content Filter\UpdateService.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

mRun: [iCF] "c:\program files\internet content filter\SafeEyes.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [lxecmon.exe] "c:\program files\lexmark pro800-pro900 series\lxecmon.exe"

mRun: [EzPrint] "c:\program files\lexmark pro800-pro900 series\ezprint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: ICF.dll

DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/SU/SU1.5/ocx/15030/CTSUEng.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135018391031

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/SU/SU1.5/ocx/15033/CTPID.cab

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

TCP: Interfaces\{D00D2815-A43D-444C-BDEA-9E84E9F16EB2} : DhcpNameServer = 167.206.245.129 167.206.245.130

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\jfv28zcj.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]

R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [2010-9-11 193192]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\internet content filter\UpdateService.exe [2010-3-13 233472]

S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]

.

=============== Created Last 30 ================

.

2011-09-04 21:55:08 -------- d-----w- C:\drvrtmp

2011-09-04 21:54:16 -------- d-----w- c:\windows\system32\vmm32

2011-09-04 21:46:39 446464 ----a-r- c:\windows\system32\hhactivex.dll

2011-09-04 21:46:38 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2011-09-04 21:46:38 328480 ----a-w- c:\windows\system32\ssa3d30.ocx

2011-09-04 21:46:38 176128 ----a-w- c:\windows\system32\RcdScan.dll

2011-09-04 21:46:36 13632 ------w- c:\windows\system32\drivers\omci.sys

2011-09-04 21:30:54 -------- d-sh--w- C:\found.000

2011-08-28 15:44:32 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-08-28 15:44:32 -------- d-----w- c:\windows\system32\wbem\Repository

2011-08-13 10:41:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-13 10:19:40 -------- d-----w- c:\windows\system32\CatRoot2

.

==================== Find3M ====================

.

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 7:51:30.70 ===============

Link to post
Share on other sites

The affected PC does not have connectivity to the internet, likely due to the issue I have. How do I update the database without connecting to the internet? Is there a way I can download the latest database file on one PC, transfer it to the affected PC on a USB drive, and install it?

I see that Malwarebytes is up to Version 1.51.2.1300. I have 1.51.1.1800. Would a download of 1.51.2.1300 contain the latest database file or would I have to update the database, too? If so, then I should have no issue downloading that file on one PC and installing it on the other. If not, then I still have the question about how to update the database on a PC that cannot connect to the internet.

Link to post
Share on other sites

  • Staff

It would not have the latest database. Skip that for now.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Here are the logs (ComboFix, dds, and attach). I pasted the text into the post as you requested. I did not attach the files but I can if you want me to.

Turned out that I already had Recovery Console installed so using ComboFix was pretty easy. So we have Recovery Console available to us if we need it.

*********** ComboFix ***************************

ComboFix 11-09-15.05 - David 09/15/2011 19:31:51.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1380 [GMT -4:00]

Running from: c:\documents and settings\David\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini

c:\documents and settings\David\GoToAssistDownloadHelper.exe

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\ConfigWizards.exe.7492e342.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\ehExtHost.exe.fa7bea74.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\mmc.exe.959a7e97.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\OUTLOOK.EXE.c1b4c359.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\PMM.exe.53d0e8da.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\PMM.Ngen.exe.cadfe15e.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\pspVideo9.exe.799af9d8.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\SL1AE.tmp.df06bd87.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini

c:\documents and settings\David\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini

c:\documents and settings\David\WINDOWS

c:\windows\settings.reg

c:\windows\system32\comct332.ocx

c:\windows\system32\d3d9caps.dat

.

.

((((((((((((((((((((((((( Files Created from 2011-08-15 to 2011-09-15 )))))))))))))))))))))))))))))))

.

.

2011-09-04 21:55 . 2011-09-04 22:14 -------- d-----w- C:\drvrtmp

2011-09-04 21:54 . 2011-09-04 21:54 -------- d-----w- c:\windows\system32\vmm32

2011-09-04 21:46 . 2000-03-23 16:50 446464 ----a-r- c:\windows\system32\hhactivex.dll

2011-09-04 21:46 . 2002-01-08 21:00 176128 ----a-w- c:\windows\system32\RcdScan.dll

2011-09-04 21:46 . 1998-11-10 14:46 328480 ----a-w- c:\windows\system32\ssa3d30.ocx

2011-09-04 21:46 . 1998-06-18 03:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2011-09-04 21:46 . 2001-08-22 12:42 13632 ------w- c:\windows\system32\drivers\omci.sys

2011-09-04 21:30 . 2011-09-04 21:30 -------- d-----w- C:\found.000

2011-08-28 15:44 . 2011-08-28 15:44 -------- d-----w- c:\windows\system32\wbem\Repository

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-13 10:41 . 2011-08-13 10:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-06 23:52 . 2009-03-14 00:56 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 23:52 . 2009-03-14 00:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\ERDNT\cache\wuauclt.exe

[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe

.

c:\windows\System32\wuauclt.exe ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"P17Helper"="P17.dll" [2004-06-10 60928]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]

"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2010-09-24 1599208]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-01 282624]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-19 180269]

"lxecmon.exe"="c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-05-17 770728]

"EzPrint"="c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-05-17 148280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-14 805392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"McSysmon"=3 (0x3)

"MSK80Service"=2 (0x2)

"mcmscsvc"=2 (0x2)

"McODS"=3 (0x3)

"McShield"=2 (0x2)

"McProxy"=2 (0x2)

"MpfService"=2 (0x2)

"McNASvc"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\WINDOWS\\system32\\lxeccoms.exe"=

"c:\\Program Files\\Internet Content Filter\\SEConf.exe"=

"c:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PROSet.exe"=

"c:\\Program Files\\Adobe\\Acrobat_com\\Acrobat_com.exe"=

"c:\\Program Files\\Lexmark\\Dashboard\\LX__Dashboard.exe"=

.

R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]

R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [9/11/2010 7:02 PM 193192]

R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\Internet Content Filter\UpdateService.exe [3/13/2010 5:44 PM 233472]

S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 6:48 PM 50048]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - PGLIRPOW

*Deregistered* - pglirpow

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

LSP: ICF.dll

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\jfv28zcj.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-15 19:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(456)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

- - - - - - - > 'lsass.exe'(512)

c:\windows\system32\ICF.dll

.

Completion time: 2011-09-15 19:39:45

ComboFix-quarantined-files.txt 2011-09-15 23:39

.

Pre-Run: 34,362,564,608 bytes free

Post-Run: 34,504,806,400 bytes free

.

- - End Of File - - 4961E33C763104B61437D46605AB8FF2

********************** dds **********************

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by David at 20:17:28 on 2011-09-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1428 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Internet Content Filter\SafeEyes.exe

C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxecserv.exe

C:\WINDOWS\system32\lxeccoms.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Internet Content Filter\UpdateService.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

mRun: [iCF] "c:\program files\internet content filter\SafeEyes.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [lxecmon.exe] "c:\program files\lexmark pro800-pro900 series\lxecmon.exe"

mRun: [EzPrint] "c:\program files\lexmark pro800-pro900 series\ezprint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: ICF.dll

DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/SU/SU1.5/ocx/15030/CTSUEng.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135018391031

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/SU/SU1.5/ocx/15033/CTPID.cab

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

TCP: Interfaces\{D00D2815-A43D-444C-BDEA-9E84E9F16EB2} : DhcpNameServer = 167.206.245.129 167.206.245.130

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\jfv28zcj.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]

R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [2010-9-11 193192]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\internet content filter\UpdateService.exe [2010-3-13 233472]

S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]

.

=============== Created Last 30 ================

.

2011-09-15 23:30:13 98816 ----a-w- c:\windows\sed.exe

2011-09-15 23:30:13 518144 ----a-w- c:\windows\SWREG.exe

2011-09-15 23:30:13 256000 ----a-w- c:\windows\PEV.exe

2011-09-15 23:30:13 208896 ----a-w- c:\windows\MBR.exe

2011-09-15 23:30:08 -------- d-----w- C:\ComboFix

2011-09-04 21:55:08 -------- d-----w- C:\drvrtmp

2011-09-04 21:54:16 -------- d-----w- c:\windows\system32\vmm32

2011-09-04 21:46:39 446464 ----a-r- c:\windows\system32\hhactivex.dll

2011-09-04 21:46:38 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2011-09-04 21:46:38 328480 ----a-w- c:\windows\system32\ssa3d30.ocx

2011-09-04 21:46:38 176128 ----a-w- c:\windows\system32\RcdScan.dll

2011-09-04 21:46:36 13632 ------w- c:\windows\system32\drivers\omci.sys

2011-09-04 21:30:54 -------- d-----w- C:\found.000

2011-08-28 15:44:32 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-08-28 15:44:32 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2011-08-13 10:41:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 20:17:43.35 ===============

***************** attach ******************************

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/19/2005 12:59:53 PM

System Uptime: 9/15/2011 3:31:37 PM (5 hours ago)

.

Motherboard: Dell Inc. | | 0KF623

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 70 GiB total, 32.17 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: TI Technologies Inc.

Description: RADEON X300 SE 128MB HyperMemory Secondary

Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&1603E009&0&0108

Manufacturer: ATI Technologies Inc.

Name: RADEON X300 SE 128MB HyperMemory Secondary

PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&1603E009&0&0108

Service: ati2mtag

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/100 VE Network Connection

Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_01AB1028&REV_01\4&5855BE9&0&40F0

Manufacturer: Intel

Name: Intel® PRO/100 VE Network Connection #2

PNP Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_01AB1028&REV_01\4&5855BE9&0&40F0

Service: E100B

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: McAfee Core NDIS Intermediate Filter Miniport

Device ID: ROOT\MFE_NDISKMP\0000

Manufacturer: McAfee

Name: Intel® PRO/100 VE Network Connection - McAfee Core NDIS Intermediate Filter Miniport

PNP Device ID: ROOT\MFE_NDISKMP\0000

Service: mfendiskmp

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: McAfee Core NDIS Intermediate Filter Miniport

Device ID: ROOT\MFE_NDISKMP\0001

Manufacturer: McAfee

Name: WAN Miniport (IP) - McAfee Core NDIS Intermediate Filter Miniport

PNP Device ID: ROOT\MFE_NDISKMP\0001

Service: mfendiskmp

.

==== System Restore Points ===================

.

RP155: 6/15/2011 8:30:11 AM - System Checkpoint

RP156: 6/18/2011 6:12:05 PM - System Checkpoint

RP157: 6/20/2011 8:38:15 PM - System Checkpoint

RP158: 6/20/2011 9:13:14 PM - Software Distribution Service 3.0

RP159: 7/22/2011 5:46:10 PM - Software Distribution Service 3.0

RP160: 7/27/2011 3:46:31 PM - System Checkpoint

RP161: 7/27/2011 5:10:26 PM - Software Distribution Service 3.0

RP162: 7/29/2011 5:43:51 AM - Software Distribution Service 3.0

RP163: 8/3/2011 3:07:52 PM - Software Distribution Service 3.0

RP164: 8/13/2011 5:44:23 AM - Restore Operation

RP165: 8/20/2011 7:17:33 AM - Before update fix

RP166: 8/28/2011 11:18:17 AM - BeforeFixingUpdater

RP167: 8/28/2011 11:43:59 AM - Restore Operation

RP168: 9/4/2011 5:54:14 PM - Installed Dell Resource CD

RP169: 9/9/2011 10:49:17 AM - System Checkpoint

RP170: 9/15/2011 7:30:20 PM - ComboFix created restore point

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player Plugin

Adobe Reader 9.4.5

Adobe Shockwave Player 11.5

AIM 6

Amazon MP3 Downloader 1.0.12

Amazon Unbox Video

AOLIcon

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

AudibleManager

AviSynth 2.5

Bonjour Core for Windows

Business Contact Manager for Outlook 2003

CCleaner

CDDRV_Installer

Corel Photo Album 6

Creative MediaSource

Creative Removable Disk Manager

Creative Software AutoUpdate

Creative System Information

Creative ZEN

Creative Zen MicroPhoto

Critical Update for Windows Media Player 11 (KB959772)

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Photo Printer 720

Dell Photo Printer 720 Logger

Dell Resource CD

Dell ResourceCD

Dell Support 3.1

Dell System Restore

Digital Content Portal

DVD Decrypter (Remove Only)

EarthLink setup files

EducateU

ESPNMotion

Exact Audio Copy 0.99pb4

FlashGet(JetCar)

Goombah Partner COM Server

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® 537EP V9x DF PCI Modem

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

InterActual Player

Internet Explorer Default Page

iTunes

Java 6 Update 24

KhalInstallWrapper

Learn2 Player (Uninstall Only)

Lexmark Pro800-Pro900 Series

Logitech Registration

Logitech SetPoint

Macromedia Flash Player

Malwarebytes' Anti-Malware version 1.51.1.1800

McAfee Shredder

MCU

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office Small Business Edition 2003

Microsoft Office XP Web Components

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Xbox 360 Accessories 1.1

Modem Event Monitor

Modem Helper

Modem On Hold

Mozilla Firefox (3.6)

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Musicmatch for Windows Media Player

Musicmatch® Jukebox

NetZeroInstallers

OpenMG AAC Add-on Module 1.0.00

OpenMG Limited Patch 4.5-06-05-12-01

OpenMG Secure Module 4.5.01

Otto

PowerDVD 5.5

PQ DVD to 3GP Video Suite (remove only)

PSP Video 9 1.74

QuickBooks Simple Start Special Edition

QuickTime

RealPlayer

Safe Eyes

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sonic DLA

Sonic Encoders

Sonic MyDVD LE

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sony PSP Media Manager 1.0a

Sound Blaster Live! 24-bit

Spybot - Search & Destroy

SpywareBlaster 4.2

StepMania (remove only)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

VAIO music transfer 1.2

VideoLAN VLC media player 0.8.6a

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix - KB895316

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player 11

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinRAR archiver

ZEN Media Explorer

ZENcast Organizer

.

==== Event Viewer Messages From Past Week ========

.

9/9/2011 7:46:53 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.

9/9/2011 7:46:53 AM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

FCOPY::
c:\windows\system32\dllcache\wuauclt.exe | c:\windows\System32\wuauclt.exe

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Hi, screen 317!

Here are the new ComboFix and DDS files. I did not include attach.txt. If you want attach.txt, let me know. I do have the companion attach.txt file for this DDS run.

jkwheeler

************* ComboFix ****************

ComboFix 11-09-18.01 - David 09/18/2011 14:25:41.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1305 [GMT -4:00]

Running from: c:\documents and settings\David\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\David\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Microsoft Office\OFFICE11\OSA.exe

.

.

--------------- FCopy ---------------

.

c:\windows\system32\dllcache\wuauclt.exe --> c:\windows\System32\wuauclt.exe

.

((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))

.

.

2011-09-18 18:25 . 2009-08-07 00:24 53472 ----a-w- c:\windows\system32\wuauclt.exe

2011-09-04 21:55 . 2011-09-04 22:14 -------- d-----w- C:\drvrtmp

2011-09-04 21:54 . 2011-09-04 21:54 -------- d-----w- c:\windows\system32\vmm32

2011-09-04 21:46 . 2000-03-23 16:50 446464 ----a-r- c:\windows\system32\hhactivex.dll

2011-09-04 21:46 . 2002-01-08 21:00 176128 ----a-w- c:\windows\system32\RcdScan.dll

2011-09-04 21:46 . 1998-11-10 14:46 328480 ----a-w- c:\windows\system32\ssa3d30.ocx

2011-09-04 21:46 . 1998-06-18 03:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2011-09-04 21:46 . 2001-08-22 12:42 13632 ------w- c:\windows\system32\drivers\omci.sys

2011-09-04 21:30 . 2011-09-04 21:30 -------- d-----w- C:\found.000

2011-08-28 15:44 . 2011-08-28 15:44 -------- d-----w- c:\windows\system32\wbem\Repository

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-13 10:41 . 2011-08-13 10:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-06 23:52 . 2009-03-14 00:56 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 23:52 . 2009-03-14 00:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-15_23.37.27 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-18 18:25 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe

- 2005-08-16 10:40 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"P17Helper"="P17.dll" [2004-06-10 60928]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]

"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2010-09-24 1599208]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-01 282624]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-19 180269]

"lxecmon.exe"="c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-05-17 770728]

"EzPrint"="c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-05-17 148280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-14 805392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"McSysmon"=3 (0x3)

"MSK80Service"=2 (0x2)

"mcmscsvc"=2 (0x2)

"McODS"=3 (0x3)

"McShield"=2 (0x2)

"McProxy"=2 (0x2)

"MpfService"=2 (0x2)

"McNASvc"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\WINDOWS\\system32\\lxeccoms.exe"=

"c:\\Program Files\\Internet Content Filter\\SEConf.exe"=

"c:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PROSet.exe"=

"c:\\Program Files\\Adobe\\Acrobat_com\\Acrobat_com.exe"=

"c:\\Program Files\\Lexmark\\Dashboard\\LX__Dashboard.exe"=

.

R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]

R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [9/11/2010 7:02 PM 193192]

R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\Internet Content Filter\UpdateService.exe [3/13/2010 5:44 PM 233472]

S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 6:48 PM 50048]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - PGLIRPOW

*Deregistered* - pglirpow

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

LSP: ICF.dll

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\jfv28zcj.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-18 14:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(456)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

- - - - - - - > 'lsass.exe'(512)

c:\windows\system32\ICF.dll

.

Completion time: 2011-09-18 14:31:13

ComboFix-quarantined-files.txt 2011-09-18 18:31

.

Pre-Run: 34,517,168,128 bytes free

Post-Run: 34,492,428,288 bytes free

.

- - End Of File - - 603F032FD4DA5CC86874771711D857B0

******************** dds *********************

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by David at 14:34:08 on 2011-09-18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1434 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Internet Content Filter\SafeEyes.exe

C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxecserv.exe

C:\WINDOWS\system32\lxeccoms.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Internet Content Filter\UpdateService.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

mRun: [iCF] "c:\program files\internet content filter\SafeEyes.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [lxecmon.exe] "c:\program files\lexmark pro800-pro900 series\lxecmon.exe"

mRun: [EzPrint] "c:\program files\lexmark pro800-pro900 series\ezprint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: ICF.dll

DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/SU/SU1.5/ocx/15030/CTSUEng.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135018391031

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/SU/SU1.5/ocx/15033/CTPID.cab

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

TCP: Interfaces\{D00D2815-A43D-444C-BDEA-9E84E9F16EB2} : DhcpNameServer = 167.206.245.129 167.206.245.130

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\jfv28zcj.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]

R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [2010-9-11 193192]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\internet content filter\UpdateService.exe [2010-3-13 233472]

S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]

.

=============== Created Last 30 ================

.

2011-09-18 18:25:40 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe

2011-09-16 00:19:06 -------- d-----w- C:\FixPC2011

2011-09-15 23:30:13 98816 ----a-w- c:\windows\sed.exe

2011-09-15 23:30:13 518144 ----a-w- c:\windows\SWREG.exe

2011-09-15 23:30:13 256000 ----a-w- c:\windows\PEV.exe

2011-09-15 23:30:13 208896 ----a-w- c:\windows\MBR.exe

2011-09-04 21:55:08 -------- d-----w- C:\drvrtmp

2011-09-04 21:54:16 -------- d-----w- c:\windows\system32\vmm32

2011-09-04 21:46:39 446464 ----a-r- c:\windows\system32\hhactivex.dll

2011-09-04 21:46:38 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2011-09-04 21:46:38 328480 ----a-w- c:\windows\system32\ssa3d30.ocx

2011-09-04 21:46:38 176128 ----a-w- c:\windows\system32\RcdScan.dll

2011-09-04 21:46:36 13632 ------w- c:\windows\system32\drivers\omci.sys

2011-09-04 21:30:54 -------- d-----w- C:\found.000

2011-08-28 15:44:32 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-08-28 15:44:32 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2011-08-13 10:41:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 14:34:24.00 ===============

Link to post
Share on other sites

I should have time to try sometime this evening. Likely I will have to reinstall the driver for the Ethernet card because I was trying to do my own troubleshooting before I started our topic on the forum. I know how to do the installation so I don't need instructions.

However, fiddling with the driver is somewhat of a perterbation to the system. Just thought I would mention this in case there is any particular thing you want me to do or avoid so I don't mess up anything you have asked me to do.

Link to post
Share on other sites

Can't get the network adapter to work. Before I started this thread a couple of weeks ago, I had uninstalled McAfee Security Center using Add/Remove programs and then running the McAfee's MCPR tool. I had connectivity before uninstalling McAfee but had no connectivity afterwards.

So, I set out to uninstall the network adapter driver and then reinstall it. Probably was a bad idea but I'm stuck with the situation. Today, I tried the same procedure again (after all the procedures you have walked me through). I got the same error messages I got before I opened this topic (before any of the procedures you have walked me through).

When uninstalling the driver, I got this error message:

Failed to uninstall the device. Device may be required to boot up the computer.

So, I tried to install the adapter anyway, even though Windows told me it really was not uninstalled. In device manager, I right clicked on "Network adapters" and chose "Scan for hardware changes." Windows found the network adapter and started installing it. Then I got this error message in the system tray:

A problem occurred during hardware installation. Your new hardware might not work properly.

Tried using the "Add Hardware" wizard. Got the same result as I did two weeks ago. See Slide 2 in the attachment I included in my very first post. Here is the link:

http://forums.malwarebytes.org/index.php?app=core&module=attach&section=attach&attach_id=66336

Also, the device manager window looks the same now as it did two weeks ago. See Slide 3 of the same attachment.

So, I don't yet have the LAN icon in the system tray.

I tried getting the driver from the CD-ROM that came with the PC and so from the manufacturers web site. Got the same results both times. All appeared to be the same driver anyway (same filename, version number, etc.).

I guess I do need some coaching on how to get the Network Adapter driver to work.

My network is a cable modem connected to a router. I have multiple PCs and a network printer connected hardwired to the router. But, for trying to get the Network Adapter driver to work on the affected PC, I don't even have the LAN cord connected. BTW, my good PC can connect on the same physical port as I used to use with the affected PC.

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Here is the log file.

The app did not prompt for a reboot.

*************** TDSSkiller log file ***********************

13:48:48.0843 3424 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37

13:48:49.0062 3424 ============================================================

13:48:49.0062 3424 Current date / time: 2011/09/25 13:48:49.0062

13:48:49.0062 3424 SystemInfo:

13:48:49.0062 3424

13:48:49.0062 3424 OS Version: 5.1.2600 ServicePack: 3.0

13:48:49.0062 3424 Product type: Workstation

13:48:49.0062 3424 ComputerName: COMPUTER2

13:48:49.0062 3424 UserName: David

13:48:49.0062 3424 Windows directory: C:\WINDOWS

13:48:49.0062 3424 System windows directory: C:\WINDOWS

13:48:49.0062 3424 Processor architecture: Intel x86

13:48:49.0062 3424 Number of processors: 2

13:48:49.0062 3424 Page size: 0x1000

13:48:49.0062 3424 Boot type: Normal boot

13:48:49.0062 3424 ============================================================

13:48:51.0187 3424 Initialize success

13:49:07.0750 3660 ============================================================

13:49:07.0750 3660 Scan started

13:49:07.0750 3660 Mode: Manual;

13:49:07.0750 3660 ============================================================

13:49:08.0359 3660 Abiosdsk - ok

13:49:08.0453 3660 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

13:49:08.0453 3660 abp480n5 - ok

13:49:08.0546 3660 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:49:08.0562 3660 ACPI - ok

13:49:08.0609 3660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:49:08.0609 3660 ACPIEC - ok

13:49:08.0656 3660 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

13:49:08.0656 3660 adpu160m - ok

13:49:08.0718 3660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:49:08.0734 3660 aec - ok

13:49:08.0828 3660 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

13:49:08.0828 3660 AFD - ok

13:49:08.0906 3660 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

13:49:08.0921 3660 agp440 - ok

13:49:08.0968 3660 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

13:49:08.0968 3660 agpCPQ - ok

13:49:09.0031 3660 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

13:49:09.0031 3660 Aha154x - ok

13:49:09.0093 3660 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

13:49:09.0093 3660 aic78u2 - ok

13:49:09.0140 3660 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

13:49:09.0140 3660 aic78xx - ok

13:49:09.0187 3660 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

13:49:09.0187 3660 AliIde - ok

13:49:09.0296 3660 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

13:49:09.0296 3660 alim1541 - ok

13:49:09.0390 3660 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

13:49:09.0390 3660 amdagp - ok

13:49:09.0531 3660 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

13:49:09.0531 3660 amsint - ok

13:49:09.0593 3660 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

13:49:09.0593 3660 asc - ok

13:49:09.0656 3660 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

13:49:09.0656 3660 asc3350p - ok

13:49:09.0703 3660 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

13:49:09.0703 3660 asc3550 - ok

13:49:09.0812 3660 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

13:49:09.0812 3660 Aspi32 - ok

13:49:09.0859 3660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:49:09.0859 3660 AsyncMac - ok

13:49:09.0953 3660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:49:09.0953 3660 atapi - ok

13:49:10.0000 3660 Atdisk - ok

13:49:10.0140 3660 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

13:49:10.0140 3660 ati2mtag - ok

13:49:10.0234 3660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:49:10.0234 3660 Atmarpc - ok

13:49:10.0406 3660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:49:10.0406 3660 audstub - ok

13:49:10.0437 3660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:49:10.0437 3660 Beep - ok

13:49:10.0484 3660 bvrp_pci - ok

13:49:10.0609 3660 catchme - ok

13:49:10.0671 3660 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

13:49:10.0671 3660 cbidf - ok

13:49:10.0734 3660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:49:10.0734 3660 cbidf2k - ok

13:49:10.0796 3660 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

13:49:10.0796 3660 cd20xrnt - ok

13:49:10.0875 3660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:49:10.0875 3660 Cdaudio - ok

13:49:10.0921 3660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:49:10.0921 3660 Cdfs - ok

13:49:10.0953 3660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:49:10.0968 3660 Cdrom - ok

13:49:11.0000 3660 Changer - ok

13:49:11.0078 3660 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

13:49:11.0078 3660 CmdIde - ok

13:49:11.0171 3660 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

13:49:11.0171 3660 Cpqarray - ok

13:49:11.0406 3660 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

13:49:11.0406 3660 ctsfm2k - ok

13:49:11.0484 3660 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

13:49:11.0484 3660 dac2w2k - ok

13:49:11.0578 3660 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

13:49:11.0578 3660 dac960nt - ok

13:49:11.0687 3660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:49:11.0687 3660 Disk - ok

13:49:11.0781 3660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:49:11.0796 3660 dmboot - ok

13:49:11.0875 3660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:49:11.0875 3660 dmio - ok

13:49:11.0921 3660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:49:11.0921 3660 dmload - ok

13:49:11.0968 3660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:49:11.0968 3660 DMusic - ok

13:49:12.0046 3660 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

13:49:12.0046 3660 dpti2o - ok

13:49:12.0109 3660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:49:12.0125 3660 drmkaud - ok

13:49:12.0187 3660 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

13:49:12.0187 3660 drvmcdb - ok

13:49:12.0359 3660 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

13:49:12.0375 3660 drvnddm - ok

13:49:12.0515 3660 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:49:12.0531 3660 E100B - ok

13:49:12.0656 3660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:49:12.0656 3660 Fastfat - ok

13:49:12.0796 3660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:49:12.0796 3660 Fdc - ok

13:49:12.0859 3660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:49:12.0875 3660 Fips - ok

13:49:12.0937 3660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:49:12.0937 3660 Flpydisk - ok

13:49:13.0046 3660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:49:13.0046 3660 FltMgr - ok

13:49:13.0093 3660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:49:13.0093 3660 Fs_Rec - ok

13:49:13.0171 3660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:49:13.0171 3660 Ftdisk - ok

13:49:13.0250 3660 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

13:49:13.0250 3660 GEARAspiWDM - ok

13:49:13.0343 3660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:49:13.0343 3660 Gpc - ok

13:49:13.0421 3660 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

13:49:13.0468 3660 GTNDIS5 - ok

13:49:13.0562 3660 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:49:13.0562 3660 HDAudBus - ok

13:49:13.0687 3660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:49:13.0687 3660 HidUsb - ok

13:49:13.0750 3660 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

13:49:13.0750 3660 hpn - ok

13:49:13.0875 3660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:49:13.0890 3660 HTTP - ok

13:49:13.0984 3660 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

13:49:14.0000 3660 i2omgmt - ok

13:49:14.0109 3660 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

13:49:14.0109 3660 i2omp - ok

13:49:14.0187 3660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:49:14.0187 3660 i8042prt - ok

13:49:14.0281 3660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:49:14.0281 3660 Imapi - ok

13:49:14.0390 3660 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

13:49:14.0406 3660 ini910u - ok

13:49:14.0562 3660 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys

13:49:14.0562 3660 IntelC51 - ok

13:49:14.0625 3660 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys

13:49:14.0640 3660 IntelC52 - ok

13:49:14.0671 3660 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys

13:49:14.0671 3660 IntelC53 - ok

13:49:14.0734 3660 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:49:14.0750 3660 IntelIde - ok

13:49:14.0828 3660 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:49:14.0828 3660 intelppm - ok

13:49:14.0906 3660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:49:14.0921 3660 Ip6Fw - ok

13:49:14.0984 3660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:49:14.0984 3660 IpFilterDriver - ok

13:49:15.0109 3660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:49:15.0109 3660 IpInIp - ok

13:49:15.0187 3660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:49:15.0187 3660 IpNat - ok

13:49:15.0234 3660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:49:15.0234 3660 IPSec - ok

13:49:15.0375 3660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:49:15.0375 3660 IRENUM - ok

13:49:15.0484 3660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:49:15.0500 3660 isapnp - ok

13:49:15.0546 3660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:49:15.0546 3660 Kbdclass - ok

13:49:15.0593 3660 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:49:15.0593 3660 kbdhid - ok

13:49:15.0640 3660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:49:15.0656 3660 kmixer - ok

13:49:15.0750 3660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:49:15.0750 3660 KSecDD - ok

13:49:15.0781 3660 lbrtfdc - ok

13:49:15.0859 3660 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

13:49:15.0859 3660 LHidFilt - ok

13:49:15.0984 3660 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

13:49:15.0984 3660 LMouFilt - ok

13:49:16.0078 3660 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

13:49:16.0078 3660 LUsbFilt - ok

13:49:16.0171 3660 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

13:49:16.0171 3660 MHNDRV - ok

13:49:16.0281 3660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:49:16.0281 3660 mnmdd - ok

13:49:16.0359 3660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:49:16.0359 3660 Modem - ok

13:49:16.0406 3660 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

13:49:16.0406 3660 MODEMCSA - ok

13:49:16.0453 3660 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys

13:49:16.0453 3660 mohfilt - ok

13:49:16.0500 3660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:49:16.0500 3660 Mouclass - ok

13:49:16.0546 3660 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:49:16.0546 3660 mouhid - ok

13:49:16.0593 3660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:49:16.0593 3660 MountMgr - ok

13:49:16.0656 3660 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

13:49:16.0656 3660 mraid35x - ok

13:49:16.0734 3660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:49:16.0734 3660 MRxDAV - ok

13:49:16.0828 3660 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:49:16.0843 3660 MRxSmb - ok

13:49:16.0906 3660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:49:16.0906 3660 Msfs - ok

13:49:16.0968 3660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:49:16.0968 3660 MSKSSRV - ok

13:49:17.0062 3660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:49:17.0062 3660 MSPCLOCK - ok

13:49:17.0203 3660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:49:17.0203 3660 MSPQM - ok

13:49:17.0359 3660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:49:17.0359 3660 mssmbios - ok

13:49:17.0453 3660 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:49:17.0453 3660 Mup - ok

13:49:17.0515 3660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:49:17.0515 3660 NDIS - ok

13:49:17.0578 3660 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:49:17.0578 3660 NdisTapi - ok

13:49:17.0640 3660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:49:17.0640 3660 Ndisuio - ok

13:49:17.0875 3660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:49:17.0875 3660 NdisWan - ok

13:49:17.0953 3660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:49:17.0953 3660 NDProxy - ok

13:49:18.0000 3660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:49:18.0000 3660 NetBIOS - ok

13:49:18.0062 3660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:49:18.0062 3660 NetBT - ok

13:49:18.0171 3660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:49:18.0187 3660 Npfs - ok

13:49:18.0234 3660 npkcrypt - ok

13:49:18.0234 3660 npkcusb - ok

13:49:18.0390 3660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:49:18.0406 3660 Ntfs - ok

13:49:18.0453 3660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:49:18.0453 3660 Null - ok

13:49:18.0562 3660 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:49:18.0640 3660 nv - ok

13:49:18.0703 3660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:49:18.0703 3660 NwlnkFlt - ok

13:49:18.0796 3660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:49:18.0796 3660 NwlnkFwd - ok

13:49:18.0890 3660 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

13:49:18.0890 3660 OMCI - ok

13:49:19.0000 3660 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

13:49:19.0015 3660 ossrv - ok

13:49:19.0078 3660 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys

13:49:19.0125 3660 P17 - ok

13:49:19.0203 3660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:49:19.0218 3660 Parport - ok

13:49:19.0343 3660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:49:19.0343 3660 PartMgr - ok

13:49:19.0421 3660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:49:19.0421 3660 ParVdm - ok

13:49:19.0531 3660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:49:19.0531 3660 PCI - ok

13:49:19.0562 3660 PCIDump - ok

13:49:19.0609 3660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:49:19.0609 3660 PCIIde - ok

13:49:19.0687 3660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:49:19.0687 3660 Pcmcia - ok

13:49:19.0750 3660 PDCOMP - ok

13:49:19.0796 3660 PDFRAME - ok

13:49:19.0828 3660 PDRELI - ok

13:49:19.0875 3660 PDRFRAME - ok

13:49:19.0953 3660 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

13:49:19.0953 3660 perc2 - ok

13:49:20.0046 3660 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

13:49:20.0046 3660 perc2hib - ok

13:49:20.0156 3660 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys

13:49:20.0156 3660 PfModNT - ok

13:49:20.0250 3660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:49:20.0250 3660 PptpMiniport - ok

13:49:20.0468 3660 PRISM_A02 (9d8f196d9fbb74f8e3ec5cdfd77c90e6) C:\WINDOWS\system32\DRIVERS\WUSBGXP.sys

13:49:20.0484 3660 PRISM_A02 - ok

13:49:20.0546 3660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:49:20.0546 3660 PSched - ok

13:49:20.0593 3660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:49:20.0593 3660 Ptilink - ok

13:49:20.0671 3660 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:49:20.0671 3660 PxHelp20 - ok

13:49:20.0750 3660 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

13:49:20.0750 3660 ql1080 - ok

13:49:20.0843 3660 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

13:49:20.0859 3660 Ql10wnt - ok

13:49:20.0953 3660 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

13:49:20.0953 3660 ql12160 - ok

13:49:21.0046 3660 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

13:49:21.0046 3660 ql1240 - ok

13:49:21.0187 3660 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

13:49:21.0187 3660 ql1280 - ok

13:49:21.0343 3660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:49:21.0343 3660 RasAcd - ok

13:49:21.0515 3660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:49:21.0515 3660 Rasl2tp - ok

13:49:21.0546 3660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:49:21.0546 3660 RasPppoe - ok

13:49:21.0593 3660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:49:21.0593 3660 Raspti - ok

13:49:21.0640 3660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:49:21.0656 3660 Rdbss - ok

13:49:21.0703 3660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:49:21.0703 3660 RDPCDD - ok

13:49:21.0750 3660 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:49:21.0750 3660 rdpdr - ok

13:49:21.0828 3660 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

13:49:21.0843 3660 RDPWD - ok

13:49:21.0906 3660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:49:21.0906 3660 redbook - ok

13:49:22.0000 3660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:49:22.0000 3660 Secdrv - ok

13:49:22.0109 3660 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:49:22.0109 3660 serenum - ok

13:49:22.0234 3660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:49:22.0234 3660 Serial - ok

13:49:22.0640 3660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:49:22.0640 3660 Sfloppy - ok

13:49:22.0906 3660 Simbad - ok

13:49:23.0000 3660 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

13:49:23.0000 3660 sisagp - ok

13:49:23.0109 3660 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

13:49:23.0109 3660 SONYPVU1 - ok

13:49:23.0203 3660 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

13:49:23.0203 3660 Sparrow - ok

13:49:23.0359 3660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:49:23.0359 3660 splitter - ok

13:49:23.0406 3660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:49:23.0406 3660 sr - ok

13:49:23.0500 3660 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:49:23.0515 3660 Srv - ok

13:49:23.0609 3660 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

13:49:23.0609 3660 sscdbhk5 - ok

13:49:23.0703 3660 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

13:49:23.0703 3660 ssrtln - ok

13:49:23.0796 3660 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys

13:49:23.0812 3660 STHDA - ok

13:49:23.0875 3660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:49:23.0875 3660 swenum - ok

13:49:23.0921 3660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:49:23.0921 3660 swmidi - ok

13:49:24.0000 3660 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

13:49:24.0000 3660 symc810 - ok

13:49:24.0093 3660 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

13:49:24.0093 3660 symc8xx - ok

13:49:24.0187 3660 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

13:49:24.0187 3660 sym_hi - ok

13:49:24.0375 3660 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

13:49:24.0375 3660 sym_u3 - ok

13:49:24.0531 3660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:49:24.0531 3660 sysaudio - ok

13:49:24.0625 3660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:49:24.0656 3660 Tcpip - ok

13:49:24.0718 3660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:49:24.0718 3660 TDPIPE - ok

13:49:24.0812 3660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:49:24.0812 3660 TDTCP - ok

13:49:24.0890 3660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:49:24.0890 3660 TermDD - ok

13:49:24.0968 3660 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

13:49:24.0968 3660 tfsnboio - ok

13:49:25.0078 3660 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

13:49:25.0078 3660 tfsncofs - ok

13:49:25.0125 3660 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

13:49:25.0125 3660 tfsndrct - ok

13:49:25.0156 3660 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

13:49:25.0171 3660 tfsndres - ok

13:49:25.0218 3660 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

13:49:25.0218 3660 tfsnifs - ok

13:49:25.0453 3660 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

13:49:25.0453 3660 tfsnopio - ok

13:49:25.0500 3660 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

13:49:25.0500 3660 tfsnpool - ok

13:49:25.0546 3660 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

13:49:25.0546 3660 tfsnudf - ok

13:49:25.0593 3660 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

13:49:25.0609 3660 tfsnudfa - ok

13:49:25.0671 3660 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

13:49:25.0671 3660 TosIde - ok

13:49:25.0796 3660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:49:25.0796 3660 Udfs - ok

13:49:25.0906 3660 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

13:49:25.0906 3660 ultra - ok

13:49:26.0015 3660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:49:26.0046 3660 Update - ok

13:49:26.0125 3660 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

13:49:26.0125 3660 usbaudio - ok

13:49:26.0203 3660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:49:26.0203 3660 usbccgp - ok

13:49:26.0359 3660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:49:26.0359 3660 usbehci - ok

13:49:26.0406 3660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:49:26.0406 3660 usbhub - ok

13:49:26.0484 3660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:49:26.0484 3660 usbprint - ok

13:49:26.0578 3660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:49:26.0578 3660 usbscan - ok

13:49:26.0703 3660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:49:26.0703 3660 USBSTOR - ok

13:49:26.0828 3660 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:49:26.0828 3660 usbuhci - ok

13:49:26.0890 3660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:49:26.0906 3660 VgaSave - ok

13:49:26.0984 3660 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

13:49:26.0984 3660 viaagp - ok

13:49:27.0078 3660 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

13:49:27.0078 3660 ViaIde - ok

13:49:27.0156 3660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:49:27.0156 3660 VolSnap - ok

13:49:27.0203 3660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:49:27.0203 3660 Wanarp - ok

13:49:27.0296 3660 wanatw - ok

13:49:27.0453 3660 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

13:49:27.0453 3660 Wdf01000 - ok

13:49:27.0500 3660 WDICA - ok

13:49:27.0562 3660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:49:27.0562 3660 wdmaud - ok

13:49:27.0687 3660 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys

13:49:27.0687 3660 WmBEnum - ok

13:49:27.0781 3660 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys

13:49:27.0781 3660 WmFilter - ok

13:49:27.0890 3660 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys

13:49:27.0890 3660 WmVirHid - ok

13:49:27.0968 3660 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys

13:49:27.0968 3660 WmXlCore - ok

13:49:28.0046 3660 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

13:49:28.0062 3660 WpdUsb - ok

13:49:28.0125 3660 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

13:49:28.0125 3660 WS2IFSL - ok

13:49:28.0218 3660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:49:28.0218 3660 WudfPf - ok

13:49:28.0390 3660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:49:28.0390 3660 WudfRd - ok

13:49:28.0562 3660 xusb20 (c1c30732240de36551f438d5412959be) C:\WINDOWS\system32\DRIVERS\xusb20.sys

13:49:28.0562 3660 xusb20 - ok

13:49:28.0671 3660 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys

13:49:28.0671 3660 xusb21 - ok

13:49:28.0687 3660 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0

13:49:28.0687 3660 \Device\Harddisk0\DR0 - ok

13:49:28.0703 3660 Boot (0x1200) (1de8d9326544ef5d853ca2acc562ed2b) \Device\Harddisk0\DR0\Partition0

13:49:28.0703 3660 \Device\Harddisk0\DR0\Partition0 - ok

13:49:28.0703 3660 ============================================================

13:49:28.0703 3660 Scan finished

13:49:28.0703 3660 ============================================================

13:49:28.0718 2880 Detected object count: 0

13:49:28.0718 2880 Actual detected object count: 0

13:50:20.0906 2632 Deinitialize success

Link to post
Share on other sites

No progress with Safe Mode. I did try things in a different order and got some more error messages.

I have the details below. But, did my PC have malware to start with? Did our steps taken remove anything?

Now that I don't have malware, should I now post to a different forum to solve my network adapter driver issues? Certainly I welcome your help if you know how. But, I thought perhaps you have to stick with only with malware issues.

Anyway, here are the details...

In Safe Mode with networking as well as without networking, I got the same results as in normal mode when I tried to uninstall the network adapter drivers and reinstall them. See my Sept 21 post for details.

So, I booted into normal mode and tried uninstalling and installing but I tried things in a bit of a different order. Going back to the PPT at

http://forums.malwarebytes.org/index.php?app=core&module=attach&section=attach&attach_id=66336

I still see the three network adapter entries shown on Slide 3. When I try to uninstall any of them, I still get this message

"Failed to uninstall the device. Device may be required to boot up the computer."

Just like I said in the Sept 21 posting. I tried anyway to reinstall the driver using "Scan for hardware changes." For all three cases, I the message I got back was

"A problem occurred during hardware installation. Your new hardware might not work properly."

Again, just like Sept 21. If I look at "Properties" of the HW entry that does not mention McAfee in the name, I get the screen on Slide 2 of the PPT. BUT, here is something new or that I just didn't notice before, when I look at properties for either of the two entries that do mention McAfee, the message is

"Windows cannot start the hardware device because its configuation (in the registry) is incomplete or damaged (Code 19)."

It really sounds like there is a corruption somewhere. I keep thinking if we can fix the corruption and get a clean uninstall of all three of these network adapter entries, then I can use "Scan for hardware changes" and get the driver to install with no errors. But, I don't know how to fix the corruption.

Note that I uninstalled McAfee and ran the MCPR tool very early in this process. I've run MCPR several times since then. It does not get rid of the "McAfee" network adapter entries.

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.