FAO Elise

Solid · January 1, 2011

Here are the laptop logs :welcome:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Mark at 13:25:34.37 on 01/01/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.556 [GMT 0:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe

C:\WINDOWS\system32\ipsechlp.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\CodeserveD.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Mark.MARK-90BF2CC8F2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/

BHO: {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - No File

BHO: TM_BHO Class: {60ec89b7-367d-402b-8c55-30faeb32a705} - c:\program files\ford motor company\ids\runtime\TMCtrlBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [iSUSPM] "c:\documents and settings\all users.windows\application data\flexnet\connect\11\ISUSPM.exe" -scheduler

mRun: [ipSync] c:\windows\system32\ipsechlp.exe

mRun: [intelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe

mRun: [<NO NAME>]

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [TDSReanimator] "c:\program files\common files\teradyne\TDSReanimator.exe"

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R2 TDSNetSetup;TDSNetSetup;c:\program files\common files\teradyne\TDSNetSetup.exe [2010-10-6 17920]

=============== Created Last 30 ================

2011-01-01 12:24:47 6273872 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{0b42c190-8cc5-43a6-8cc0-c38657d8dfe3}\mpengine.dll

2011-01-01 01:09:07 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-12-31 18:43:24 -------- d-----w- c:\windows\system32\wbem\repository\FS

2010-12-31 18:43:23 -------- d-----w- c:\windows\system32\wbem\Repository

2010-12-31 17:58:16 -------- d-----w- C:\cmdcons

2010-12-30 22:21:39 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-30 22:21:37 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-12-30 22:20:36 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-12-30 22:13:21 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-30 22:12:17 -------- d-----w- c:\docume~1\mark~1.mar\applic~1\Malwarebytes

2010-12-30 22:12:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-30 22:12:09 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes

2010-12-30 22:11:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-30 19:27:31 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2010-12-27 22:56:53 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-12-27 22:56:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-27 19:59:36 -------- d-----w- c:\docume~1\mark~1.mar\applic~1\FLEXnet

2010-12-27 19:18:32 -------- d-----w- c:\program files\Movimento

2010-12-18 13:53:30 -------- d-----w- C:\93d72796c79c0ef051cd65fc

2010-12-18 13:49:43 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys

2010-12-18 13:49:33 129535 ------w- c:\windows\system32\drivers\slnt7554.sys

2010-12-18 13:48:49 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2010-12-18 13:43:33 13824 ------w- c:\windows\system32\drivers\atinttxx.sys

2010-12-18 13:43:32 29455 ------w- c:\windows\system32\drivers\ati1xbxx.sys

2010-12-18 13:43:32 26367 ------w- c:\windows\system32\drivers\ati1snxx.sys

2010-12-18 13:43:32 14336 ------w- c:\windows\system32\drivers\atinpdxx.sys

2010-12-18 13:43:32 13824 ------w- c:\windows\system32\drivers\atinmdxx.sys

2010-12-17 23:21:50 120 ----a-w- c:\windows\system32\winsusrx.dll

2010-12-17 23:19:06 264 ----a-w- c:\windows\system32\winsusrm.dll

2010-12-17 23:13:51 -------- d-----w- c:\program files\WH Software

2010-12-17 22:21:39 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2010-12-17 22:21:35 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2010-12-17 22:21:33 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys

2010-12-17 22:21:17 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys

2010-12-17 22:21:13 142592 ----a-w- c:\windows\system32\drivers\aec.sys

2010-12-17 22:21:11 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys

2010-12-17 22:21:09 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys

2010-12-17 22:21:07 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys

2010-12-17 22:21:04 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys

2010-12-17 22:21:02 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys

2010-12-17 22:16:35 -------- d-----w- c:\docume~1\mark~1.mar\locals~1\applic~1\Deployment

2010-12-17 21:38:10 -------- d-----w- c:\docume~1\mark~1.mar\applic~1\BitZipper

2010-12-17 21:38:04 -------- d-----w- c:\program files\BitZipper

2010-12-17 20:56:53 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-12-17 20:56:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-12-17 20:56:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-12-17 20:56:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-12-17 20:56:50 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-12-17 20:56:49 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-12-17 20:56:46 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-12-17 20:54:07 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-12-17 20:48:33 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-12-17 20:48:32 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-12-17 20:47:36 357248 -c----w- c:\windows\system32\dllcache\srv.sys

2010-12-17 20:42:33 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-12-17 20:42:19 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-12-17 20:41:24 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-12-17 20:22:06 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-12-17 20:14:47 293376 ------w- c:\windows\system32\browserchoice.exe

2010-12-17 20:05:03 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-12-17 20:05:01 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-12-17 20:03:38 6273872 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2010-12-16 22:01:55 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\WH Software

2010-12-16 18:15:49 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-12-16 18:15:49 215920 ----a-w- c:\windows\system32\muweb.dll

2010-12-16 18:15:49 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-12-16 00:05:29 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-12-15 23:51:34 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-12-15 23:28:05 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys

2010-12-15 23:27:42 237568 ----a-w- c:\windows\system32\IC4USB32.dll

2010-12-15 23:27:42 -------- d-----w- c:\program files\SU Enterprise

2010-12-15 23:27:09 403216 ----a-w- c:\windows\system32\msrepl35.dll

2010-12-15 23:27:09 37136 ----a-w- c:\windows\system32\msjint35.dll

2010-12-15 23:27:09 368912 ----a-w- c:\windows\system32\vbar332.dll

2010-12-15 23:27:09 251664 ----a-w- c:\windows\system32\msrd2x35.dll

2010-12-15 23:27:09 24336 ----a-w- c:\windows\system32\msjter35.dll

2010-12-15 23:27:09 1039360 ----a-w- c:\windows\system32\msjet35.dll

2010-12-15 23:27:08 97552 ----a-w- c:\windows\system32\rdocurs.dll

2010-12-15 23:27:08 376080 ----a-w- c:\windows\system32\MSRDO20.DLL

2010-12-15 23:27:06 269312 ----a-w- c:\windows\uninst.exe

2010-12-15 23:27:05 -------- d-----w- c:\documents and settings\mark.mark-90bf2cc8f2\WINDOWS

2010-12-15 23:26:30 143360 ------w- c:\windows\system32\unzip.exe

2010-12-15 23:24:03 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL

2010-12-15 23:24:03 337320 ----a-w- c:\windows\system32\difxapi.dll

2010-12-15 23:23:45 126976 ----a-w- c:\windows\system32\zip.exe

2010-12-15 23:21:35 24064 ------w- c:\windows\system32\msxml3a.dll

2010-12-15 23:15:03 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-12-15 23:14:49 14048 ------w- c:\windows\system32\spmsg2.dll

2010-12-15 23:06:44 -------- d-----w- C:\800cc8e7e5437846d1

2010-12-15 22:07:43 -------- d-----w- c:\program files\MSXML 6.0

2010-12-15 22:06:23 -------- d-----w- c:\docume~1\mark~1.mar\applic~1\Intel

2010-12-15 22:06:06 234496 ----a-w- c:\windows\system32\drivers\iwca.sys

2010-12-15 22:06:06 21504 ----a-w- c:\windows\system32\drivers\iwca2k.sys

2010-12-15 22:06:06 16384 ----a-w- c:\windows\system32\iwca.dll

2010-12-15 22:05:41 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-12-15 22:04:03 1671168 ----a-w- c:\windows\system32\W29MLRES.DLL

2010-12-15 21:37:12 -------- d-sh--w- c:\documents and settings\mark.mark-90bf2cc8f2\IECompatCache

2010-12-15 21:17:17 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software

2010-12-15 19:36:28 -------- d-sh--w- c:\documents and settings\mark.mark-90bf2cc8f2\PrivacIE

2010-12-15 19:30:39 -------- d-sh--w- c:\documents and settings\mark.mark-90bf2cc8f2\IETldCache

2010-12-15 19:28:49 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2010-12-15 19:03:27 69888 ----a-w- c:\windows\system32\drivers\passthru.sys

2010-12-15 19:03:27 397400 ----a-w- c:\windows\system32\ipsechlp.exe

2010-12-15 18:36:28 -------- d-sh--w- c:\documents and settings\mark.mark-90bf2cc8f2\UserData

2010-12-15 17:57:53 770048 ----a-w- c:\windows\system32\BCMLogon.dll

2010-12-15 17:57:52 89088 ----a-w- c:\windows\system32\ATL71.DLL

2010-12-15 17:57:51 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-12-15 17:57:51 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-12-15 17:57:51 1060864 ----a-w- c:\windows\system32\MFC71.dll

2010-12-15 17:47:48 -------- d-sh--w- c:\docume~1\mark~1.mar\locals~1\applic~1\C575E8A8-16E2-4C95-AE36-0BA9C90710B0

2010-12-15 17:12:22 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Ford Motor Company

2010-12-15 17:02:02 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2010-12-15 17:02:02 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2010-12-15 17:00:53 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys

2010-12-15 16:59:53 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe

2010-12-15 16:57:28 -------- d-sh--w- c:\documents and settings\all users.windows\DRM

2010-12-15 16:56:53 -------- d--h--w- c:\program files\WindowsUpdate

2010-12-15 16:56:03 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe

2010-12-15 16:56:03 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe

2010-12-15 16:56:03 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll

2010-12-15 16:56:03 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll

2010-12-15 16:56:03 11264 ----a-w- c:\windows\system32\atrace.dll

2010-12-15 16:56:02 6656 -c--a-w- c:\windows\system32\dllcache\hcappres.dll

2010-12-15 16:52:59 86528 ----a-w- c:\windows\system32\wbem\stdprov.dll

2010-12-15 16:40:33 3072 ----a-w- c:\windows\system32\drivers\audstub.sys

2010-12-15 16:39:49 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2010-12-15 16:39:17 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys

2010-12-15 16:38:45 5504 ----a-w- c:\windows\system32\drivers\intelide.sys

2010-12-15 16:38:36 74240 ----a-w- c:\windows\system32\usbui.dll

2010-12-15 16:38:22 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-12-15 16:38:21 14208 ----a-w- c:\windows\system32\drivers\battc.sys

2010-12-15 16:38:21 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys

2010-12-02 20:55:32 -------- d-----w- C:\71cdc394a600d0768b10

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 13:27:08.51 ===============

ark.txt

Attach.txt

Elise · January 1, 2011

Hi again :welcome:

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Solid · January 1, 2011

Combo-fix worked and scan completed. It said there was rootkit activity and rebooted my machine. Then after it was finished it rebooted again and i can't access the internet from the laptop. Is it safe so save the combo-fix log file to a use stick and post here via my desktop?

Elise · January 1, 2011

Yes, you can do that. Try to rightclick your connection icon and select Repair or reboot your computer once and see if connectivity is restored.

Solid · January 1, 2011

I tried both those things before posting and neither worked. Here is the log file:..

ComboFix 11-01-01.01 - Mark 01/01/2011 19:21:45.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.831 [GMT 0:00]

Running from: c:\documents and settings\Mark.MARK-90BF2CC8F2\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Mark\Application Data\Adobe\AdobeUpdate .exe

c:\documents and settings\Mark\Application Data\Adobe\plugs

c:\documents and settings\Mark\Application Data\Olor

c:\documents and settings\Mark\Application Data\Olor\wiiv.ivg

c:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}

c:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}\chrome.manifest

c:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}\chrome\content\_cfg.js

c:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}\chrome\content\overlay.xul

c:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}\install.rdf

c:\windows\system32\drivers\passthru.sys

c:\windows\system32\ipsechlp.exe

c:\windows\system32\winsusrm.dll

c:\windows\system32\winsusrx.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Passthru

((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))

.

2010-12-30 22:21 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-30 22:21 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-12-30 22:20 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-12-30 22:13 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-30 22:12 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-30 22:11 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-30 19:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2010-12-27 22:56 . 2010-12-27 22:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-12-27 22:56 . 2010-12-27 22:56 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-27 19:18 . 2010-12-27 19:18 -------- d-----w- c:\program files\Movimento

2010-12-18 13:53 . 2010-12-18 13:54 -------- d-----w- C:\93d72796c79c0ef051cd65fc

2010-12-18 13:49 . 2004-08-03 22:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys

2010-12-18 13:49 . 2004-08-03 22:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys

2010-12-18 13:48 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2010-12-18 13:43 . 2004-08-03 22:29 13824 ------w- c:\windows\system32\drivers\atinttxx.sys

2010-12-18 13:43 . 2004-08-03 22:29 29455 ------w- c:\windows\system32\drivers\ati1xbxx.sys

2010-12-18 13:43 . 2004-08-03 22:29 26367 ------w- c:\windows\system32\drivers\ati1snxx.sys

2010-12-18 13:43 . 2004-08-03 22:29 14336 ------w- c:\windows\system32\drivers\atinpdxx.sys

2010-12-18 13:43 . 2004-08-03 22:29 13824 ------w- c:\windows\system32\drivers\atinmdxx.sys

2010-12-17 23:13 . 2010-12-17 23:13 -------- d-----w- c:\program files\WH Software

2010-12-17 22:21 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2010-12-17 22:21 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2010-12-17 22:21 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys

2010-12-17 22:21 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys

2010-12-17 22:21 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys

2010-12-17 22:21 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys

2010-12-17 22:21 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys

2010-12-17 22:21 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys

2010-12-17 22:21 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys

2010-12-17 22:21 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys

2010-12-17 21:38 . 2010-12-17 21:38 -------- d-----w- c:\program files\BitZipper

2010-12-17 20:56 . 2010-09-10 05:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-12-17 20:56 . 2010-09-10 05:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-12-17 20:56 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-12-17 20:56 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-12-17 20:56 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-12-17 20:56 . 2010-09-10 05:58 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-12-17 20:56 . 2010-09-10 05:58 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-12-17 20:54 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-12-17 20:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-12-17 20:48 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-12-17 20:47 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys

2010-12-17 20:42 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-12-17 20:42 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-12-17 20:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-12-17 20:22 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-12-17 20:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-12-17 20:05 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-12-17 20:05 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-12-16 18:15 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-12-16 18:15 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-12-16 00:05 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-12-15 23:51 . 2010-12-15 23:51 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-12-15 23:28 . 2008-04-13 18:45 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys

2010-12-15 23:27 . 2010-12-15 23:27 -------- d-----w- c:\program files\SU Enterprise

2010-12-15 23:27 . 2007-05-25 14:11 237568 ----a-w- c:\windows\system32\IC4USB32.dll

2010-12-15 23:27 . 1997-01-13 13:42 37136 ----a-w- c:\windows\system32\msjint35.dll

2010-12-15 23:27 . 1996-12-16 18:30 1039360 ----a-w- c:\windows\system32\msjet35.dll

2010-12-15 23:27 . 1996-12-03 13:07 403216 ----a-w- c:\windows\system32\msrepl35.dll

2010-12-15 23:27 . 1996-12-02 18:44 251664 ----a-w- c:\windows\system32\msrd2x35.dll

2010-12-15 23:27 . 1996-12-02 18:44 24336 ----a-w- c:\windows\system32\msjter35.dll

2010-12-15 23:27 . 1996-11-08 02:48 368912 ----a-w- c:\windows\system32\vbar332.dll

2010-12-15 23:27 . 1997-01-16 09:10 376080 ----a-w- c:\windows\system32\MSRDO20.DLL

2010-12-15 23:27 . 1997-01-13 10:49 97552 ----a-w- c:\windows\system32\rdocurs.dll

2010-12-15 23:27 . 2010-10-10 10:08 269312 ----a-w- c:\windows\uninst.exe

2010-12-15 23:26 . 2000-07-20 21:50 143360 ------w- c:\windows\system32\unzip.exe

2010-12-15 23:24 . 2010-10-10 10:08 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL

2010-12-15 23:24 . 2010-10-10 10:08 337320 ----a-w- c:\windows\system32\difxapi.dll

2010-12-15 23:21 . 2002-04-01 15:51 24064 ------w- c:\windows\system32\msxml3a.dll

2010-12-15 23:15 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-12-15 23:14 . 2006-06-29 13:07 14048 ------w- c:\windows\system32\spmsg2.dll

2010-12-15 23:06 . 2010-12-15 23:36 -------- d-----w- C:\800cc8e7e5437846d1

2010-12-15 22:07 . 2010-12-15 22:07 -------- d-----w- c:\program files\MSXML 6.0

2010-12-15 22:06 . 2004-08-12 08:44 16384 ----a-w- c:\windows\system32\iwca.dll

2010-12-15 22:06 . 2004-08-12 08:44 234496 ----a-w- c:\windows\system32\drivers\iwca.sys

2010-12-15 22:06 . 2004-08-12 08:43 21504 ----a-w- c:\windows\system32\drivers\iwca2k.sys

2010-12-15 22:05 . 2010-12-15 22:05 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-12-15 22:04 . 2005-05-31 22:46 1671168 ----a-w- c:\windows\system32\W29MLRES.DLL

2010-12-15 20:53 . 2010-12-15 22:06 -------- d-----w- c:\documents and settings\MARK~1~MAR

2010-12-15 19:28 . 2009-01-07 18:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2010-12-15 17:57 . 2006-11-01 12:48 770048 ----a-w- c:\windows\system32\BCMLogon.dll

2010-12-15 17:57 . 2006-11-01 12:48 89088 ----a-w- c:\windows\system32\ATL71.DLL

2010-12-15 17:57 . 2010-10-10 10:08 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-12-15 17:57 . 2010-10-10 10:08 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-12-15 17:57 . 2010-10-10 10:08 1060864 ----a-w- c:\windows\system32\MFC71.dll

2010-12-15 17:05 . 2011-01-01 13:24 -------- d-----w- c:\documents and settings\Mark.MARK-90BF2CC8F2

2010-12-15 17:04 . 2010-12-31 18:43 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY

2010-12-15 17:03 . 2010-12-31 18:43 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY

2010-12-15 17:02 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2010-12-15 17:02 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2010-12-15 17:00 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys

2010-12-15 16:59 . 2004-08-04 12:00 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe

2010-12-15 16:56 . 2004-08-04 12:00 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe

2010-12-15 16:56 . 2004-08-04 12:00 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe

2010-12-15 16:56 . 2004-08-04 12:00 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll

2010-12-15 16:56 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll

2010-12-15 16:56 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\atrace.dll

2010-12-15 16:56 . 2004-08-04 12:00 6656 -c--a-w- c:\windows\system32\dllcache\hcappres.dll

2010-12-15 16:52 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\wbem\wbemtest.exe

2010-12-15 16:40 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys

2010-12-15 16:39 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2010-12-15 16:39 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys

2010-12-15 16:38 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys

2010-12-15 16:38 . 2008-04-14 00:12 74240 ----a-w- c:\windows\system32\usbui.dll

2010-12-15 16:38 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-12-15 16:38 . 2008-04-13 18:36 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys

2010-12-15 16:38 . 2008-04-13 18:36 14208 ----a-w- c:\windows\system32\drivers\battc.sys

2010-12-15 16:33 . 2010-12-27 20:00 -------- d--h--w- c:\documents and settings\Default User.WINDOWS

2010-12-15 16:33 . 2010-12-15 16:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS

2010-12-15 15:52 . 2010-12-16 21:15 -------- d-sh--w- c:\documents and settings\Rachel\Local Settings\Application Data\C575E8A8-16E2-4C95-AE36-0BA9C90710B0

2010-12-12 21:43 . 2010-12-13 00:07 -------- d-----w- c:\documents and settings\Administrator

2010-12-12 20:18 . 2010-12-16 21:15 -------- d-sh--w- c:\documents and settings\Mark\Local Settings\Application Data\C575E8A8-16E2-4C95-AE36-0BA9C90710B0

2010-12-12 20:07 . 2010-12-12 20:07 -------- d-----w- c:\documents and settings\Mark\JarqhQDVcduhta

2010-12-02 20:55 . 2010-12-02 20:55 -------- d-----w- C:\71cdc394a600d0768b10

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024]

"TDSReanimator"="c:\program files\Common Files\Teradyne\TDSReanimator.exe" [2010-10-10 11264]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2005-05-31 22:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Tabman.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SysPage.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\PtchApply.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Rtdb.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Starburst.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\EngineeringFeedback.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SystemDiagnostic.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\VMM.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C402.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C403.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C407.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C412.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C413.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\LVPCheck.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\NetworkActivation.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"=

R2 TDSNetSetup;TDSNetSetup;c:\program files\Common Files\Teradyne\TDSNetSetup.exe [06/10/2010 17:22 17920]

.

Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 21:40]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-01 19:33

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(428)

c:\windows\System32\BCMLogon.dll

c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2608)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\wscntfy.exe

c:\program files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe

c:\program files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe

c:\program files\Ford Motor Company\IDS\Runtime\CodeserveD.exe

c:\program files\Ford Motor Company\IDS\Runtime\Starburst.exe

c:\program files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe

c:\program files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe

.

**************************************************************************

.

Completion time: 2011-01-01 19:39:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-01 19:39

ComboFix2.txt 2010-12-31 18:26

Pre-Run: 10,872,365,056 bytes free

Post-Run: 11,495,522,304 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 817B5E51B0C57FBF7B27BA53528F60ED

Elise · January 1, 2011

Please let me know if the internet is working fine now. How is everything else running?

Please launch MBAM, update it and run a full scan. Let me know what was found if anything.

Solid · January 1, 2011

Internet still won't connect. Was fine before running combo-fix. Malwarebytes won't update (because its offline) gives error code PROGRAM_ERROR_UPDATING (12007, 0, WinhttpSendRequest)

I'm running a scan anyways now.

Solid · January 1, 2011

Scan complete.. no infected items

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5426

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

01/01/2011 20:37:02

mbam-log-2011-01-01 (20-37-02).txt

Scan type: Quick scan

Objects scanned: 197964

Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Elise · January 1, 2011

That sounds like there might be a proxy set. Lets see what OTL will show.

OTL

-----

Please download OTL from one of the following mirrors:

- This is THE Mirror

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

OTListIt.txt <-- Will be opened
Extra.txt <-- Will be minimized

Solid · January 1, 2011

OTL Extras logfile created on: 01/01/2011 21:09:53 - Run 1

OTL by OldTimer - Version 3.2.20.0 Folder = C:\Documents and Settings\Mark.MARK-90BF2CC8F2\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.16 Gb Total Space | 10.96 Gb Free Space | 29.50% Space Free | Partition Type: NTFS

Drive E: | 1.81 Gb Total Space | 0.36 Gb Free Space | 19.66% Space Free | Partition Type: FAT

Computer Name: MARK-90BF2CC8F2 | User Name: Mark | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe:*:Enabled:Tabman Executable -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe:*:Enabled:System Page -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe:*:Enabled:Testman Executable -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe:*:Enabled:CodeServer Daemon -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe:*:Enabled:XML Registry Daemon -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe:*:Enabled:TDS Network Configuration -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe:*:Enabled:Apply TDS Patch -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe:*:Enabled:Update Database -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe:*:Enabled:StarBurst -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe:*:Enabled:Engineering Feedback -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe:*:Enabled:System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe:*:Enabled:VMM System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe:*:Enabled:C402 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe:*:Enabled:C403 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe:*:Enabled:C407 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe:*:Enabled:C412 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe:*:Enabled:C413 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe:*:Enabled:LVP Check Test Application -- (Teradyne Diagnostic Solutions Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe:*:Enabled:VCL_PC MFC Application EZTech -- (Teradyne Diagnostic Solutions Ltd.)

"C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe:*:Enabled:LAN Connectivity Activation -- (Teradyne Ltd)

"C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe:*:Enabled:ProbeTickHandler executable -- (Teradyne Ltd)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]