Jump to content

Google Redirect - McAfee/MBAM won't scan

newguy

By newguy
in Resolved Malware Removal Logs

 Share

Recommended Posts

newguy

newguy

Posted
Posted

Hi,

I need some help with what I am sure is a virus on my girlfriends computer. The problem started when she was being redirected from Google searches in Firefox. She contacted me and I recommended she run a virus scan with McAfee which is supplied by her ISP. She was unable to run any type of scan with McAfee and several features of the software were turned off and could not be reactivated. I downloaded MBAM and brought it to her computer on a USB drive. I was able to install the software and update it but as soon as I tried to run a scan the software shut down. Subsequent attempts to run it brought up a message stating that I did not have the proper permissions to run this software.

I had also downloaded Spybot and after the MBAM issue I installed and ran that. Spybot was able to successfully update and scan and found around 30 issues. Most of these were cookies, etc., but the one that stuck out to me was called "Fraud.InternetSecurity2011." We chose to let Spybot fix all issues and rebooted the system.

While we have not attempted to do a Google search, all of the other symptoms are still present, (cannot run McAfee scan or adjust settings, MBAM will not run, etc.)

I checked out your "I'm infected..." page and here is the info requested:

MBAM log: As I said earlier, Malwarebytes will not run; I get a message saying I do not have permission to run.

DeFogger: Ran successfully.

DDS: Ran successfully.

GMER: First attempt scanned for less that one minute then disappeared. Second run completed successfully.

Thanks in advance for your help.

DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Run by User at 19:36:32 on 2011-09-29

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.721 [GMT -4:00]

.

AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Verizon\VSP\ServicepointService.exe

C:\Program Files\VERIZONDM\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\VERIZONDM\bin\tgsrvc.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\VERIZONDM\bin\sprtcmd.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

uDefault_Page_URL = hxxp://www.dell4me.com/myway

uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101218122206.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16

mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6F9151D8-9A6D-4BE8-B53B-F14A594AE898} : DhcpNameServer = 192.168.1.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

LSA: Authentication Packages = msv1_0 relog_ap

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user.d6wzs771\application data\mozilla\firefox\profiles\pd9d5dol.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\verizon\vsp\nprpspa.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-18 386840]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-12-18 84072]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-25 366152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-9-24 80896]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-18 263168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-18 180224]

R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-9-20 684032]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-7-20 200704]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-7-20 180224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-25 22216]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-18 152960]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-18 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-12-18 88544]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-9 136176]

S2 McMPFSvc;McAfee Personal Firewall;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-18 263168]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-18 263168]

S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-18 171168]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-18 134144]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-18 55840]

S3 cpuz130;cpuz130;\??\c:\docume~1\user~1.d6w\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user~1.d6w\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-9 136176]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-18 52104]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-12-18 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-18 84264]

.

=============== Created Last 30 ================

.

2011-09-26 00:37:18 -------- d-----w- c:\program files\Safer Networking

2011-09-25 23:47:39 -------- d-----w- C:\70503CBE

2011-09-25 19:10:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-25 19:10:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-25 18:02:28 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-25 18:02:28 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-09-25 17:45:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-25 17:43:39 -------- d-----w- c:\documents and settings\user.d6wzs771\application data\Malwarebytes

2011-09-25 17:43:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-05 23:06:35 -------- d-----w- c:\program files\iTunes

2011-09-05 22:50:28 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-08-12 00:18:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 19:37:46.46 ===============

attach.zip

Link to post
Share on other sites
  • Replies 184
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

LDTate

LDTate

Posted
Posted

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please do not attach the scan results from Combofx. Use copy/paste.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Please disable this program and leave it disabled until we are finished.

SPYBOT TEATIMER

  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done.
  • (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

Next:

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites
newguy

newguy

Posted
  • Author
Posted

OK,

Disabled Spybots TeaTimer.

Disabled McAfee. (As best I could. It's part of a package from her ISP and isn't easily disabled.)

I am unable to get a connection to the internet on the infected system so I had to copy ComboFix to the desktop via USB drive.

Ran ComboFix but because of the connection issue ComboFix could not install the recovery console.

ComboFix says I have Zero.Access rootkit and it has installed itself in the TCP-IP Stack. (I think that was the message...ComboFix restarted the computer before I could copy the message.)

ComboFix ran again at restart and the log is posted below.

I still seem to have the same symptoms. Cannot connect to the internet, MBAM wont run, McAfee features cannot be turned on, etc.

Also, is it safe to be transferring files via USB drive from the infected system? I try to scan the drive every time I insert it but I'm not sure how rootkits are spread or if my antivirus software could detect them.

Thanks again for all your help.

ComboFix 11-10-03.01 - User 10/04/2011 2:11.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.733 [GMT -4:00]

Running from: c:\documents and settings\User.D6WZS771\Desktop\ComboFix.exe

AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\User.D6WZS771\GoToAssistDownloadHelper.exe

c:\documents and settings\User.D6WZS771\Start Menu\Internet Explorer.lnk

c:\documents and settings\User.D6WZS771\WINDOWS

c:\program files\MyWaySA

c:\windows\$NtUninstallKB56938$

c:\windows\$NtUninstallKB56938$\1207395938\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

c:\windows\$NtUninstallKB56938$\1207395938\click.tlb

c:\windows\$NtUninstallKB56938$\1207395938\L\odetmngk

c:\windows\$NtUninstallKB56938$\1207395938\loader.tlb

c:\windows\$NtUninstallKB56938$\1207395938\U\@00000001

c:\windows\$NtUninstallKB56938$\1207395938\U\@000000c0

c:\windows\$NtUninstallKB56938$\1207395938\U\@000000cb

c:\windows\$NtUninstallKB56938$\1207395938\U\@000000cf

c:\windows\$NtUninstallKB56938$\1207395938\U\@80000000

c:\windows\$NtUninstallKB56938$\1207395938\U\@800000c0

c:\windows\$NtUninstallKB56938$\1207395938\U\@800000cb

c:\windows\$NtUninstallKB56938$\1207395938\U\@800000cf

c:\windows\$NtUninstallKB56938$\1433624130

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\desktop

c:\windows\system32\FF05DA0D.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_47f76662

.

.

((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))

.

.

2011-10-04 05:23 . 2011-10-04 05:23 -------- d-----w- c:\windows\system32\CatRoot_bak

2011-09-26 00:37 . 2011-09-26 00:37 -------- d-----w- c:\program files\Safer Networking

2011-09-25 23:47 . 2011-09-26 00:00 -------- d-----w- C:\70503CBE

2011-09-25 19:10 . 2011-09-25 19:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-25 19:10 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-25 18:02 . 2011-10-04 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-09-25 18:02 . 2011-09-25 18:03 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-25 17:45 . 2011-09-25 19:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-25 17:43 . 2011-09-25 17:43 -------- d-----w- c:\documents and settings\User.D6WZS771\Application Data\Malwarebytes

2011-09-25 17:43 . 2011-09-25 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-09-05 23:06 . 2011-09-05 23:09 -------- d-----w- c:\program files\iTunes

2011-09-05 22:50 . 2011-09-05 22:50 -------- d-----w- c:\program files\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 00:18 . 2011-05-28 18:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-09-05 22:45 . 2011-03-31 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-11-12 19:17 . 2010-12-18 17:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]

"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-07-20 206120]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-13 1195920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniMavis.lnk

backup=c:\windows\pss\MiniMavis.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]

2004-11-10 19:36 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLBTCATS]

2004-11-09 21:41 69632 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlbttime.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

2010-09-13 21:40 1195920 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2005-04-09 04:28 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 02:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 23:15 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2004-01-07 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]

2010-03-16 20:28 4281584 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/18/2010 1:21 PM 84072]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/25/2011 3:10 PM 366152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [9/24/2010 9:16 PM 80896]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/18/2010 1:21 PM 263168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/18/2010 1:22 PM 180224]

R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [9/20/2010 6:53 PM 684032]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [7/20/2010 1:29 AM 200704]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [7/20/2010 1:29 AM 180224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/25/2011 3:10 PM 22216]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/18/2010 1:21 PM 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/18/2010 1:21 PM 88544]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/18/2010 1:21 PM 263168]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/18/2010 1:21 PM 134144]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/18/2010 1:21 PM 55840]

S3 cpuz130;cpuz130;\??\c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/18/2010 1:21 PM 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/18/2010 1:21 PM 84264]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]

.

2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB

FF - ProfilePath - c:\documents and settings\User.D6WZS771\Application Data\Mozilla\Firefox\Profiles\pd9d5dol.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-ddoctorv2 - c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

MSConfigStartUp-dla - c:\windows\system32\dla\tfswctrl.exe

MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe

MSConfigStartUp-mmtask - c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe

MSConfigStartUp-SoundMAXPnP - c:\program files\Analog Devices\Core\smax4pnp.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-04 02:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3124)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-10-04 02:38:04 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-04 06:37

.

Pre-Run: 16,791,384,064 bytes free

Post-Run: 18,153,488,384 bytes free

.

- - End Of File - - 27EA99A508CFBCFBEED9CA13875B31BA

Link to post
Share on other sites
newguy

newguy

Posted
  • Author
Posted

Uninstalled network adapter and rebooted.

Still cannot connect to the internet.

Ran ipconfig from a command prompt, (ipconfig/renew) and got the following message:

"An error occurred while renewing interface Local Area Connection 2 : The RPC Server is unavailable."

Link to post
Share on other sites
newguy

newguy

Posted
  • Author
Posted

I'm not sure how much of this is relevant but in the interest of giving you all the info I can here goes:

As I said in my initial post, the computer belongs to my girlfriend. When this issue came up I brought her computer from her house to my house. I didn't attempt to connect to the internet until I started following your instructions to run ComboFix.

My computer, (the one I'm typing this on), is connected to a modem through a wired router. Her computer, (the one we are working on), is also plugged into the same router.

I'm not sure if the fact that she has a different ISP than mine makes a difference (Comcast vs Verizon). I've been able to use this setup for other systems in the past with no problems, though never on her computer.

I have tried restarting the router and modem and rebooting her computer while connected. I have removed the router and connected her system directly to the modem. Still no luck.

As you may have guessed I don't know a lot about network issues so maybe I'm doing something wrong that is obvious to you and others.

Again, thanks for your patience and thanks for all your help.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

What you've done should be fine.

What she was infected with causes the network card / internet not to work.

I have a couple more issues like this I've been working on too.

Lets try this.

Downlaod IE8 to a thumb / flash disk and copy it over to her pc and install it.

http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-8

It could also be the Firewall stopping the connection.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Can you also do this?

Using a flash / thumb drive, transfer SystemLook to the infected pc and follow the instructions.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    tcpip.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites
newguy

newguy

Posted
  • Author
Posted

OK,

Installed IE8. No noticeable change in system. Still can't connect.

McAfee firewall says it's allowing full traffic. Windows Security Center says the McAfee firewall is turned off.

Ran SystemLook; here is the log:

SystemLook 30.07.11 by jpshortstuff

Log created at 22:30 on 04/10/2011 by User

Administrator - Elevation successful

========== filefind ==========

Searching for "tcpip.sys"

C:\i386\tcpip.sys --a---- 359040 bytes [02:02 19/04/2005] [10:00 04/08/2004] 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys --a---- 361600 bytes [11:59 20/06/2008] [11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E

C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys --a---- 359936 bytes [01:17 14/03/2005] [19:07 25/05/2005] 63FDFEA54EB53DE2D863EE454937CE1E

C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys --a---- 360960 bytes [10:44 20/06/2008] [10:44 20/06/2008] 744E57C99232201AE98C49168B918F48

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys --a---- 361600 bytes [11:51 20/06/2008] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys --a---- 361600 bytes [11:59 20/06/2008] [11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E

C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys -----c- 360320 bytes [23:24 15/11/2009] [10:45 20/06/2008] 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys -----c- 359040 bytes [04:18 08/05/2005] [10:00 04/08/2004] 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys -----c- 361344 bytes [23:40 15/11/2009] [19:20 13/04/2008] 93EA8D04EC73A85DB02EB8805988F733

C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys -----c- 359808 bytes [21:39 14/11/2009] [19:04 25/05/2005] 88763A98A4C26C409741B4AA162720C9

C:\WINDOWS\ERDNT\cache\tcpip.sys --a---- 361600 bytes [06:34 04/10/2011] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D

C:\WINDOWS\ServicePackFiles\i386\tcpip.sys ------- 361344 bytes [23:13 15/11/2009] [19:20 13/04/2008] 93EA8D04EC73A85DB02EB8805988F733

C:\WINDOWS\system32\dllcache\tcpip.sys ------- 361600 bytes [11:51 20/06/2008] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D

C:\WINDOWS\system32\drivers\tcpip.sys --a---- 361600 bytes [17:51 10/08/2004] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D

-= EOF =-

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted 

An error occurred while renewing interface Local Area Connection 2 : The RPC Server is unavailable."

go to Start > Control Panel > Administrative Tools > select Services > click the Standard tab (at bottom of screen) > double-click on Remote Procedure Call > Change the Startup Type to Automatic > Click Start under Service Status > click OK > confirm that the "Status" for Remote Procedure Call now displays Started.

Also verify that "DCOM Server Process Launcher" displays Automatic as its Startup Type in this list of Services. If not, double-click on "DCOM Server Process Launcher" and change the Startup Type to Automatic.

Now try ipconfig /all<--Be sure to add the space

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Go to Start->Run, copy / paste

copy C:\WINDOWS\ServicePackFiles\i386\tcpip.sys c:\tcpip.sys

Enter

Go to Start->Run, copy / paste

ren c:\windows\system32\drivers\tcpip.sys tcpip.old

enter

Go to Start->Run, copy / paste

copy c:\tcpip.sys c:\windows\system32\drivers\tcpip.sys

enter

Reboot

Link to post
Share on other sites
newguy

newguy

Posted
  • Author
Posted

Hi again,

Something has come up and I'm not going to be available for a few days. I should be able to continue on Sunday evening if that's OK. Please do not close this topic in the mean time.

I will try your latest recommendations and post back as soon as I can.

Thank You.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

You need to look in device manager and see if your network card is disabled

Right Click on My Computer > Properties > Hardware > Device Manager

If you see any network devices that show McAffee drivers, Right Click and uninstll them.

Then uninstall the other network devices and reboot.

Let windows install the network drivers, not McAfee.

Link to post
Share on other sites
newguy

newguy

Posted
  • Author
Posted

Hi, I'm back.

Thanks again for your patience and keeping this topic open.

Went through the steps for the services. "Remote Procedure Call" and "DCOM Server Process Launcher" were both already set to Automatic start and were started.

I ran ipconfig /all but I'm not sure what the information means. I can post it here if you need it.

Still no change in the system.

I renamed the "tcpip.sys" file in the "c:\windows\system32\drivers" folder to "tcpip.old". I did this in windows and not in a DOS window. Not sure if this makes a difference but every time I renamed the file the old named file would reappear within seconds.

I copied the "tcpip.sys" file from the "C:\WINDOWS\ServicePackFiles\i386" folder to the desktop and then into the "c:\windows\system32\drivers" folder, overwriting the existing file, (the backup .old file is still intact.)

I rebooted and there is still no change to the system.

I went to the device manager and checked the driver for the network connection. The driver provider is listed as Intel and the digital signer is Microsoft. I clicked on driver details and there are five files listed. Three of the files list Intel as the provider, but the other two list Unknown as the provider. I didn't see any mention of McAfee.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Try these

The instructions for Windows 7 are here: http://windows.microsoft.com/en-AU/windows7/How-do-I-fix-network-adapter-problem s

For other systems I think you can go to Device Manager, select the appropriate network adapter and do a repair. Also, have a look at http://support.microsoft.com/kb/825826 and http://windows.microsoft.com/en-US/windows-vista/Troubleshoot-network-adapter-problems

If none of this helps then it's possible the network adapter has failed and you need to replace it.

http://windows.microsoft.com/en-AU/windows7/How-do-I-fix-network-adapter-problems

http://support.microsoft.com/kb/825826

Link to post
Share on other sites
newguy

newguy

Posted
  • Author
Posted

OK, Ran TDSSkiller but it found no threats.

No change in behavior of the system:

-Internet connection constantly displays "Acquiring network address."

-Cannot run MBAM, ("Windows cannot access the specified device, path, or file. You many not have the appropriate permissions to access the item.")

-McAfee: Real-Time scanning immediately reverts to off after turning it on. Cannot run a virus scan.

I was wondering if I should uninstall the "Verizon Internet Security Suite" which includes a firewall and McAfee. Not sure if this would help with the connection issue, or at least make it easier to remedy.

Thanks again for all your help.

Here is the TDSSkiller log:

18:47:30.0250 2756 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06

18:47:30.0250 2756 ============================================================

18:47:30.0250 2756 Current date / time: 2011/10/11 18:47:30.0250

18:47:30.0250 2756 SystemInfo:

18:47:30.0250 2756

18:47:30.0250 2756 OS Version: 5.1.2600 ServicePack: 3.0

18:47:30.0250 2756 Product type: Workstation

18:47:30.0250 2756 ComputerName: DELL

18:47:30.0250 2756 UserName: User

18:47:30.0250 2756 Windows directory: C:\WINDOWS

18:47:30.0250 2756 System windows directory: C:\WINDOWS

18:47:30.0250 2756 Processor architecture: Intel x86

18:47:30.0250 2756 Number of processors: 1

18:47:30.0250 2756 Page size: 0x1000

18:47:30.0250 2756 Boot type: Normal boot

18:47:30.0250 2756 ============================================================

18:47:32.0312 2756 Initialize success

18:48:25.0109 2956 ============================================================

18:48:25.0109 2956 Scan started

18:48:25.0109 2956 Mode: Manual;

18:48:25.0109 2956 ============================================================

18:48:25.0718 2956 Abiosdsk - ok

18:48:26.0031 2956 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

18:48:26.0046 2956 abp480n5 - ok

18:48:26.0453 2956 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:48:26.0515 2956 ACPI - ok

18:48:26.0890 2956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:48:26.0890 2956 ACPIEC - ok

18:48:27.0359 2956 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

18:48:27.0390 2956 adpu160m - ok

18:48:27.0796 2956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:48:27.0843 2956 aec - ok

18:48:28.0187 2956 AFD - ok

18:48:28.0531 2956 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

18:48:28.0546 2956 agp440 - ok

18:48:28.0921 2956 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

18:48:28.0937 2956 agpCPQ - ok

18:48:29.0359 2956 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

18:48:29.0359 2956 Aha154x - ok

18:48:29.0796 2956 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

18:48:29.0812 2956 aic78u2 - ok

18:48:30.0203 2956 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

18:48:30.0218 2956 aic78xx - ok

18:48:30.0593 2956 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

18:48:30.0593 2956 AliIde - ok

18:48:30.0953 2956 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

18:48:30.0968 2956 alim1541 - ok

18:48:31.0343 2956 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

18:48:31.0359 2956 amdagp - ok

18:48:31.0734 2956 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

18:48:31.0734 2956 amsint - ok

18:48:32.0187 2956 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

18:48:32.0187 2956 asc - ok

18:48:32.0546 2956 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

18:48:32.0562 2956 asc3350p - ok

18:48:32.0921 2956 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

18:48:32.0937 2956 asc3550 - ok

18:48:33.0328 2956 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

18:48:33.0328 2956 ASCTRM - ok

18:48:33.0718 2956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:48:33.0718 2956 AsyncMac - ok

18:48:34.0109 2956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:48:34.0109 2956 atapi - ok

18:48:34.0453 2956 Atdisk - ok

18:48:34.0796 2956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:48:34.0812 2956 Atmarpc - ok

18:48:35.0171 2956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:48:35.0171 2956 audstub - ok

18:48:35.0515 2956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:48:35.0515 2956 Beep - ok

18:48:35.0828 2956 bvrp_pci - ok

18:48:35.0890 2956 catchme - ok

18:48:36.0187 2956 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

18:48:36.0187 2956 cbidf - ok

18:48:36.0531 2956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:48:36.0531 2956 cbidf2k - ok

18:48:36.0937 2956 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

18:48:36.0953 2956 cd20xrnt - ok

18:48:37.0328 2956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:48:37.0328 2956 Cdaudio - ok

18:48:37.0750 2956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:48:37.0765 2956 Cdfs - ok

18:48:38.0156 2956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:48:38.0171 2956 Cdrom - ok

18:48:38.0562 2956 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys

18:48:38.0593 2956 cfwids - ok

18:48:38.0921 2956 Changer - ok

18:48:39.0250 2956 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

18:48:39.0250 2956 CmdIde - ok

18:48:39.0625 2956 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

18:48:39.0640 2956 Cpqarray - ok

18:48:39.0781 2956 cpuz130 - ok

18:48:40.0234 2956 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

18:48:40.0296 2956 dac2w2k - ok

18:48:40.0671 2956 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

18:48:40.0687 2956 dac960nt - ok

18:48:41.0046 2956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:48:41.0062 2956 Disk - ok

18:48:41.0718 2956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:48:42.0015 2956 dmboot - ok

18:48:42.0437 2956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:48:42.0500 2956 dmio - ok

18:48:42.0859 2956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:48:42.0859 2956 dmload - ok

18:48:43.0250 2956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:48:43.0265 2956 DMusic - ok

18:48:43.0671 2956 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

18:48:43.0687 2956 dpti2o - ok

18:48:44.0031 2956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:48:44.0031 2956 drmkaud - ok

18:48:44.0265 2956 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

18:48:44.0265 2956 DSproct - ok

18:48:44.0671 2956 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

18:48:44.0671 2956 dsunidrv - ok

18:48:45.0109 2956 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:48:45.0156 2956 E100B - ok

18:48:45.0531 2956 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys

18:48:45.0546 2956 ENTECH - ok

18:48:45.0953 2956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:48:46.0000 2956 Fastfat - ok

18:48:46.0390 2956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:48:46.0390 2956 Fdc - ok

18:48:46.0765 2956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:48:46.0765 2956 Fips - ok

18:48:47.0140 2956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:48:47.0156 2956 Flpydisk - ok

18:48:47.0562 2956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:48:47.0609 2956 FltMgr - ok

18:48:47.0937 2956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:48:47.0937 2956 Fs_Rec - ok

18:48:48.0437 2956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:48:48.0484 2956 Ftdisk - ok

18:48:48.0906 2956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

18:48:48.0906 2956 GEARAspiWDM - ok

18:48:49.0296 2956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:48:49.0312 2956 Gpc - ok

18:48:49.0703 2956 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:48:49.0718 2956 HidUsb - ok

18:48:50.0156 2956 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

18:48:50.0171 2956 hpn - ok

18:48:50.0625 2956 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

18:48:50.0703 2956 HSFHWBS2 - ok

18:48:51.0468 2956 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

18:48:51.0812 2956 HSF_DP - ok

18:48:52.0281 2956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:48:52.0375 2956 HTTP - ok

18:48:52.0718 2956 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

18:48:52.0718 2956 i2omgmt - ok

18:48:53.0109 2956 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

18:48:53.0109 2956 i2omp - ok

18:48:53.0468 2956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:48:53.0484 2956 i8042prt - ok

18:48:54.0312 2956 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

18:48:54.0765 2956 ialm - ok

18:48:55.0140 2956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:48:55.0156 2956 Imapi - ok

18:48:55.0546 2956 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

18:48:55.0562 2956 ini910u - ok

18:48:55.0921 2956 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:48:55.0921 2956 IntelIde - ok

18:48:56.0328 2956 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:48:56.0343 2956 intelppm - ok

18:48:56.0718 2956 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:48:56.0734 2956 Ip6Fw - ok

18:48:57.0062 2956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:48:57.0078 2956 IpFilterDriver - ok

18:48:57.0546 2956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:48:57.0546 2956 IpInIp - ok

18:48:57.0937 2956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:48:57.0984 2956 IpNat - ok

18:48:58.0406 2956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:48:58.0437 2956 IPSec - ok

18:48:58.0796 2956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:48:58.0812 2956 IRENUM - ok

18:48:59.0171 2956 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:48:59.0187 2956 isapnp - ok

18:48:59.0562 2956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:48:59.0578 2956 Kbdclass - ok

18:48:59.0984 2956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:49:00.0046 2956 kmixer - ok

18:49:00.0484 2956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:49:00.0515 2956 KSecDD - ok

18:49:00.0859 2956 lbrtfdc - ok

18:49:01.0187 2956 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

18:49:01.0187 2956 MBAMProtector - ok

18:49:01.0593 2956 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:49:01.0593 2956 mdmxsdk - ok

18:49:02.0000 2956 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys

18:49:02.0031 2956 mfeapfk - ok

18:49:02.0468 2956 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys

18:49:02.0484 2956 mfeavfk - ok

18:49:02.0890 2956 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys

18:49:02.0906 2956 mfebopk - ok

18:49:03.0421 2956 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys

18:49:03.0421 2956 mfefirek - ok

18:49:03.0937 2956 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys

18:49:04.0062 2956 mfehidk - ok

18:49:04.0484 2956 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

18:49:04.0484 2956 mfendisk - ok

18:49:04.0531 2956 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

18:49:04.0531 2956 mfendiskmp - ok

18:49:04.0921 2956 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys

18:49:04.0953 2956 mferkdet - ok

18:49:05.0375 2956 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys

18:49:05.0375 2956 mfetdi2k - ok

18:49:05.0703 2956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:49:05.0718 2956 mnmdd - ok

18:49:06.0078 2956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:49:06.0093 2956 Modem - ok

18:49:06.0515 2956 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

18:49:06.0515 2956 MODEMCSA - ok

18:49:06.0890 2956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:49:06.0890 2956 Mouclass - ok

18:49:07.0281 2956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:49:07.0281 2956 mouhid - ok

18:49:07.0687 2956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:49:07.0703 2956 MountMgr - ok

18:49:08.0093 2956 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

18:49:08.0093 2956 mraid35x - ok

18:49:08.0218 2956 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

18:49:08.0234 2956 MREMP50 - ok

18:49:08.0265 2956 MREMPR5 - ok

18:49:08.0296 2956 MRENDIS5 - ok

18:49:08.0343 2956 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

18:49:08.0343 2956 MRESP50 - ok

18:49:08.0765 2956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:49:08.0828 2956 MRxDAV - ok

18:49:09.0375 2956 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:49:09.0531 2956 MRxSmb - ok

18:49:09.0906 2956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:49:09.0906 2956 Msfs - ok

18:49:10.0312 2956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:49:10.0312 2956 MSKSSRV - ok

18:49:10.0687 2956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:49:10.0687 2956 MSPCLOCK - ok

18:49:11.0031 2956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:49:11.0031 2956 MSPQM - ok

18:49:11.0421 2956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:49:11.0421 2956 mssmbios - ok

18:49:11.0812 2956 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

18:49:11.0859 2956 Mup - ok

18:49:12.0281 2956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:49:12.0343 2956 NDIS - ok

18:49:12.0750 2956 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:49:12.0750 2956 NdisTapi - ok

18:49:13.0125 2956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:49:13.0125 2956 Ndisuio - ok

18:49:13.0531 2956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:49:13.0562 2956 NdisWan - ok

18:49:13.0937 2956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:49:13.0953 2956 NDProxy - ok

18:49:14.0328 2956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:49:14.0343 2956 NetBIOS - ok

18:49:14.0781 2956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:49:14.0828 2956 NetBT - ok

18:49:15.0250 2956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:49:15.0265 2956 Npfs - ok

18:49:15.0968 2956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:49:16.0171 2956 Ntfs - ok

18:49:16.0593 2956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:49:16.0593 2956 Null - ok

18:49:17.0906 2956 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:49:18.0734 2956 nv - ok

18:49:19.0156 2956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:49:19.0187 2956 NwlnkFlt - ok

18:49:19.0593 2956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:49:19.0625 2956 NwlnkFwd - ok

18:49:20.0078 2956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

18:49:20.0140 2956 Parport - ok

18:49:20.0515 2956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:49:20.0531 2956 PartMgr - ok

18:49:20.0921 2956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:49:20.0921 2956 ParVdm - ok

18:49:21.0328 2956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:49:21.0390 2956 PCI - ok

18:49:21.0734 2956 PCIDump - ok

18:49:22.0187 2956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:49:22.0187 2956 PCIIde - ok

18:49:22.0656 2956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:49:22.0703 2956 Pcmcia - ok

18:49:23.0062 2956 PDCOMP - ok

18:49:23.0421 2956 PDFRAME - ok

18:49:23.0765 2956 PDRELI - ok

18:49:24.0171 2956 PDRFRAME - ok

18:49:24.0640 2956 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

18:49:24.0671 2956 perc2 - ok

18:49:25.0078 2956 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

18:49:25.0093 2956 perc2hib - ok

18:49:25.0531 2956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:49:25.0562 2956 PptpMiniport - ok

18:49:26.0109 2956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:49:26.0140 2956 PSched - ok

18:49:26.0609 2956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:49:26.0609 2956 Ptilink - ok

18:49:27.0250 2956 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:49:27.0281 2956 PxHelp20 - ok

18:49:27.0765 2956 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

18:49:27.0781 2956 ql1080 - ok

18:49:28.0343 2956 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

18:49:28.0359 2956 Ql10wnt - ok

18:49:28.0750 2956 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

18:49:28.0765 2956 ql12160 - ok

18:49:29.0296 2956 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

18:49:29.0312 2956 ql1240 - ok

18:49:29.0671 2956 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

18:49:29.0703 2956 ql1280 - ok

18:49:30.0171 2956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:49:30.0171 2956 RasAcd - ok

18:49:30.0578 2956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:49:30.0593 2956 Rasl2tp - ok

18:49:30.0984 2956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:49:31.0000 2956 RasPppoe - ok

18:49:31.0500 2956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:49:31.0500 2956 Raspti - ok

18:49:31.0921 2956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:49:31.0984 2956 Rdbss - ok

18:49:32.0468 2956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:49:32.0468 2956 RDPCDD - ok

18:49:32.0906 2956 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:49:32.0968 2956 rdpdr - ok

18:49:33.0359 2956 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

18:49:33.0390 2956 RDPWD - ok

18:49:33.0796 2956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:49:33.0812 2956 redbook - ok

18:49:34.0203 2956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:49:34.0203 2956 Secdrv - ok

18:49:34.0875 2956 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

18:49:35.0109 2956 senfilt - ok

18:49:35.0468 2956 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:49:35.0484 2956 serenum - ok

18:49:35.0875 2956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

18:49:35.0890 2956 Serial - ok

18:49:36.0296 2956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:49:36.0296 2956 Sfloppy - ok

18:49:36.0640 2956 Simbad - ok

18:49:37.0031 2956 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

18:49:37.0046 2956 sisagp - ok

18:49:37.0468 2956 smwdm (86c4d93b7b7818d066c52fdb03c6c921) C:\WINDOWS\system32\drivers\smwdm.sys

18:49:37.0546 2956 smwdm - ok

18:49:37.0984 2956 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys

18:49:38.0015 2956 snapman - ok

18:49:38.0437 2956 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

18:49:38.0453 2956 Sparrow - ok

18:49:38.0796 2956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:49:38.0796 2956 splitter - ok

18:49:39.0234 2956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:49:39.0250 2956 sr - ok

18:49:39.0750 2956 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:49:39.0875 2956 Srv - ok

18:49:40.0234 2956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:49:40.0234 2956 swenum - ok

18:49:40.0609 2956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:49:40.0640 2956 swmidi - ok

18:49:41.0031 2956 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

18:49:41.0046 2956 symc810 - ok

18:49:41.0406 2956 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

18:49:41.0421 2956 symc8xx - ok

18:49:41.0796 2956 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

18:49:41.0812 2956 sym_hi - ok

18:49:42.0203 2956 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

18:49:42.0203 2956 sym_u3 - ok

18:49:42.0562 2956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:49:42.0578 2956 sysaudio - ok

18:49:43.0125 2956 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:49:43.0250 2956 Tcpip - ok

18:49:43.0609 2956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:49:43.0625 2956 TDPIPE - ok

18:49:44.0000 2956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:49:44.0015 2956 TDTCP - ok

18:49:44.0406 2956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:49:44.0421 2956 TermDD - ok

18:49:44.0828 2956 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

18:49:44.0859 2956 tifsfilter - ok

18:49:45.0375 2956 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys

18:49:45.0515 2956 timounter - ok

18:49:45.0906 2956 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

18:49:45.0906 2956 TosIde - ok

18:49:46.0328 2956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:49:46.0359 2956 Udfs - ok

18:49:46.0765 2956 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

18:49:46.0765 2956 ultra - ok

18:49:47.0281 2956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:49:47.0406 2956 Update - ok

18:49:47.0812 2956 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:49:47.0828 2956 USBAAPL - ok

18:49:48.0234 2956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:49:48.0234 2956 usbccgp - ok

18:49:48.0609 2956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:49:48.0625 2956 usbehci - ok

18:49:49.0000 2956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:49:49.0031 2956 usbhub - ok

18:49:49.0390 2956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:49:49.0390 2956 usbprint - ok

18:49:49.0765 2956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:49:49.0765 2956 usbscan - ok

18:49:50.0156 2956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:49:50.0156 2956 USBSTOR - ok

18:49:50.0515 2956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:49:50.0531 2956 usbuhci - ok

18:49:50.0906 2956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:49:50.0921 2956 VgaSave - ok

18:49:51.0343 2956 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

18:49:51.0359 2956 viaagp - ok

18:49:51.0734 2956 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

18:49:51.0734 2956 ViaIde - ok

18:49:52.0109 2956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:49:52.0125 2956 VolSnap - ok

18:49:52.0500 2956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:49:52.0515 2956 Wanarp - ok

18:49:52.0921 2956 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

18:49:52.0937 2956 wanatw - ok

18:49:53.0281 2956 WDICA - ok

18:49:53.0593 2956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:49:53.0625 2956 wdmaud - ok

18:49:54.0203 2956 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:49:54.0437 2956 winachsf - ok

18:49:54.0828 2956 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:49:54.0843 2956 WS2IFSL - ok

18:49:54.0906 2956 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0

18:49:54.0906 2956 \Device\Harddisk0\DR0 - ok

18:49:54.0921 2956 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR4

18:49:54.0937 2956 \Device\Harddisk1\DR4 - ok

18:49:54.0953 2956 Boot (0x1200) (435ae0ebddd3ddb66afdc98da2e0779a) \Device\Harddisk0\DR0\Partition0

18:49:54.0953 2956 \Device\Harddisk0\DR0\Partition0 - ok

18:49:54.0968 2956 Boot (0x1200) (e5b9c30804a63874862bfdcd79038451) \Device\Harddisk1\DR4\Partition0

18:49:54.0968 2956 \Device\Harddisk1\DR4\Partition0 - ok

18:49:54.0968 2956 ============================================================

18:49:54.0968 2956 Scan finished

18:49:54.0968 2956 ============================================================

18:49:54.0984 2948 Detected object count: 0

18:49:54.0984 2948 Actual detected object count: 0

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.