Jump to content

feface

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Oops. Sorry about that. Ok, here it is. Farbar Service Scanner Ran by Xi (administrator) on 01-01-2012 at 08:59:25 Microsoft Windows XP Home Edition Service Pack 3 (X86) **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Bridge(10) BridgeMP(9) DNE(8) Gpc(6) IPSec(4) NetBT(6) PSched(7) Tcpip(3) 0x0B0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B000000 **** End of log ****
  2. That seemed to do the trick. The internet is now functional. However, I had to get windows to set up the wireless connection itself instead of using the Dell wireless utility. I suppose I could try reinstalling the utility/driver to get that program to working properly again. Or is it better just to use windows to manage the wireless connections? Here is the latest FSS report (before I reconfigured the wireless connection). Thanks for all your help. Is there anything else that needs to be done?
  3. Computer still cannot connect to internet. There was an error during the running of combofix. Something about an instruction at some address trying to reference memory at some address. The dialog box disappeared before I responded. I ran across this thread while googling. http://www.bleepingcomputer.com/forums/topic84764.html Any idea whether that might help or are the current problems different or more extensive than that? Thanks again for your help.
  4. Here is the latest combofix report. Should I download a newer version of combofix? Or does that not matter? I am also attaching the latest FSS report. ComboFix 11-12-23.01 - Xi 2011-12-29 18:31:41.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.86.1033.18.1022.461 [GMT 8:00] Running from: c:\documents and settings\Xi\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Xi\Desktop\CFScript.txt . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\ServicePackFiles\i386\ipsec.sys --> c:\windows\system32\Drivers\ipsec.sys . ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 ))))))))))))))))))))))))))))))) . . 2011-12-28 07:29 . 2011-12-28 07:30 -------- d-----w- c:\program files\ERUNT 2011-12-28 00:50 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-12-28 00:50 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys 2011-12-24 05:34 . 2011-12-24 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-12-21 08:46 . 2011-12-25 21:56 -------- d-sh--w- c:\documents and settings\Xi\Local Settings\Application Data\970a0b06 2011-12-20 19:29 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D79E01B1-8016-41E4-BC1F-5A0AEBD7E7B3}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-26 12:03 . 2006-09-22 04:56 1200128 ----a-w- c:\windows\system32\BCMWLTRY.EXE 2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 10:47 . 2009-07-28 09:28 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-11-04 19:20 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2004-08-10 17:51 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2004-08-10 17:51 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 06:29 . 2011-10-24 06:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 06:29 . 2011-10-24 06:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 11:13 . 2004-08-10 17:51 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll 2010-12-13 14:20 . 2007-08-14 22:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-25_22.03.25 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-29 10:39 . 2011-12-29 10:39 16384 c:\windows\temp\Perflib_Perfdata_3ec.dat + 2011-12-29 10:39 . 2011-12-29 10:39 16384 c:\windows\temp\Perflib_Perfdata_1b4.dat + 2011-12-28 07:30 . 2011-12-28 07:30 8192 c:\windows\ERDNT\2011-12-28\Users\00000004\UsrClass.dat + 2011-12-28 07:30 . 2011-12-28 07:30 8192 c:\windows\ERDNT\2011-12-28\Users\00000002\UsrClass.dat + 2011-12-28 07:30 . 2011-12-28 07:30 229376 c:\windows\ERDNT\2011-12-28\Users\00000006\UsrClass.dat + 2011-12-28 07:30 . 2011-12-28 07:30 237568 c:\windows\ERDNT\2011-12-28\Users\00000003\NTUSER.DAT + 2011-12-28 07:30 . 2011-12-28 07:30 307200 c:\windows\ERDNT\2011-12-28\Users\00000001\NTUSER.DAT + 2011-12-28 07:30 . 2005-10-20 04:02 163328 c:\windows\ERDNT\2011-12-28\ERDNT.EXE + 2011-12-28 07:30 . 2011-12-28 07:30 8192000 c:\windows\ERDNT\2011-12-28\Users\00000005\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-13 30192] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-09-10 177448] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-06-29 520192] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-12 127036] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584] . c:\documents and settings\Xi\Start Menu\Programs\Startup\ _uninst_97039442.lnk - c:\documents and settings\Xi\Local Settings\temp\_uninst_97039442.bat [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-22 24576] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PPTV.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PPTV.lnk backup=c:\windows\pss\PPTV.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "HssTrayService"=3 (0x3) "HotspotShieldService"=2 (0x2) "ccosm"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dmremote.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"= "c:\\Documents and Settings\\Xi\\My Documents\\Downloads\\sdasetup_revwire207.exe"= "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"= "c:\\Documents and Settings\\Xi\\Desktop\\TDSSKiller.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP port 135 "50000:UDP"= 50000:UDP:sina_live "50001:UDP"= 50001:UDP:sina_live "6001:TCP"= 6001:TCP:sina_live "6002:TCP"= 6002:TCP:sina_live . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-7-26 16:49 28544] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-9-10 15:03 156968] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 13:16 130384] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-9-22 13:38 30192] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 21:37 4640000] S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [2004-7-14 0:40 48512] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 13:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] sina_live_deamon REG_MULTI_SZ sina_live_deamon . Contents of the 'Scheduled Tasks' folder . 2011-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57] . 2011-12-28 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 11:20] . 2011-04-15 c:\windows\Tasks\switchShakeIcon.job - c:\program files\NCH Swift Sound\Switch\switch.exe [2011-04-12 10:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.uusee.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online TCP: DhcpNameServer = 192.168.0.1 Handler: qyl - {C79BF22F-25C4-4D3D-8183-14149EAB9C0C} - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll FF - ProfilePath - c:\documents and settings\Xi\Application Data\Mozilla\Firefox\Profiles\ws0i8kfl.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: CCTV player plugin for Firefox: cctvplayer-plugin@www.cctv.com - %profile%\extensions\cctvplayer-plugin@www.cctv.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-29 18:40 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Excel\Settings\Sb*_\File Name MRU] "Value"=multi:"\00\00" "Maximum Entries"=dword:0000000a . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Excel\Settings\Sb*_\View] "Data"=hex:03,00,00,00,14,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00, 00,00,03,00,00,00,28,00,00,00,14,00,00,00,14,00,00,00,14,00,00,00,0b,00,00,\ . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft PowerPoint\Settings\Sb*_\File Name MRU] "Value"=multi:"\00\00" "Maximum Entries"=dword:0000000a . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft PowerPoint\Settings\Sb*_\View] "Data"=hex:03,00,00,00,14,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00, 00,00,00,00,00,00,28,00,00,00,14,00,00,00,14,00,00,00,14,00,00,00,0b,00,00,\ . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Sb*_\File Name MRU] "Value"=multi:"yuhui question\00\00" "Maximum Entries"=dword:0000000a . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Sb*_\View] "Data"=hex:03,00,00,00,14,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00, 00,00,03,00,00,00,28,00,00,00,14,00,00,00,14,00,00,00,14,00,00,00,0b,00,00,\ . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Office\Settings\Sb*_ *O*f*f*i*c*e* *‡ech\File Name MRU] "Value"=multi:"\00\00" "Maximum Entries"=dword:0000000a . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Office\Settings\Sb*_ *O*f*f*i*c*e* *‡ech\View] "Data"=hex:03,00,00,00,14,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00, 00,00,03,00,00,00,28,00,00,00,14,00,00,00,14,00,00,00,14,00,00,00,0b,00,00,\ . [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(472) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . - - - - - - - > 'explorer.exe'(3472) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\system32\Ati2evxx.exe c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\windows\stsystra.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-12-29 18:43:16 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-29 10:43 ComboFix2.txt 2011-12-29 00:57 . Pre-Run: 9,976,901,632 bytes free Post-Run: 10,111,356,928 bytes free . - - End Of File - - 25893B19EE424972056B9550ADD143F7 FSS.txt Farbar Service Scanner Ran by Xi (administrator) on 29-12-2011 at 18:45:49 Microsoft Windows XP Home Edition Service Pack 3 (X86) **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Tcpip Service is not running. Checking service configuration: The start type of Tcpip service is OK. The ImagePath of Tcpip service is OK. Connection Status: ============== Localhost is blocked. There is no connection to network. Attempt to access Google IP returned error: Other errors Attempt to access Yahoo IP returend error: Other errors Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Bridge(10) BridgeMP(9) DNE(8) Gpc(6) IPSec(5) NetBT(6) PSched(7) Tcpip(3) 0x0B0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B000000 **** End of log ****
  5. ComboFix 11-12-23.01 - Xi 2011-12-29 8:50.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.86.1033.18.1022.539 [GMT 8:00] Running from: c:\documents and settings\Xi\Desktop\ComboFix.exe . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 ))))))))))))))))))))))))))))))) . . 2011-12-28 07:29 . 2011-12-28 07:30 -------- d-----w- c:\program files\ERUNT 2011-12-28 00:50 . 2004-08-04 10:00 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-12-28 00:50 . 2004-08-04 10:00 74752 ----a-w- c:\windows\system32\dllcache\ipsec.sys 2011-12-24 05:34 . 2011-12-24 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-12-21 08:46 . 2011-12-25 21:56 -------- d-sh--w- c:\documents and settings\Xi\Local Settings\Application Data\970a0b06 2011-12-20 19:29 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D79E01B1-8016-41E4-BC1F-5A0AEBD7E7B3}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-26 12:03 . 2006-09-22 04:56 1200128 ----a-w- c:\windows\system32\BCMWLTRY.EXE 2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 10:47 . 2009-07-28 09:28 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-11-04 19:20 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2004-08-10 17:51 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2004-08-10 17:51 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 06:29 . 2011-10-24 06:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 06:29 . 2011-10-24 06:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 11:13 . 2004-08-10 17:51 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll 2010-12-13 14:20 . 2007-08-14 22:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-13 30192] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-09-10 177448] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-06-29 520192] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-12 127036] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584] . c:\documents and settings\Xi\Start Menu\Programs\Startup\ _uninst_97039442.lnk - c:\documents and settings\Xi\Local Settings\temp\_uninst_97039442.bat [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-22 24576] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PPTV.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PPTV.lnk backup=c:\windows\pss\PPTV.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "HssTrayService"=3 (0x3) "HotspotShieldService"=2 (0x2) "ccosm"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dmremote.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"= "c:\\Documents and Settings\\Xi\\My Documents\\Downloads\\sdasetup_revwire207.exe"= "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"= "c:\\Documents and Settings\\Xi\\Desktop\\TDSSKiller.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP port 135 "50000:UDP"= 50000:UDP:sina_live "50001:UDP"= 50001:UDP:sina_live "6001:TCP"= 6001:TCP:sina_live "6002:TCP"= 6002:TCP:sina_live . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-7-26 16:49 28544] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-9-10 15:03 156968] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 13:16 130384] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-9-22 13:38 30192] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 21:37 4640000] S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [2004-7-14 0:40 48512] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 13:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] sina_live_deamon REG_MULTI_SZ sina_live_deamon . Contents of the 'Scheduled Tasks' folder . 2011-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57] . 2011-12-28 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 11:20] . 2011-04-15 c:\windows\Tasks\switchShakeIcon.job - c:\program files\NCH Swift Sound\Switch\switch.exe [2011-04-12 10:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.uusee.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online TCP: DhcpNameServer = 192.168.0.1 Handler: qyl - {C79BF22F-25C4-4D3D-8183-14149EAB9C0C} - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll FF - ProfilePath - c:\documents and settings\Xi\Application Data\Mozilla\Firefox\Profiles\ws0i8kfl.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: CCTV player plugin for Firefox: cctvplayer-plugin@www.cctv.com - %profile%\extensions\cctvplayer-plugin@www.cctv.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-29 08:53 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Excel\Settings\Sb*_\File Name MRU] "Value"=multi:"\00\00" "Maximum Entries"=dword:0000000a . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Excel\Settings\Sb*_\View] "Data"=hex:03,00,00,00,14,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00, 00,00,03,00,00,00,28,00,00,00,14,00,00,00,14,00,00,00,14,00,00,00,0b,00,00,\ . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft PowerPoint\Settings\Sb*_\File Name MRU] "Value"=multi:"\00\00" "Maximum Entries"=dword:0000000a . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft PowerPoint\Settings\Sb*_\View] "Data"=hex:03,00,00,00,14,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00, 00,00,00,00,00,00,28,00,00,00,14,00,00,00,14,00,00,00,14,00,00,00,0b,00,00,\ . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Sb*_\File Name MRU] "Value"=multi:"yuhui question\00\00" "Maximum Entries"=dword:0000000a . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Sb*_\View] "Data"=hex:03,00,00,00,14,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00, 00,00,03,00,00,00,28,00,00,00,14,00,00,00,14,00,00,00,14,00,00,00,0b,00,00,\ . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Office\Settings\Sb*_ *O*f*f*i*c*e* *‡ech\File Name MRU] "Value"=multi:"\00\00" "Maximum Entries"=dword:0000000a . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Office\Settings\Sb*_ *O*f*f*i*c*e* *‡ech\View] "Data"=hex:03,00,00,00,14,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00, 00,00,03,00,00,00,28,00,00,00,14,00,00,00,14,00,00,00,14,00,00,00,0b,00,00,\ . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F55F7CF-07D1-74FC-7265-F5A496D1F84C}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(468) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . - - - - - - - > 'explorer.exe'(748) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-12-29 08:57:34 ComboFix-quarantined-files.txt 2011-12-29 00:57 . Pre-Run: 9,980,055,552 bytes free Post-Run: 9,959,022,592 bytes free . - - End Of File - - A56918A2A9673BB6CF278E84BD7A9359
  6. I forgot to report that the internet is not working. I am unable to connect to the router (either by ethernet or wireless). The dell wireless utility is still able to see all the available routers. Thanks.
  7. Ok. I am unable to run the ipconfig /flushdns command. It says "internal error occurred - request not supported" etc. Here are the logs. Resetlog.txt reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation old REG_MULTI_SZ = SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1}\NetbiosOptions added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}\NetbiosOptions reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}\NameServerList old REG_MULTI_SZ = <empty> added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}\NetbiosOptions added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562}\NetbiosOptions reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{B94BF970-0099-4B6A-A716-40E00CEABBB3}\NameServerList old REG_MULTI_SZ = <empty> added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{B94BF970-0099-4B6A-A716-40E00CEABBB3}\NetbiosOptions added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{E7407984-AD39-44AE-8629-28FFDACC4467}\NetbiosOptions deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20E2945E-B3DD-4C4E-9F6F-B61DA69BD578}\AddressType added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20E2945E-B3DD-4C4E-9F6F-B61DA69BD578}\DisableDynamicUpdate reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20E2945E-B3DD-4C4E-9F6F-B61DA69BD578}\RawIpAllowedProtocols old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20E2945E-B3DD-4C4E-9F6F-B61DA69BD578}\TcpAllowedPorts old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20E2945E-B3DD-4C4E-9F6F-B61DA69BD578}\UdpAllowedPorts old REG_MULTI_SZ = 0 added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32A57070-BA94-4043-9C0B-8AFE1B62B2A2}\DisableDynamicUpdate deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32A57070-BA94-4043-9C0B-8AFE1B62B2A2}\IpAutoconfigurationAddress deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32A57070-BA94-4043-9C0B-8AFE1B62B2A2}\IpAutoconfigurationMask deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32A57070-BA94-4043-9C0B-8AFE1B62B2A2}\IpAutoconfigurationSeed reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32A57070-BA94-4043-9C0B-8AFE1B62B2A2}\RawIpAllowedProtocols old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32A57070-BA94-4043-9C0B-8AFE1B62B2A2}\TcpAllowedPorts old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32A57070-BA94-4043-9C0B-8AFE1B62B2A2}\UdpAllowedPorts old REG_MULTI_SZ = 0 deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{531D3D38-B38F-4A40-9052-52EFBA55506B}\NameServer added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{75A8E330-CDDD-4BA7-BD4D-287E589C23E2}\DisableDynamicUpdate deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{75A8E330-CDDD-4BA7-BD4D-287E589C23E2}\IpAutoconfigurationAddress deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{75A8E330-CDDD-4BA7-BD4D-287E589C23E2}\IpAutoconfigurationMask deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{75A8E330-CDDD-4BA7-BD4D-287E589C23E2}\IpAutoconfigurationSeed deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{75A8E330-CDDD-4BA7-BD4D-287E589C23E2}\Mtu reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{75A8E330-CDDD-4BA7-BD4D-287E589C23E2}\RawIpAllowedProtocols old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{75A8E330-CDDD-4BA7-BD4D-287E589C23E2}\TcpAllowedPorts old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{75A8E330-CDDD-4BA7-BD4D-287E589C23E2}\UdpAllowedPorts old REG_MULTI_SZ = 0 added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89E593AE-6EFD-49D3-9EE7-F427E568CDF4}\DisableDynamicUpdate reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89E593AE-6EFD-49D3-9EE7-F427E568CDF4}\EnableDhcp old REG_DWORD = 0 deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89E593AE-6EFD-49D3-9EE7-F427E568CDF4}\IpAutoconfigurationAddress deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89E593AE-6EFD-49D3-9EE7-F427E568CDF4}\IpAutoconfigurationMask deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89E593AE-6EFD-49D3-9EE7-F427E568CDF4}\IpAutoconfigurationSeed deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89E593AE-6EFD-49D3-9EE7-F427E568CDF4}\Mtu reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89E593AE-6EFD-49D3-9EE7-F427E568CDF4}\RawIpAllowedProtocols old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89E593AE-6EFD-49D3-9EE7-F427E568CDF4}\TcpAllowedPorts old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89E593AE-6EFD-49D3-9EE7-F427E568CDF4}\UdpAllowedPorts old REG_MULTI_SZ = 0 added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A2BACFE3-3BFD-4906-B156-2982560D883C}\AddressType added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A2BACFE3-3BFD-4906-B156-2982560D883C}\DisableDynamicUpdate deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A2BACFE3-3BFD-4906-B156-2982560D883C}\Mtu reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A2BACFE3-3BFD-4906-B156-2982560D883C}\RawIpAllowedProtocols old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A2BACFE3-3BFD-4906-B156-2982560D883C}\TcpAllowedPorts old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A2BACFE3-3BFD-4906-B156-2982560D883C}\UdpAllowedPorts old REG_MULTI_SZ = 0 deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B94BF970-0099-4B6A-A716-40E00CEABBB3}\NameServer deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableTaskOffload deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution reset Linkage\Bind for ms_netbt. bad value was: REG_MULTI_SZ = \Device\Tcpip_{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7} \Device\Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1} \Device\Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562} reset Linkage\Route for ms_netbt. bad value was: REG_MULTI_SZ = "Tcpip" "{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7}" "Tcpip" "NdisWanIp" reset Linkage\Export for ms_netbt. bad value was: REG_MULTI_SZ = \Device\NetBT_Tcpip_{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7} \Device\NetBT_Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1} \Device\NetBT_Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562} reset Linkage\UpperBind for PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0. bad value was: REG_MULTI_SZ = DNE reset Linkage\UpperBind for ROOT\NET\0001. bad value was: REG_MULTI_SZ = DNE reset Linkage\UpperBind for ROOT\NET\0000. bad value was: REG_MULTI_SZ = DNE reset Linkage\UpperBind for PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0. bad value was: REG_MULTI_SZ = DNE reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was: REG_MULTI_SZ = DNE <completed> Result.txt MiniToolBox by Farbar Ran by Xi (administrator) on 29-12-2011 at 07:02:34 Microsoft Windows XP Home Edition Service Pack 3 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration An internal error occurred: The request is not supported. Please contact Microsoft Product Support Services for further help. Additional information: Unable to query host name. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ 1394 Net Adapter = 1394 Connection (Disconnected) Cisco Systems VPN Adapter = Local Area Connection 2 (Disconnected) Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected) Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection 2 (Media disconnected) # ---------------------------------- # Interface IP Configuration # ---------------------------------- pushd interface ip popd # End of interface IP configuration Windows IP Configuration An internal error occurred: The request is not supported. Please contact Microsoft Product Support Services for further help. Additional information: Unable to query host name. Server: UnKnown Address: 127.0.0.1 Ping request could not find host google.com. Please check the name and try again. Server: UnKnown Address: 127.0.0.1 Ping request could not find host yahoo.com. Please check the name and try again. Server: UnKnown Address: 127.0.0.1 Ping request could not find host bleepingcomputer.com. Please check the name and try again. Unable to contact IP driver, error code 2, ========================= Event log errors: =============================== Application errors: ================== Error: (12/29/2011 06:51:58 AM) (Source: JavaQuickStarterService) (User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/28/2011 03:38:27 PM) (Source: JavaQuickStarterService) (User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/28/2011 09:08:29 AM) (Source: JavaQuickStarterService) (User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/26/2011 08:14:27 PM) (Source: JavaQuickStarterService) (User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/26/2011 07:49:28 AM) (Source: JavaQuickStarterService) (User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/26/2011 07:42:47 AM) (Source: JavaQuickStarterService) (User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/26/2011 07:33:33 AM) (Source: JavaQuickStarterService) (User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/26/2011 07:28:15 AM) (Source: Application Error) (User: ) Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x06381e77. Processing media-specific event for [explorer.exe!ws!] Error: (12/26/2011 06:44:26 AM) (Source: JavaQuickStarterService) (User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/26/2011 06:28:47 AM) (Source: JavaQuickStarterService) (User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) System errors: ============= Error: (12/29/2011 07:02:54 AM) (Source: Service Control Manager) (User: ) Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%2 Error: (12/29/2011 07:02:54 AM) (Source: Service Control Manager) (User: ) Description: The TCP/IP Protocol Driver service failed to start due to the following error: %%2 Error: (12/29/2011 07:02:52 AM) (Source: Service Control Manager) (User: ) Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%2 Error: (12/29/2011 07:02:52 AM) (Source: Service Control Manager) (User: ) Description: The TCP/IP Protocol Driver service failed to start due to the following error: %%2 Error: (12/29/2011 07:02:51 AM) (Source: Service Control Manager) (User: ) Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%2 Error: (12/29/2011 07:02:51 AM) (Source: Service Control Manager) (User: ) Description: The TCP/IP Protocol Driver service failed to start due to the following error: %%2 Error: (12/29/2011 07:02:50 AM) (Source: Service Control Manager) (User: ) Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%2 Error: (12/29/2011 07:02:50 AM) (Source: Service Control Manager) (User: ) Description: The TCP/IP Protocol Driver service failed to start due to the following error: %%2 Error: (12/29/2011 07:02:49 AM) (Source: Service Control Manager) (User: ) Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%2 Error: (12/29/2011 07:02:49 AM) (Source: Service Control Manager) (User: ) Description: The TCP/IP Protocol Driver service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (12/29/2011 06:51:58 AM) (Source: JavaQuickStarterService)(User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/28/2011 03:38:27 PM) (Source: JavaQuickStarterService)(User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/28/2011 09:08:29 AM) (Source: JavaQuickStarterService)(User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/26/2011 08:14:27 PM) (Source: JavaQuickStarterService)(User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/26/2011 07:49:28 AM) (Source: JavaQuickStarterService)(User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/26/2011 07:42:47 AM) (Source: JavaQuickStarterService)(User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/26/2011 07:33:33 AM) (Source: JavaQuickStarterService)(User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/26/2011 07:28:15 AM) (Source: Application Error)(User: ) Description: explorer.exe6.0.2900.5512unknown0.0.0.006381e77 Error: (12/26/2011 06:44:26 AM) (Source: JavaQuickStarterService)(User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) Error: (12/26/2011 06:28:47 AM) (Source: JavaQuickStarterService)(User: ) Description: Unable to create JQS API server: bind() failed (Socket error 10050) =========================== Installed Programs ============================ ¿ì³µ(FlashGet) 1.8.2.1003 (Version: 1.8.2.1003) °®ÆÕÉú´òÓ¡»úÈí¼þ 7-Zip 4.65 Acoustica Premium Edition 4.1 (Version: 4.1) Adobe Flash Player 10 ActiveX (Version: 10.0.42.34) Adobe Flash Player 10 Plugin (Version: 10.3.183.10) Adobe Help Center 2.1 (Version: 2.1) Adobe Photoshop Elements 5.0 (Version: 5.0) Adobe Photoshop Elements 5.0.2 Patcher (Version: 5.0.2) Adobe Reader X (10.1.0) (Version: 10.1.0) Adobe Shockwave Player 11.5 (Version: 11.5.2.602) Amazon MP3 Downloader 1.0.12 (Version: 1.0.12) AoA DVD Ripper AOLIcon (Version: 1.00.0000) Apple Application Support (Version: 2.1.5) Apple Mobile Device Support (Version: 4.0.0.96) Apple Software Update (Version: 2.1.3.127) ATI - Software Uninstall Utility (Version: 6.14.10.1018) ATI Catalyst Control Center (Version: 1.2.2334.37172) ATI Display Driver (Version: 8.261-060523a1-033841C-Dell) Bonjour (Version: 3.0.0.10) Broadcom Management Programs (Version: 8.65.05) C-Media USB Mass Storage Driver Chinese Flashcards v2.1 Chinese Simplified Fonts Support For Adobe Reader X (Version: 10.0.0) Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001) Conexant HDA D110 MDC V.92 Modem Dell Digital Jukebox Driver Dell Media Experience Dell Support 3.2 (Version: 5.5.2038) Dell System Restore (Version: 2.00.0000) Dell Wireless WLAN Card (Version: 4.10.47.3) Digital Content Portal (Version: 1.00.0000) Digital Line Detect (Version: 1.15) DVD Decrypter (Remove Only) ERUNT 1.1j Express Burn Free DVD MP3 Ripper 1.12 Google Desktop (Version: 5.9.1005.12335) Google Toolbar for Internet Explorer GPL Ghostscript 8.60 GPL Ghostscript Fonts GSview 4.9 High Definition Audio Driver Package - KB835221 (Version: 20040219.000000) ImgBurn (Version: 2.4.1.0) iTunes (Version: 10.5.0.142) J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60) Java Auto Updater (Version: 2.0.2.1) Java 6 Update 2 (Version: 1.6.0.20) Java 6 Update 20 (Version: 6.0.200) Java 6 Update 3 (Version: 1.6.0.30) Java 6 Update 7 (Version: 1.6.0.70) K-Lite Mega Codec Pack 5.1.0 (Version: 5.1.0) Learn2 Player (Uninstall Only) LG USB Modem driver LGMobileSync (Version: 1.0.0.0) LiveUpdate 2.6 (Symantec Corporation) (Version: 2.6.14.0) Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300) MCU (Version: 1.00.0000) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile ??????? (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile CHS Language Pack (Version: 4.0.30319) Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium (Version: 9.00.3007) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0) Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514) Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463) Microsoft Silverlight (Version: 4.0.60831.0) Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (Version: 8.00.2039) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Works 2000 (Version: 1.0.0.0000) Modem Helper (Version: 3.01) Mozilla Firefox (3.6.25) (Version: 3.6.25 (en-US)) Mozilla Thunderbird (3.1.10) (Version: 3.1.10 (en-US)) MSN MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Music Transfer (Version: 1.3.00.11130) Musicmatch for Windows Media Player (Version: 0.00.000) Musicmatch® Jukebox (Version: 10.10.0097) NetWaiting (Version: 2.5.23) OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140) Panda ActiveScan 2.0 (Version: 01.02.00.0009) PowerDVD 5.7 PowerISO Primo (Version: 1.00.0000) qnbj (Version: 1.0.0) QuickSet (Version: 7.1.10) QuickTime QuickTime (Version: 7.71.80.42) RealPlayer Runtime (Version: 1.00.0000) Samsung ML-1630 Series Seagate Manager Installer (Version: 2.02.0021) SearchAssist Skype™ 3.8 (Version: 3.8.42) Sonic DLA (Version: 5.2.1) Sonic MyDVD LE (Version: 6.1.1) Sonic RecordNow Audio (Version: 2.0.0) Sonic RecordNow Copy (Version: 2.0.0) Sonic RecordNow Data (Version: 2.0.0) Sonic Update Manager (Version: 3.0.0) SonicStage 4.3 (Version: 4.3) Sony Picture Utility (Version: 4.2.00.11130) Switch Sound File Converter Synaptics Pointing Device Driver (Version: 8.2.4.6) TOEFL Sample Questions (Version: 4.00.0000) TOMÖ±²¥2.0 URL Assistant Viewpoint Media Player VLC media player 1.0.1 (Version: 1.0.1) VPN Client WAV to MP3 Encoder (Version: 1.0.0) WebFldrs XP (Version: 9.50.7523) Winamp (remove only) Windows Defender (Version: 1.1.1593.21) Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 (Version: 20061107.210142) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Media Format 11 runtime Windows Media Player 10 (Version: 9.00.3636) Windows Media Player 11 Windows XP Service Pack 3 (Version: 20080414.031525) WinRAR archiver Xvid 1.1.3 final uninstall (Version: 1.1) ========================= Memory info: =================================== Percentage of memory in use: 36% Total physical RAM: 1022.37 MB Available physical RAM: 649.4 MB Total Pagefile: 2460.27 MB Available Pagefile: 2214.72 MB Total Virtual: 2047.88 MB Available Virtual: 1951.18 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:80.66 GB) (Free:9.34 GB) NTFS 2 Drive d: (Backup) (Fixed) (Total:25.69 GB) (Free:14.02 GB) NTFS 5 Drive g: (LEXAR MEDIA) (Removable) (Total:0.12 GB) (Free:0.04 GB) FAT ========================= Users: ======================================== User accounts for \\XI Administrator Guest HelpAssistant Jason SUPPORT_388945a0 Xi ========================= Minidump Files ================================== C:\WINDOWS\Minidump\Mini052310-01.dmp C:\WINDOWS\Minidump\Mini061108-01.dmp C:\WINDOWS\Minidump\Mini090508-01.dmp C:\WINDOWS\Minidump\Mini100707-01.dmp **** End of log **** FSS.txt Farbar Service Scanner Ran by Xi (administrator) on 29-12-2011 at 07:04:20 Microsoft Windows XP Home Edition Service Pack 3 (X86) **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Tcpip Service is not running. Checking service configuration: The start type of Tcpip service is OK. The ImagePath of Tcpip service is OK. Connection Status: ============== Localhost is blocked. There is no connection to network. Attempt to access Google IP returned error: Other errors Attempt to access Yahoo IP returend error: Other errors Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys [2011-12-28 08:50] - [2004-08-04 18:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1 C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Bridge(10) BridgeMP(9) DNE(8) Gpc(6) IPSec(5) NetBT(6) PSched(7) Tcpip(3) 0x0B0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B000000 **** End of log ****
  8. Ok, the zip file contains 8 keys: afd, ipsec, netbt, wscsvc, legacy_afd, legacy_ipsec, legacy_netbt, and legacy_wscsvc. The non-legacy keys installed correctly. The legacy keys resulted in error messages. Here is the latest FSS log. Thanks. Farbar Service Scanner Ran by Xi (administrator) on 28-12-2011 at 16:00:36 Microsoft Windows XP Home Edition Service Pack 3 (X86) **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Tcpip Service is not running. Checking service configuration: The start type of Tcpip service is OK. The ImagePath of Tcpip service is OK. Connection Status: ============== Localhost is blocked. There is no connection to network. Attempt to access Google IP returned error: Other errors Attempt to access Yahoo IP returend error: Other errors Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys [2011-12-28 08:50] - [2004-08-04 18:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1 C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Bridge(10) BridgeMP(9) DNE(8) Gpc(6) IPSec(5) NetBT(6) PSched(7) Tcpip(3) 0x0B0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B000000 **** End of log ****
  9. Ok. Here is the FSS report. Farbar Service Scanner Ran by Xi (administrator) on 28-12-2011 at 11:21:21 Microsoft Windows XP Home Edition Service Pack 3 (X86) **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Tcpip Service is not running. Checking service configuration: The start type of Tcpip service is OK. The ImagePath of Tcpip service is OK. IpSec Service is not running. Checking service configuration: Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist. Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist. Connection Status: ============== Localhost is blocked. There is no connection to network. Attempt to access Google IP returned error: Other errors Attempt to access Yahoo IP returend error: Other errors Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys [2011-12-28 08:50] - [2004-08-04 18:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1 C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Bridge(10) BridgeMP(9) DNE(8) Gpc(6) NetBT(5) PSched(7) Tcpip(3) 0x0B0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B000000 **** End of log ****
  10. Thanks. Here is the Combofix log. No internet yet, but I have not tried to reconfigure things to see if that can fix the problem. ComboFix 11-12-23.01 - Xi 2011-12-28 8:50.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.86.1033.18.1022.566 [GMT 8:00] Running from: c:\documents and settings\Xi\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Xi\Desktop\CFSCript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\$NtServicePackUninstall$\ipsec.sys --> c:\windows\system32\Drivers\ipsec.sys . ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 ))))))))))))))))))))))))))))))) . . 2011-12-28 00:50 . 2004-08-04 10:00 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-12-28 00:50 . 2004-08-04 10:00 74752 ----a-w- c:\windows\system32\dllcache\ipsec.sys 2011-12-26 12:15 . 2011-12-26 15:42 -------- d-----w- c:\windows\LastGood.Tmp 2011-12-24 05:34 . 2011-12-24 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-12-21 08:46 . 2011-12-25 21:56 -------- d-sh--w- c:\documents and settings\Xi\Local Settings\Application Data\970a0b06 2011-12-20 19:29 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D79E01B1-8016-41E4-BC1F-5A0AEBD7E7B3}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-26 12:03 . 2006-09-22 04:56 1200128 ----a-w- c:\windows\system32\BCMWLTRY.EXE 2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 10:47 . 2009-07-28 09:28 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-11-04 19:20 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2004-08-10 17:51 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2004-08-10 17:51 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 06:29 . 2011-10-24 06:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 06:29 . 2011-10-24 06:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 11:13 . 2004-08-10 17:51 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll 2010-12-13 14:20 . 2007-08-14 22:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-25_22.03.25 ))))))))))))))))))))))))))))))))))))))))) . + 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\DRIVERS\93201950.sys + 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\DRIVERS\4780931drv.sys + 2011-12-28 01:08 . 2011-12-28 01:08 16384 c:\windows\temp\Perflib_Perfdata_4a0.dat + 2011-12-28 01:08 . 2011-12-28 01:08 16384 c:\windows\temp\Perflib_Perfdata_14c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-13 30192] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-09-10 177448] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-06-29 520192] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-12 127036] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584] . c:\documents and settings\Xi\Start Menu\Programs\Startup\ _uninst_97039442.lnk - c:\documents and settings\Xi\Local Settings\temp\_uninst_97039442.bat [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-22 24576] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PPTV.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PPTV.lnk backup=c:\windows\pss\PPTV.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "HssTrayService"=3 (0x3) "HotspotShieldService"=2 (0x2) "ccosm"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dmremote.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"= "c:\\Documents and Settings\\Xi\\My Documents\\Downloads\\sdasetup_revwire207.exe"= "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"= "c:\\Documents and Settings\\Xi\\Desktop\\TDSSKiller.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP port 135 "50000:UDP"= 50000:UDP:sina_live "50001:UDP"= 50001:UDP:sina_live "6001:TCP"= 6001:TCP:sina_live "6002:TCP"= 6002:TCP:sina_live . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-7-26 16:49 28544] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-9-10 15:03 156968] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 13:16 130384] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-9-22 13:38 30192] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 21:37 4640000] S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [2004-7-14 0:40 48512] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 13:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] sina_live_deamon REG_MULTI_SZ sina_live_deamon . Contents of the 'Scheduled Tasks' folder . 2011-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57] . 2011-12-27 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 11:20] . 2011-04-15 c:\windows\Tasks\switchShakeIcon.job - c:\program files\NCH Swift Sound\Switch\switch.exe [2011-04-12 10:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.uusee.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online TCP: DhcpNameServer = 192.168.0.1 Handler: qyl - {C79BF22F-25C4-4D3D-8183-14149EAB9C0C} - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll FF - ProfilePath - c:\documents and settings\Xi\Application Data\Mozilla\Firefox\Profiles\ws0i8kfl.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: CCTV player plugin for Firefox: cctvplayer-plugin@www.cctv.com - %profile%\extensions\cctvplayer-plugin@www.cctv.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-28 09:09 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Excel\Settings\Sb*_\File Name MRU] "Value"=multi:"\00\00" "Maximum Entries"=dword:0000000a . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Excel\Settings\Sb*_\View] "Data"=hex:03,00,00,00,14,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00, 00,00,03,00,00,00,28,00,00,00,14,00,00,00,14,00,00,00,14,00,00,00,0b,00,00,\ . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft PowerPoint\Settings\Sb*_\File Name MRU] "Value"=multi:"\00\00" "Maximum Entries"=dword:0000000a . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft PowerPoint\Settings\Sb*_\View] "Data"=hex:03,00,00,00,14,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00, 00,00,00,00,00,00,28,00,00,00,14,00,00,00,14,00,00,00,14,00,00,00,0b,00,00,\ . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Sb*_\File Name MRU] "Value"=multi:"yuhui question\00\00" "Maximum Entries"=dword:0000000a . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Sb*_\View] "Data"=hex:03,00,00,00,14,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00, 00,00,03,00,00,00,28,00,00,00,14,00,00,00,14,00,00,00,14,00,00,00,0b,00,00,\ . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Office\Settings\Sb*_ *O*f*f*i*c*e* *‡ech\File Name MRU] "Value"=multi:"\00\00" "Maximum Entries"=dword:0000000a . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Office\9.0\Common\Open Find\Office\Settings\Sb*_ *O*f*f*i*c*e* *‡ech\View] "Data"=hex:03,00,00,00,14,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00, 00,00,03,00,00,00,28,00,00,00,14,00,00,00,14,00,00,00,14,00,00,00,0b,00,00,\ . [HKEY_USERS\S-1-5-21-3689998133-615260391-1029485202-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F55F7CF-07D1-74FC-7265-F5A496D1F84C}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1084) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . - - - - - - - > 'explorer.exe'(3400) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\system32\Ati2evxx.exe c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\windows\stsystra.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-12-28 09:14:14 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-28 01:13 . Pre-Run: 9,963,315,200 bytes free Post-Run: 10,054,049,792 bytes free . - - End Of File - - 029B9C2834AB3375217C9E1B01CD1A17
  11. Here is the log from the systemlook program. Thanks again. SystemLook 30.07.11 by jpshortstuff Log created at 13:32 on 27/12/2011 by Xi Administrator - Elevation successful ========== filefind ========== Searching for "ipsec.sys" C:\i386\ipsec.sys --a---- 74752 bytes [14:28 13/10/2006] [10:00 04/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1 C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [10:09 05/08/2008] [10:00 04/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1 C:\WINDOWS\ServicePackFiles\i386\ipsec.sys ------- 75264 bytes [08:08 05/08/2008] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91 -= EOF =-
  12. Also, I read a webpage that said it may be possible to reformat without the CD?? Would this be at all effective? Webpage is at http://www.ehow.com/how_6939524_reformat-windows-xp-dell-cd.html
  13. Ok, not the news I wanted, but thank you very much for all your time and help. I would like to restore the internet connection before reformatting and reinstalling, as my operating system discs and other software are currently in a different country. Are there steps that I could take to achieve that?
  14. I ran the Kaspersky VRT. The format of the report does not list the detected items first. I will copy the lines that are not "ok" "archive" or "packed" below. Automatic Scan: completed 30 minutes ago (events: 436873, objects: 427799, time: 02:46:57) 2011-12-26 18:48:58 Detected: not-a-virus:NetTool.Win32.UltraSurf.gu C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\INBOX/[From Stephen Wang <sswang@gmail.com>][Date 27 Dec 2009 13:15:40][subj Re: web proxy]/u98/u98.exe Information 2011-12-26 19:17:05 Detected: Trojan-Spy.HTML.Fraud.gen C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\[Gmail].sbd\All Mail/[From "service@paypal.com" <service@paypal.com>][Date 26 Mar 2005 07:28:01][subj Unauthorized Account Access: (Routing code: W7S-LQ3-L-X3)]/html 2011-12-26 19:40:08 Detected: Trojan.Win32.Patched.mf C:\WINDOWS\system32\BCMWLTRY.EXE 2011-12-26 19:45:59 Detected: HEUR:Trojan.Win32.Generic C:\WINDOWS\system32\drivers\ipsec.sys 2011-12-26 20:02:45 Untreated: Trojan-Spy.HTML.Fraud.gen C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\[Gmail].sbd\All Mail/[From "service@paypal.com" <service@paypal.com>][Date 26 Mar 2005 07:28:01][subj Unauthorized Account Access: (Routing code: W7S-LQ3-L-X3)]/html Write not supported 2011-12-26 20:03:14 Deleted: Trojan-Spy.HTML.Fraud.gen C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\[Gmail].sbd\All Mail 2011-12-26 20:04:09 Deleted: HEUR:Trojan.Win32.Generic HKLM\System\ControlSet001\Services\IPSec\IPSec 2011-12-26 20:04:13 Deleted: HEUR:Trojan.Win32.Generic HKLM\System\ControlSet002\Services\IPSec\IPSec 2011-12-26 20:04:17 Deleted: HEUR:Trojan.Win32.Generic HKLM\System\ControlSet003\Services\IPSec\IPSec 2011-12-26 20:04:39 Task stopped 2011-12-26 20:17:54 Task started 2011-12-26 20:27:08 Detected: not-a-virus:NetTool.Win32.UltraSurf.gu C:\Documents and Settings\Xi\My Documents\Downloads\u96.zip/u96.exe Information 2011-12-26 20:27:08 Detected: not-a-virus:NetTool.Win32.UltraSurf.gu C:\Documents and Settings\Xi\My Documents\Downloads\u98.zip/u98.exe Information 2011-12-26 20:27:08 Detected: not-a-virus:NetTool.Win32.UltraSurf.gu C:\Documents and Settings\Xi\My Documents\Downloads\u96(2).zip.part/u96.exe Information 2011-12-26 21:25:02 Detected: not-a-virus:NetTool.Win32.UltraSurf.gu C:\Documents and Settings\Xi\My Documents\Downloads\u96.zip/u96.exe Information 2011-12-26 21:25:02 Detected: not-a-virus:NetTool.Win32.UltraSurf.gu C:\Documents and Settings\Xi\My Documents\Downloads\u98.zip/u98.exe Information 2011-12-26 21:25:02 Detected: not-a-virus:NetTool.Win32.UltraSurf.gu C:\Documents and Settings\Xi\My Documents\Downloads\u96(2).zip.part/u96.exe Information 2011-12-26 18:45:17 Detected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.exe.vir 2011-12-26 18:45:18 Backed up C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.exe.vir 2011-12-26 18:45:18 Cleared of viruses: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.exe.vir 2011-12-26 18:45:18 Disinfected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.exe.vir 2011-12-26 18:45:21 Detected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\WINDOWS\system32\WLTRYSVC.EXE.vir 2011-12-26 18:45:22 Backed up C:\Qoobox\Quarantine\C\WINDOWS\system32\WLTRYSVC.EXE.vir 2011-12-26 18:45:22 Cleared of viruses: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\WINDOWS\system32\WLTRYSVC.EXE.vir 2011-12-26 18:45:22 Disinfected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\WINDOWS\system32\WLTRYSVC.EXE.vir 2011-12-26 18:44:24 Detected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe.vir 2011-12-26 18:44:50 Backed up C:\Qoobox\Quarantine\C\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe.vir 2011-12-26 18:44:50 Cleared of viruses: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe.vir 2011-12-26 18:44:50 Disinfected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe.vir 2011-12-26 18:44:51 Detected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe.vir 2011-12-26 18:44:52 Backed up C:\Qoobox\Quarantine\C\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe.vir 2011-12-26 18:44:52 Cleared of viruses: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe.vir 2011-12-26 18:44:52 Disinfected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe.vir 2011-12-26 18:43:44 Backed up C:\Qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE.vir 2011-12-26 18:43:45 Cleared of viruses: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE.vir 2011-12-26 18:43:45 Disinfected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE.vir 2011-12-26 18:43:45 Detected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Dell\QuickSet\NICCONFIGSVC.exe.vir 2011-12-26 18:43:55 Backed up C:\Qoobox\Quarantine\C\Program Files\Dell\QuickSet\NICCONFIGSVC.exe.vir 2011-12-26 18:43:55 Cleared of viruses: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Dell\QuickSet\NICCONFIGSVC.exe.vir 2011-12-26 18:43:55 Disinfected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Dell\QuickSet\NICCONFIGSVC.exe.vir 2011-12-26 18:43:56 Detected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe.vir 2011-12-26 18:44:01 Backed up C:\Qoobox\Quarantine\C\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe.vir 2011-12-26 18:44:03 Cleared of viruses: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe.vir 2011-12-26 18:44:07 Disinfected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe.vir 2011-12-26 18:44:07 Archive: Embedded C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\INBOX/[From BEE-LAN WANG <beelanw@gmail.com>][Date 24 Sep 2010 14:02:49][subj Here we go again]/Sept 20.pdf 2011-12-26 18:44:08 Detected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\iPod\bin\iPodService.exe.vir 2011-12-26 18:44:20 Backed up C:\Qoobox\Quarantine\C\Program Files\iPod\bin\iPodService.exe.vir 2011-12-26 18:44:20 Cleared of viruses: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\iPod\bin\iPodService.exe.vir 2011-12-26 18:44:20 Disinfected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\iPod\bin\iPodService.exe.vir 2011-12-26 18:44:21 Detected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir 2011-12-26 18:44:22 Backed up C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir 2011-12-26 18:44:22 Cleared of viruses: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir 2011-12-26 18:44:22 Disinfected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir 2011-12-26 18:43:20 Backed up C:\Qoobox\Quarantine\C\Program Files\Cisco Systems\VPN Client\cvpnd.exe.vir 2011-12-26 18:43:20 Cleared of viruses: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Cisco Systems\VPN Client\cvpnd.exe.vir 2011-12-26 18:43:20 Disinfected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Cisco Systems\VPN Client\cvpnd.exe.vir 2011-12-26 18:43:21 Detected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir 2011-12-26 18:43:27 Backed up C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir 2011-12-26 18:43:27 Cleared of viruses: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir 2011-12-26 18:43:27 Disinfected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir 2011-12-26 18:43:28 Detected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE.vir 2011-12-26 18:42:59 Backed up C:\Qoobox\Quarantine\C\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe.vir 2011-12-26 18:43:01 Cleared of viruses: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe.vir 2011-12-26 18:43:05 Disinfected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe.vir 2011-12-26 18:43:07 Detected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Cisco Systems\VPN Client\cvpnd.exe.vir 2011-12-26 18:42:38 Backed up C:\Qoobox\Quarantine\C\Documents and Settings\Xi\Local Settings\Application Data\970a0b06\U\000000cf.@.vir 2011-12-26 18:42:38 Deleted: Trojan-Downloader.Win32.Agent.gyal C:\Qoobox\Quarantine\C\Documents and Settings\Xi\Local Settings\Application Data\970a0b06\U\000000cf.@.vir 2011-12-26 18:42:38 Detected: Rootkit.Win32.PMax.x C:\Qoobox\Quarantine\C\Documents and Settings\Xi\Local Settings\Application Data\970a0b06\U\800000c0.@.vir 2011-12-26 18:42:40 Backed up C:\Qoobox\Quarantine\C\Documents and Settings\Xi\Local Settings\Application Data\970a0b06\U\800000c0.@.vir 2011-12-26 18:42:40 Deleted: Rootkit.Win32.PMax.x C:\Qoobox\Quarantine\C\Documents and Settings\Xi\Local Settings\Application Data\970a0b06\U\800000c0.@.vir 2011-12-26 18:42:41 Detected: Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe.vir 2011-12-26 18:41:15 Untreated: Trojan-Spy.HTML.Citifraud.ak C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\INBOX/[From Smith Barney <identdep_op308848336767156@smithbarney.com>][Date 09 Oct 2004 14:37:41][subj Smith Barney - official information [sat, 09 Oct 2004 17:35:41]/html Write not supported 2011-12-26 18:40:35 Detected: not-a-virus:NetTool.Win32.UltraSurf.gu C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\[Gmail].sbd\All Mail/[From Stephen Wang <sswang@gmail.com>][Date 27 Dec 2009 13:15:40][subj Re: web proxy]/u98/u98.exe Information 2011-12-26 18:39:48 Backed up C:\Qoobox\Quarantine\C\Documents and Settings\Xi\Application Data\pdinstall.exe.vir 2011-12-26 18:39:48 Deleted: Packed.Win32.Krap.hc C:\Qoobox\Quarantine\C\Documents and Settings\Xi\Application Data\pdinstall.exe.vir 2011-12-26 18:39:48 Detected: Trojan-Spy.HTML.Citifraud.ak C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\INBOX/[From Smith Barney <identdep_op308848336767156@smithbarney.com>][Date 09 Oct 2004 14:37:41][subj Smith Barney - official information [sat, 09 Oct 2004 17:35:41]/html 2011-12-26 18:39:48 Detected: Trojan-Downloader.Win32.Agent.gyal C:\Qoobox\Quarantine\C\Documents and Settings\Xi\Local Settings\Application Data\970a0b06\U\000000cf.@.vir 2011-12-26 15:51:37 Detected: Packed.Win32.Krap.hc C:\Qoobox\Quarantine\C\Documents and Settings\Xi\Application Data\pdinstall.exe.vir 2011-12-26 18:38:28 Untreated: Trojan-Spy.HTML.Citifraud.ak C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\[Gmail].sbd\All Mail/[From Smith Barney <identdep_op308848336767156@smithbarney.com>][Date 09 Oct 2004 14:37:41][subj Smith Barney - official information [sat, 09 Oct 2004 17:35:41]/html Write not supported 2011-12-26 14:20:31 Detected: not-a-virus:NetTool.Win32.UltraSurf.gu C:\Documents and Settings\Xi\My Documents\Downloads\u96.zip/u96.exe Information 2011-12-26 14:20:31 Detected: not-a-virus:NetTool.Win32.UltraSurf.gu C:\Documents and Settings\Xi\My Documents\Downloads\u98.zip/u98.exe Information 2011-12-26 14:20:36 Detected: not-a-virus:NetTool.Win32.UltraSurf.gu C:\Documents and Settings\Xi\My Documents\Downloads\u96(2).zip.part/u96.exe Information 2011-12-26 14:06:57 Deleted: Trojan-Spy.HTML.Citifraud.ak C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\[Gmail].sbd\Trash 2011-12-26 14:06:52 Backed up C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\[Gmail].sbd\Trash 2011-12-26 14:06:52 Detected: Trojan-Spy.HTML.Citifraud.ak C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\[Gmail].sbd\All Mail/[From Smith Barney <identdep_op308848336767156@smithbarney.com>][Date 09 Oct 2004 14:37:41][subj Smith Barney - official information [sat, 09 Oct 2004 17:35:41]/html 2011-12-26 12:58:57 Detected: Trojan-Spy.HTML.Citifraud.ak C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\[Gmail].sbd\Trash/[From Smith Barney <identdep_op308848336767156@smithbarney.com>][Date 09 Oct 2004 14:37:41][subj Smith Barney - official information [sat, 09 Oct 2004 17:35:41]/html 2011-12-26 14:06:29 Backed up C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\[Gmail].sbd\All Mail 2011-12-26 12:47:48 Detected: Trojan-Spy.HTML.Fraud.gen C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\[Gmail].sbd\All Mail/[From "service@paypal.com" <service@paypal.com>][Date 26 Mar 2005 07:28:01][subj Unauthorized Account Access: (Routing code: W7S-LQ3-L-X3)]/html 2011-12-26 12:47:14 Detected: Trojan-Spy.HTML.Fraud.gen C:\Documents and Settings\Xi\Application Data\Thunderbird\Profiles\7qi442ff.default\ImapMail\imap.googlemail.com\INBOX/[From "service@paypal.com" <service@paypal.com>][Date 26 Mar 2005 07:28:01][subj Unauthorized Account Access: (Routing code: W7S-LQ3-L-X3)]/html 2011-12-26 12:44:46 Backed up C:\Documents and Settings\Xi\Application Data\Sun\Java\Deployment\cache\6.0\59\945efbb-27eec478 2011-12-26 12:44:46 Deleted: Trojan.Win32.Jorik.MokesLoader.fi C:\Documents and Settings\Xi\Application Data\Sun\Java\Deployment\cache\6.0\59\945efbb-27eec478 2011-12-26 12:41:59 Detected: Trojan.Win32.Jorik.MokesLoader.fi C:\Documents and Settings\Xi\Application Data\Sun\Java\Deployment\cache\6.0\59\945efbb-27eec478/PE-Crypt.XorPE 2011-12-26 12:41:18 Detected: Exploit.Java.Gimsh.b C:\Documents and Settings\Xi\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-7165e2cd/vmain.class 2011-12-26 12:41:19 Backed up C:\Documents and Settings\Xi\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-7165e2cd 2011-12-26 12:41:19 Deleted: Exploit.Java.Gimsh.b C:\Documents and Settings\Xi\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-7165e2cd/vmain.class 2011-12-26 12:28:15 Backed up C:\Documents and Settings\Xi\.housecall6.6\Quarantine\orz.exe.bac_a02236 2011-12-26 12:28:16 Deleted: Trojan-Downloader.Win32.Small.ybw C:\Documents and Settings\Xi\.housecall6.6\Quarantine\orz.exe.bac_a02236 2011-12-26 12:02:09 Corrupted C:\Documents and Settings\Xi\Application Data\Apple Computer\mario.exe/PE_Patch 2011-12-26 12:01:04 Detected: Trojan-Downloader.Win32.Small.ybw C:\Documents and Settings\Xi\.housecall6.6\Quarantine\orz.exe.bac_a02236/CryptFF.b 2011-12-26 11:47:07 Not processed C:\hiberfil.sys Object is locked 2011-12-26 11:47:08 Not processed C:\pagefile.sys Object is locked 2011-12-26 20:06:18 Disinfected: Trojan.Win32.Patched.mf C:\WINDOWS\system32\BCMWLTRY.EXE 2011-12-26 20:06:18 Cleared of viruses: Trojan.Win32.Patched.mf C:\WINDOWS\system32\BCMWLTRY.EXE 2011-12-26 20:06:01 Backed up C:\WINDOWS\system32\BCMWLTRY.EXE 2011-12-26 20:06:01 Detected: Trojan.Win32.Patched.mf C:\WINDOWS\system32\BCMWLTRY.EXE 2011-12-26 20:05:11 Detected: Trojan.Win32.Patched.mf C:\WINDOWS\system32\BCMWLTRY.EXE 2011-12-26 20:03:55 Will be disinfected on system restart: Trojan.Win32.Patched.mf C:\WINDOWS\system32\BCMWLTRY.EXE 2011-12-26 20:03:54 Cleared of viruses: Trojan.Win32.Patched.mf C:\WINDOWS\system32\BCMWLTRY.EXE 2011-12-26 20:03:54 Detected: Trojan.Win32.Patched.mf C:\WINDOWS\system32\BCMWLTRY.EXE 2011-12-26 20:03:48 Backed up C:\WINDOWS\system32\BCMWLTRY.EXE 2011-12-26 20:03:14 Detected: Trojan.Win32.Patched.mf C:\WINDOWS\system32\BCMWLTRY.EXE 2011-12-26 20:03:09 Task started
  15. I cannot run the online scan due to the internet connection problems, but will download the Kaspersky on a different computer and then transfer the file over.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.