Jump to content

FAO Elise


Recommended Posts

Here are the laptop logs :welcome:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Mark at 13:25:34.37 on 01/01/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.556 [GMT 0:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe

C:\WINDOWS\system32\ipsechlp.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\CodeserveD.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Mark.MARK-90BF2CC8F2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/

BHO: {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - No File

BHO: TM_BHO Class: {60ec89b7-367d-402b-8c55-30faeb32a705} - c:\program files\ford motor company\ids\runtime\TMCtrlBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [iSUSPM] "c:\documents and settings\all users.windows\application data\flexnet\connect\11\ISUSPM.exe" -scheduler

mRun: [ipSync] c:\windows\system32\ipsechlp.exe

mRun: [intelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe

mRun: [<NO NAME>]

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [TDSReanimator] "c:\program files\common files\teradyne\TDSReanimator.exe"

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R2 TDSNetSetup;TDSNetSetup;c:\program files\common files\teradyne\TDSNetSetup.exe [2010-10-6 17920]

=============== Created Last 30 ================

2011-01-01 12:24:47 6273872 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{0b42c190-8cc5-43a6-8cc0-c38657d8dfe3}\mpengine.dll

2011-01-01 01:09:07 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-12-31 18:43:24 -------- d-----w- c:\windows\system32\wbem\repository\FS

2010-12-31 18:43:23 -------- d-----w- c:\windows\system32\wbem\Repository

2010-12-31 17:58:16 -------- d-----w- C:\cmdcons

2010-12-30 22:21:39 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-30 22:21:37 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-12-30 22:20:36 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-12-30 22:13:21 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-30 22:12:17 -------- d-----w- c:\docume~1\mark~1.mar\applic~1\Malwarebytes

2010-12-30 22:12:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-30 22:12:09 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes

2010-12-30 22:11:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-30 19:27:31 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2010-12-27 22:56:53 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-12-27 22:56:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-27 19:59:36 -------- d-----w- c:\docume~1\mark~1.mar\applic~1\FLEXnet

2010-12-27 19:18:32 -------- d-----w- c:\program files\Movimento

2010-12-18 13:53:30 -------- d-----w- C:\93d72796c79c0ef051cd65fc

2010-12-18 13:49:43 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys

2010-12-18 13:49:33 129535 ------w- c:\windows\system32\drivers\slnt7554.sys

2010-12-18 13:48:49 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2010-12-18 13:43:33 13824 ------w- c:\windows\system32\drivers\atinttxx.sys

2010-12-18 13:43:32 29455 ------w- c:\windows\system32\drivers\ati1xbxx.sys

2010-12-18 13:43:32 26367 ------w- c:\windows\system32\drivers\ati1snxx.sys

2010-12-18 13:43:32 14336 ------w- c:\windows\system32\drivers\atinpdxx.sys

2010-12-18 13:43:32 13824 ------w- c:\windows\system32\drivers\atinmdxx.sys

2010-12-17 23:21:50 120 ----a-w- c:\windows\system32\winsusrx.dll

2010-12-17 23:19:06 264 ----a-w- c:\windows\system32\winsusrm.dll

2010-12-17 23:13:51 -------- d-----w- c:\program files\WH Software

2010-12-17 22:21:39 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2010-12-17 22:21:35 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2010-12-17 22:21:33 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys

2010-12-17 22:21:17 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys

2010-12-17 22:21:13 142592 ----a-w- c:\windows\system32\drivers\aec.sys

2010-12-17 22:21:11 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys

2010-12-17 22:21:09 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys

2010-12-17 22:21:07 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys

2010-12-17 22:21:04 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys

2010-12-17 22:21:02 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys

2010-12-17 22:16:35 -------- d-----w- c:\docume~1\mark~1.mar\locals~1\applic~1\Deployment

2010-12-17 21:38:10 -------- d-----w- c:\docume~1\mark~1.mar\applic~1\BitZipper

2010-12-17 21:38:04 -------- d-----w- c:\program files\BitZipper

2010-12-17 20:56:53 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-12-17 20:56:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-12-17 20:56:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-12-17 20:56:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-12-17 20:56:50 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-12-17 20:56:49 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-12-17 20:56:46 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-12-17 20:54:07 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-12-17 20:48:33 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-12-17 20:48:32 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-12-17 20:47:36 357248 -c----w- c:\windows\system32\dllcache\srv.sys

2010-12-17 20:42:33 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-12-17 20:42:19 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-12-17 20:41:24 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-12-17 20:22:06 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-12-17 20:14:47 293376 ------w- c:\windows\system32\browserchoice.exe

2010-12-17 20:05:03 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-12-17 20:05:01 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-12-17 20:03:38 6273872 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2010-12-16 22:01:55 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\WH Software

2010-12-16 18:15:49 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-12-16 18:15:49 215920 ----a-w- c:\windows\system32\muweb.dll

2010-12-16 18:15:49 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-12-16 00:05:29 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-12-15 23:51:34 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-12-15 23:28:05 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys

2010-12-15 23:27:42 237568 ----a-w- c:\windows\system32\IC4USB32.dll

2010-12-15 23:27:42 -------- d-----w- c:\program files\SU Enterprise

2010-12-15 23:27:09 403216 ----a-w- c:\windows\system32\msrepl35.dll

2010-12-15 23:27:09 37136 ----a-w- c:\windows\system32\msjint35.dll

2010-12-15 23:27:09 368912 ----a-w- c:\windows\system32\vbar332.dll

2010-12-15 23:27:09 251664 ----a-w- c:\windows\system32\msrd2x35.dll

2010-12-15 23:27:09 24336 ----a-w- c:\windows\system32\msjter35.dll

2010-12-15 23:27:09 1039360 ----a-w- c:\windows\system32\msjet35.dll

2010-12-15 23:27:08 97552 ----a-w- c:\windows\system32\rdocurs.dll

2010-12-15 23:27:08 376080 ----a-w- c:\windows\system32\MSRDO20.DLL

2010-12-15 23:27:06 269312 ----a-w- c:\windows\uninst.exe

2010-12-15 23:27:05 -------- d-----w- c:\documents and settings\mark.mark-90bf2cc8f2\WINDOWS

2010-12-15 23:26:30 143360 ------w- c:\windows\system32\unzip.exe

2010-12-15 23:24:03 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL

2010-12-15 23:24:03 337320 ----a-w- c:\windows\system32\difxapi.dll

2010-12-15 23:23:45 126976 ----a-w- c:\windows\system32\zip.exe

2010-12-15 23:21:35 24064 ------w- c:\windows\system32\msxml3a.dll

2010-12-15 23:15:03 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-12-15 23:14:49 14048 ------w- c:\windows\system32\spmsg2.dll

2010-12-15 23:06:44 -------- d-----w- C:\800cc8e7e5437846d1

2010-12-15 22:07:43 -------- d-----w- c:\program files\MSXML 6.0

2010-12-15 22:06:23 -------- d-----w- c:\docume~1\mark~1.mar\applic~1\Intel

2010-12-15 22:06:06 234496 ----a-w- c:\windows\system32\drivers\iwca.sys

2010-12-15 22:06:06 21504 ----a-w- c:\windows\system32\drivers\iwca2k.sys

2010-12-15 22:06:06 16384 ----a-w- c:\windows\system32\iwca.dll

2010-12-15 22:05:41 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-12-15 22:04:03 1671168 ----a-w- c:\windows\system32\W29MLRES.DLL

2010-12-15 21:37:12 -------- d-sh--w- c:\documents and settings\mark.mark-90bf2cc8f2\IECompatCache

2010-12-15 21:17:17 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software

2010-12-15 19:36:28 -------- d-sh--w- c:\documents and settings\mark.mark-90bf2cc8f2\PrivacIE

2010-12-15 19:30:39 -------- d-sh--w- c:\documents and settings\mark.mark-90bf2cc8f2\IETldCache

2010-12-15 19:28:49 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2010-12-15 19:03:27 69888 ----a-w- c:\windows\system32\drivers\passthru.sys

2010-12-15 19:03:27 397400 ----a-w- c:\windows\system32\ipsechlp.exe

2010-12-15 18:36:28 -------- d-sh--w- c:\documents and settings\mark.mark-90bf2cc8f2\UserData

2010-12-15 17:57:53 770048 ----a-w- c:\windows\system32\BCMLogon.dll

2010-12-15 17:57:52 89088 ----a-w- c:\windows\system32\ATL71.DLL

2010-12-15 17:57:51 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-12-15 17:57:51 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-12-15 17:57:51 1060864 ----a-w- c:\windows\system32\MFC71.dll

2010-12-15 17:47:48 -------- d-sh--w- c:\docume~1\mark~1.mar\locals~1\applic~1\C575E8A8-16E2-4C95-AE36-0BA9C90710B0

2010-12-15 17:12:22 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Ford Motor Company

2010-12-15 17:02:02 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2010-12-15 17:02:02 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2010-12-15 17:00:53 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys

2010-12-15 16:59:53 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe

2010-12-15 16:57:28 -------- d-sh--w- c:\documents and settings\all users.windows\DRM

2010-12-15 16:56:53 -------- d--h--w- c:\program files\WindowsUpdate

2010-12-15 16:56:03 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe

2010-12-15 16:56:03 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe

2010-12-15 16:56:03 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll

2010-12-15 16:56:03 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll

2010-12-15 16:56:03 11264 ----a-w- c:\windows\system32\atrace.dll

2010-12-15 16:56:02 6656 -c--a-w- c:\windows\system32\dllcache\hcappres.dll

2010-12-15 16:52:59 86528 ----a-w- c:\windows\system32\wbem\stdprov.dll

2010-12-15 16:40:33 3072 ----a-w- c:\windows\system32\drivers\audstub.sys

2010-12-15 16:39:49 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2010-12-15 16:39:17 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys

2010-12-15 16:38:45 5504 ----a-w- c:\windows\system32\drivers\intelide.sys

2010-12-15 16:38:36 74240 ----a-w- c:\windows\system32\usbui.dll

2010-12-15 16:38:22 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-12-15 16:38:21 14208 ----a-w- c:\windows\system32\drivers\battc.sys

2010-12-15 16:38:21 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys

2010-12-02 20:55:32 -------- d-----w- C:\71cdc394a600d0768b10

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 13:27:08.51 ===============

ark.txt

Attach.txt

Link to post
Share on other sites

Hi again :welcome:

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Combo-fix worked and scan completed. It said there was rootkit activity and rebooted my machine. Then after it was finished it rebooted again and i can't access the internet from the laptop. Is it safe so save the combo-fix log file to a use stick and post here via my desktop?

Link to post
Share on other sites

I tried both those things before posting and neither worked. Here is the log file:..

ComboFix 11-01-01.01 - Mark 01/01/2011 19:21:45.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.831 [GMT 0:00]

Running from: c:\documents and settings\Mark.MARK-90BF2CC8F2\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Mark\Application Data\Adobe\AdobeUpdate .exe

c:\documents and settings\Mark\Application Data\Adobe\plugs

c:\documents and settings\Mark\Application Data\Olor

c:\documents and settings\Mark\Application Data\Olor\wiiv.ivg

c:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}

c:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}\chrome.manifest

c:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}\chrome\content\_cfg.js

c:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}\chrome\content\overlay.xul

c:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}\install.rdf

c:\windows\system32\drivers\passthru.sys

c:\windows\system32\ipsechlp.exe

c:\windows\system32\winsusrm.dll

c:\windows\system32\winsusrx.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Passthru

((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))

.

2010-12-30 22:21 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-30 22:21 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-12-30 22:20 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-12-30 22:13 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-30 22:12 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-30 22:11 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-30 19:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2010-12-27 22:56 . 2010-12-27 22:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-12-27 22:56 . 2010-12-27 22:56 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-27 19:18 . 2010-12-27 19:18 -------- d-----w- c:\program files\Movimento

2010-12-18 13:53 . 2010-12-18 13:54 -------- d-----w- C:\93d72796c79c0ef051cd65fc

2010-12-18 13:49 . 2004-08-03 22:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys

2010-12-18 13:49 . 2004-08-03 22:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys

2010-12-18 13:48 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2010-12-18 13:43 . 2004-08-03 22:29 13824 ------w- c:\windows\system32\drivers\atinttxx.sys

2010-12-18 13:43 . 2004-08-03 22:29 29455 ------w- c:\windows\system32\drivers\ati1xbxx.sys

2010-12-18 13:43 . 2004-08-03 22:29 26367 ------w- c:\windows\system32\drivers\ati1snxx.sys

2010-12-18 13:43 . 2004-08-03 22:29 14336 ------w- c:\windows\system32\drivers\atinpdxx.sys

2010-12-18 13:43 . 2004-08-03 22:29 13824 ------w- c:\windows\system32\drivers\atinmdxx.sys

2010-12-17 23:13 . 2010-12-17 23:13 -------- d-----w- c:\program files\WH Software

2010-12-17 22:21 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2010-12-17 22:21 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2010-12-17 22:21 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys

2010-12-17 22:21 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys

2010-12-17 22:21 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys

2010-12-17 22:21 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys

2010-12-17 22:21 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys

2010-12-17 22:21 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys

2010-12-17 22:21 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys

2010-12-17 22:21 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys

2010-12-17 21:38 . 2010-12-17 21:38 -------- d-----w- c:\program files\BitZipper

2010-12-17 20:56 . 2010-09-10 05:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-12-17 20:56 . 2010-09-10 05:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-12-17 20:56 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-12-17 20:56 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-12-17 20:56 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-12-17 20:56 . 2010-09-10 05:58 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-12-17 20:56 . 2010-09-10 05:58 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-12-17 20:54 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-12-17 20:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-12-17 20:48 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-12-17 20:47 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys

2010-12-17 20:42 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-12-17 20:42 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-12-17 20:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-12-17 20:22 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-12-17 20:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-12-17 20:05 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-12-17 20:05 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-12-16 18:15 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-12-16 18:15 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-12-16 00:05 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-12-15 23:51 . 2010-12-15 23:51 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-12-15 23:28 . 2008-04-13 18:45 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys

2010-12-15 23:27 . 2010-12-15 23:27 -------- d-----w- c:\program files\SU Enterprise

2010-12-15 23:27 . 2007-05-25 14:11 237568 ----a-w- c:\windows\system32\IC4USB32.dll

2010-12-15 23:27 . 1997-01-13 13:42 37136 ----a-w- c:\windows\system32\msjint35.dll

2010-12-15 23:27 . 1996-12-16 18:30 1039360 ----a-w- c:\windows\system32\msjet35.dll

2010-12-15 23:27 . 1996-12-03 13:07 403216 ----a-w- c:\windows\system32\msrepl35.dll

2010-12-15 23:27 . 1996-12-02 18:44 251664 ----a-w- c:\windows\system32\msrd2x35.dll

2010-12-15 23:27 . 1996-12-02 18:44 24336 ----a-w- c:\windows\system32\msjter35.dll

2010-12-15 23:27 . 1996-11-08 02:48 368912 ----a-w- c:\windows\system32\vbar332.dll

2010-12-15 23:27 . 1997-01-16 09:10 376080 ----a-w- c:\windows\system32\MSRDO20.DLL

2010-12-15 23:27 . 1997-01-13 10:49 97552 ----a-w- c:\windows\system32\rdocurs.dll

2010-12-15 23:27 . 2010-10-10 10:08 269312 ----a-w- c:\windows\uninst.exe

2010-12-15 23:26 . 2000-07-20 21:50 143360 ------w- c:\windows\system32\unzip.exe

2010-12-15 23:24 . 2010-10-10 10:08 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL

2010-12-15 23:24 . 2010-10-10 10:08 337320 ----a-w- c:\windows\system32\difxapi.dll

2010-12-15 23:21 . 2002-04-01 15:51 24064 ------w- c:\windows\system32\msxml3a.dll

2010-12-15 23:15 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-12-15 23:14 . 2006-06-29 13:07 14048 ------w- c:\windows\system32\spmsg2.dll

2010-12-15 23:06 . 2010-12-15 23:36 -------- d-----w- C:\800cc8e7e5437846d1

2010-12-15 22:07 . 2010-12-15 22:07 -------- d-----w- c:\program files\MSXML 6.0

2010-12-15 22:06 . 2004-08-12 08:44 16384 ----a-w- c:\windows\system32\iwca.dll

2010-12-15 22:06 . 2004-08-12 08:44 234496 ----a-w- c:\windows\system32\drivers\iwca.sys

2010-12-15 22:06 . 2004-08-12 08:43 21504 ----a-w- c:\windows\system32\drivers\iwca2k.sys

2010-12-15 22:05 . 2010-12-15 22:05 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-12-15 22:04 . 2005-05-31 22:46 1671168 ----a-w- c:\windows\system32\W29MLRES.DLL

2010-12-15 20:53 . 2010-12-15 22:06 -------- d-----w- c:\documents and settings\MARK~1~MAR

2010-12-15 19:28 . 2009-01-07 18:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2010-12-15 17:57 . 2006-11-01 12:48 770048 ----a-w- c:\windows\system32\BCMLogon.dll

2010-12-15 17:57 . 2006-11-01 12:48 89088 ----a-w- c:\windows\system32\ATL71.DLL

2010-12-15 17:57 . 2010-10-10 10:08 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-12-15 17:57 . 2010-10-10 10:08 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-12-15 17:57 . 2010-10-10 10:08 1060864 ----a-w- c:\windows\system32\MFC71.dll

2010-12-15 17:05 . 2011-01-01 13:24 -------- d-----w- c:\documents and settings\Mark.MARK-90BF2CC8F2

2010-12-15 17:04 . 2010-12-31 18:43 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY

2010-12-15 17:03 . 2010-12-31 18:43 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY

2010-12-15 17:02 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2010-12-15 17:02 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2010-12-15 17:00 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys

2010-12-15 16:59 . 2004-08-04 12:00 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe

2010-12-15 16:56 . 2004-08-04 12:00 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe

2010-12-15 16:56 . 2004-08-04 12:00 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe

2010-12-15 16:56 . 2004-08-04 12:00 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll

2010-12-15 16:56 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll

2010-12-15 16:56 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\atrace.dll

2010-12-15 16:56 . 2004-08-04 12:00 6656 -c--a-w- c:\windows\system32\dllcache\hcappres.dll

2010-12-15 16:52 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\wbem\wbemtest.exe

2010-12-15 16:40 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys

2010-12-15 16:39 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2010-12-15 16:39 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys

2010-12-15 16:38 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys

2010-12-15 16:38 . 2008-04-14 00:12 74240 ----a-w- c:\windows\system32\usbui.dll

2010-12-15 16:38 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-12-15 16:38 . 2008-04-13 18:36 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys

2010-12-15 16:38 . 2008-04-13 18:36 14208 ----a-w- c:\windows\system32\drivers\battc.sys

2010-12-15 16:33 . 2010-12-27 20:00 -------- d--h--w- c:\documents and settings\Default User.WINDOWS

2010-12-15 16:33 . 2010-12-15 16:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS

2010-12-15 15:52 . 2010-12-16 21:15 -------- d-sh--w- c:\documents and settings\Rachel\Local Settings\Application Data\C575E8A8-16E2-4C95-AE36-0BA9C90710B0

2010-12-12 21:43 . 2010-12-13 00:07 -------- d-----w- c:\documents and settings\Administrator

2010-12-12 20:18 . 2010-12-16 21:15 -------- d-sh--w- c:\documents and settings\Mark\Local Settings\Application Data\C575E8A8-16E2-4C95-AE36-0BA9C90710B0

2010-12-12 20:07 . 2010-12-12 20:07 -------- d-----w- c:\documents and settings\Mark\JarqhQDVcduhta

2010-12-02 20:55 . 2010-12-02 20:55 -------- d-----w- C:\71cdc394a600d0768b10

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024]

"TDSReanimator"="c:\program files\Common Files\Teradyne\TDSReanimator.exe" [2010-10-10 11264]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2005-05-31 22:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Tabman.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SysPage.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\PtchApply.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Rtdb.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Starburst.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\EngineeringFeedback.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SystemDiagnostic.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\VMM.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C402.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C403.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C407.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C412.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C413.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\LVPCheck.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\NetworkActivation.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"=

R2 TDSNetSetup;TDSNetSetup;c:\program files\Common Files\Teradyne\TDSNetSetup.exe [06/10/2010 17:22 17920]

.

Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 21:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-01 19:33

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(428)

c:\windows\System32\BCMLogon.dll

c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2608)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\wscntfy.exe

c:\program files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe

c:\program files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe

c:\program files\Ford Motor Company\IDS\Runtime\CodeserveD.exe

c:\program files\Ford Motor Company\IDS\Runtime\Starburst.exe

c:\program files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe

c:\program files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe

.

**************************************************************************

.

Completion time: 2011-01-01 19:39:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-01 19:39

ComboFix2.txt 2010-12-31 18:26

Pre-Run: 10,872,365,056 bytes free

Post-Run: 11,495,522,304 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 817B5E51B0C57FBF7B27BA53528F60ED

Link to post
Share on other sites

Scan complete.. no infected items

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5426

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

01/01/2011 20:37:02

mbam-log-2011-01-01 (20-37-02).txt

Scan type: Quick scan

Objects scanned: 197964

Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

That sounds like there might be a proxy set. Lets see what OTL will show.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

OTL Extras logfile created on: 01/01/2011 21:09:53 - Run 1

OTL by OldTimer - Version 3.2.20.0 Folder = C:\Documents and Settings\Mark.MARK-90BF2CC8F2\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.16 Gb Total Space | 10.96 Gb Free Space | 29.50% Space Free | Partition Type: NTFS

Drive E: | 1.81 Gb Total Space | 0.36 Gb Free Space | 19.66% Space Free | Partition Type: FAT

Computer Name: MARK-90BF2CC8F2 | User Name: Mark | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe:*:Enabled:Tabman Executable -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe:*:Enabled:System Page -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe:*:Enabled:Testman Executable -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe:*:Enabled:CodeServer Daemon -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe:*:Enabled:XML Registry Daemon -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe:*:Enabled:TDS Network Configuration -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe:*:Enabled:Apply TDS Patch -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe:*:Enabled:Update Database -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe:*:Enabled:StarBurst -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe:*:Enabled:Engineering Feedback -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe:*:Enabled:System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe:*:Enabled:VMM System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe:*:Enabled:C402 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe:*:Enabled:C403 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe:*:Enabled:C407 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe:*:Enabled:C412 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe:*:Enabled:C413 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe:*:Enabled:LVP Check Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe:*:Enabled:VCL_PC MFC Application EZTech -- (Teradyne Diagnostic Solutions Ltd.)

"C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe:*:Enabled:LAN Connectivity Activation -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe:*:Enabled:ProbeTickHandler executable -- (Teradyne Ltd)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe:*:Enabled:Tabman Executable -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe:*:Enabled:System Page -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe:*:Enabled:Testman Executable -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe:*:Enabled:CodeServer Daemon -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe:*:Enabled:XML Registry Daemon -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe:*:Enabled:TDS Network Configuration -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe:*:Enabled:Apply TDS Patch -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe:*:Enabled:Update Database -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe:*:Enabled:StarBurst -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe:*:Enabled:Engineering Feedback -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe:*:Enabled:System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe:*:Enabled:VMM System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe:*:Enabled:C402 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe:*:Enabled:C403 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe:*:Enabled:C407 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe:*:Enabled:C412 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe:*:Enabled:C413 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe:*:Enabled:LVP Check Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe:*:Enabled:VCL_PC MFC Application EZTech -- (Teradyne Diagnostic Solutions Ltd.)

"C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe:*:Enabled:LAN Connectivity Activation -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe:*:Enabled:ProbeTickHandler executable -- (Teradyne Ltd)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{097FE1B7-B186-426B-A4EC-D1D9D21D3099}" = Calibration

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{0E619C5F-7D9E-44C5-A9D0-265983BE7EC2}" = Puma

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23

"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver

"{29FA4B23-42EF-4D8B-9C4B-C638DDD6D279}" = IDS

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller

"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore

"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig

"{8718A2BC-7E23-4D23-969A-2A2EC9E45B0E}" = IC4 Interface Device by SU Enterprise, Inc.

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{91DE1A85-7350-458A-B674-D7C8F3476299}" = IDS

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio

"{B794A635-FC70-4C0A-989E-44AA021FAADB}" = IDS

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware

"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"BitZipper_is1" = BitZipper 2010

"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5

"ie8" = Windows Internet Explorer 8

"InstaCode" = InstaCode

"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Essentials" = Microsoft Security Essentials

"ProInst" = Intel® PROSet/Wireless Software

"WIC" = Windows Imaging Component

"Windows XP Service Pack" = Windows XP Service Pack 3

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-1532298954-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 27/12/2010 16:03:40 | Computer Name = MARK-90BF2CC8F2 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4

2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P8 NIL, P9 NIL, P10 NIL.

Error - 27/12/2010 16:10:10 | Computer Name = MARK-90BF2CC8F2 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4

2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P8 NIL, P9 NIL, P10 NIL.

Error - 27/12/2010 18:36:36 | Computer Name = MARK-90BF2CC8F2 | Source = Application Error | ID = 1000

Description = Faulting application ipsechlp.exe, version 2.6.1.651, faulting module

ipsechlp.exe, version 2.6.1.651, fault address 0x0000ccc2.

Error - 30/12/2010 15:21:14 | Computer Name = MARK-90BF2CC8F2 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,

P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P8 NIL, P9 NIL, P10 NIL.

Error - 31/12/2010 14:37:16 | Computer Name = MARK-90BF2CC8F2 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,

P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P8 NIL, P9 NIL, P10 NIL.

Error - 31/12/2010 21:13:22 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3001

Description = The performance counter name string value in the registry is incorrectly

formatted.

The bogus string is 7842, the bogus index value is the first DWORD in Data section

while the last valid index values are the second and third DWORD in Data section.

Error - 31/12/2010 21:13:22 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service ASP.NET_2.0.50727

(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.

Error - 31/12/2010 21:13:26 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3001

Description = The performance counter name string value in the registry is incorrectly

formatted.

The bogus string is 7842, the bogus index value is the first DWORD in Data section

while the last valid index values are the second and third DWORD in Data section.

Error - 31/12/2010 21:13:26 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service aspnet_state

(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 31/12/2010 21:13:27 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3001

Description = The performance counter name string value in the registry is incorrectly

formatted.

The bogus string is 7842, the bogus index value is the first DWORD in Data section

while the last valid index values are the second and third DWORD in Data section.

[ System Events ]

Error - 27/12/2010 16:03:15 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage:

%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 27/12/2010 16:03:15 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage:

%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 27/12/2010 16:03:40 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage:

%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 27/12/2010 16:03:40 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage:

%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 27/12/2010 16:03:40 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage:

%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 27/12/2010 16:10:10 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage:

%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 27/12/2010 16:10:10 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage:

%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 27/12/2010 16:10:10 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage:

%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 30/12/2010 15:21:13 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.95.2664.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 30/12/2010 15:25:16 | Computer Name = MARK-90BF2CC8F2 | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.0.6 for the Network Card with network

address 00166F7951D3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server

sent a DHCPNACK message).

< End of report >

OTL logfile created on: 01/01/2011 21:09:53 - Run 1

OTL by OldTimer - Version 3.2.20.0 Folder = C:\Documents and Settings\Mark.MARK-90BF2CC8F2\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.16 Gb Total Space | 10.96 Gb Free Space | 29.50% Space Free | Partition Type: NTFS

Drive E: | 1.81 Gb Total Space | 0.36 Gb Free Space | 19.66% Space Free | Partition Type: FAT

Computer Name: MARK-90BF2CC8F2 | User Name: Mark | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/01 21:09:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark.MARK-90BF2CC8F2\Desktop\OTL.exe

PRC - [2010/10/10 05:02:30 | 000,045,568 | ---- | M] (Teradyne Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe

PRC - [2010/10/10 05:01:48 | 000,017,920 | ---- | M] () -- C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe

PRC - [2010/10/10 05:01:10 | 000,127,488 | ---- | M] (Teradyne Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe

PRC - [2010/10/10 04:54:40 | 000,090,624 | ---- | M] (Teradyne Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe

PRC - [2010/10/10 04:54:08 | 000,074,240 | ---- | M] (Teradyne Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe

PRC - [2010/10/10 03:42:02 | 000,461,824 | ---- | M] (Teradyne Diagnostic Solutions Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe

PRC - [2010/10/10 03:26:04 | 000,205,312 | ---- | M] (Teradyne Diagnostic Solutions Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe

PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/05/21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/06/03 01:31:50 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2005/06/03 01:28:34 | 000,372,809 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2005/06/03 01:25:56 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2005/06/03 01:25:20 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2005/05/31 22:51:36 | 000,225,353 | ---- | M] (Intel

Link to post
Share on other sites

Internet still won't work.

Latest log file from combofix....

ComboFix 11-01-01.01 - Mark 01/01/2011 21:30:45.2.1 - x86

Running from: c:\documents and settings\Mark.MARK-90BF2CC8F2\Desktop\ComboFix.exe

Command switches used :: /F3M

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))

.

2011-01-01 01:09 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-12-31 18:43 . 2010-12-31 18:43 -------- d-----w- c:\windows\system32\wbem\Repository

2010-12-30 22:21 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-30 22:21 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-12-30 22:20 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-12-30 22:13 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-30 22:12 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-30 22:11 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-30 19:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2010-12-27 22:56 . 2010-12-27 22:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-12-27 22:56 . 2010-12-27 22:56 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-27 19:18 . 2010-12-27 19:18 -------- d-----w- c:\program files\Movimento

2010-12-18 13:53 . 2010-12-18 13:54 -------- d-----w- C:\93d72796c79c0ef051cd65fc

2010-12-18 13:49 . 2004-08-03 22:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys

2010-12-18 13:49 . 2004-08-03 22:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys

2010-12-18 13:48 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2010-12-18 13:43 . 2004-08-03 22:29 13824 ------w- c:\windows\system32\drivers\atinttxx.sys

2010-12-18 13:43 . 2004-08-03 22:29 29455 ------w- c:\windows\system32\drivers\ati1xbxx.sys

2010-12-18 13:43 . 2004-08-03 22:29 26367 ------w- c:\windows\system32\drivers\ati1snxx.sys

2010-12-18 13:43 . 2004-08-03 22:29 14336 ------w- c:\windows\system32\drivers\atinpdxx.sys

2010-12-18 13:43 . 2004-08-03 22:29 13824 ------w- c:\windows\system32\drivers\atinmdxx.sys

2010-12-17 23:13 . 2010-12-17 23:13 -------- d-----w- c:\program files\WH Software

2010-12-17 22:21 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2010-12-17 22:21 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2010-12-17 22:21 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys

2010-12-17 22:21 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys

2010-12-17 22:21 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys

2010-12-17 22:21 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys

2010-12-17 22:21 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys

2010-12-17 22:21 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys

2010-12-17 22:21 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys

2010-12-17 22:21 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys

2010-12-17 21:38 . 2010-12-17 21:38 -------- d-----w- c:\program files\BitZipper

2010-12-17 20:56 . 2010-09-10 05:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-12-17 20:56 . 2010-09-10 05:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-12-17 20:56 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-12-17 20:56 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-12-17 20:56 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-12-17 20:56 . 2010-09-10 05:58 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-12-17 20:56 . 2010-09-10 05:58 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-12-17 20:54 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-12-17 20:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-12-17 20:48 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-12-17 20:47 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys

2010-12-17 20:42 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-12-17 20:42 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-12-17 20:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-12-17 20:22 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-12-17 20:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-12-17 20:05 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-12-17 20:05 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-12-16 18:15 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-12-16 18:15 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-12-16 00:05 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-12-15 23:51 . 2010-12-15 23:51 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-12-15 23:28 . 2008-04-13 18:45 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys

2010-12-15 23:27 . 2010-12-15 23:27 -------- d-----w- c:\program files\SU Enterprise

2010-12-15 23:27 . 2007-05-25 14:11 237568 ----a-w- c:\windows\system32\IC4USB32.dll

2010-12-15 23:27 . 1997-01-13 13:42 37136 ----a-w- c:\windows\system32\msjint35.dll

2010-12-15 23:27 . 1996-12-16 18:30 1039360 ----a-w- c:\windows\system32\msjet35.dll

2010-12-15 23:27 . 1996-12-03 13:07 403216 ----a-w- c:\windows\system32\msrepl35.dll

2010-12-15 23:27 . 1996-12-02 18:44 251664 ----a-w- c:\windows\system32\msrd2x35.dll

2010-12-15 23:27 . 1996-12-02 18:44 24336 ----a-w- c:\windows\system32\msjter35.dll

2010-12-15 23:27 . 1996-11-08 02:48 368912 ----a-w- c:\windows\system32\vbar332.dll

2010-12-15 23:27 . 1997-01-16 09:10 376080 ----a-w- c:\windows\system32\MSRDO20.DLL

2010-12-15 23:27 . 1997-01-13 10:49 97552 ----a-w- c:\windows\system32\rdocurs.dll

2010-12-15 23:27 . 2010-10-10 10:08 269312 ----a-w- c:\windows\uninst.exe

2010-12-15 23:26 . 2000-07-20 21:50 143360 ------w- c:\windows\system32\unzip.exe

2010-12-15 23:24 . 2010-10-10 10:08 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL

2010-12-15 23:24 . 2010-10-10 10:08 337320 ----a-w- c:\windows\system32\difxapi.dll

2010-12-15 23:21 . 2002-04-01 15:51 24064 ------w- c:\windows\system32\msxml3a.dll

2010-12-15 23:15 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-12-15 23:14 . 2006-06-29 13:07 14048 ------w- c:\windows\system32\spmsg2.dll

2010-12-15 23:06 . 2010-12-15 23:36 -------- d-----w- C:\800cc8e7e5437846d1

2010-12-15 22:07 . 2010-12-15 22:07 -------- d-----w- c:\program files\MSXML 6.0

2010-12-15 22:06 . 2004-08-12 08:44 16384 ----a-w- c:\windows\system32\iwca.dll

2010-12-15 22:06 . 2004-08-12 08:44 234496 ----a-w- c:\windows\system32\drivers\iwca.sys

2010-12-15 22:06 . 2004-08-12 08:43 21504 ----a-w- c:\windows\system32\drivers\iwca2k.sys

2010-12-15 22:05 . 2010-12-15 22:05 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-12-15 22:04 . 2005-05-31 22:46 1671168 ----a-w- c:\windows\system32\W29MLRES.DLL

2010-12-15 20:53 . 2010-12-15 22:06 -------- d-----w- c:\documents and settings\MARK~1~MAR

2010-12-15 19:28 . 2009-01-07 18:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2010-12-15 17:57 . 2006-11-01 12:48 770048 ----a-w- c:\windows\system32\BCMLogon.dll

2010-12-15 17:57 . 2006-11-01 12:48 89088 ----a-w- c:\windows\system32\ATL71.DLL

2010-12-15 17:57 . 2010-10-10 10:08 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-12-15 17:57 . 2010-10-10 10:08 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-12-15 17:57 . 2010-10-10 10:08 1060864 ----a-w- c:\windows\system32\MFC71.dll

2010-12-15 17:05 . 2011-01-01 13:24 -------- d-----w- c:\documents and settings\Mark.MARK-90BF2CC8F2

2010-12-15 17:04 . 2010-12-31 18:43 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY

2010-12-15 17:03 . 2010-12-31 18:43 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY

2010-12-15 17:02 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2010-12-15 17:02 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2010-12-15 17:00 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys

2010-12-15 16:59 . 2004-08-04 12:00 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe

2010-12-15 16:56 . 2004-08-04 12:00 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe

2010-12-15 16:56 . 2004-08-04 12:00 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe

2010-12-15 16:56 . 2004-08-04 12:00 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll

2010-12-15 16:56 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll

2010-12-15 16:56 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\atrace.dll

2010-12-15 16:56 . 2004-08-04 12:00 6656 -c--a-w- c:\windows\system32\dllcache\hcappres.dll

2010-12-15 16:52 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\wbem\wbemtest.exe

2010-12-15 16:40 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys

2010-12-15 16:39 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2010-12-15 16:39 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys

2010-12-15 16:38 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys

2010-12-15 16:38 . 2008-04-14 00:12 74240 ----a-w- c:\windows\system32\usbui.dll

2010-12-15 16:38 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-12-15 16:38 . 2008-04-13 18:36 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys

2010-12-15 16:38 . 2008-04-13 18:36 14208 ----a-w- c:\windows\system32\drivers\battc.sys

2010-12-15 16:33 . 2010-12-27 20:00 -------- d--h--w- c:\documents and settings\Default User.WINDOWS

2010-12-15 16:33 . 2010-12-15 16:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS

2010-12-15 15:52 . 2010-12-16 21:15 -------- d-sh--w- c:\documents and settings\Rachel\Local Settings\Application Data\C575E8A8-16E2-4C95-AE36-0BA9C90710B0

2010-12-12 21:43 . 2010-12-13 00:07 -------- d-----w- c:\documents and settings\Administrator

2010-12-12 20:07 . 2010-12-12 20:07 -------- d-----w- c:\documents and settings\Mark\JarqhQDVcduhta

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024]

"TDSReanimator"="c:\program files\Common Files\Teradyne\TDSReanimator.exe" [2010-10-10 11264]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2005-05-31 22:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Tabman.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SysPage.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\PtchApply.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Rtdb.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Starburst.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\EngineeringFeedback.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SystemDiagnostic.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\VMM.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C402.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C403.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C407.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C412.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C413.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\LVPCheck.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\NetworkActivation.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"=

R2 TDSNetSetup;TDSNetSetup;c:\program files\Common Files\Teradyne\TDSNetSetup.exe [06/10/2010 17:22 17920]

.

Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 21:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-01 21:30

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(436)

c:\windows\System32\BCMLogon.dll

c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3604)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2011-01-01 21:33:48

ComboFix-quarantined-files.txt 2011-01-01 21:33

ComboFix2.txt 2010-12-31 18:26

Post-Run: 11,734,663,168 bytes free

- - End Of File - - EB489734AB4C143E2D0C84E7B7430FF2

Link to post
Share on other sites

Hi again,

Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.

Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.

On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.

On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.

Click OK to exit the Properties and OK to exit the other windows as well.

Now, click Start > Run and type cmd in the runbox.

A command window will open. Type ipconfig /flushdns and press enter.

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

@echo off
(ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print) >>Log1.txt
start notepad Log1.txt
del %0

Go to the File menu at the top of the Notepad and select Save as.

Select save in: desktop

Fill in File name: test.bat

Save as type: All file types (*.*)

Click save.

Close the Notepad.

Locate and double-click tast.bat on the desktop.

A notepad opens, copy and paste the content it (log1.txt) to your reply.

Link to post
Share on other sites

Windows IP Configuration

Server: UnKnown

Address: 127.0.0.1

Server: UnKnown

Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

===========================================================================

Persistent Routes:

None

Link to post
Share on other sites

Good catch! You might be right on the spot there.

Navigate to c:\qoobox\quarantine\c\windows\system32\drivers and rename the file back to passthru.sys (replace the .vir extension with .sys). Now copy it back to the c:\windows\system32\drivers folder and reboot your computer. See if it works now.

Link to post
Share on other sites

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru]

"Type"=dword:00000001

"Start"=dword:00000003

"ErrorControl"=dword:00000001

"Tag"=dword:00000008

"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\

52,00,49,00,56,00,45,00,52,00,53,00,5c,00,70,00,61,00,73,00,73,00,74,00,68,\

00,72,00,75,00,2e,00,73,00,79,00,73,00,00,00

"DisplayName"="Passthru Service"

"Group"="PNP_TDI"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters\NdisWanIp]

"UpperBindings"="\\Device\\{73A11CDB-E394-4B80-BB11-D3202F9D28B0}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters\{4E238EDE-5B2C-4BD8-92D7-9843C2C97DE8}]

"UpperBindings"="\\Device\\{C00FAEB6-E6F9-4D5A-ADDF-6B8B855F242B}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters\{9FD6FB9D-838D-48DB-887F-00D758A810D7}]

"UpperBindings"="\\Device\\{9AADD4DB-B12B-4677-8180-85D337DC328D}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters\{DB9733AD-83BE-46B1-B18A-8284D1D12173}]

"UpperBindings"="\\Device\\{43FA8BB1-FCC1-43FF-942C-CDA481A6BAC4}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Security]

"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\

05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\

20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\

00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\

00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Enum]

"0"="Root\\MS_PASSTHRUMP\\0000"

"Count"=dword:00000003

"NextInstance"=dword:00000003

"1"="Root\\MS_PASSTHRUMP\\0001"

"2"="Root\\MS_PASSTHRUMP\\0002"

Link to post
Share on other sites

Please ensure that passthru.sys is in the Drivers folder and then rename C:\Qoobox\Quarantine\Registry_backups\Service_Passthru.reg.dat to Service_Passthru.reg (delete the .dat extension).

Next, back up your registry with ERUNT.

  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

After the backup is made, doubleclick on Service_Passthru.reg and when asked if you are sure you want to merge the information with the registry, click Yes/OK. You will receive a confirmation pop up when done.

Reboot your computer and let me know how things are.

Link to post
Share on other sites

The file C:\Qoobox\Quarantine\Registry_backups\Service_Passthru.reg had no .dat on the end but file type is still a .dat file so double clicking it doesn't work.

Also in the C:\Qoobox\Quarantine\Registry_backups folder is a AddRemove-ProInst.reg file also a DAT file and tcpip Registration Entries file.

Maybe a system restore to before the combo-fix and then start again??? :welcome:

Link to post
Share on other sites

See also my previous post:

Please visit this site and upload c:\qoobox\quarantine\c\windows\system32\drivers\passthru.sys.vir (most likely you will not see the .vir extension).

This way the developer can have a look to see if the file was a false positive or not (there is also malware using this filename in the same location).

Please let me know once you have uploaded the file.

Link to post
Share on other sites

Well i don't have the Driver so i downloaded it from here --> Proset wireless link

During the install there is a warning saying ''passthru miniport'' does not pass windows verification. I ran this driver years ago when first installed it but the virus is only a recent thing so i can't see it being related. I think this is why combo-fix picked it up. :welcome:

Here is latest MBAM log and 2 infections were found..

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5443

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

02/01/2011 14:56:57

mbam-log-2011-01-02 (14-56-57).txt

Scan type: Quick scan

Objects scanned: 199100

Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\METROWERKS (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Metrowerks\domain_url (Malware.Trace) -> Value: domain_url -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.