Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have no network connection


  • This topic is locked This topic is locked
16 replies to this topic

#1 joeb3817

joeb3817

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 06 December 2011 - 07:26 AM

I have been trying to clean out my machine and having no luck.
The system is XP Pro SP3. I have run AVG from a boot disk, no effect.
I have run Kaspersky from a boot disk, no effect. I do not have network connectivity.
I put in an address vs DHCP the network is there but will not connect.
Malwarebytes cannot be updated so seems to beof little use.
Lastly I tried to load Combofix, the installer loads all the packages etc
and just before it is to begin its proccesses a box appears showing the following:
Version 11-11-22.01
Current date is 2011-12-05. ComboFix has expired
Click yes to run in REDUCED FUNCTIONALITY mode
Click No to exit

I have done everything I can think of but nothing has worked


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Joe at 20:03:11 on 2011-12-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1835 [GMT -5:00]
.
AV: Bitdefender Antivirus *Enabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\joe\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BDMCon] "c:\program files\softwin\bitdefender10\bdmcon.exe" /reg
mRun: [BDAgent] "c:\program files\softwin\bitdefender10\bdagent.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxp://www.webiqonline.com/webiq/bin/webiq.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www2.snapfish.com/SnapfishActivia2.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-e6421b02d1719603.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://connect.arrow.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - d:\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\joe\application data\mozilla\firefox\profiles\zjakhtmp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\joe\application data\mozilla\firefox\profiles\zjakhtmp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\joe\application data\mozilla\firefox\profiles\zjakhtmp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\joe\application data\mozilla\firefox\profiles\zjakhtmp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\joe\application data\mozilla\firefox\profiles\zjakhtmp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\joe\application data\mozilla\firefox\profiles\zjakhtmp.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\joe\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-3-1 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-1 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-3-1 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-8-1 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-3-1 243152]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-4 54752]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-1-2 12184]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S2 avg9wd;AVG WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-22 22216]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-22 366152]
.
=============== Created Last 30 ================
.
2011-12-05 00:09:14 81984 ----a-w- c:\windows\system32\bdod.bin
2011-12-05 00:06:31 -------- d-----w- c:\documents and settings\joe\application data\Bitdefender
2011-12-05 00:03:36 -------- d-----w- c:\program files\Softwin
2011-12-05 00:03:36 -------- d-----w- c:\documents and settings\all users\application data\BitDefender
2011-12-05 00:02:55 -------- d-----w- c:\program files\common files\Softwin
2011-12-04 14:22:01 -------- d-----w- c:\windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP
2011-12-04 03:59:23 -------- d-----w- c:\program files\AVAST Software
2011-12-04 03:59:23 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-12-04 01:03:07 -------- d-----w- c:\documents and settings\joe\application data\SUPERAntiSpyware.com
2011-12-04 01:02:34 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-11-27 15:24:09 -------- d-----w- c:\program files\iPod
2011-11-06 15:48:40 -------- d-----w- c:\documents and settings\joe\local settings\application data\Wide_Angle_Software
2011-11-06 15:42:39 -------- d-----w- c:\documents and settings\joe\local settings\application data\Wide Angle Software
2011-11-06 15:41:39 -------- d-----w- c:\program files\Wide Angle Software
2011-11-06 15:19:23 -------- d-----w- c:\documents and settings\all users\application data\Vistanita
.
==================== Find3M ====================
.
2011-11-11 23:32:43 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-11-01 23:44:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 20:06:22.93 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-06 07:19:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1200AB-22DYA0 rev.15.05R15
Running: gmer.exe; Driver: C:\DOCUME~1\Joe\LOCALS~1\Temp\pxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667BFE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9557000, 0x1C5D38, 0xE8000020]
? System32\Drivers\SCDEmu.SYS The system cannot find the path specified. !
? C:\DOCUME~1\Joe\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  dds.txt   17.15KB   1 downloads
  • Attached File  ark.txt   2.27KB   1 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 11 December 2011 - 07:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431007 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 joeb3817

joeb3817
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 11 December 2011 - 07:02 PM

Enclosed are the new logs requested.
At this time I have run 3 different rescue disks; Kaspersky, AVG and Avira and
they have not found anything. The network has been given an address and is no longer
DHCP. Still not able to go to the web although in safe mode windows error reporting was able to
send. For Antivirus right now I am running Bitdefender, the program is running in normal mode
but in safe mode it will not start. It looks as if during boot a service is being started that
prevents network connect.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Joe at 18:47:00 on 2011-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1930 [GMT -5:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm Installer] "c:\program files\checkpoint\install\launcher.exe" "c:\program files\checkpoint\install\install.exe" /r download /c "c:\program files\checkpoint\install\Install.xml" /w
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxp://www.webiqonline.com/webiq/bin/webiq.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www2.snapfish.com/SnapfishActivia2.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-e6421b02d1719603.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://connect.arrow.com/dana-cached/setup/JuniperSetupSP1.cab
TCP: Interfaces\{74ABA75E-F72B-453F-A7E1-D513C6BB8EA4} : NameServer = 8.8.8.8,8.8.8.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - d:\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\joe\application data\mozilla\firefox\profiles\zjakhtmp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\joe\application data\mozilla\firefox\profiles\zjakhtmp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\joe\application data\mozilla\firefox\profiles\zjakhtmp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\joe\application data\mozilla\firefox\profiles\zjakhtmp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\joe\application data\mozilla\firefox\profiles\zjakhtmp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\joe\application data\mozilla\firefox\profiles\zjakhtmp.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\joe\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-3-1 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-1 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-3-1 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-8-1 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-3-1 243152]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-4 54752]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-1-2 12184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-22 22216]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S2 avg9wd;AVG WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-22 366152]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2011-12-11 04:07:31 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-12-10 21:12:58 616024 ----a-w- c:\windows\system32\COMCTL32.OCX
2011-12-10 21:12:58 -------- d-----w- c:\program files\XP TCPIP Repair
2011-12-08 23:48:58 -------- d-----w- c:\program files\CheckPoint
2011-12-05 00:09:14 81984 ----a-w- c:\windows\system32\bdod.bin
2011-12-05 00:06:31 -------- d-----w- c:\documents and settings\joe\application data\Bitdefender
2011-12-05 00:03:36 -------- d-----w- c:\program files\Softwin
2011-12-05 00:03:36 -------- d-----w- c:\documents and settings\all users\application data\BitDefender
2011-12-05 00:02:55 -------- d-----w- c:\program files\common files\Softwin
2011-12-04 14:22:01 -------- d-----w- c:\windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP
2011-12-04 03:59:23 -------- d-----w- c:\program files\AVAST Software
2011-12-04 03:59:23 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-12-04 01:03:07 -------- d-----w- c:\documents and settings\joe\application data\SUPERAntiSpyware.com
2011-12-04 01:02:34 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-11-27 15:24:09 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2011-11-11 23:32:43 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-11-01 23:44:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 18:49:55.06 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-11 18:43:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1200AB-22DYA0 rev.15.05R15
Running: gmer.exe; Driver: C:\DOCUME~1\Joe\LOCALS~1\Temp\pxtdypog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:46 AM

Posted 12 December 2011 - 06:29 AM

Hello joeb3817,

Welcome to this forum and apologies for the delay.

  • Why do you think the system is infected? is there any reason for that?
  • I assume this computer is used for work. You have both "Cisco Systems VPN Client" and "Juniper Networks" for secure connection. The first one is not working properly but it is not uninstalled. Please tell me which one is currently used.

  • I put in an address vs DHCP the network is there but will not connect.


    Why do you do that? Do you use a static IP?

    The network has been given an address and is no longer
    DHCP.

    What do you mean? Is it because you changed the configuration?
  • In case you have change the configuration please go to start => Control Panel => Network connection => open your default network (for LAN connection it is Local Area Connection). Select Internet Protocol (TCP/IP) and select Properties.
    Check both the options to option IP and DNS automatically. Click OK twice.
  • Please go to Add/Remove programs and uninstall Spybot - Search & Destroy otherwise it interferes with our fixes. You may install it after we are doen.
  • There are some AVG leftovers on the system. Download and run the AVG Uninstaller.
  • Please download Attached File  remove.bat   260bytes   1 downloads
    Double-click to run it. A command window opens and closed it is normal. This will remove some driver leftovers from previous security programs.
  • Important: Restart.
  • Please download MiniToolBox and save it to your desktop and run it.Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices. Also beside checking this option set the radio button to "All".
    • List Users, Partitions and Memory size.
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
  • Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure "Include All Files" option remains checked.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


#5 joeb3817

joeb3817
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 12 December 2011 - 09:42 AM

In answer to your questions:
1) I think the system is infected because I cannot get to the internet
The system is hiding certain files that I try working on.
2) The system is actually a home system that we use sometimes for work functions. The
VPN we use is the Cisco,. I do not know what the Juniper one is for.
3) I turned of the DHCP config and gave the system a fixed IP to see if I could get the
Network to function. This did help in a way, when I gave the system the static IP it said the
network was now connected. When it was running DHCP it said the network was disconnected.
4) The network is been set to DHCP
5)Spybot has been removed
6)AVG unistaller has been run
7)remove.bat has been run
8)restarted
9)Mini toolbox run and log posted
10)Farbar Service scanner run and posted





MiniToolBox by Farbar
Ran by Joe (administrator) on 12-12-2011 at 09:26:42
Microsoft Windows XP Professional Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com

There are 7891 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 3 (Disconnected)
3Com 3C905TX-based Ethernet Adapter (Generic) = Local Area Connection 5 (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 5"

set address name="Local Area Connection 5" source=dhcp
set dns name="Local Area Connection 5" source=dhcp register=PRIMARY
set wins name="Local Area Connection 5" source=dhcp

# Interface IP Configuration for "Network Connect Adapter"

set address name="Network Connect Adapter" source=dhcp
set dns name="Network Connect Adapter" source=dhcp register=PRIMARY
set wins name="Network Connect Adapter" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : vaio

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection 5:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : 3Com 3C905TX-based Ethernet Adapter (Generic)

Physical Address. . . . . . . . . : 00-60-08-67-68-96

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.7

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

71.243.0.12

Lease Obtained. . . . . . . . . . : Monday, December 12, 2011 9:24:05 AM

Lease Expires . . . . . . . . . . : Tuesday, December 13, 2011 9:24:04 AM



Ethernet adapter Network Connect Adapter:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter

Physical Address. . . . . . . . . : 00-FF-68-3D-56-8A

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.


Pinging google.com [74.125.226.180] with 32 bytes of data:



Reply from 74.125.226.180: bytes=32 time=20ms TTL=251

Request timed out.



Ping statistics for 74.125.226.180:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 20ms, Average = 20ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

DNS request timed out.
timeout was 2 seconds.
Server: nsbost01.verizon.net
Address: 71.243.0.12

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 60 08 67 68 96 ...... 3Com 3C905TX-based Ethernet Adapter (Generic) - Packet Scheduler Miniport
0x10004 ...00 ff 68 3d 56 8a ...... Juniper Network Connect Virtual Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.7 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.7 192.168.1.7 20
192.168.1.0 255.255.255.0 192.168.1.7 192.168.1.7 20
192.168.1.7 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.7 192.168.1.7 20
224.0.0.0 240.0.0.0 192.168.1.7 192.168.1.7 20
255.255.255.255 255.255.255.255 192.168.1.7 10004 1
255.255.255.255 255.255.255.255 192.168.1.7 192.168.1.7 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/11/2011 11:32:42 AM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]

Error: (12/11/2011 11:30:23 AM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]

Error: (12/11/2011 11:06:21 AM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]

Error: (12/11/2011 10:37:13 AM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (12/11/2011 10:36:55 AM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (12/10/2011 11:09:06 PM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (12/10/2011 11:06:01 PM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (12/10/2011 11:01:21 PM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (12/10/2011 10:45:37 PM) (Source: Application Hang) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/10/2011 00:12:14 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.51.0.1118, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (12/12/2011 09:25:42 AM) (Source: Service Control Manager) (User: )
Description: The BDRsDrv service failed to start due to the following error:
%%2

Error: (12/12/2011 09:25:41 AM) (Source: Service Control Manager) (User: )
Description: The BDFsDrv service failed to start due to the following error:
%%2

Error: (12/12/2011 09:25:40 AM) (Source: Service Control Manager) (User: )
Description: The bdfdll service failed to start due to the following error:
%%2

Error: (12/12/2011 09:24:53 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (12/12/2011 09:24:26 AM) (Source: 0) (User: )
Description:

Error: (12/12/2011 09:24:26 AM) (Source: 0) (User: )
Description:

Error: (12/12/2011 09:24:26 AM) (Source: 0) (User: )
Description:

Error: (12/12/2011 09:24:26 AM) (Source: 0) (User: )
Description:

Error: (12/12/2011 09:24:26 AM) (Source: 0) (User: )
Description:

Error: (12/12/2011 09:20:15 AM) (Source: 0) (User: )
Description: 192.168.1.400:27:10:D7:02:9C


Microsoft Office Sessions:
=========================
Error: (08/11/2010 10:17:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 147 seconds with 60 seconds of active time. This session ended with a crash.


========================= Devices: ================================

Name: ACPI Multiprocessor PC
Description: ACPI Multiprocessor PC
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Manufacturer: Microsoft
Service: ACPI

Name: Intel® Pentium® 4 CPU 2.80GHz
Description: Intel Processor
Manufacturer: Intel
Service: intelppm

Name: Intel® Pentium® 4 CPU 2.80GHz
Description: Intel Processor
Manufacturer: Intel
Service: intelppm

Name: PCI bus
Description: PCI bus
Manufacturer: (Standard system devices)
Service: pci

Name: Intel® 82865G/PE/P/GV/82848P Processor to I/O Controller - 2570
Description: Intel® 82865G/PE/P/GV/82848P Processor to I/O Controller - 2570
Manufacturer: Intel
Service:

Name: Intel® 82865G/PE/P/GV/82848P Processor to AGP Controller - 2571
Description: Intel® 82865G/PE/P/GV/82848P Processor to AGP Controller - 2571
Manufacturer: Intel
Service: pci

Name: ATI Radeon 9600/9550/X1050 Series
Description: ATI Radeon 9600/9550/X1050 Series
Manufacturer: ATI Technologies Inc.
Service: ati2mtag

Name: Plug and Play Monitor
Description: Plug and Play Monitor
Manufacturer: (Standard monitor types)
Service:

Name: ATI Radeon 9600/9550/X1050 Series - Secondary
Description: ATI Radeon 9600/9550/X1050 Series - Secondary
Manufacturer: ATI Technologies Inc.
Service: ati2mtag

Name: Intel® 82801EB USB Universal Host Controller - 24D2
Description: Intel® 82801EB USB Universal Host Controller - 24D2
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 82801EB USB Universal Host Controller - 24D4
Description: Intel® 82801EB USB Universal Host Controller - 24D4
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Composite Device
Description: USB Composite Device
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: USB Human Interface Device
Description: USB Human Interface Device
Manufacturer: (Standard system devices)
Service: HidUsb

Name: HID-compliant mouse
Description: HID-compliant mouse
Manufacturer: Microsoft
Service: mouhid

Name: USB Human Interface Device
Description: USB Human Interface Device
Manufacturer: (Standard system devices)
Service: HidUsb

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Manufacturer: Microsoft
Service:

Name: HID-compliant device
Description: HID-compliant device
Manufacturer: (Standard system devices)
Service:

Name: HID-compliant device
Description: HID-compliant device
Manufacturer: (Standard system devices)
Service:

Name: Intel® 82801EB USB Universal Host Controller - 24D7
Description: Intel® 82801EB USB Universal Host Controller - 24D7
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 82801EB USB Universal Host Controller - 24DE
Description: Intel® 82801EB USB Universal Host Controller - 24DE
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 82801 PCI Bridge - 244E
Description: Intel® 82801 PCI Bridge - 244E
Manufacturer: Intel
Service: pci

Name: VIA Rev 5 or later USB Universal Host Controller
Description: VIA Rev 5 or later USB Universal Host Controller
Manufacturer: VIA Technologies
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: VIA Rev 5 or later USB Universal Host Controller
Description: VIA Rev 5 or later USB Universal Host Controller
Manufacturer: VIA Technologies
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: VIA USB Enhanced Host Controller
Description: VIA USB Enhanced Host Controller
Manufacturer: VIA Technologies
Service: usbehci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: WDC WD20 00JD-98HBB0 USB Device
Description: Disk drive
Manufacturer: (Standard disk drives)
Service: disk

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: Maxtor OneTouch II USB Device
Description: Disk drive
Manufacturer: (Standard disk drives)
Service: disk

Name: Logitech USB Camera (Pro 5000)
Description: Logitech USB Camera (Pro 5000)
Manufacturer: Logitech
Service: usbccgp

Name: Logitech QuickCam Pro 5000
Description: Logitech QuickCam Pro 5000
Manufacturer: Logitech
Service: LVUVC

Name: Logitech Mic (Pro 5000)
Description: Logitech Mic (Pro 5000)
Manufacturer: Logitech
Service: usbaudio

Name: 3Com 3C905TX-based Ethernet Adapter (Generic)
Description: 3Com 3C905TX-based Ethernet Adapter (Generic)
Manufacturer: 3Com
Service: EL90X

Name: NEC OHCI Compliant IEEE 1394 Host Controller
Description: NEC OHCI Compliant IEEE 1394 Host Controller
Manufacturer: NEC
Service: ohci1394

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Manufacturer: Microsoft
Service: NIC1394

Name: Intel® 82801EB LPC Interface Controller - 24D0
Description: Intel® 82801EB LPC Interface Controller - 24D0
Manufacturer: Intel
Service: isapnp

Name: ISAPNP Read Data Port
Description: ISAPNP Read Data Port
Manufacturer: (Standard system devices)
Service:

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Manufacturer: (Standard system devices)
Service:

Name: Direct memory access controller
Description: Direct memory access controller
Manufacturer: (Standard system devices)
Service:

Name: System timer
Description: System timer
Manufacturer: (Standard system devices)
Service:

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Manufacturer: (Standard system devices)
Service:

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Manufacturer: (Standard keyboards)
Service: i8042prt

Name: System speaker
Description: System speaker
Manufacturer: (Standard system devices)
Service:

Name: Numeric data processor
Description: Numeric data processor
Manufacturer: (Standard system devices)
Service:

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Manufacturer: (Standard floppy disk controllers)
Service: fdc

Name: Floppy disk drive
Description: Floppy disk drive
Manufacturer: (Standard floppy disk drives)
Service: flpydisk

Name: Motherboard resources
Description: Motherboard resources
Manufacturer: (Standard system devices)
Service:

Name: Motherboard resources
Description: Motherboard resources
Manufacturer: (Standard system devices)
Service:

Name: Motherboard resources
Description: Motherboard resources
Manufacturer: (Standard system devices)
Service:

Name: Intel® 82801EB Ultra ATA Storage Controllers - 24DB
Description: Intel® 82801EB Ultra ATA Storage Controllers - 24DB
Manufacturer: Intel
Service: intelide

Name: Primary IDE Channel
Description: Primary IDE Channel
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: WDC WD1200AB-22DYA0
Description: Disk drive
Manufacturer: (Standard disk drives)
Service: disk

Name: SAMSUNG SV0813H
Description: Disk drive
Manufacturer: (Standard disk drives)
Service: disk

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: HP DVD Writer 300n
Description: CD-ROM Drive
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: ASUS CRW-5232AS
Description: CD-ROM Drive
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: Intel® 82801EB SMBus Controller - 24D3
Description: Intel® 82801EB SMBus Controller - 24D3
Manufacturer: Intel
Service:

Name: SoundMAX Integrated Digital Audio
Description: SoundMAX Integrated Digital Audio
Manufacturer: Analog Devices, Inc.
Service: smwdm

Name: System board
Description: System board
Manufacturer: (Standard system devices)
Service:

Name: ACPI Power Button
Description: ACPI Power Button
Manufacturer: (Standard system devices)
Service:

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Manufacturer: (Standard system devices)
Service:

Name: Logical Disk Manager
Description: Logical Disk Manager
Manufacturer: (Standard system devices)
Service: dmio

Name: Generic volume
Description: Generic volume
Manufacturer: Microsoft
Service:

Name: Cisco Systems VPN Adapter - Deterministic Network Enhancer Miniport
Description: Deterministic Network Enhancer Miniport
Manufacturer: Deterministic Networks
Service: DNE

Name: WAN Miniport (IP) - Deterministic Network Enhancer Miniport
Description: Deterministic Network Enhancer Miniport
Manufacturer: Deterministic Networks
Service: DNE

Name: 3Com 3C905TX-based Ethernet Adapter (Generic) - Deterministic Network Enhancer Miniport
Description: Deterministic Network Enhancer Miniport
Manufacturer: Deterministic Networks
Service: DNE

Name: Juniper Network Connect Virtual Adapter
Description: Juniper Network Connect Virtual Adapter
Manufacturer: Juniper
Service: dsNcAdpt

Name: Volume Manager
Description: Volume Manager
Manufacturer: (Standard system devices)
Service: ftdisk

Name: Generic volume
Description: Generic volume
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Manufacturer: Microsoft
Service:

Name: AFD
Description: AFD
Manufacturer:
Service: AFD

Name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Manufacturer:
Service: Arp1394

Name: Beep
Description: Beep
Manufacturer:
Service: Beep

Name: dmboot
Description: dmboot
Manufacturer:
Service: dmboot

Name: dmload
Description: dmload
Manufacturer:
Service: dmload

Name: Fips
Description: Fips
Manufacturer:
Service: Fips

Name: FssFltr
Description: FssFltr
Manufacturer:
Service: fssfltr

Name: Generic Packet Classifier
Description: Generic Packet Classifier
Manufacturer:
Service: Gpc

Name: HTTP
Description: HTTP
Manufacturer:
Service: HTTP

Name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Manufacturer:
Service: IpFilterDriver

Name: IP Network Address Translator
Description: IP Network Address Translator
Manufacturer:
Service: IpNat

Name: IPSEC driver
Description: IPSEC driver
Manufacturer:
Service: IPSec

Name: ksecdd
Description: ksecdd
Manufacturer:
Service: ksecdd

Name: mnmdd
Description: mnmdd
Manufacturer:
Service: mnmdd

Name: modem
Description: modem
Manufacturer:
Service: modem

Name: mountmgr
Description: mountmgr
Manufacturer:
Service: mountmgr

Name: NDIS System Driver
Description: NDIS System Driver
Manufacturer:
Service: NDIS

Name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Manufacturer:
Service: NdisTapi

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Manufacturer:
Service: Ndisuio

Name: NDProxy
Description: NDProxy
Manufacturer:
Service: NDProxy

Name: NetBios over Tcpip
Description: NetBios over Tcpip
Manufacturer:
Service: NetBT

Name: Null
Description: Null
Manufacturer:
Service: Null

Name: PartMgr
Description: PartMgr
Manufacturer:
Service: PartMgr

Name: ParVdm
Description: ParVdm
Manufacturer:
Service: ParVdm

Name: PCIIde
Description: PCIIde
Manufacturer:
Service: PCIIde

Name: Profos
Description: Profos
Manufacturer:
Service: Profos

Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Manufacturer:
Service: RasAcd

Name: RDPCDD
Description: RDPCDD
Manufacturer:
Service: RDPCDD

Name: RDPWD
Description: RDPWD
Manufacturer:
Service: RDPWD

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Manufacturer:
Service: Tcpip

Name: TDTCP
Description: TDTCP
Manufacturer:
Service: TDTCP

Name: Trufos
Description: Trufos
Manufacturer:
Service: Trufos

Name: VgaSave
Description: VgaSave
Manufacturer:
Service: VgaSave

Name: VolSnap
Description: VolSnap
Manufacturer:
Service: VolSnap

Name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Manufacturer:
Service: Wanarp

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Manufacturer:
Service: Wdf01000

Name: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Description: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Manufacturer:
Service: WudfPf

Name: Audio Codecs
Description: Audio Codecs
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Audio Drivers
Description: Legacy Audio Drivers
Manufacturer: (Standard system devices)
Service: audstub

Name: Media Control Devices
Description: Media Control Devices
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Video Capture Devices
Description: Legacy Video Capture Devices
Manufacturer: (Standard system devices)
Service: audstub

Name: Video Codecs
Description: Video Codecs
Manufacturer: (Standard system devices)
Service: audstub

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Manufacturer: Microsoft
Service: Rasl2tp

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Manufacturer: Microsoft
Service: RasPppoe

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Manufacturer: Microsoft
Service: PptpMiniport

Name: 3Com 3C905TX-based Ethernet Adapter (Generic) - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Manufacturer: Microsoft
Service: PSched

Name: WAN Miniport (IP) - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Manufacturer: Microsoft
Service: PSched

Name: Cisco Systems VPN Adapter - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Manufacturer: Microsoft
Service: PSched

Name: Direct Parallel
Description: Direct Parallel
Manufacturer: Microsoft
Service: Raspti

Name: Terminal Server Device Redirector
Description: Terminal Server Device Redirector
Manufacturer: (Standard system devices)
Service: rdpdr

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Manufacturer: (Standard system devices)
Service: TermDD

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Manufacturer: (Standard system devices)
Service: TermDD

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Manufacturer: (Standard system devices)
Service: swenum

Name: Microsoft WINMM WDM Audio Compatibility Driver
Description: Microsoft WINMM WDM Audio Compatibility Driver
Manufacturer: Microsoft
Service: wdmaud

Name: Microsoft Kernel System Audio Device
Description: Microsoft Kernel System Audio Device
Manufacturer: Microsoft
Service: sysaudio

Name: Microcode Update Device
Description: Microcode Update Device
Manufacturer: (Standard system devices)
Service: update

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Manufacturer: (Standard system devices)
Service: mssmbios

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 2559.36 MB
Available physical RAM: 1934.59 MB
Total Pagefile: 4452.68 MB
Available Pagefile: 3908.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.96 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:111.78 GB) (Free:6.19 GB) NTFS
4 Drive f: (Frodo) (Fixed) (Total:74.56 GB) (Free:39.79 GB) NTFS
5 Drive g: () (Fixed) (Total:186.31 GB) (Free:91.63 GB) NTFS
6 Drive h: (Pippin) (Fixed) (Total:298.09 GB) (Free:228.34 GB) NTFS

========================= Users: ========================================

User accounts for \\VAIO

Administrator Boys Guest
HelpAssistant Joe Krista
SUPPORT_388945a0


**** End of log ****


Farbar Service Scanner
Ran by Joe (administrator) on 12-12-2011 at 09:32:44
Microsoft Windows XP Professional Service Pack 3 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline

**** End of log ****

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:46 AM

Posted 12 December 2011 - 05:57 PM

  • We need to get rid of the custom Hosts file made by spybot.
    Download HostsXpert.zip
    • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
    • Double-click HostsXpert.exe to run the program.
    • Click "Make Hosts Writable?" in the upper right corner (If available).
    • Click "Restore Microsoft's Hosts file" and then click "OK".
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
  • Please uninstall BitDefender too. You may install it as soon as you get the connection back. At this point we want to rule out any security program or firewall interference.

    After uninstalling BitDefender from Add/Remove programs might leave something beheind:

    How to uninstall BitDefender
  • I want to rule out any infection. Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.
  • Download aswMBR.exe ( 511KB ) to your desktop.
    • Double click the aswMBR.exe to run it.
    • If it asks to install Avast click "No".
    • Click the "Scan" button.
    • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Please tell me if you have driver for 3Com 3C905TX-based Ethernet Adapter (Generic) driver adapter. This is the only adapter working at the moment and we might need to reinstall it.
  • Have you disabled Cisco VPN yourself?
    Please do the following:
    • Go to start > right-click My computer and select Manage
    • In the left pane select Device Manger.
    • In the right pane expand Network Adapters.
    • Right-click Cisco Systems VPN Adapter and select Enable.
    • Please tell me what happens if you do that. Right-down the error if it gave you an error.


#7 joeb3817

joeb3817
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 12 December 2011 - 08:49 PM

So I completed all the tasks you asked me to do:
1)Ran Hostsxpert and restored the MS default
2)Removed Bitdefender with Revo
3)Ran TDSSkiller but I could not save the log. The system would not save it
4)Ran the aswMBR scan. Here are the results:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-12 20:39:56
-----------------------------
20:39:56.750 OS Version: Windows 5.1.2600 Service Pack 3
20:39:56.750 Number of processors: 2 586 0x304
20:39:56.750 ComputerName: VAIO UserName: Joe
20:39:57.078 Initialize success
20:40:05.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:40:05.906 Disk 0 Vendor: WDC_WD1200AB-22DYA0 15.05R15 Size: 114473MB BusType: 3
20:40:05.937 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
20:40:05.937 Disk 1 Vendor: SAMSUNG_SV0813H RJ100-15 Size: 76351MB BusType: 3
20:40:07.984 Disk 0 MBR read successfully
20:40:07.984 Disk 0 MBR scan
20:40:07.984 Disk 0 Windows XP default MBR code
20:40:07.984 Disk 0 scanning sectors +234420480
20:40:08.171 Disk 0 scanning C:\WINDOWS\system32\drivers
20:40:18.984 Service scanning
20:40:20.171 Modules scanning
20:40:26.078 Disk 0 trace - called modules:
20:40:26.093 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
20:40:26.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a975ab8]
20:40:26.093 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a9c29e8]
20:40:26.093 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a98bd98]
20:40:26.093 Scan finished successfully
20:40:35.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Joe\Desktop\MBR.dat"
20:40:35.484 The log file has been saved successfully to "C:\Documents and Settings\Joe\Desktop\aswMBR.txt"

5) I can download the driver easy enough
6) I enabled the Cisco VPN and no error came up

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:46 AM

Posted 13 December 2011 - 02:38 AM

Well done.

Ran TDSSkiller but I could not save the log. The system would not save it


Please go to C:\ root folder. The log is saved there. The Log have a name that starts with TDSSKiller like: TDSSKiller.Version_Date_Time_log.txt.

#9 joeb3817

joeb3817
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 13 December 2011 - 07:49 AM

20:32:31.0578 2480 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
20:32:31.0593 2480 ============================================================
20:32:31.0593 2480 Current date / time: 2011/12/12 20:32:31.0593
20:32:31.0593 2480 SystemInfo:
20:32:31.0593 2480
20:32:31.0593 2480 OS Version: 5.1.2600 ServicePack: 3.0
20:32:31.0593 2480 Product type: Workstation
20:32:31.0593 2480 ComputerName: VAIO
20:32:31.0593 2480 UserName: Joe
20:32:31.0593 2480 Windows directory: C:\WINDOWS
20:32:31.0593 2480 System windows directory: C:\WINDOWS
20:32:31.0593 2480 Processor architecture: Intel x86
20:32:31.0593 2480 Number of processors: 2
20:32:31.0593 2480 Page size: 0x1000
20:32:31.0593 2480 Boot type: Normal boot
20:32:31.0593 2480 ============================================================
20:32:32.0921 2480 Initialize success
20:32:49.0953 3508 ============================================================
20:32:49.0953 3508 Scan started
20:32:49.0953 3508 Mode: Manual; SigCheck; TDLFS;
20:32:49.0953 3508 ============================================================
20:32:50.0281 3508 Abiosdsk - ok
20:32:50.0343 3508 abp480n5 - ok
20:32:50.0406 3508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:32:50.0718 3508 ACPI - ok
20:32:50.0843 3508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:32:50.0984 3508 ACPIEC - ok
20:32:51.0062 3508 adpu160m - ok
20:32:51.0093 3508 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
20:32:51.0156 3508 aeaudio - ok
20:32:51.0265 3508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:32:51.0406 3508 aec - ok
20:32:51.0531 3508 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:32:51.0593 3508 AFD - ok
20:32:51.0703 3508 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:32:51.0843 3508 agp440 - ok
20:32:51.0921 3508 Aha154x - ok
20:32:51.0937 3508 aic78u2 - ok
20:32:51.0984 3508 aic78xx - ok
20:32:52.0015 3508 AliIde - ok
20:32:52.0046 3508 amsint - ok
20:32:52.0109 3508 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:32:52.0250 3508 Arp1394 - ok
20:32:52.0328 3508 asc - ok
20:32:52.0359 3508 asc3350p - ok
20:32:52.0390 3508 asc3550 - ok
20:32:52.0468 3508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:32:52.0625 3508 AsyncMac - ok
20:32:52.0734 3508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:32:52.0875 3508 atapi - ok
20:32:52.0937 3508 Atdisk - ok
20:32:53.0093 3508 ati2mtag (c51608bba3248be2f6d21b132910752a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:32:53.0359 3508 ati2mtag - ok
20:32:53.0500 3508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:32:53.0656 3508 Atmarpc - ok
20:32:53.0734 3508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:32:53.0890 3508 audstub - ok
20:32:53.0921 3508 bdfdll - ok
20:32:53.0937 3508 BDFsDrv - ok
20:32:53.0937 3508 BDRsDrv - ok
20:32:54.0046 3508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:32:54.0171 3508 Beep - ok
20:32:54.0281 3508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:32:54.0437 3508 cbidf2k - ok
20:32:54.0562 3508 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:32:54.0718 3508 CCDECODE - ok
20:32:54.0781 3508 cd20xrnt - ok
20:32:54.0828 3508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:32:54.0984 3508 Cdaudio - ok
20:32:55.0078 3508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:32:55.0218 3508 Cdfs - ok
20:32:55.0312 3508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:32:55.0468 3508 Cdrom - ok
20:32:55.0546 3508 Changer - ok
20:32:55.0578 3508 CmdIde - ok
20:32:55.0656 3508 Cpqarray - ok
20:32:55.0718 3508 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
20:32:55.0781 3508 CVirtA - ok
20:32:55.0859 3508 dac2w2k - ok
20:32:55.0890 3508 dac960nt - ok
20:32:55.0953 3508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:32:56.0109 3508 Disk - ok
20:32:56.0234 3508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:32:56.0421 3508 dmboot - ok
20:32:56.0578 3508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:32:56.0718 3508 dmio - ok
20:32:56.0828 3508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:32:56.0968 3508 dmload - ok
20:32:57.0078 3508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:32:57.0218 3508 DMusic - ok
20:32:57.0312 3508 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:32:57.0328 3508 DNE - ok
20:32:57.0406 3508 dpti2o - ok
20:32:57.0484 3508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:32:57.0625 3508 drmkaud - ok
20:32:57.0718 3508 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
20:32:57.0765 3508 dsNcAdpt - ok
20:32:57.0875 3508 EL90X (653394706ff5634f4b5180b8294badb1) C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
20:32:58.0015 3508 EL90X - ok
20:32:58.0140 3508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:32:58.0296 3508 Fastfat - ok
20:32:58.0375 3508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:32:58.0531 3508 Fdc - ok
20:32:58.0640 3508 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
20:32:58.0656 3508 FilterService - ok
20:32:58.0750 3508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:32:58.0890 3508 Fips - ok
20:32:59.0000 3508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:32:59.0140 3508 Flpydisk - ok
20:32:59.0250 3508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:32:59.0390 3508 FltMgr - ok
20:32:59.0500 3508 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:32:59.0515 3508 fssfltr - ok
20:32:59.0625 3508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:32:59.0781 3508 Fs_Rec - ok
20:32:59.0890 3508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:33:00.0031 3508 Ftdisk - ok
20:33:00.0125 3508 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:33:00.0140 3508 GEARAspiWDM - ok
20:33:00.0234 3508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:33:00.0375 3508 Gpc - ok
20:33:00.0484 3508 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:33:00.0656 3508 hidusb - ok
20:33:00.0734 3508 hpn - ok
20:33:00.0812 3508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:33:00.0890 3508 HTTP - ok
20:33:00.0984 3508 i2omgmt - ok
20:33:01.0031 3508 i2omp - ok
20:33:01.0093 3508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:33:01.0250 3508 i8042prt - ok
20:33:01.0359 3508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:33:01.0500 3508 Imapi - ok
20:33:01.0578 3508 ini910u - ok
20:33:01.0656 3508 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:33:01.0796 3508 IntelIde - ok
20:33:01.0890 3508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:33:02.0031 3508 intelppm - ok
20:33:02.0140 3508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:33:02.0296 3508 Ip6Fw - ok
20:33:02.0390 3508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:33:02.0546 3508 IpFilterDriver - ok
20:33:02.0656 3508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:33:02.0796 3508 IpInIp - ok
20:33:02.0906 3508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:33:03.0046 3508 IpNat - ok
20:33:03.0156 3508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:33:03.0296 3508 IPSec - ok
20:33:03.0406 3508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:33:03.0484 3508 IRENUM - ok
20:33:03.0578 3508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:33:03.0750 3508 isapnp - ok
20:33:03.0828 3508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:33:03.0984 3508 Kbdclass - ok
20:33:04.0078 3508 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:33:04.0203 3508 kbdhid - ok
20:33:04.0312 3508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:33:04.0453 3508 kmixer - ok
20:33:04.0546 3508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:33:04.0656 3508 KSecDD - ok
20:33:04.0843 3508 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
20:33:05.0078 3508 LBeepKE - ok
20:33:05.0140 3508 lbrtfdc - ok
20:33:05.0218 3508 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
20:33:05.0234 3508 LHidFilt - ok
20:33:05.0343 3508 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
20:33:05.0359 3508 LMouFilt - ok
20:33:05.0453 3508 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
20:33:05.0468 3508 lvpopflt - ok
20:33:05.0593 3508 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
20:33:05.0609 3508 LVRS - ok
20:33:05.0703 3508 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
20:33:05.0718 3508 LVUSBSta - ok
20:33:06.0000 3508 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
20:33:06.0234 3508 LVUVC - ok
20:33:06.0343 3508 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
20:33:06.0359 3508 MBAMProtector - ok
20:33:06.0468 3508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:33:06.0625 3508 mnmdd - ok
20:33:06.0734 3508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:33:06.0875 3508 Modem - ok
20:33:06.0968 3508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:33:07.0125 3508 Mouclass - ok
20:33:07.0203 3508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:33:07.0343 3508 mouhid - ok
20:33:07.0437 3508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:33:07.0593 3508 MountMgr - ok
20:33:07.0671 3508 mraid35x - ok
20:33:07.0734 3508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:33:07.0875 3508 MRxDAV - ok
20:33:08.0000 3508 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:33:08.0093 3508 MRxSmb - ok
20:33:08.0218 3508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:33:08.0359 3508 Msfs - ok
20:33:08.0484 3508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:33:08.0609 3508 MSKSSRV - ok
20:33:08.0718 3508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:33:08.0859 3508 MSPCLOCK - ok
20:33:08.0953 3508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:33:09.0093 3508 MSPQM - ok
20:33:09.0187 3508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:33:09.0343 3508 mssmbios - ok
20:33:09.0437 3508 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:33:09.0578 3508 MSTEE - ok
20:33:09.0687 3508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:33:09.0750 3508 Mup - ok
20:33:09.0843 3508 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:33:10.0000 3508 NABTSFEC - ok
20:33:10.0109 3508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:33:10.0250 3508 NDIS - ok
20:33:10.0343 3508 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:33:10.0500 3508 NdisIP - ok
20:33:10.0593 3508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:33:10.0640 3508 NdisTapi - ok
20:33:10.0750 3508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:33:10.0890 3508 Ndisuio - ok
20:33:10.0984 3508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:33:11.0140 3508 NdisWan - ok
20:33:11.0234 3508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:33:11.0281 3508 NDProxy - ok
20:33:11.0375 3508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:33:11.0531 3508 NetBIOS - ok
20:33:11.0671 3508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:33:11.0828 3508 NetBT - ok
20:33:11.0953 3508 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:33:12.0078 3508 NIC1394 - ok
20:33:12.0187 3508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:33:12.0328 3508 Npfs - ok
20:33:12.0453 3508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:33:12.0640 3508 Ntfs - ok
20:33:12.0750 3508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:33:12.0890 3508 Null - ok
20:33:12.0984 3508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:33:13.0140 3508 NwlnkFlt - ok
20:33:13.0234 3508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:33:13.0390 3508 NwlnkFwd - ok
20:33:13.0531 3508 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:33:13.0671 3508 ohci1394 - ok
20:33:13.0796 3508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:33:13.0937 3508 Parport - ok
20:33:14.0046 3508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:33:14.0171 3508 PartMgr - ok
20:33:14.0265 3508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:33:14.0406 3508 ParVdm - ok
20:33:14.0531 3508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:33:14.0671 3508 PCI - ok
20:33:14.0750 3508 PCIDump - ok
20:33:14.0796 3508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:33:14.0921 3508 PCIIde - ok
20:33:15.0031 3508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:33:15.0171 3508 Pcmcia - ok
20:33:15.0234 3508 PDCOMP - ok
20:33:15.0265 3508 PDFRAME - ok
20:33:15.0296 3508 PDRELI - ok
20:33:15.0328 3508 PDRFRAME - ok
20:33:15.0359 3508 perc2 - ok
20:33:15.0390 3508 perc2hib - ok
20:33:15.0515 3508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:33:15.0656 3508 PptpMiniport - ok
20:33:15.0687 3508 Profos - ok
20:33:15.0796 3508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:33:15.0921 3508 PSched - ok
20:33:16.0015 3508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:33:16.0156 3508 Ptilink - ok
20:33:16.0250 3508 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:33:16.0265 3508 PxHelp20 - ok
20:33:16.0328 3508 ql1080 - ok
20:33:16.0359 3508 Ql10wnt - ok
20:33:16.0390 3508 ql12160 - ok
20:33:16.0437 3508 ql1240 - ok
20:33:16.0468 3508 ql1280 - ok
20:33:16.0531 3508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:33:16.0656 3508 RasAcd - ok
20:33:16.0765 3508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:33:16.0921 3508 Rasl2tp - ok
20:33:17.0015 3508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:33:17.0156 3508 RasPppoe - ok
20:33:17.0250 3508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:33:17.0406 3508 Raspti - ok
20:33:17.0500 3508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:33:17.0640 3508 Rdbss - ok
20:33:17.0734 3508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:33:17.0875 3508 RDPCDD - ok
20:33:17.0984 3508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:33:18.0140 3508 rdpdr - ok
20:33:18.0250 3508 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:33:18.0296 3508 RDPWD - ok
20:33:18.0406 3508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:33:18.0546 3508 redbook - ok
20:33:18.0656 3508 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
20:33:18.0718 3508 RimUsb - ok
20:33:18.0843 3508 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
20:33:19.0000 3508 sbp2port - ok
20:33:19.0093 3508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:33:19.0171 3508 Secdrv - ok
20:33:19.0281 3508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:33:19.0421 3508 Serial - ok
20:33:19.0562 3508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:33:19.0703 3508 Sfloppy - ok
20:33:19.0796 3508 Simbad - ok
20:33:19.0859 3508 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:33:20.0000 3508 SLIP - ok
20:33:20.0156 3508 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
20:33:20.0187 3508 smwdm - ok
20:33:20.0281 3508 Sparrow - ok
20:33:20.0375 3508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:33:20.0515 3508 splitter - ok
20:33:20.0625 3508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:33:20.0703 3508 sr - ok
20:33:20.0828 3508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:33:20.0921 3508 Srv - ok
20:33:21.0046 3508 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:33:21.0187 3508 streamip - ok
20:33:21.0281 3508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:33:21.0421 3508 swenum - ok
20:33:21.0531 3508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:33:21.0687 3508 swmidi - ok
20:33:21.0765 3508 symc810 - ok
20:33:21.0796 3508 symc8xx - ok
20:33:21.0828 3508 sym_hi - ok
20:33:21.0859 3508 sym_u3 - ok
20:33:21.0937 3508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:33:22.0078 3508 sysaudio - ok
20:33:22.0343 3508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:33:22.0609 3508 Tcpip - ok
20:33:22.0734 3508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:33:22.0875 3508 TDPIPE - ok
20:33:22.0968 3508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:33:23.0125 3508 TDTCP - ok
20:33:23.0218 3508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:33:23.0359 3508 TermDD - ok
20:33:23.0437 3508 TosIde - ok
20:33:23.0500 3508 Trufos - ok
20:33:23.0609 3508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:33:23.0781 3508 Udfs - ok
20:33:23.0843 3508 ultra - ok
20:33:23.0937 3508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:33:24.0109 3508 Update - ok
20:33:24.0234 3508 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:33:24.0281 3508 USBAAPL - ok
20:33:24.0390 3508 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:33:24.0546 3508 usbaudio - ok
20:33:24.0640 3508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:33:24.0781 3508 usbccgp - ok
20:33:24.0875 3508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:33:25.0031 3508 usbehci - ok
20:33:25.0125 3508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:33:25.0265 3508 usbhub - ok
20:33:25.0359 3508 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:33:25.0500 3508 usbprint - ok
20:33:25.0625 3508 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:33:25.0765 3508 usbscan - ok
20:33:25.0875 3508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:33:26.0015 3508 USBSTOR - ok
20:33:26.0125 3508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:33:26.0265 3508 usbuhci - ok
20:33:26.0375 3508 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:33:26.0515 3508 usbvideo - ok
20:33:26.0625 3508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:33:26.0781 3508 VgaSave - ok
20:33:26.0859 3508 ViaIde - ok
20:33:26.0921 3508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:33:27.0062 3508 VolSnap - ok
20:33:27.0171 3508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:33:27.0312 3508 Wanarp - ok
20:33:27.0437 3508 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:33:27.0453 3508 Wdf01000 - ok
20:33:27.0578 3508 WDICA - ok
20:33:27.0828 3508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:33:28.0015 3508 wdmaud - ok
20:33:28.0171 3508 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:33:28.0250 3508 WpdUsb - ok
20:33:28.0359 3508 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:33:28.0500 3508 WSTCODEC - ok
20:33:28.0671 3508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:33:28.0734 3508 WudfPf - ok
20:33:28.0843 3508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:33:28.0859 3508 WudfRd - ok
20:33:28.0921 3508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:33:29.0828 3508 \Device\Harddisk0\DR0 - ok
20:33:29.0843 3508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:33:29.0921 3508 \Device\Harddisk1\DR1 - ok
20:33:29.0937 3508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
20:33:30.0390 3508 \Device\Harddisk2\DR4 - ok
20:33:30.0406 3508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR5
20:33:30.0546 3508 \Device\Harddisk3\DR5 - ok
20:33:30.0593 3508 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk4\DR8
20:33:31.0812 3508 \Device\Harddisk4\DR8 - ok
20:33:31.0828 3508 Boot (0x1200) (86782d28d047c22c1fd852bec9ef3bb8) \Device\Harddisk0\DR0\Partition0
20:33:31.0828 3508 \Device\Harddisk0\DR0\Partition0 - ok
20:33:31.0828 3508 Boot (0x1200) (b630267227ff135618a638ee64c6ea67) \Device\Harddisk2\DR4\Partition0
20:33:31.0843 3508 \Device\Harddisk2\DR4\Partition0 - ok
20:33:31.0843 3508 Boot (0x1200) (a6a3ef20ccd2af8f249b0a2388d54c46) \Device\Harddisk3\DR5\Partition0
20:33:31.0843 3508 \Device\Harddisk3\DR5\Partition0 - ok
20:33:31.0859 3508 Boot (0x1200) (df037f9523f5939f94fdf30d4eb37875) \Device\Harddisk4\DR8\Partition0
20:33:31.0875 3508 \Device\Harddisk4\DR8\Partition0 - ok
20:33:31.0875 3508 ============================================================
20:33:31.0875 3508 Scan finished
20:33:31.0875 3508 ============================================================
20:33:32.0000 3484 Detected object count: 0
20:33:32.0000 3484 Actual detected object count: 0
20:35:23.0656 4068 Deinitialize success

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:46 AM

Posted 13 December 2011 - 08:55 AM

That is good. We have seen no sign of any infection. The problem is a technical issue.

  • Please download the driver for 3Com 3C905TX-based Ethernet Adapter (Generic). Don't install it yet.
  • Please do the following:
    • Go to start > right-click My computer and select Manage
    • In the left pane select Device Manger.
    • In the right pane expand Network Adapters.
    • Right-click 3Com 3C905TX-based Ethernet Adapter (Generic) and select Uninstall. Confirm the prompt.
  • Now reboot the computer. See if the adapter is installed automatically. In that case check the connection. If you have no connection repeat step 2. But this time install the driver you have downloaded and then reboot and check the connection.
  • In case you still have no connection please run a scan with Farbar Service Scanner and post the log.
    Also run MiniToolBox: Check the followings:
    -List last 10 Event Viewer log
    -List Devices.
    Click Go and post the log.


#11 joeb3817

joeb3817
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 13 December 2011 - 11:03 AM

I will do that when I have access to the computer later today. But I have
actually uninstalled/reinstalled the driver. I did that early last week

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:46 AM

Posted 13 December 2011 - 03:01 PM

If you have already done it no need to do it.

Please do the following, if you have not done it yet:

Go to Start => Run, copy and paste the following line in the Run box and press Enter:

cmd /c netsh int ip reset c:\reset.log

A black command window opens and closes. This is normal.

#13 joeb3817

joeb3817
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 13 December 2011 - 08:47 PM

So I uninstalled the driver and then reinstalled it.
The device is no longer working not sure if the driver would load or not as I could not tell.
Enclosed are the 2 logs you requested.
MiniToolBox by Farbar
Ran by Joe (administrator) on 13-12-2011 at 20:43:53
Microsoft Windows XP Professional Service Pack 3 (X86)

***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/13/2011 08:09:36 PM) (Source: Application Hang) (User: )
Description: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/13/2011 08:09:34 PM) (Source: Application Hang) (User: )
Description: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/11/2011 11:32:42 AM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]

Error: (12/11/2011 11:30:23 AM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]

Error: (12/11/2011 11:06:21 AM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]

Error: (12/11/2011 10:37:13 AM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (12/11/2011 10:36:55 AM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (12/10/2011 11:09:06 PM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (12/10/2011 11:06:01 PM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (12/10/2011 11:01:21 PM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed


System errors:
=============
Error: (12/13/2011 08:13:16 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (12/13/2011 08:12:59 PM) (Source: 0) (User: )
Description:

Error: (12/13/2011 08:12:59 PM) (Source: 0) (User: )
Description:

Error: (12/13/2011 08:12:59 PM) (Source: 0) (User: )
Description:

Error: (12/13/2011 08:12:59 PM) (Source: 0) (User: )
Description:

Error: (12/13/2011 08:12:59 PM) (Source: 0) (User: )
Description:

Error: (12/13/2011 07:37:41 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (12/13/2011 07:37:22 PM) (Source: 0) (User: )
Description:

Error: (12/13/2011 07:37:22 PM) (Source: 0) (User: )
Description:

Error: (12/13/2011 07:37:22 PM) (Source: 0) (User: )
Description:


Microsoft Office Sessions:
=========================
Error: (08/11/2010 10:17:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 147 seconds with 60 seconds of active time. This session ended with a crash.


========================= Devices: ================================

Name: ACPI Multiprocessor PC
Description: ACPI Multiprocessor PC
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Manufacturer: Microsoft
Service: ACPI

Name: Intel® Pentium® 4 CPU 2.80GHz
Description: Intel Processor
Manufacturer: Intel
Service: intelppm

Name: Intel® Pentium® 4 CPU 2.80GHz
Description: Intel Processor
Manufacturer: Intel
Service: intelppm

Name: PCI bus
Description: PCI bus
Manufacturer: (Standard system devices)
Service: pci

Name: Intel® 82865G/PE/P/GV/82848P Processor to I/O Controller - 2570
Description: Intel® 82865G/PE/P/GV/82848P Processor to I/O Controller - 2570
Manufacturer: Intel
Service:

Name: Intel® 82865G/PE/P/GV/82848P Processor to AGP Controller - 2571
Description: Intel® 82865G/PE/P/GV/82848P Processor to AGP Controller - 2571
Manufacturer: Intel
Service: pci

Name: ATI Radeon 9600/9550/X1050 Series
Description: ATI Radeon 9600/9550/X1050 Series
Manufacturer: ATI Technologies Inc.
Service: ati2mtag

Name: Plug and Play Monitor
Description: Plug and Play Monitor
Manufacturer: (Standard monitor types)
Service:

Name: ATI Radeon 9600/9550/X1050 Series - Secondary
Description: ATI Radeon 9600/9550/X1050 Series - Secondary
Manufacturer: ATI Technologies Inc.
Service: ati2mtag

Name: Intel® 82801EB USB Universal Host Controller - 24D2
Description: Intel® 82801EB USB Universal Host Controller - 24D2
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 82801EB USB Universal Host Controller - 24D4
Description: Intel® 82801EB USB Universal Host Controller - 24D4
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Composite Device
Description: USB Composite Device
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: USB Human Interface Device
Description: USB Human Interface Device
Manufacturer: (Standard system devices)
Service: HidUsb

Name: HID-compliant mouse
Description: HID-compliant mouse
Manufacturer: Microsoft
Service: mouhid

Name: USB Human Interface Device
Description: USB Human Interface Device
Manufacturer: (Standard system devices)
Service: HidUsb

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Manufacturer: Microsoft
Service:

Name: HID-compliant device
Description: HID-compliant device
Manufacturer: (Standard system devices)
Service:

Name: HID-compliant device
Description: HID-compliant device
Manufacturer: (Standard system devices)
Service:

Name: Intel® 82801EB USB Universal Host Controller - 24D7
Description: Intel® 82801EB USB Universal Host Controller - 24D7
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 82801EB USB Universal Host Controller - 24DE
Description: Intel® 82801EB USB Universal Host Controller - 24DE
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: Kingston DataTraveler 2.0 USB Device
Description: Disk drive
Manufacturer: (Standard disk drives)
Service: disk

Name: Generic volume
Description: Generic volume
Manufacturer: Microsoft
Service:

Name: Intel® 82801 PCI Bridge - 244E
Description: Intel® 82801 PCI Bridge - 244E
Manufacturer: Intel
Service: pci

Name: VIA Rev 5 or later USB Universal Host Controller
Description: VIA Rev 5 or later USB Universal Host Controller
Manufacturer: VIA Technologies
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: VIA Rev 5 or later USB Universal Host Controller
Description: VIA Rev 5 or later USB Universal Host Controller
Manufacturer: VIA Technologies
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: VIA USB Enhanced Host Controller
Description: VIA USB Enhanced Host Controller
Manufacturer: VIA Technologies
Service: usbehci

Name: USB Root Hub
Description: USB Root Hub
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: WDC WD20 00JD-98HBB0 USB Device
Description: Disk drive
Manufacturer: (Standard disk drives)
Service: disk

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: Maxtor OneTouch II USB Device
Description: Disk drive
Manufacturer: (Standard disk drives)
Service: disk

Name: Logitech USB Camera (Pro 5000)
Description: Logitech USB Camera (Pro 5000)
Manufacturer: Logitech
Service: usbccgp

Name: Logitech QuickCam Pro 5000
Description: Logitech QuickCam Pro 5000
Manufacturer: Logitech
Service: LVUVC

Name: Logitech Mic (Pro 5000)
Description: Logitech Mic (Pro 5000)
Manufacturer: Logitech
Service: usbaudio

Name: NEC OHCI Compliant IEEE 1394 Host Controller
Description: NEC OHCI Compliant IEEE 1394 Host Controller
Manufacturer: NEC
Service: ohci1394

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Manufacturer: Microsoft
Service: NIC1394

Name: Intel® 82801EB LPC Interface Controller - 24D0
Description: Intel® 82801EB LPC Interface Controller - 24D0
Manufacturer: Intel
Service: isapnp

Name: ISAPNP Read Data Port
Description: ISAPNP Read Data Port
Manufacturer: (Standard system devices)
Service:

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Manufacturer: (Standard system devices)
Service:

Name: Direct memory access controller
Description: Direct memory access controller
Manufacturer: (Standard system devices)
Service:

Name: System timer
Description: System timer
Manufacturer: (Standard system devices)
Service:

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Manufacturer: (Standard system devices)
Service:

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Manufacturer: (Standard keyboards)
Service: i8042prt

Name: System speaker
Description: System speaker
Manufacturer: (Standard system devices)
Service:

Name: Numeric data processor
Description: Numeric data processor
Manufacturer: (Standard system devices)
Service:

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Manufacturer: (Standard floppy disk controllers)
Service: fdc

Name: Floppy disk drive
Description: Floppy disk drive
Manufacturer: (Standard floppy disk drives)
Service: flpydisk

Name: Motherboard resources
Description: Motherboard resources
Manufacturer: (Standard system devices)
Service:

Name: Motherboard resources
Description: Motherboard resources
Manufacturer: (Standard system devices)
Service:

Name: Motherboard resources
Description: Motherboard resources
Manufacturer: (Standard system devices)
Service:

Name: Intel® 82801EB Ultra ATA Storage Controllers - 24DB
Description: Intel® 82801EB Ultra ATA Storage Controllers - 24DB
Manufacturer: Intel
Service: intelide

Name: Primary IDE Channel
Description: Primary IDE Channel
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: WDC WD1200AB-22DYA0
Description: Disk drive
Manufacturer: (Standard disk drives)
Service: disk

Name: SAMSUNG SV0813H
Description: Disk drive
Manufacturer: (Standard disk drives)
Service: disk

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: HP DVD Writer 300n
Description: CD-ROM Drive
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: ASUS CRW-5232AS
Description: CD-ROM Drive
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: Intel® 82801EB SMBus Controller - 24D3
Description: Intel® 82801EB SMBus Controller - 24D3
Manufacturer: Intel
Service:

Name: SoundMAX Integrated Digital Audio
Description: SoundMAX Integrated Digital Audio
Manufacturer: Analog Devices, Inc.
Service: smwdm

Name: System board
Description: System board
Manufacturer: (Standard system devices)
Service:

Name: ACPI Power Button
Description: ACPI Power Button
Manufacturer: (Standard system devices)
Service:

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Manufacturer: (Standard system devices)
Service:

Name: Logical Disk Manager
Description: Logical Disk Manager
Manufacturer: (Standard system devices)
Service: dmio

Name: Generic volume
Description: Generic volume
Manufacturer: Microsoft
Service:

Name: Cisco Systems VPN Adapter - Deterministic Network Enhancer Miniport
Description: Deterministic Network Enhancer Miniport
Manufacturer: Deterministic Networks
Service: DNE

Name: WAN Miniport (IP) - Deterministic Network Enhancer Miniport
Description: Deterministic Network Enhancer Miniport
Manufacturer: Deterministic Networks
Service: DNE

Name: Juniper Network Connect Virtual Adapter
Description: Juniper Network Connect Virtual Adapter
Manufacturer: Juniper
Service: dsNcAdpt

Name: Volume Manager
Description: Volume Manager
Manufacturer: (Standard system devices)
Service: ftdisk

Name: Generic volume
Description: Generic volume
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Manufacturer: Microsoft
Service:

Name: AFD
Description: AFD
Manufacturer:
Service: AFD

Name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Manufacturer:
Service: Arp1394

Name: Beep
Description: Beep
Manufacturer:
Service: Beep

Name: dmboot
Description: dmboot
Manufacturer:
Service: dmboot

Name: dmload
Description: dmload
Manufacturer:
Service: dmload

Name: Fips
Description: Fips
Manufacturer:
Service: Fips

Name: FssFltr
Description: FssFltr
Manufacturer:
Service: fssfltr

Name: Generic Packet Classifier
Description: Generic Packet Classifier
Manufacturer:
Service: Gpc

Name: HTTP
Description: HTTP
Manufacturer:
Service: HTTP

Name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Manufacturer:
Service: IpFilterDriver

Name: IP Network Address Translator
Description: IP Network Address Translator
Manufacturer:
Service: IpNat

Name: IPSEC driver
Description: IPSEC driver
Manufacturer:
Service: IPSec

Name: ksecdd
Description: ksecdd
Manufacturer:
Service: ksecdd

Name: mnmdd
Description: mnmdd
Manufacturer:
Service: mnmdd

Name: modem
Description: modem
Manufacturer:
Service: modem

Name: mountmgr
Description: mountmgr
Manufacturer:
Service: mountmgr

Name: NDIS System Driver
Description: NDIS System Driver
Manufacturer:
Service: NDIS

Name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Manufacturer:
Service: NdisTapi

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Manufacturer:
Service: Ndisuio

Name: NDProxy
Description: NDProxy
Manufacturer:
Service: NDProxy

Name: NetBios over Tcpip
Description: NetBios over Tcpip
Manufacturer:
Service: NetBT

Name: Null
Description: Null
Manufacturer:
Service: Null

Name: PartMgr
Description: PartMgr
Manufacturer:
Service: PartMgr

Name: ParVdm
Description: ParVdm
Manufacturer:
Service: ParVdm

Name: PCIIde
Description: PCIIde
Manufacturer:
Service: PCIIde

Name: Profos
Description: Profos
Manufacturer:
Service: Profos

Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Manufacturer:
Service: RasAcd

Name: RDPCDD
Description: RDPCDD
Manufacturer:
Service: RDPCDD

Name: RDPWD
Description: RDPWD
Manufacturer:
Service: RDPWD

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Manufacturer:
Service: Tcpip

Name: TDTCP
Description: TDTCP
Manufacturer:
Service: TDTCP

Name: Trufos
Description: Trufos
Manufacturer:
Service: Trufos

Name: VgaSave
Description: VgaSave
Manufacturer:
Service: VgaSave

Name: VolSnap
Description: VolSnap
Manufacturer:
Service: VolSnap

Name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Manufacturer:
Service: Wanarp

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Manufacturer:
Service: Wdf01000

Name: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Description: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Manufacturer:
Service: WudfPf

Name: Audio Codecs
Description: Audio Codecs
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Audio Drivers
Description: Legacy Audio Drivers
Manufacturer: (Standard system devices)
Service: audstub

Name: Media Control Devices
Description: Media Control Devices
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Video Capture Devices
Description: Legacy Video Capture Devices
Manufacturer: (Standard system devices)
Service: audstub

Name: Video Codecs
Description: Video Codecs
Manufacturer: (Standard system devices)
Service: audstub

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Manufacturer: Microsoft
Service: Rasl2tp

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Manufacturer: Microsoft
Service: RasPppoe

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Manufacturer: Microsoft
Service: PptpMiniport

Name: WAN Miniport (IP) - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Manufacturer: Microsoft
Service: PSched

Name: Cisco Systems VPN Adapter - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Manufacturer: Microsoft
Service: PSched

Name: Direct Parallel
Description: Direct Parallel
Manufacturer: Microsoft
Service: Raspti

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Manufacturer: Cisco Systems
Service: CVirtA

Name: Terminal Server Device Redirector
Description: Terminal Server Device Redirector
Manufacturer: (Standard system devices)
Service: rdpdr

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Manufacturer: (Standard system devices)
Service: TermDD

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Manufacturer: (Standard system devices)
Service: TermDD

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Manufacturer: (Standard system devices)
Service: swenum

Name: Microsoft WINMM WDM Audio Compatibility Driver
Description: Microsoft WINMM WDM Audio Compatibility Driver
Manufacturer: Microsoft
Service: wdmaud

Name: Microsoft Kernel System Audio Device
Description: Microsoft Kernel System Audio Device
Manufacturer: Microsoft
Service: sysaudio

Name: Microcode Update Device
Description: Microcode Update Device
Manufacturer: (Standard system devices)
Service: update

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Manufacturer: (Standard system devices)
Service: mssmbios

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


**** End of log ****


Farbar Service Scanner
Ran by Joe (administrator) on 13-12-2011 at 20:09:51
Microsoft Windows XP Professional Service Pack 3 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

**** End of log ****

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:46 AM

Posted 13 December 2011 - 08:59 PM

Name: Ethernet Controller
Description: Ethernet Controller
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

That is our problem. It was on the log before and it is not taken care yet. For some reason the driver doesn't get installed.

Start in Safe Mode Using the F8 key:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
  • Log to your usual account.

Now please repeat the steps to uninstall the device and reinstall it again in safe mode.

#15 joeb3817

joeb3817
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 14 December 2011 - 07:57 PM

So tried to install the device and driver and it fails.
I used a package from 3com that has all the drivers included.
The package runs a setup and installs the driver then reboots the system.
The device does not appear to be installed. So I tried to update the driver and it fails.
Cannot find the driver for this device.
Updated logs arebelow

Farbar Service Scanner
Ran by Joe (administrator) on 14-12-2011 at 19:53:49
Microsoft Windows XP Professional Service Pack 3 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

**** End of log ****

MiniToolBox by Farbar
Ran by Joe (administrator) on 14-12-2011 at 19:55:13
Microsoft Windows XP Professional Service Pack 3 (X86)

***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/13/2011 09:14:34 PM) (Source: Application Error) (User: )
Description: Faulting application CQFIEUSNF.exe, version 1.71.0.0, faulting module CQFIEUSNF.exe, version 1.71.0.0, fault address 0x00020c8b.
Processing media-specific event for [CQFIEUSNF.exe!ws!]

Error: (12/13/2011 08:09:36 PM) (Source: Application Hang) (User: )
Description: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/13/2011 08:09:34 PM) (Source: Application Hang) (User: )
Description: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/11/2011 11:32:42 AM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]

Error: (12/11/2011 11:30:23 AM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]

Error: (12/11/2011 11:06:21 AM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]

Error: (12/11/2011 10:37:13 AM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (12/11/2011 10:36:55 AM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (12/10/2011 11:09:06 PM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (12/10/2011 11:06:01 PM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed


System errors:
=============
Error: (12/14/2011 07:54:27 PM) (Source: DCOM) (User: Joe)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/14/2011 07:51:09 PM) (Source: DCOM) (User: Joe)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/14/2011 07:50:32 PM) (Source: DCOM) (User: Joe)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/14/2011 07:50:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm

Error: (12/14/2011 07:50:05 PM) (Source: DCOM) (User: Joe)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/14/2011 07:49:52 PM) (Source: DCOM) (User: Joe)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/14/2011 07:49:08 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/14/2011 07:47:40 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/14/2011 07:47:25 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/14/2011 07:45:37 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (08/11/2010 10:17:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 147 seconds with 60 seconds of active time. This session ended with a crash.


========================= Devices: ================================

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users