Laptop seems infected - please help

Smiler81 · Sep 6, 2010

Hi, i am trying to clean a laptop that was given to me by a friend. Since it wasn't mine originally i do not have that much experience with the symptoms but according to my friend they are as follows:

"To start off with it was just taking an age to load, then once loaded it wouldn't let me log on to internet, applications then just freeze a few minutes after and not let me do anything. Before all this though if I ran any applications and stayed in them for half an hour say it would just switch itself off, even with full battery and plugged in."

I've also noticed that his Mcafee doesnt seem to do much when i try to open it, and windows security centre apparently won't activate. Also his CPU and RAM specs are missing in System and Maintenance.

I don't have the windows install disc - but can check with my friend if it turns out i need it.

Thanks in advance!

DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 10:46:25.54 on 06/09/2010
Internet Explorer: 8.0.6001.18928

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2080124
mStart Page = hxxp://uk.yahoo.com
mDefault_Page_URL = hxxp://uk.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\media access startup\1.5.6.910\HPIEAddOn.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving optimizer\3.7.0.4550\NPIEAddOn.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.4.0.970\ssd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [<NO NAME>]
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://skyonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvucricket.com/player/vjocx-en.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

==================== Find3M ====================

2010-07-18 02:23:46 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-18 02:23:46 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-18 02:23:45 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-18 02:23:45 143360 ----a-w- c:\windows\inf\infstor.dat
2010-07-18 02:23:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-18 02:23:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-07-16 20:19:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-07-16 19:01:47 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-02-06 01:18:30 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-01-24 03:30:04 76 --sh--r- c:\windows\CT4CET.bin
2010-01-21 13:39:55 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-01-21 13:39:55 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-01-21 13:39:55 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-04-27 13:48:04 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-04-27 13:48:04 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-04-27 13:48:04 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2008-01-24 10:59:45 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:49:59.48 ===============

Smiler81 · Sep 9, 2010

Bump, please.

Ried · Sep 11, 2010

Hello Smiler81,

Let's start off with Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Also run a new scan with dds.scr and post a fresh dds.txt, and an update on system behaviour. What symptoms remain?

Smiler81 · Sep 12, 2010

I followed your instructions. One problem though - since the laptop is unable to connect to the internet i was unable to update the anti-malware programme, so i just ran the unupdated version.

After running it the laptop still seems like it has problems. The symptoms i mentioned in my original post still seem to remain. I have not however attempted to connect to the internet since i was fearful of the risk of infecting other computers on our home network. I don't know how much of a risk this actually poses?

The files you requested are posted below:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

12/09/2010 22:02:52
mbam-log-2010-09-12 (22-02-52).txt

Scan type: Quick scan
Objects scanned: 149834
Time elapsed: 10 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 34
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 23
Files Infected: 42

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.4.0.970 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.4.0.970\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Media Access Startup\1.5.6.910\HPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.4.0.970\ssd.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\NPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\BASE\vbase.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090308152454922.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090308180553140.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090309175605843.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090310173254843.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090311181333118.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.6.910\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.4.0.970\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.4.0.970\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.4.0.970\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.4.0.970\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.4.0.970\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Windows\sonce123198.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 22:12:23.37 on 12/09/2010
Internet Explorer: 8.0.6001.18928

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2080124
mStart Page = hxxp://uk.yahoo.com
mDefault_Page_URL = hxxp://uk.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [<NO NAME>]
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://skyonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvucricket.com/player/vjocx-en.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-09-12 20:51:32 0 d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2010-09-12 20:51:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 20:51:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-12 20:51:19 0 d-----w- c:\programdata\Malwarebytes
2010-09-12 20:51:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-07-18 02:23:46 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-18 02:23:46 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-18 02:23:45 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-18 02:23:45 143360 ----a-w- c:\windows\inf\infstor.dat
2010-07-18 02:23:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-18 02:23:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-07-16 20:19:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-07-16 19:01:47 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-02-06 01:18:30 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-01-24 03:30:04 76 --sh--r- c:\windows\CT4CET.bin
2010-01-21 13:39:55 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-01-21 13:39:55 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-01-21 13:39:55 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-06-10 00:29:52 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-04-27 13:48:04 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-04-27 13:48:04 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-04-27 13:48:04 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2008-01-24 10:59:45 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:16:07.42 ===============

Ried · Sep 13, 2010

It should be able to connect to the internet after MBAM took out Media Access. Do try - it will not pose a threat to the other machines on the network.

Download ComboFix from one of these locations:

Link 1
Link 2

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.

---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Drag the setup package onto ComboFix.exe and drop it.
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
At the next prompt, click 'Yes' to run the full ComboFix scan.
When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply along with an update on system behavior.

Smiler81 · Sep 13, 2010

Hi,

i am still unable to connect to the internet since the laptop in question is unable to detect any wireless networks. Furthermore, the network diagnosis tool did not seem to be working. I am assuming this is all virus related rather than due to my unfamiliarity with vista.

The link you gave me for the recovery disk setup directed me to install a setup disk for XP (the OS of the laptop i am using here), however the infected laptop is using Vista. Should i not therefore be downloading a setup disk for Vista?

Regards

Ried · Sep 13, 2010

My apologies, there is no Recovery Console download for Vista. Vista has what is known as Recovery Environment accessible via Repair your computer option, or via the Vista install disk.

Please proceed with running ComboFix.

Smiler81 · Sep 13, 2010

Hi,

i've tried running comobofix but it seems to be stuck at the "attempting to create a new system restore point" part. Initially a progress bar did pop up and completed but since then it hasn't done much. The cursor is still blinking.

I waited for about an hour and half and then decided to try to close it down to try again but it won't close. Ctrl +alt +delete does nothing. Should I force a restart and then try again? Since i tried to close it the clock in the bottom right seems to have froze so i assume the whole laptop has froze - though the cursor is still blinking.

Ried · Sep 13, 2010

As much as I dislike hard shut downs, yes. If you can't bring up Task Manager end process on any files with a .cfexe extension, then yes - force a restart.

Boot into Safe Mode and try running ComboFix from there.

Smiler81 · Sep 13, 2010

Have now tried it in safe mode. When the -c.bat window comes up i get a message that the system cannot find message text for message number 0x8.

I then get a two messages saying something about how i do not have admnistrator permisson - access denied, even though i right clicked and ran the programme as an administrator.

Anyway, it did then proceed however it did not open a log at the end. It did say it was generating one but nothing ever opened.

I have since rebooted in normal mode. Many of the original symptoms still seem to remain and i still cannot detect any wireless networks, however the CPU and RAM details are now present under system and maintenance, so that is some improvement.

Ried · Sep 13, 2010

McAfee is interfering with ComboFix being able to complete.

Now that McAfee is working again, I'll need for you to go in and properly disable it. Open McAfee Security Center

Under Common Tasks click on Home
Click Computer Files
Click Configure
Make sure the following are disabled by ticking the "Off" button.

Virus protection
Spyware protection
System Guards Protection
Script Scanning Protection (you may have to scroll down to see it)
Next, select never for "When to re-enable real time scanning"
and click OK.

Now try again to run ComboFix. If you see the message again about not having admin priveleges, wait it out. It's an internal fight with the malware for control. :wink:

Smiler81 · Sep 13, 2010

The problem with mcafee is that it doesn't seem to respond. When i try to open it the McAfee logo flashes up briefly but then nothing happens. I checked the task manager and all the processes related to McAfee were stopped. Also i cant see an 'M' in the tray.

Having checked that, i tried combofix again this time back in normal mode and lo and behold it seemed to run fine so i've posted the log below.

Symptoms seem to remain though. I still cant detect any wireless networks but maybe that is me being a dunce on vista. When i try to diagnose i end up in a 'services' window to run 'diagnostic policy service' but it doesn't seem to be letting me alter the status of any of the services

ComboFix 10-09-12.04 - Admin 13/09/2010 19:37:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1438 [GMT 1:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))
.

2010-09-13 18:50 . 2010-09-13 18:50 -------- d-----w- c:\users\Smiles\AppData\Local\temp
2010-09-13 18:50 . 2010-09-13 18:50 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-09-13 18:50 . 2010-09-13 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-13 18:50 . 2010-09-13 18:50 -------- d-----w- c:\users\Chris_2.Chris-PC\AppData\Local\temp
2010-09-13 18:50 . 2010-09-13 18:50 -------- d-----w- c:\users\Admin\AppData\Local\temp
2010-09-13 18:43 . 2010-09-13 18:43 -------- d-----w- c:\users\Admin\AppData\Local\Apple
2010-09-13 14:38 . 2010-09-13 14:38 -------- d-----w- C:\found.000
2010-09-12 20:51 . 2010-09-12 20:51 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2010-09-12 20:51 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 20:51 . 2010-09-12 20:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-12 20:51 . 2010-09-12 20:51 -------- d-----w- c:\programdata\Malwarebytes
2010-09-12 20:51 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 17:11 . 2010-08-04 17:11 93576 ----a-w- c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-03 19:18 . 2009-05-10 16:38 -------- d-----w- c:\program files\Steam
2010-08-03 17:21 . 2010-08-03 17:21 93576 ----a-w- c:\users\Smiles\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-01 13:30 . 2010-07-29 13:33 1356 ----a-w- c:\users\Chris_2.Chris-PC\AppData\Local\d3d9caps.dat
2010-08-01 11:50 . 2010-08-01 11:50 -------- d-----w- c:\users\Chris_2.Chris-PC\AppData\Roaming\DriverCure
2010-08-01 11:50 . 2009-02-24 23:33 -------- d-----w- c:\programdata\DriverCure
2010-07-30 18:45 . 2008-01-24 03:19 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-28 22:40 . 2010-07-28 22:40 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2010-07-25 14:58 . 2009-06-16 21:40 -------- d-----w- c:\program files\iTunes
2010-07-25 14:57 . 2009-06-16 21:40 -------- d-----w- c:\program files\iPod
2010-07-25 14:57 . 2008-04-13 12:58 -------- d-----w- c:\program files\Common Files\Apple
2010-07-25 14:47 . 2010-07-25 14:47 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-18 18:33 . 2010-07-16 17:09 -------- d-----w- c:\users\Chris_2.Chris-PC\AppData\Roaming\Apple Computer
2010-07-18 12:03 . 2010-07-16 21:59 -------- d-----w- c:\users\Chris_2.Chris-PC\AppData\Roaming\Sports Interactive
2010-07-18 02:24 . 2010-07-18 02:24 -------- d-----w- c:\program files\Windows Portable Devices
2010-07-18 02:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-18 02:23 . 2010-07-18 02:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-18 02:23 . 2010-07-18 02:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-07-16 20:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-07-16 20:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-16 20:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-07-16 20:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-07-16 20:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-07-16 20:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-07-16 20:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-07-16 20:19 . 2010-07-16 20:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-07-16 17:54 . 2008-01-24 03:20 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-16 17:54 . 2008-01-24 03:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-16 17:36 . 2010-04-20 10:40 -------- d-----w- c:\programdata\Sports Interactive
2010-07-16 17:08 . 2010-07-16 17:08 -------- d-----w- c:\users\Chris_2.Chris-PC\AppData\Roaming\Roxio
2010-07-16 17:08 . 2010-07-16 17:08 93576 ----a-w- c:\users\Chris_2.Chris-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-02 01:33 . 2009-05-22 23:33 3248400 ----a-w- c:\programdata\ParetoLogic\UUS2\DriverCure\Temp\Update.exe
2008-01-24 03:30 . 2008-01-24 03:30 76 --sh--r- c:\windows\CT4CET.bin
2008-01-24 10:59 . 2008-01-24 10:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-24 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 03:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-09-07 06:49 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 14:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 16:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 17:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeStatusMon]
2007-06-28 14:07 286720 ----a-w- c:\program files\Dell\MFP_DELL\deDvcStatus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2009-08-05 22:48 647520 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-16 17:10 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-15 03:53 154136 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 13:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-15 03:54 137752 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 16:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2009-01-08 20:30 645328 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-28 05:51 36864 ----a-w- c:\windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-03-12 18:10 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 15:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-15 03:53 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 11:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-11-12 11:07 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 09:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-14 18:14 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-01-24 03:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2003-11-18 17:20 45056 ------w- c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
2004-01-12 20:40 69632 ----a-w- c:\program files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 DESVUSB;Dell service driver;c:\windows\system32\DRIVERS\desrvusb.sys [2007-07-06 17536]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
R4 deMntrService;Dell AIO Center Service;c:\program files\Dell\MFP_DELL\deMntrService.exe [2007-06-28 131072]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-06 209408]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-16 30192]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-12-15 111104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-26 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 11:28]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 11:28]

2010-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-25 10:53]

2009-07-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-25 10:53]

2010-09-13 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]

2010-09-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]

2010-07-24 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://uk.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Game Console - WildGames - c:\program files\WildGames\Game Console - WildGames\Uninstall.exe
AddRemove-WT059899 - c:\program files\WildGames\Farm Frenzy - Pizza Party\Uninstall.exe
AddRemove-WT061191 - c:\program files\WildGames\Romopolis\Uninstall.exe
AddRemove-WT061199 - c:\program files\WildGames\Wild West Quest 2\Uninstall.exe
AddRemove-WT061537 - c:\program files\WildGames\Blasterball 3\Uninstall.exe
AddRemove-WT061576 - c:\program files\WildGames\Book of Legends\Uninstall.exe
AddRemove-WT061678 - c:\program files\WildGames\Burger Shop\Uninstall.exe
AddRemove-WT061816 - c:\program files\WildGames\Cinema Tycoon\Uninstall.exe
AddRemove-WT061955 - c:\program files\WildGames\Deep Sea Tycoon\Uninstall.exe
AddRemove-WT062276 - c:\program files\WildGames\Fish Tycoon\Uninstall.exe
AddRemove-WT062368 - c:\program files\WildGames\Adventure Chronicles\Uninstall.exe
AddRemove-WT063495 - c:\program files\WildGames\Mystery of Shark Island\Uninstall.exe
AddRemove-WT063509 - c:\program files\WildGames\Mystery P.I. - The Lottery Ticket\Uninstall.exe
AddRemove-WT063732 - c:\program files\WildGames\Pizza Frenzy\Uninstall.exe
AddRemove-WT064088 - c:\program files\WildGames\7 Wonders - Treasures of Seven\Uninstall.exe
AddRemove-WT064182 - c:\program files\WildGames\Spin and Win\Uninstall.exe
AddRemove-WT065382 - c:\program files\WildGames\Scrabble\Uninstall.exe
AddRemove-WT065502 - c:\program files\WildGames\Wild Tribe\Uninstall.exe
AddRemove-WT066051 - c:\program files\WildGames\Escape Rosecliff Island\Uninstall.exe
AddRemove-WT066160 - c:\program files\WildGames\Jewel Quest\Uninstall.exe
AddRemove-WT068384 - c:\program files\WildGames\Bookworm Deluxe\Uninstall.exe
AddRemove-WT068853 - c:\program files\WildGames\Clash'N Slash\Uninstall.exe
AddRemove-WT069466 - c:\program files\WildGames\Dream Chronicles - The Chosen Child\Uninstall.exe
AddRemove-WT070559 - c:\program files\WildGames\Little Shop of Treasures 2\Uninstall.exe
AddRemove-WT070573 - c:\program files\WildGames\Word Whomp Underground\Uninstall.exe
AddRemove-WT077212 - c:\program files\WildGames\Gold Rush - Treasure Hunt\Uninstall.exe
AddRemove-WT077799 - c:\program files\WildGames\Bookworm Adventures - Fractured Fairytales\Uninstall.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-13 19:52:58
ComboFix-quarantined-files.txt 2010-09-13 18:52

Pre-Run: 113,954,521,088 bytes free
Post-Run: 113,814,937,600 bytes free

- - End Of File - - E28E2DEB50C923657A103DF0C0CED5B2

Ried · Sep 14, 2010

When i try to open it the McAfee logo flashes up briefly but then nothing happens. I checked the task manager and all the processes related to McAfee were stopped. Also i cant see an 'M' in the tray.

Click Start>All Programs and look for McAfee in the list. Does it give you the option to Repair? Is the subscription paid for and still active? If not, you should just uninstall it and use another AV. There are a couple of really good free AV's I can point you to if needed.

Symptoms seem to remain though. I still cant detect any wireless networks but maybe that is me being a dunce on vista. When i try to diagnose i end up in a 'services' window to run 'diagnostic policy service' but it doesn't seem to be letting me alter the status of any of the services

I'm not seeing any other malware in the logs, so we need to consider OS or hardware issues.

What brand is this laptop? It's possible the wireless detection has been turned off and you need to reset it via an external button.
When you have tried to detect wireless networks, are you running off battery power? If so, it could be a power management setting that turns off wireless detection to save power.
Have you tried uninstalling the wireless card via Device Manager? Uninstall it, reboot and Vista OS should automatically detect and reinstall it.

Smiler81 · Sep 14, 2010

I've now uninstalled McAfee, there was no option to repair.

The laptop is a Dell Inspiron 1525. There are a few external buttons one of which seems like it might correspond to the wireless however it already seems to be at the 'on' position. I've fiddled around with them to no success.

In device manager -> Network adapters, I have
PRO/Wireless 3945ABG Network connection
PCI-E fast ethernet controller
Microsoft Tun Miniport Adapter #2

I assumed the first of these was my network card so i uninstalled it and Vista re-installed on restart however there is no change and it says the device is working properly. However the Tun Miniport Adapter does have an issue and cannot start (code 10). Does this have anything to do with my problems?

In the 'Network connections' window it does say that the wireless network connection is enabled, however when i try to connect to a network I am told it cant find any networks. I have the laptop plugged in so it shouldn't be a power saving issue. Also my older XP laptop is sitting right next to it and can detect 4 networks (admittedly with low signal strength but strong enough to connect to the internet fine).

Ried · Sep 15, 2010

Troubleshooting that issue is not an easy task, especially since the expertise and focus of this section is malware removal. :sigh: At this point you'd be much better served by the folks in our Networking Support section.

Do let them know you have been cleared from the malware removal section.

Smiler81 · Sep 15, 2010

Ok, thanks for all your help. Really appreciated. Should i just open a new thread in the Network support section then and reference this thread?

Ried · Sep 15, 2010

Yes, begin a new thread there and post the hardware specs they ask for. You can also give them a link to this thread for reference as well. :smile:

Laptop seems infected - please help

Smiler81

Registered

Attachments

Smiler81

Registered

Ried

TSF Security Manager, Emeritus

Smiler81

Registered

Ried

TSF Security Manager, Emeritus

Smiler81

Registered

Ried

TSF Security Manager, Emeritus

Smiler81

Registered

Ried

TSF Security Manager, Emeritus

Smiler81

Registered

Ried

TSF Security Manager, Emeritus

Smiler81

Registered

Ried

TSF Security Manager, Emeritus

Smiler81

Registered

Ried

TSF Security Manager, Emeritus

Smiler81

Registered

Ried

TSF Security Manager, Emeritus