Solid Posted January 1, 2011 ID:368423 Share Posted January 1, 2011 Here are the laptop logs DDS (Ver_10-12-12.02) - NTFSx86 Run by Mark at 13:25:34.37 on 01/01/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.556 [GMT 0:00]AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\Explorer.EXEsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Common Files\Teradyne\TDSNetSetup.exeC:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exeC:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exeC:\WINDOWS\system32\ipsechlp.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exeC:\Program Files\Ford Motor Company\IDS\Runtime\CodeserveD.exeC:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exeC:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exeC:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wscntfy.exeC:\Documents and Settings\Mark.MARK-90BF2CC8F2\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.co.uk/BHO: {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - No FileBHO: TM_BHO Class: {60ec89b7-367d-402b-8c55-30faeb32a705} - c:\program files\ford motor company\ids\runtime\TMCtrlBHO.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dlluRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exeuRun: [iSUSPM] "c:\documents and settings\all users.windows\application data\flexnet\connect\11\ISUSPM.exe" -schedulermRun: [ipSync] c:\windows\system32\ipsechlp.exemRun: [intelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exemRun: [<NO NAME>] mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/WirelessmRun: [TDSReanimator] "c:\program files\common files\teradyne\TDSReanimator.exe"mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkeymRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEdRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabNotify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll============= SERVICES / DRIVERS ===============R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]R2 TDSNetSetup;TDSNetSetup;c:\program files\common files\teradyne\TDSNetSetup.exe [2010-10-6 17920]=============== Created Last 30 ================2011-01-01 12:24:47 6273872 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{0b42c190-8cc5-43a6-8cc0-c38657d8dfe3}\mpengine.dll2011-01-01 01:09:07 221184 ----a-w- c:\windows\system32\wmpns.dll2010-12-31 18:43:24 -------- d-----w- c:\windows\system32\wbem\repository\FS2010-12-31 18:43:23 -------- d-----w- c:\windows\system32\wbem\Repository2010-12-31 17:58:16 -------- d-----w- C:\cmdcons2010-12-30 22:21:39 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2010-12-30 22:21:37 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll2010-12-30 22:20:36 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2010-12-30 22:13:21 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2010-12-30 22:12:17 -------- d-----w- c:\docume~1\mark~1.mar\applic~1\Malwarebytes2010-12-30 22:12:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-12-30 22:12:09 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes2010-12-30 22:11:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-12-30 19:27:31 45568 -c----w- c:\windows\system32\dllcache\wab.exe2010-12-27 22:56:53 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-12-27 22:56:52 472808 ----a-w- c:\windows\system32\deployJava1.dll2010-12-27 19:59:36 -------- d-----w- c:\docume~1\mark~1.mar\applic~1\FLEXnet2010-12-27 19:18:32 -------- d-----w- c:\program files\Movimento2010-12-18 13:53:30 -------- d-----w- C:\93d72796c79c0ef051cd65fc2010-12-18 13:49:43 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys2010-12-18 13:49:33 129535 ------w- c:\windows\system32\drivers\slnt7554.sys2010-12-18 13:48:49 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe2010-12-18 13:43:33 13824 ------w- c:\windows\system32\drivers\atinttxx.sys2010-12-18 13:43:32 29455 ------w- c:\windows\system32\drivers\ati1xbxx.sys2010-12-18 13:43:32 26367 ------w- c:\windows\system32\drivers\ati1snxx.sys2010-12-18 13:43:32 14336 ------w- c:\windows\system32\drivers\atinpdxx.sys2010-12-18 13:43:32 13824 ------w- c:\windows\system32\drivers\atinmdxx.sys2010-12-17 23:21:50 120 ----a-w- c:\windows\system32\winsusrx.dll2010-12-17 23:19:06 264 ----a-w- c:\windows\system32\winsusrm.dll2010-12-17 23:13:51 -------- d-----w- c:\program files\WH Software2010-12-17 22:21:39 6272 ----a-w- c:\windows\system32\drivers\splitter.sys2010-12-17 22:21:35 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys2010-12-17 22:21:33 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys2010-12-17 22:21:17 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys2010-12-17 22:21:13 142592 ----a-w- c:\windows\system32\drivers\aec.sys2010-12-17 22:21:11 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys2010-12-17 22:21:09 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys2010-12-17 22:21:07 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys2010-12-17 22:21:04 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys2010-12-17 22:21:02 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys2010-12-17 22:16:35 -------- d-----w- c:\docume~1\mark~1.mar\locals~1\applic~1\Deployment2010-12-17 21:38:10 -------- d-----w- c:\docume~1\mark~1.mar\applic~1\BitZipper2010-12-17 21:38:04 -------- d-----w- c:\program files\BitZipper2010-12-17 20:56:53 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll2010-12-17 20:56:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2010-12-17 20:56:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2010-12-17 20:56:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2010-12-17 20:56:50 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2010-12-17 20:56:49 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll2010-12-17 20:56:46 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll2010-12-17 20:54:07 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll2010-12-17 20:48:33 272128 -c----w- c:\windows\system32\dllcache\bthport.sys2010-12-17 20:48:32 272128 ------w- c:\windows\system32\drivers\bthport.sys2010-12-17 20:47:36 357248 -c----w- c:\windows\system32\dllcache\srv.sys2010-12-17 20:42:33 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys2010-12-17 20:42:19 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll2010-12-17 20:41:24 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2010-12-17 20:22:06 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys2010-12-17 20:14:47 293376 ------w- c:\windows\system32\browserchoice.exe2010-12-17 20:05:03 5120 ----a-w- c:\windows\system32\xpsp4res.dll2010-12-17 20:05:01 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe2010-12-17 20:03:38 6273872 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2010-12-16 22:01:55 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\WH Software2010-12-16 18:15:49 274288 ----a-w- c:\windows\system32\mucltui.dll2010-12-16 18:15:49 215920 ----a-w- c:\windows\system32\muweb.dll2010-12-16 18:15:49 16736 ----a-w- c:\windows\system32\mucltui.dll.mui2010-12-16 00:05:29 222080 ------w- c:\windows\system32\MpSigStub.exe2010-12-15 23:51:34 -------- d-----w- c:\program files\Microsoft Security Essentials2010-12-15 23:28:05 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys2010-12-15 23:27:42 237568 ----a-w- c:\windows\system32\IC4USB32.dll2010-12-15 23:27:42 -------- d-----w- c:\program files\SU Enterprise2010-12-15 23:27:09 403216 ----a-w- c:\windows\system32\msrepl35.dll2010-12-15 23:27:09 37136 ----a-w- c:\windows\system32\msjint35.dll2010-12-15 23:27:09 368912 ----a-w- c:\windows\system32\vbar332.dll2010-12-15 23:27:09 251664 ----a-w- c:\windows\system32\msrd2x35.dll2010-12-15 23:27:09 24336 ----a-w- c:\windows\system32\msjter35.dll2010-12-15 23:27:09 1039360 ----a-w- c:\windows\system32\msjet35.dll2010-12-15 23:27:08 97552 ----a-w- c:\windows\system32\rdocurs.dll2010-12-15 23:27:08 376080 ----a-w- c:\windows\system32\MSRDO20.DLL2010-12-15 23:27:06 269312 ----a-w- c:\windows\uninst.exe2010-12-15 23:27:05 -------- d-----w- c:\documents and settings\mark.mark-90bf2cc8f2\WINDOWS2010-12-15 23:26:30 143360 ------w- c:\windows\system32\unzip.exe2010-12-15 23:24:03 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL2010-12-15 23:24:03 337320 ----a-w- c:\windows\system32\difxapi.dll2010-12-15 23:23:45 126976 ----a-w- c:\windows\system32\zip.exe2010-12-15 23:21:35 24064 ------w- c:\windows\system32\msxml3a.dll2010-12-15 23:15:03 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll2010-12-15 23:14:49 14048 ------w- c:\windows\system32\spmsg2.dll2010-12-15 23:06:44 -------- d-----w- C:\800cc8e7e5437846d12010-12-15 22:07:43 -------- d-----w- c:\program files\MSXML 6.02010-12-15 22:06:23 -------- d-----w- c:\docume~1\mark~1.mar\applic~1\Intel2010-12-15 22:06:06 234496 ----a-w- c:\windows\system32\drivers\iwca.sys2010-12-15 22:06:06 21504 ----a-w- c:\windows\system32\drivers\iwca2k.sys2010-12-15 22:06:06 16384 ----a-w- c:\windows\system32\iwca.dll2010-12-15 22:05:41 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys2010-12-15 22:04:03 1671168 ----a-w- c:\windows\system32\W29MLRES.DLL2010-12-15 21:37:12 -------- d-sh--w- c:\documents and settings\mark.mark-90bf2cc8f2\IECompatCache2010-12-15 21:17:17 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software2010-12-15 19:36:28 -------- d-sh--w- c:\documents and settings\mark.mark-90bf2cc8f2\PrivacIE2010-12-15 19:30:39 -------- d-sh--w- c:\documents and settings\mark.mark-90bf2cc8f2\IETldCache2010-12-15 19:28:49 26144 ----a-w- c:\windows\system32\spupdsvc.exe2010-12-15 19:03:27 69888 ----a-w- c:\windows\system32\drivers\passthru.sys2010-12-15 19:03:27 397400 ----a-w- c:\windows\system32\ipsechlp.exe2010-12-15 18:36:28 -------- d-sh--w- c:\documents and settings\mark.mark-90bf2cc8f2\UserData2010-12-15 17:57:53 770048 ----a-w- c:\windows\system32\BCMLogon.dll2010-12-15 17:57:52 89088 ----a-w- c:\windows\system32\ATL71.DLL2010-12-15 17:57:51 499712 ----a-w- c:\windows\system32\msvcp71.dll2010-12-15 17:57:51 348160 ----a-w- c:\windows\system32\msvcr71.dll2010-12-15 17:57:51 1060864 ----a-w- c:\windows\system32\MFC71.dll2010-12-15 17:47:48 -------- d-sh--w- c:\docume~1\mark~1.mar\locals~1\applic~1\C575E8A8-16E2-4C95-AE36-0BA9C90710B02010-12-15 17:12:22 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Ford Motor Company2010-12-15 17:02:02 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll2010-12-15 17:02:02 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys2010-12-15 17:00:53 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys2010-12-15 16:59:53 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe2010-12-15 16:57:28 -------- d-sh--w- c:\documents and settings\all users.windows\DRM2010-12-15 16:56:53 -------- d--h--w- c:\program files\WindowsUpdate2010-12-15 16:56:03 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe2010-12-15 16:56:03 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe2010-12-15 16:56:03 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll2010-12-15 16:56:03 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll2010-12-15 16:56:03 11264 ----a-w- c:\windows\system32\atrace.dll2010-12-15 16:56:02 6656 -c--a-w- c:\windows\system32\dllcache\hcappres.dll2010-12-15 16:52:59 86528 ----a-w- c:\windows\system32\wbem\stdprov.dll2010-12-15 16:40:33 3072 ----a-w- c:\windows\system32\drivers\audstub.sys2010-12-15 16:39:49 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2010-12-15 16:39:17 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys2010-12-15 16:38:45 5504 ----a-w- c:\windows\system32\drivers\intelide.sys2010-12-15 16:38:36 74240 ----a-w- c:\windows\system32\usbui.dll2010-12-15 16:38:22 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys2010-12-15 16:38:21 14208 ----a-w- c:\windows\system32\drivers\battc.sys2010-12-15 16:38:21 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys2010-12-02 20:55:32 -------- d-----w- C:\71cdc394a600d0768b10==================== Find3M ====================2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys============= FINISH: 13:27:08.51 ===============ark.txtAttach.txt Link to post Share on other sites More sharing options...
Elise Posted January 1, 2011 ID:368446 Share Posted January 1, 2011 Hi again COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply. Link to post Share on other sites More sharing options...
Solid Posted January 1, 2011 Author ID:368453 Share Posted January 1, 2011 Combo-fix worked and scan completed. It said there was rootkit activity and rebooted my machine. Then after it was finished it rebooted again and i can't access the internet from the laptop. Is it safe so save the combo-fix log file to a use stick and post here via my desktop? Link to post Share on other sites More sharing options...
Elise Posted January 1, 2011 ID:368459 Share Posted January 1, 2011 Yes, you can do that. Try to rightclick your connection icon and select Repair or reboot your computer once and see if connectivity is restored. Link to post Share on other sites More sharing options...
Solid Posted January 1, 2011 Author ID:368461 Share Posted January 1, 2011 I tried both those things before posting and neither worked. Here is the log file:..ComboFix 11-01-01.01 - Mark 01/01/2011 19:21:45.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.831 [GMT 0:00]Running from: c:\documents and settings\Mark.MARK-90BF2CC8F2\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Mark\Application Data\Adobe\AdobeUpdate .exec:\documents and settings\Mark\Application Data\Adobe\plugsc:\documents and settings\Mark\Application Data\Olorc:\documents and settings\Mark\Application Data\Olor\wiiv.ivgc:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}c:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}\chrome.manifestc:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}\chrome\content\_cfg.jsc:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}\chrome\content\overlay.xulc:\documents and settings\Mark\Local Settings\Application Data\{BD3CB083-0E4B-45CB-9DDC-203670E2A5D6}\install.rdfc:\windows\system32\drivers\passthru.sysc:\windows\system32\ipsechlp.exec:\windows\system32\winsusrm.dllc:\windows\system32\winsusrx.dll.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_Passthru((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 ))))))))))))))))))))))))))))))).2010-12-30 22:21 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2010-12-30 22:21 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll2010-12-30 22:20 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2010-12-30 22:13 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2010-12-30 22:12 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-12-30 22:11 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-12-30 19:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe2010-12-27 22:56 . 2010-12-27 22:56 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-12-27 22:56 . 2010-12-27 22:56 472808 ----a-w- c:\windows\system32\deployJava1.dll2010-12-27 19:18 . 2010-12-27 19:18 -------- d-----w- c:\program files\Movimento2010-12-18 13:53 . 2010-12-18 13:54 -------- d-----w- C:\93d72796c79c0ef051cd65fc2010-12-18 13:49 . 2004-08-03 22:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys2010-12-18 13:49 . 2004-08-03 22:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys2010-12-18 13:48 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe2010-12-18 13:43 . 2004-08-03 22:29 13824 ------w- c:\windows\system32\drivers\atinttxx.sys2010-12-18 13:43 . 2004-08-03 22:29 29455 ------w- c:\windows\system32\drivers\ati1xbxx.sys2010-12-18 13:43 . 2004-08-03 22:29 26367 ------w- c:\windows\system32\drivers\ati1snxx.sys2010-12-18 13:43 . 2004-08-03 22:29 14336 ------w- c:\windows\system32\drivers\atinpdxx.sys2010-12-18 13:43 . 2004-08-03 22:29 13824 ------w- c:\windows\system32\drivers\atinmdxx.sys2010-12-17 23:13 . 2010-12-17 23:13 -------- d-----w- c:\program files\WH Software2010-12-17 22:21 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys2010-12-17 22:21 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys2010-12-17 22:21 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys2010-12-17 22:21 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys2010-12-17 22:21 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys2010-12-17 22:21 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys2010-12-17 22:21 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys2010-12-17 22:21 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys2010-12-17 22:21 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys2010-12-17 22:21 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys2010-12-17 21:38 . 2010-12-17 21:38 -------- d-----w- c:\program files\BitZipper2010-12-17 20:56 . 2010-09-10 05:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll2010-12-17 20:56 . 2010-09-10 05:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2010-12-17 20:56 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2010-12-17 20:56 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2010-12-17 20:56 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2010-12-17 20:56 . 2010-09-10 05:58 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll2010-12-17 20:56 . 2010-09-10 05:58 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll2010-12-17 20:54 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll2010-12-17 20:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys2010-12-17 20:48 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys2010-12-17 20:47 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys2010-12-17 20:42 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys2010-12-17 20:42 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll2010-12-17 20:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2010-12-17 20:22 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys2010-12-17 20:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe2010-12-17 20:05 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll2010-12-17 20:05 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe2010-12-16 18:15 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll2010-12-16 18:15 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll2010-12-16 00:05 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe2010-12-15 23:51 . 2010-12-15 23:51 -------- d-----w- c:\program files\Microsoft Security Essentials2010-12-15 23:28 . 2008-04-13 18:45 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys2010-12-15 23:27 . 2010-12-15 23:27 -------- d-----w- c:\program files\SU Enterprise2010-12-15 23:27 . 2007-05-25 14:11 237568 ----a-w- c:\windows\system32\IC4USB32.dll2010-12-15 23:27 . 1997-01-13 13:42 37136 ----a-w- c:\windows\system32\msjint35.dll2010-12-15 23:27 . 1996-12-16 18:30 1039360 ----a-w- c:\windows\system32\msjet35.dll2010-12-15 23:27 . 1996-12-03 13:07 403216 ----a-w- c:\windows\system32\msrepl35.dll2010-12-15 23:27 . 1996-12-02 18:44 251664 ----a-w- c:\windows\system32\msrd2x35.dll2010-12-15 23:27 . 1996-12-02 18:44 24336 ----a-w- c:\windows\system32\msjter35.dll2010-12-15 23:27 . 1996-11-08 02:48 368912 ----a-w- c:\windows\system32\vbar332.dll2010-12-15 23:27 . 1997-01-16 09:10 376080 ----a-w- c:\windows\system32\MSRDO20.DLL2010-12-15 23:27 . 1997-01-13 10:49 97552 ----a-w- c:\windows\system32\rdocurs.dll2010-12-15 23:27 . 2010-10-10 10:08 269312 ----a-w- c:\windows\uninst.exe2010-12-15 23:26 . 2000-07-20 21:50 143360 ------w- c:\windows\system32\unzip.exe2010-12-15 23:24 . 2010-10-10 10:08 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL2010-12-15 23:24 . 2010-10-10 10:08 337320 ----a-w- c:\windows\system32\difxapi.dll2010-12-15 23:21 . 2002-04-01 15:51 24064 ------w- c:\windows\system32\msxml3a.dll2010-12-15 23:15 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll2010-12-15 23:14 . 2006-06-29 13:07 14048 ------w- c:\windows\system32\spmsg2.dll2010-12-15 23:06 . 2010-12-15 23:36 -------- d-----w- C:\800cc8e7e5437846d12010-12-15 22:07 . 2010-12-15 22:07 -------- d-----w- c:\program files\MSXML 6.02010-12-15 22:06 . 2004-08-12 08:44 16384 ----a-w- c:\windows\system32\iwca.dll2010-12-15 22:06 . 2004-08-12 08:44 234496 ----a-w- c:\windows\system32\drivers\iwca.sys2010-12-15 22:06 . 2004-08-12 08:43 21504 ----a-w- c:\windows\system32\drivers\iwca2k.sys2010-12-15 22:05 . 2010-12-15 22:05 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys2010-12-15 22:04 . 2005-05-31 22:46 1671168 ----a-w- c:\windows\system32\W29MLRES.DLL2010-12-15 20:53 . 2010-12-15 22:06 -------- d-----w- c:\documents and settings\MARK~1~MAR2010-12-15 19:28 . 2009-01-07 18:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe2010-12-15 17:57 . 2006-11-01 12:48 770048 ----a-w- c:\windows\system32\BCMLogon.dll2010-12-15 17:57 . 2006-11-01 12:48 89088 ----a-w- c:\windows\system32\ATL71.DLL2010-12-15 17:57 . 2010-10-10 10:08 499712 ----a-w- c:\windows\system32\msvcp71.dll2010-12-15 17:57 . 2010-10-10 10:08 348160 ----a-w- c:\windows\system32\msvcr71.dll2010-12-15 17:57 . 2010-10-10 10:08 1060864 ----a-w- c:\windows\system32\MFC71.dll2010-12-15 17:05 . 2011-01-01 13:24 -------- d-----w- c:\documents and settings\Mark.MARK-90BF2CC8F22010-12-15 17:04 . 2010-12-31 18:43 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY2010-12-15 17:03 . 2010-12-31 18:43 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY2010-12-15 17:02 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll2010-12-15 17:02 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys2010-12-15 17:00 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys2010-12-15 16:59 . 2004-08-04 12:00 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe2010-12-15 16:56 . 2004-08-04 12:00 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe2010-12-15 16:56 . 2004-08-04 12:00 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe2010-12-15 16:56 . 2004-08-04 12:00 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll2010-12-15 16:56 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll2010-12-15 16:56 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\atrace.dll2010-12-15 16:56 . 2004-08-04 12:00 6656 -c--a-w- c:\windows\system32\dllcache\hcappres.dll2010-12-15 16:52 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\wbem\wbemtest.exe2010-12-15 16:40 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys2010-12-15 16:39 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2010-12-15 16:39 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys2010-12-15 16:38 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys2010-12-15 16:38 . 2008-04-14 00:12 74240 ----a-w- c:\windows\system32\usbui.dll2010-12-15 16:38 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys2010-12-15 16:38 . 2008-04-13 18:36 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys2010-12-15 16:38 . 2008-04-13 18:36 14208 ----a-w- c:\windows\system32\drivers\battc.sys2010-12-15 16:33 . 2010-12-27 20:00 -------- d--h--w- c:\documents and settings\Default User.WINDOWS2010-12-15 16:33 . 2010-12-15 16:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS2010-12-15 15:52 . 2010-12-16 21:15 -------- d-sh--w- c:\documents and settings\Rachel\Local Settings\Application Data\C575E8A8-16E2-4C95-AE36-0BA9C90710B02010-12-12 21:43 . 2010-12-13 00:07 -------- d-----w- c:\documents and settings\Administrator2010-12-12 20:18 . 2010-12-16 21:15 -------- d-sh--w- c:\documents and settings\Mark\Local Settings\Application Data\C575E8A8-16E2-4C95-AE36-0BA9C90710B02010-12-12 20:07 . 2010-12-12 20:07 -------- d-----w- c:\documents and settings\Mark\JarqhQDVcduhta2010-12-02 20:55 . 2010-12-02 20:55 -------- d-----w- C:\71cdc394a600d0768b10.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024]"TDSReanimator"="c:\program files\Common Files\Teradyne\TDSReanimator.exe" [2010-10-10 11264]"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]2005-05-31 22:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Tabman.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SysPage.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\PtchApply.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Rtdb.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Starburst.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\EngineeringFeedback.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SystemDiagnostic.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\VMM.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C402.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C403.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C407.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C412.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C413.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\LVPCheck.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\NetworkActivation.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"=R2 TDSNetSetup;TDSNetSetup;c:\program files\Common Files\Teradyne\TDSNetSetup.exe [06/10/2010 17:22 17920].Contents of the 'Scheduled Tasks' folder2011-01-01 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 21:40]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.co.uk/.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-01-01 19:33Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(428)c:\windows\System32\BCMLogon.dllc:\program files\Intel\Wireless\Bin\LgNotify.dll- - - - - - - > 'explorer.exe'(2608)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dll.------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Essentials\MsMpEng.exec:\program files\Intel\Wireless\Bin\EvtEng.exec:\program files\Intel\Wireless\Bin\S24EvMon.exec:\program files\Intel\Wireless\Bin\WLKeeper.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Intel\Wireless\Bin\RegSrvc.exec:\windows\system32\wscntfy.exec:\program files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exec:\program files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exec:\program files\Ford Motor Company\IDS\Runtime\CodeserveD.exec:\program files\Ford Motor Company\IDS\Runtime\Starburst.exec:\program files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exec:\program files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe.**************************************************************************.Completion time: 2011-01-01 19:39:12 - machine was rebootedComboFix-quarantined-files.txt 2011-01-01 19:39ComboFix2.txt 2010-12-31 18:26Pre-Run: 10,872,365,056 bytes freePost-Run: 11,495,522,304 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect- - End Of File - - 817B5E51B0C57FBF7B27BA53528F60ED Link to post Share on other sites More sharing options...
Elise Posted January 1, 2011 ID:368463 Share Posted January 1, 2011 Please let me know if the internet is working fine now. How is everything else running?Please launch MBAM, update it and run a full scan. Let me know what was found if anything. Link to post Share on other sites More sharing options...
Solid Posted January 1, 2011 Author ID:368466 Share Posted January 1, 2011 Internet still won't connect. Was fine before running combo-fix. Malwarebytes won't update (because its offline) gives error code PROGRAM_ERROR_UPDATING (12007, 0, WinhttpSendRequest)I'm running a scan anyways now. Link to post Share on other sites More sharing options...
Solid Posted January 1, 2011 Author ID:368470 Share Posted January 1, 2011 Scan complete.. no infected itemsMalwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5426Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870201/01/2011 20:37:02mbam-log-2011-01-01 (20-37-02).txtScan type: Quick scanObjects scanned: 197964Time elapsed: 4 minute(s), 25 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Elise Posted January 1, 2011 ID:368474 Share Posted January 1, 2011 That sounds like there might be a proxy set. Lets see what OTL will show.OTL-----Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the Quick Scan button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimized Link to post Share on other sites More sharing options...
Solid Posted January 1, 2011 Author ID:368478 Share Posted January 1, 2011 OTL Extras logfile created on: 01/01/2011 21:09:53 - Run 1OTL by OldTimer - Version 3.2.20.0 Folder = C:\Documents and Settings\Mark.MARK-90BF2CC8F2\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File freePaging file location(s): C:\pagefile.sys 1908 3816 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 37.16 Gb Total Space | 10.96 Gb Free Space | 29.50% Space Free | Partition Type: NTFSDrive E: | 1.81 Gb Total Space | 0.36 Gb Free Space | 19.66% Space Free | Partition Type: FATComputer Name: MARK-90BF2CC8F2 | User Name: Mark | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- Reg Error: Key error.piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe:*:Enabled:Tabman Executable -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe:*:Enabled:System Page -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe:*:Enabled:Testman Executable -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe:*:Enabled:CodeServer Daemon -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe:*:Enabled:XML Registry Daemon -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe:*:Enabled:TDS Network Configuration -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe:*:Enabled:Apply TDS Patch -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe:*:Enabled:Update Database -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe:*:Enabled:StarBurst -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe:*:Enabled:Engineering Feedback -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe:*:Enabled:System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe:*:Enabled:VMM System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe:*:Enabled:C402 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe:*:Enabled:C403 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe:*:Enabled:C407 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe:*:Enabled:C412 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe:*:Enabled:C413 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe:*:Enabled:LVP Check Test Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe:*:Enabled:VCL_PC MFC Application EZTech -- (Teradyne Diagnostic Solutions Ltd.)"C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe:*:Enabled:LAN Connectivity Activation -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe:*:Enabled:ProbeTickHandler executable -- (Teradyne Ltd)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe:*:Enabled:Tabman Executable -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe:*:Enabled:System Page -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe:*:Enabled:Testman Executable -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe:*:Enabled:CodeServer Daemon -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe:*:Enabled:XML Registry Daemon -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe:*:Enabled:TDS Network Configuration -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe:*:Enabled:Apply TDS Patch -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe:*:Enabled:Update Database -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe:*:Enabled:StarBurst -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe:*:Enabled:Engineering Feedback -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe:*:Enabled:System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe:*:Enabled:VMM System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe:*:Enabled:C402 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe:*:Enabled:C403 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe:*:Enabled:C407 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe:*:Enabled:C412 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe:*:Enabled:C413 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe:*:Enabled:LVP Check Test Application -- (Teradyne Diagnostic Solutions Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe:*:Enabled:VCL_PC MFC Application EZTech -- (Teradyne Diagnostic Solutions Ltd.)"C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe:*:Enabled:LAN Connectivity Activation -- (Teradyne Ltd)"C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe:*:Enabled:ProbeTickHandler executable -- (Teradyne Ltd)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO"{097FE1B7-B186-426B-A4EC-D1D9D21D3099}" = Calibration"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView"{0E619C5F-7D9E-44C5-A9D0-265983BE7EC2}" = Puma"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver"{29FA4B23-42EF-4D8B-9C4B-C638DDD6D279}" = IDS"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig"{8718A2BC-7E23-4D23-969A-2A2EC9E45B0E}" = IC4 Interface Device by SU Enterprise, Inc."{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz"{91DE1A85-7350-458A-B674-D7C8F3476299}" = IDS"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio"{B794A635-FC70-4C0A-989E-44AA021FAADB}" = IDS"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe SVG Viewer" = Adobe SVG Viewer 3.0"BitZipper_is1" = BitZipper 2010"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5"ie8" = Windows Internet Explorer 8"InstaCode" = InstaCode"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft Security Essentials" = Microsoft Security Essentials"ProInst" = Intel® PROSet/Wireless Software"WIC" = Windows Imaging Component"Windows XP Service Pack" = Windows XP Service Pack 3"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-1060284298-1532298954-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"f031ef6ac137efc5" = Dell Driver Download Manager========== Last 10 Event Log Errors ==========[ Application Events ]Error - 27/12/2010 16:03:40 | Computer Name = MARK-90BF2CC8F2 | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL.Error - 27/12/2010 16:10:10 | Computer Name = MARK-90BF2CC8F2 | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL.Error - 27/12/2010 18:36:36 | Computer Name = MARK-90BF2CC8F2 | Source = Application Error | ID = 1000Description = Faulting application ipsechlp.exe, version 2.6.1.651, faulting module ipsechlp.exe, version 2.6.1.651, fault address 0x0000ccc2.Error - 30/12/2010 15:21:14 | Computer Name = MARK-90BF2CC8F2 | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL.Error - 31/12/2010 14:37:16 | Computer Name = MARK-90BF2CC8F2 | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL.Error - 31/12/2010 21:13:22 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3001Description = The performance counter name string value in the registry is incorrectlyformatted. The bogus string is 7842, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section.Error - 31/12/2010 21:13:22 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3011Description = Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.Error - 31/12/2010 21:13:26 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3001Description = The performance counter name string value in the registry is incorrectlyformatted. The bogus string is 7842, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section.Error - 31/12/2010 21:13:26 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3011Description = Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The Error code is the first DWORD in Data section.Error - 31/12/2010 21:13:27 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3001Description = The performance counter name string value in the registry is incorrectlyformatted. The bogus string is 7842, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section.[ System Events ]Error - 27/12/2010 16:03:15 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:03:15 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:03:40 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:03:40 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:03:40 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:10:10 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:10:10 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:10:10 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 30/12/2010 15:21:13 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2664.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 30/12/2010 15:25:16 | Computer Name = MARK-90BF2CC8F2 | Source = Dhcp | ID = 1002Description = The IP address lease 192.168.0.6 for the Network Card with network address 00166F7951D3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).< End of report >OTL logfile created on: 01/01/2011 21:09:53 - Run 1OTL by OldTimer - Version 3.2.20.0 Folder = C:\Documents and Settings\Mark.MARK-90BF2CC8F2\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File freePaging file location(s): C:\pagefile.sys 1908 3816 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 37.16 Gb Total Space | 10.96 Gb Free Space | 29.50% Space Free | Partition Type: NTFSDrive E: | 1.81 Gb Total Space | 0.36 Gb Free Space | 19.66% Space Free | Partition Type: FATComputer Name: MARK-90BF2CC8F2 | User Name: Mark | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2011/01/01 21:09:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark.MARK-90BF2CC8F2\Desktop\OTL.exePRC - [2010/10/10 05:02:30 | 000,045,568 | ---- | M] (Teradyne Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exePRC - [2010/10/10 05:01:48 | 000,017,920 | ---- | M] () -- C:\Program Files\Common Files\Teradyne\TDSNetSetup.exePRC - [2010/10/10 05:01:10 | 000,127,488 | ---- | M] (Teradyne Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exePRC - [2010/10/10 04:54:40 | 000,090,624 | ---- | M] (Teradyne Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exePRC - [2010/10/10 04:54:08 | 000,074,240 | ---- | M] (Teradyne Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exePRC - [2010/10/10 03:42:02 | 000,461,824 | ---- | M] (Teradyne Diagnostic Solutions Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exePRC - [2010/10/10 03:26:04 | 000,205,312 | ---- | M] (Teradyne Diagnostic Solutions Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exePRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exePRC - [2010/05/21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exePRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exePRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2005/06/03 01:31:50 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exePRC - [2005/06/03 01:28:34 | 000,372,809 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exePRC - [2005/06/03 01:25:56 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exePRC - [2005/06/03 01:25:20 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exePRC - [2005/05/31 22:51:36 | 000,225,353 | ---- | M] (Intel Link to post Share on other sites More sharing options...
Elise Posted January 1, 2011 ID:368481 Share Posted January 1, 2011 Please click Start > Run, type combofix /F3M and press enter (note the space between combofix and /F3M). Post me the new log and let me know if your internet works afterwards. Link to post Share on other sites More sharing options...
Solid Posted January 1, 2011 Author ID:368485 Share Posted January 1, 2011 Internet still won't work.Latest log file from combofix....ComboFix 11-01-01.01 - Mark 01/01/2011 21:30:45.2.1 - x86Running from: c:\documents and settings\Mark.MARK-90BF2CC8F2\Desktop\ComboFix.exeCommand switches used :: /F3MAV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 ))))))))))))))))))))))))))))))).2011-01-01 01:09 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll2010-12-31 18:43 . 2010-12-31 18:43 -------- d-----w- c:\windows\system32\wbem\Repository2010-12-30 22:21 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2010-12-30 22:21 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll2010-12-30 22:20 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2010-12-30 22:13 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2010-12-30 22:12 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-12-30 22:11 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-12-30 19:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe2010-12-27 22:56 . 2010-12-27 22:56 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-12-27 22:56 . 2010-12-27 22:56 472808 ----a-w- c:\windows\system32\deployJava1.dll2010-12-27 19:18 . 2010-12-27 19:18 -------- d-----w- c:\program files\Movimento2010-12-18 13:53 . 2010-12-18 13:54 -------- d-----w- C:\93d72796c79c0ef051cd65fc2010-12-18 13:49 . 2004-08-03 22:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys2010-12-18 13:49 . 2004-08-03 22:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys2010-12-18 13:48 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe2010-12-18 13:43 . 2004-08-03 22:29 13824 ------w- c:\windows\system32\drivers\atinttxx.sys2010-12-18 13:43 . 2004-08-03 22:29 29455 ------w- c:\windows\system32\drivers\ati1xbxx.sys2010-12-18 13:43 . 2004-08-03 22:29 26367 ------w- c:\windows\system32\drivers\ati1snxx.sys2010-12-18 13:43 . 2004-08-03 22:29 14336 ------w- c:\windows\system32\drivers\atinpdxx.sys2010-12-18 13:43 . 2004-08-03 22:29 13824 ------w- c:\windows\system32\drivers\atinmdxx.sys2010-12-17 23:13 . 2010-12-17 23:13 -------- d-----w- c:\program files\WH Software2010-12-17 22:21 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys2010-12-17 22:21 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys2010-12-17 22:21 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys2010-12-17 22:21 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys2010-12-17 22:21 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys2010-12-17 22:21 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys2010-12-17 22:21 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys2010-12-17 22:21 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys2010-12-17 22:21 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys2010-12-17 22:21 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys2010-12-17 21:38 . 2010-12-17 21:38 -------- d-----w- c:\program files\BitZipper2010-12-17 20:56 . 2010-09-10 05:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll2010-12-17 20:56 . 2010-09-10 05:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2010-12-17 20:56 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2010-12-17 20:56 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2010-12-17 20:56 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2010-12-17 20:56 . 2010-09-10 05:58 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll2010-12-17 20:56 . 2010-09-10 05:58 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll2010-12-17 20:54 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll2010-12-17 20:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys2010-12-17 20:48 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys2010-12-17 20:47 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys2010-12-17 20:42 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys2010-12-17 20:42 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll2010-12-17 20:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2010-12-17 20:22 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys2010-12-17 20:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe2010-12-17 20:05 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll2010-12-17 20:05 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe2010-12-16 18:15 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll2010-12-16 18:15 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll2010-12-16 00:05 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe2010-12-15 23:51 . 2010-12-15 23:51 -------- d-----w- c:\program files\Microsoft Security Essentials2010-12-15 23:28 . 2008-04-13 18:45 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys2010-12-15 23:27 . 2010-12-15 23:27 -------- d-----w- c:\program files\SU Enterprise2010-12-15 23:27 . 2007-05-25 14:11 237568 ----a-w- c:\windows\system32\IC4USB32.dll2010-12-15 23:27 . 1997-01-13 13:42 37136 ----a-w- c:\windows\system32\msjint35.dll2010-12-15 23:27 . 1996-12-16 18:30 1039360 ----a-w- c:\windows\system32\msjet35.dll2010-12-15 23:27 . 1996-12-03 13:07 403216 ----a-w- c:\windows\system32\msrepl35.dll2010-12-15 23:27 . 1996-12-02 18:44 251664 ----a-w- c:\windows\system32\msrd2x35.dll2010-12-15 23:27 . 1996-12-02 18:44 24336 ----a-w- c:\windows\system32\msjter35.dll2010-12-15 23:27 . 1996-11-08 02:48 368912 ----a-w- c:\windows\system32\vbar332.dll2010-12-15 23:27 . 1997-01-16 09:10 376080 ----a-w- c:\windows\system32\MSRDO20.DLL2010-12-15 23:27 . 1997-01-13 10:49 97552 ----a-w- c:\windows\system32\rdocurs.dll2010-12-15 23:27 . 2010-10-10 10:08 269312 ----a-w- c:\windows\uninst.exe2010-12-15 23:26 . 2000-07-20 21:50 143360 ------w- c:\windows\system32\unzip.exe2010-12-15 23:24 . 2010-10-10 10:08 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL2010-12-15 23:24 . 2010-10-10 10:08 337320 ----a-w- c:\windows\system32\difxapi.dll2010-12-15 23:21 . 2002-04-01 15:51 24064 ------w- c:\windows\system32\msxml3a.dll2010-12-15 23:15 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll2010-12-15 23:14 . 2006-06-29 13:07 14048 ------w- c:\windows\system32\spmsg2.dll2010-12-15 23:06 . 2010-12-15 23:36 -------- d-----w- C:\800cc8e7e5437846d12010-12-15 22:07 . 2010-12-15 22:07 -------- d-----w- c:\program files\MSXML 6.02010-12-15 22:06 . 2004-08-12 08:44 16384 ----a-w- c:\windows\system32\iwca.dll2010-12-15 22:06 . 2004-08-12 08:44 234496 ----a-w- c:\windows\system32\drivers\iwca.sys2010-12-15 22:06 . 2004-08-12 08:43 21504 ----a-w- c:\windows\system32\drivers\iwca2k.sys2010-12-15 22:05 . 2010-12-15 22:05 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys2010-12-15 22:04 . 2005-05-31 22:46 1671168 ----a-w- c:\windows\system32\W29MLRES.DLL2010-12-15 20:53 . 2010-12-15 22:06 -------- d-----w- c:\documents and settings\MARK~1~MAR2010-12-15 19:28 . 2009-01-07 18:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe2010-12-15 17:57 . 2006-11-01 12:48 770048 ----a-w- c:\windows\system32\BCMLogon.dll2010-12-15 17:57 . 2006-11-01 12:48 89088 ----a-w- c:\windows\system32\ATL71.DLL2010-12-15 17:57 . 2010-10-10 10:08 499712 ----a-w- c:\windows\system32\msvcp71.dll2010-12-15 17:57 . 2010-10-10 10:08 348160 ----a-w- c:\windows\system32\msvcr71.dll2010-12-15 17:57 . 2010-10-10 10:08 1060864 ----a-w- c:\windows\system32\MFC71.dll2010-12-15 17:05 . 2011-01-01 13:24 -------- d-----w- c:\documents and settings\Mark.MARK-90BF2CC8F22010-12-15 17:04 . 2010-12-31 18:43 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY2010-12-15 17:03 . 2010-12-31 18:43 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY2010-12-15 17:02 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll2010-12-15 17:02 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys2010-12-15 17:00 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys2010-12-15 16:59 . 2004-08-04 12:00 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe2010-12-15 16:56 . 2004-08-04 12:00 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe2010-12-15 16:56 . 2004-08-04 12:00 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe2010-12-15 16:56 . 2004-08-04 12:00 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll2010-12-15 16:56 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll2010-12-15 16:56 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\atrace.dll2010-12-15 16:56 . 2004-08-04 12:00 6656 -c--a-w- c:\windows\system32\dllcache\hcappres.dll2010-12-15 16:52 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\wbem\wbemtest.exe2010-12-15 16:40 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys2010-12-15 16:39 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2010-12-15 16:39 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys2010-12-15 16:38 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys2010-12-15 16:38 . 2008-04-14 00:12 74240 ----a-w- c:\windows\system32\usbui.dll2010-12-15 16:38 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys2010-12-15 16:38 . 2008-04-13 18:36 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys2010-12-15 16:38 . 2008-04-13 18:36 14208 ----a-w- c:\windows\system32\drivers\battc.sys2010-12-15 16:33 . 2010-12-27 20:00 -------- d--h--w- c:\documents and settings\Default User.WINDOWS2010-12-15 16:33 . 2010-12-15 16:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS2010-12-15 15:52 . 2010-12-16 21:15 -------- d-sh--w- c:\documents and settings\Rachel\Local Settings\Application Data\C575E8A8-16E2-4C95-AE36-0BA9C90710B02010-12-12 21:43 . 2010-12-13 00:07 -------- d-----w- c:\documents and settings\Administrator2010-12-12 20:07 . 2010-12-12 20:07 -------- d-----w- c:\documents and settings\Mark\JarqhQDVcduhta.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024]"TDSReanimator"="c:\program files\Common Files\Teradyne\TDSReanimator.exe" [2010-10-10 11264]"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]2005-05-31 22:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Tabman.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SysPage.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\PtchApply.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Rtdb.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Starburst.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\EngineeringFeedback.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SystemDiagnostic.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\VMM.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C402.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C403.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C407.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C412.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C413.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\LVPCheck.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\NetworkActivation.exe"="c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"=R2 TDSNetSetup;TDSNetSetup;c:\program files\Common Files\Teradyne\TDSNetSetup.exe [06/10/2010 17:22 17920].Contents of the 'Scheduled Tasks' folder2011-01-01 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 21:40]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.co.uk/.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-01-01 21:30Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(436)c:\windows\System32\BCMLogon.dllc:\program files\Intel\Wireless\Bin\LgNotify.dll- - - - - - - > 'explorer.exe'(3604)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dll.Completion time: 2011-01-01 21:33:48ComboFix-quarantined-files.txt 2011-01-01 21:33ComboFix2.txt 2010-12-31 18:26Post-Run: 11,734,663,168 bytes free- - End Of File - - EB489734AB4C143E2D0C84E7B7430FF2 Link to post Share on other sites More sharing options...
Elise Posted January 1, 2011 ID:368486 Share Posted January 1, 2011 Hi again,Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.Click OK to exit the Properties and OK to exit the other windows as well.Now, click Start > Run and type cmd in the runbox.A command window will open. Type ipconfig /flushdns and press enter.Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:@echo off(ipconfig /allnslookup google.comnslookup yahoo.comping -n 2 google.comping -n 2 yahoo.comroute print) >>Log1.txtstart notepad Log1.txtdel %0Go to the File menu at the top of the Notepad and select Save as.Select save in: desktopFill in File name: test.batSave as type: All file types (*.*)Click save.Close the Notepad.Locate and double-click tast.bat on the desktop.A notepad opens, copy and paste the content it (log1.txt) to your reply. Link to post Share on other sites More sharing options...
Solid Posted January 1, 2011 Author ID:368491 Share Posted January 1, 2011 Windows IP ConfigurationServer: UnKnownAddress: 127.0.0.1Server: UnKnownAddress: 127.0.0.1Ping request could not find host google.com. Please check the name and try again.Ping request could not find host yahoo.com. Please check the name and try again.===========================================================================Interface List0x1 ........................... MS TCP Loopback interface======================================================================================================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1===========================================================================Persistent Routes: None Link to post Share on other sites More sharing options...
Solid Posted January 1, 2011 Author ID:368500 Share Posted January 1, 2011 Just looking through things with my none technical mind but i found a link with a deletion from combofix first logc:\windows\system32\drivers\passthru.sysand this img Link to post Share on other sites More sharing options...
Elise Posted January 2, 2011 ID:368650 Share Posted January 2, 2011 Good catch! You might be right on the spot there. Navigate to c:\qoobox\quarantine\c\windows\system32\drivers and rename the file back to passthru.sys (replace the .vir extension with .sys). Now copy it back to the c:\windows\system32\drivers folder and reboot your computer. See if it works now. Link to post Share on other sites More sharing options...
Solid Posted January 2, 2011 Author ID:368674 Share Posted January 2, 2011 That didn't work. What about this? C:\Qoobox\Quarantine\Registry_backups\Service_Passthru.reg.dat Link to post Share on other sites More sharing options...
Elise Posted January 2, 2011 ID:368676 Share Posted January 2, 2011 Please open that file with Notepad and post me its contents. I think we can just import it in the registry, but I want to be sure first. Link to post Share on other sites More sharing options...
Solid Posted January 2, 2011 Author ID:368679 Share Posted January 2, 2011 Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru]"Type"=dword:00000001"Start"=dword:00000003"ErrorControl"=dword:00000001"Tag"=dword:00000008"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,70,00,61,00,73,00,73,00,74,00,68,\ 00,72,00,75,00,2e,00,73,00,79,00,73,00,00,00"DisplayName"="Passthru Service""Group"="PNP_TDI"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters][HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters][HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters\NdisWanIp]"UpperBindings"="\\Device\\{73A11CDB-E394-4B80-BB11-D3202F9D28B0}"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters\{4E238EDE-5B2C-4BD8-92D7-9843C2C97DE8}]"UpperBindings"="\\Device\\{C00FAEB6-E6F9-4D5A-ADDF-6B8B855F242B}"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters\{9FD6FB9D-838D-48DB-887F-00D758A810D7}]"UpperBindings"="\\Device\\{9AADD4DB-B12B-4677-8180-85D337DC328D}"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters\{DB9733AD-83BE-46B1-B18A-8284D1D12173}]"UpperBindings"="\\Device\\{43FA8BB1-FCC1-43FF-942C-CDA481A6BAC4}"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Security]"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Enum]"0"="Root\\MS_PASSTHRUMP\\0000""Count"=dword:00000003"NextInstance"=dword:00000003"1"="Root\\MS_PASSTHRUMP\\0001""2"="Root\\MS_PASSTHRUMP\\0002" Link to post Share on other sites More sharing options...
Elise Posted January 2, 2011 ID:368688 Share Posted January 2, 2011 Please ensure that passthru.sys is in the Drivers folder and then rename C:\Qoobox\Quarantine\Registry_backups\Service_Passthru.reg.dat to Service_Passthru.reg (delete the .dat extension).Next, back up your registry with ERUNT.Please use the following link and scroll down to ERUNT and download it.http://aumha.org/freeware/freeware.phpFor version with the Installer:Use the setup program to install ERUNT on your computerFor the zipped version:Unzip all the files into a folder of your choice.Click Erunt.exe to backup your registry to the folder of your choice.Note: to restore your registry, go to the folder and start ERDNT.exeAfter the backup is made, doubleclick on Service_Passthru.reg and when asked if you are sure you want to merge the information with the registry, click Yes/OK. You will receive a confirmation pop up when done.Reboot your computer and let me know how things are. Link to post Share on other sites More sharing options...
Solid Posted January 2, 2011 Author ID:368693 Share Posted January 2, 2011 The file C:\Qoobox\Quarantine\Registry_backups\Service_Passthru.reg had no .dat on the end but file type is still a .dat file so double clicking it doesn't work.Also in the C:\Qoobox\Quarantine\Registry_backups folder is a AddRemove-ProInst.reg file also a DAT file and tcpip Registration Entries file.Maybe a system restore to before the combo-fix and then start again??? Link to post Share on other sites More sharing options...
Solid Posted January 2, 2011 Author ID:368724 Share Posted January 2, 2011 I know i'm not meant to install anything without your instructions but i re installed the intel proset wireless driver and now i can connect to the internet again.. Link to post Share on other sites More sharing options...
Elise Posted January 2, 2011 ID:368753 Share Posted January 2, 2011 That works as well. I'll report this also to Combofix's developer, because it definitely is not okay that this is deleted. How are things running at this point? Please launch MBAM, update it and run a full scan. Post me the resulting log. Link to post Share on other sites More sharing options...
Elise Posted January 2, 2011 ID:368756 Share Posted January 2, 2011 See also my previous post:Please visit this site and upload c:\qoobox\quarantine\c\windows\system32\drivers\passthru.sys.vir (most likely you will not see the .vir extension).This way the developer can have a look to see if the file was a false positive or not (there is also malware using this filename in the same location).Please let me know once you have uploaded the file. Link to post Share on other sites More sharing options...
Solid Posted January 2, 2011 Author ID:368759 Share Posted January 2, 2011 Well i don't have the Driver so i downloaded it from here --> Proset wireless linkDuring the install there is a warning saying ''passthru miniport'' does not pass windows verification. I ran this driver years ago when first installed it but the virus is only a recent thing so i can't see it being related. I think this is why combo-fix picked it up. Here is latest MBAM log and 2 infections were found..Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5443Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870202/01/2011 14:56:57mbam-log-2011-01-02 (14-56-57).txtScan type: Quick scanObjects scanned: 199100Time elapsed: 5 minute(s), 6 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\METROWERKS (Malware.Trace) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Metrowerks\domain_url (Malware.Trace) -> Value: domain_url -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Recommended Posts