Jump to content

Solid

Honorary Members
  • Posts

    32
  • Joined

  • Last visited

Reputation

0 Neutral

About Solid

  • Birthday 03/03/1983

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Here
  1. Full scan by Microsoft Security Essentials showed up clear with no threats.
  2. Thats wierd, ESET OnlineScan won't open on the laptop. Even if i google it and try open the page there it won't open. I get Internet Explorer cannot display the webpage. It works fine on the desktop. Link works and from google. I have rebooted and tried again but still the same.
  3. Ok well the file i sent was the one combo-fix quarentined so we're ok. Laptop seems to be working well now anyways. Have we anything left to do ?
  4. Sorry forget the last post, i forgot i moved the file to desktop and then copied the C:\WINDOWS\system32\drivers folder when we were trying to fix the internet problem. I have now put it back to c:\qoobox\quarantine\c\windows\system32\drivers where it was and i sent it in the link you provided.
  5. This file is no longer in c:\qoobox\quarantine\c\windows\system32\drivers\passthru.sys.vir, because i moved it back to C:\WINDOWS\system32\drivers folder before i re ran the driver shall i upload it from the C:\WINDOWS\system32\drivers folder?
  6. Well i don't have the Driver so i downloaded it from here --> Proset wireless link During the install there is a warning saying ''passthru miniport'' does not pass windows verification. I ran this driver years ago when first installed it but the virus is only a recent thing so i can't see it being related. I think this is why combo-fix picked it up. Here is latest MBAM log and 2 infections were found.. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5443 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02/01/2011 14:56:57 mbam-log-2011-01-02 (14-56-57).txt Scan type: Quick scan Objects scanned: 199100 Time elapsed: 5 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\METROWERKS (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Metrowerks\domain_url (Malware.Trace) -> Value: domain_url -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. I know i'm not meant to install anything without your instructions but i re installed the intel proset wireless driver and now i can connect to the internet again..
  8. The file C:\Qoobox\Quarantine\Registry_backups\Service_Passthru.reg had no .dat on the end but file type is still a .dat file so double clicking it doesn't work. Also in the C:\Qoobox\Quarantine\Registry_backups folder is a AddRemove-ProInst.reg file also a DAT file and tcpip Registration Entries file. Maybe a system restore to before the combo-fix and then start again???
  9. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru] "Type"=dword:00000001 "Start"=dword:00000003 "ErrorControl"=dword:00000001 "Tag"=dword:00000008 "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,70,00,61,00,73,00,73,00,74,00,68,\ 00,72,00,75,00,2e,00,73,00,79,00,73,00,00,00 "DisplayName"="Passthru Service" "Group"="PNP_TDI" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters\NdisWanIp] "UpperBindings"="\\Device\\{73A11CDB-E394-4B80-BB11-D3202F9D28B0}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters\{4E238EDE-5B2C-4BD8-92D7-9843C2C97DE8}] "UpperBindings"="\\Device\\{C00FAEB6-E6F9-4D5A-ADDF-6B8B855F242B}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters\{9FD6FB9D-838D-48DB-887F-00D758A810D7}] "UpperBindings"="\\Device\\{9AADD4DB-B12B-4677-8180-85D337DC328D}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Parameters\Adapters\{DB9733AD-83BE-46B1-B18A-8284D1D12173}] "UpperBindings"="\\Device\\{43FA8BB1-FCC1-43FF-942C-CDA481A6BAC4}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\passthru\Enum] "0"="Root\\MS_PASSTHRUMP\\0000" "Count"=dword:00000003 "NextInstance"=dword:00000003 "1"="Root\\MS_PASSTHRUMP\\0001" "2"="Root\\MS_PASSTHRUMP\\0002"
  10. That didn't work. What about this? C:\Qoobox\Quarantine\Registry_backups\Service_Passthru.reg.dat
  11. Just looking through things with my none technical mind but i found a link with a deletion from combofix first log c:\windows\system32\drivers\passthru.sys and this img
  12. Windows IP Configuration Server: UnKnown Address: 127.0.0.1 Server: UnKnown Address: 127.0.0.1 Ping request could not find host google.com. Please check the name and try again. Ping request could not find host yahoo.com. Please check the name and try again. =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 =========================================================================== Persistent Routes: None
  13. Internet still won't work. Latest log file from combofix.... ComboFix 11-01-01.01 - Mark 01/01/2011 21:30:45.2.1 - x86 Running from: c:\documents and settings\Mark.MARK-90BF2CC8F2\Desktop\ComboFix.exe Command switches used :: /F3M AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 ))))))))))))))))))))))))))))))) . 2011-01-01 01:09 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-12-31 18:43 . 2010-12-31 18:43 -------- d-----w- c:\windows\system32\wbem\Repository 2010-12-30 22:21 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-12-30 22:21 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-12-30 22:20 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-12-30 22:13 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-30 22:12 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-30 22:11 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-30 19:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2010-12-27 22:56 . 2010-12-27 22:56 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-12-27 22:56 . 2010-12-27 22:56 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-12-27 19:18 . 2010-12-27 19:18 -------- d-----w- c:\program files\Movimento 2010-12-18 13:53 . 2010-12-18 13:54 -------- d-----w- C:\93d72796c79c0ef051cd65fc 2010-12-18 13:49 . 2004-08-03 22:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys 2010-12-18 13:49 . 2004-08-03 22:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys 2010-12-18 13:48 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2010-12-18 13:43 . 2004-08-03 22:29 13824 ------w- c:\windows\system32\drivers\atinttxx.sys 2010-12-18 13:43 . 2004-08-03 22:29 29455 ------w- c:\windows\system32\drivers\ati1xbxx.sys 2010-12-18 13:43 . 2004-08-03 22:29 26367 ------w- c:\windows\system32\drivers\ati1snxx.sys 2010-12-18 13:43 . 2004-08-03 22:29 14336 ------w- c:\windows\system32\drivers\atinpdxx.sys 2010-12-18 13:43 . 2004-08-03 22:29 13824 ------w- c:\windows\system32\drivers\atinmdxx.sys 2010-12-17 23:13 . 2010-12-17 23:13 -------- d-----w- c:\program files\WH Software 2010-12-17 22:21 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2010-12-17 22:21 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2010-12-17 22:21 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2010-12-17 22:21 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2010-12-17 22:21 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys 2010-12-17 22:21 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys 2010-12-17 22:21 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2010-12-17 22:21 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys 2010-12-17 22:21 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2010-12-17 22:21 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2010-12-17 21:38 . 2010-12-17 21:38 -------- d-----w- c:\program files\BitZipper 2010-12-17 20:56 . 2010-09-10 05:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-12-17 20:56 . 2010-09-10 05:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-12-17 20:56 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-12-17 20:56 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-12-17 20:56 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-12-17 20:56 . 2010-09-10 05:58 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-12-17 20:56 . 2010-09-10 05:58 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-12-17 20:54 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2010-12-17 20:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-12-17 20:48 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2010-12-17 20:47 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys 2010-12-17 20:42 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-12-17 20:42 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-12-17 20:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-12-17 20:22 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2010-12-17 20:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-12-17 20:05 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-12-17 20:05 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-12-16 18:15 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-12-16 18:15 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-12-16 00:05 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-12-15 23:51 . 2010-12-15 23:51 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-12-15 23:28 . 2008-04-13 18:45 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys 2010-12-15 23:27 . 2010-12-15 23:27 -------- d-----w- c:\program files\SU Enterprise 2010-12-15 23:27 . 2007-05-25 14:11 237568 ----a-w- c:\windows\system32\IC4USB32.dll 2010-12-15 23:27 . 1997-01-13 13:42 37136 ----a-w- c:\windows\system32\msjint35.dll 2010-12-15 23:27 . 1996-12-16 18:30 1039360 ----a-w- c:\windows\system32\msjet35.dll 2010-12-15 23:27 . 1996-12-03 13:07 403216 ----a-w- c:\windows\system32\msrepl35.dll 2010-12-15 23:27 . 1996-12-02 18:44 251664 ----a-w- c:\windows\system32\msrd2x35.dll 2010-12-15 23:27 . 1996-12-02 18:44 24336 ----a-w- c:\windows\system32\msjter35.dll 2010-12-15 23:27 . 1996-11-08 02:48 368912 ----a-w- c:\windows\system32\vbar332.dll 2010-12-15 23:27 . 1997-01-16 09:10 376080 ----a-w- c:\windows\system32\MSRDO20.DLL 2010-12-15 23:27 . 1997-01-13 10:49 97552 ----a-w- c:\windows\system32\rdocurs.dll 2010-12-15 23:27 . 2010-10-10 10:08 269312 ----a-w- c:\windows\uninst.exe 2010-12-15 23:26 . 2000-07-20 21:50 143360 ------w- c:\windows\system32\unzip.exe 2010-12-15 23:24 . 2010-10-10 10:08 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL 2010-12-15 23:24 . 2010-10-10 10:08 337320 ----a-w- c:\windows\system32\difxapi.dll 2010-12-15 23:21 . 2002-04-01 15:51 24064 ------w- c:\windows\system32\msxml3a.dll 2010-12-15 23:15 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-12-15 23:14 . 2006-06-29 13:07 14048 ------w- c:\windows\system32\spmsg2.dll 2010-12-15 23:06 . 2010-12-15 23:36 -------- d-----w- C:\800cc8e7e5437846d1 2010-12-15 22:07 . 2010-12-15 22:07 -------- d-----w- c:\program files\MSXML 6.0 2010-12-15 22:06 . 2004-08-12 08:44 16384 ----a-w- c:\windows\system32\iwca.dll 2010-12-15 22:06 . 2004-08-12 08:44 234496 ----a-w- c:\windows\system32\drivers\iwca.sys 2010-12-15 22:06 . 2004-08-12 08:43 21504 ----a-w- c:\windows\system32\drivers\iwca2k.sys 2010-12-15 22:05 . 2010-12-15 22:05 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-12-15 22:04 . 2005-05-31 22:46 1671168 ----a-w- c:\windows\system32\W29MLRES.DLL 2010-12-15 20:53 . 2010-12-15 22:06 -------- d-----w- c:\documents and settings\MARK~1~MAR 2010-12-15 19:28 . 2009-01-07 18:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2010-12-15 17:57 . 2006-11-01 12:48 770048 ----a-w- c:\windows\system32\BCMLogon.dll 2010-12-15 17:57 . 2006-11-01 12:48 89088 ----a-w- c:\windows\system32\ATL71.DLL 2010-12-15 17:57 . 2010-10-10 10:08 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-12-15 17:57 . 2010-10-10 10:08 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-12-15 17:57 . 2010-10-10 10:08 1060864 ----a-w- c:\windows\system32\MFC71.dll 2010-12-15 17:05 . 2011-01-01 13:24 -------- d-----w- c:\documents and settings\Mark.MARK-90BF2CC8F2 2010-12-15 17:04 . 2010-12-31 18:43 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY 2010-12-15 17:03 . 2010-12-31 18:43 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY 2010-12-15 17:02 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll 2010-12-15 17:02 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys 2010-12-15 17:00 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys 2010-12-15 16:59 . 2004-08-04 12:00 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe 2010-12-15 16:56 . 2004-08-04 12:00 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe 2010-12-15 16:56 . 2004-08-04 12:00 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe 2010-12-15 16:56 . 2004-08-04 12:00 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll 2010-12-15 16:56 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll 2010-12-15 16:56 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\atrace.dll 2010-12-15 16:56 . 2004-08-04 12:00 6656 -c--a-w- c:\windows\system32\dllcache\hcappres.dll 2010-12-15 16:52 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\wbem\wbemtest.exe 2010-12-15 16:40 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys 2010-12-15 16:39 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2010-12-15 16:39 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2010-12-15 16:38 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys 2010-12-15 16:38 . 2008-04-14 00:12 74240 ----a-w- c:\windows\system32\usbui.dll 2010-12-15 16:38 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys 2010-12-15 16:38 . 2008-04-13 18:36 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys 2010-12-15 16:38 . 2008-04-13 18:36 14208 ----a-w- c:\windows\system32\drivers\battc.sys 2010-12-15 16:33 . 2010-12-27 20:00 -------- d--h--w- c:\documents and settings\Default User.WINDOWS 2010-12-15 16:33 . 2010-12-15 16:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS 2010-12-15 15:52 . 2010-12-16 21:15 -------- d-sh--w- c:\documents and settings\Rachel\Local Settings\Application Data\C575E8A8-16E2-4C95-AE36-0BA9C90710B0 2010-12-12 21:43 . 2010-12-13 00:07 -------- d-----w- c:\documents and settings\Administrator 2010-12-12 20:07 . 2010-12-12 20:07 -------- d-----w- c:\documents and settings\Mark\JarqhQDVcduhta . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024] "TDSReanimator"="c:\program files\Common Files\Teradyne\TDSReanimator.exe" [2010-10-10 11264] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2005-05-31 22:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Tabman.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SysPage.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\PtchApply.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Rtdb.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Starburst.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\EngineeringFeedback.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SystemDiagnostic.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\VMM.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C402.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C403.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C407.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C412.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Probes\\C413.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\LVPCheck.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\NetworkActivation.exe"= "c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"= R2 TDSNetSetup;TDSNetSetup;c:\program files\Common Files\Teradyne\TDSNetSetup.exe [06/10/2010 17:22 17920] . Contents of the 'Scheduled Tasks' folder 2011-01-01 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 21:40] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-01 21:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(436) c:\windows\System32\BCMLogon.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(3604) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2011-01-01 21:33:48 ComboFix-quarantined-files.txt 2011-01-01 21:33 ComboFix2.txt 2010-12-31 18:26 Post-Run: 11,734,663,168 bytes free - - End Of File - - EB489734AB4C143E2D0C84E7B7430FF2
  14. OTL Extras logfile created on: 01/01/2011 21:09:53 - Run 1 OTL by OldTimer - Version 3.2.20.0 Folder = C:\Documents and Settings\Mark.MARK-90BF2CC8F2\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 1908 3816 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.16 Gb Total Space | 10.96 Gb Free Space | 29.50% Space Free | Partition Type: NTFS Drive E: | 1.81 Gb Total Space | 0.36 Gb Free Space | 19.66% Space Free | Partition Type: FAT Computer Name: MARK-90BF2CC8F2 | User Name: Mark | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe:*:Enabled:Tabman Executable -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe:*:Enabled:System Page -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe:*:Enabled:Testman Executable -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe:*:Enabled:CodeServer Daemon -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe:*:Enabled:XML Registry Daemon -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe:*:Enabled:TDS Network Configuration -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe:*:Enabled:Apply TDS Patch -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe:*:Enabled:Update Database -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe:*:Enabled:StarBurst -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe:*:Enabled:Engineering Feedback -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe:*:Enabled:System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe:*:Enabled:VMM System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe:*:Enabled:C402 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe:*:Enabled:C403 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe:*:Enabled:C407 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe:*:Enabled:C412 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe:*:Enabled:C413 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe:*:Enabled:LVP Check Test Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe:*:Enabled:VCL_PC MFC Application EZTech -- (Teradyne Diagnostic Solutions Ltd.) "C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe:*:Enabled:LAN Connectivity Activation -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe:*:Enabled:ProbeTickHandler executable -- (Teradyne Ltd) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Tabman.exe:*:Enabled:Tabman Executable -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SysPage.exe:*:Enabled:System Page -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\testman.exe:*:Enabled:Testman Executable -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe:*:Enabled:CodeServer Daemon -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe:*:Enabled:XML Registry Daemon -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe:*:Enabled:TDS Network Configuration -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\PtchApply.exe:*:Enabled:Apply TDS Patch -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Rtdb.exe:*:Enabled:Update Database -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe:*:Enabled:StarBurst -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe:*:Enabled:Engineering Feedback -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe:*:Enabled:System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\VMM.exe:*:Enabled:VMM System Diagnostic Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C402.exe:*:Enabled:C402 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C403.exe:*:Enabled:C403 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C407.exe:*:Enabled:C407 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C412.exe:*:Enabled:C412 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\Probes\C413.exe:*:Enabled:C413 Cable Test Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\LVPCheck.exe:*:Enabled:LVP Check Test Application -- (Teradyne Diagnostic Solutions Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\vcl_pc.exe:*:Enabled:VCL_PC MFC Application EZTech -- (Teradyne Diagnostic Solutions Ltd.) "C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\NetworkActivation.exe:*:Enabled:LAN Connectivity Activation -- (Teradyne Ltd) "C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" = C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe:*:Enabled:ProbeTickHandler executable -- (Teradyne Ltd) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO "{097FE1B7-B186-426B-A4EC-D1D9D21D3099}" = Calibration "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{0E619C5F-7D9E-44C5-A9D0-265983BE7EC2}" = Puma "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23 "{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver "{29FA4B23-42EF-4D8B-9C4B-C638DDD6D279}" = IDS "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller "{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore "{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig "{8718A2BC-7E23-4D23-969A-2A2EC9E45B0E}" = IC4 Interface Device by SU Enterprise, Inc. "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{91DE1A85-7350-458A-B674-D7C8F3476299}" = IDS "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio "{B794A635-FC70-4C0A-989E-44AA021FAADB}" = IDS "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "BitZipper_is1" = BitZipper 2010 "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5 "ie8" = Windows Internet Explorer 8 "InstaCode" = InstaCode "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "ProInst" = Intel® PROSet/Wireless Software "WIC" = Windows Imaging Component "Windows XP Service Pack" = Windows XP Service Pack 3 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1060284298-1532298954-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f031ef6ac137efc5" = Dell Driver Download Manager ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27/12/2010 16:03:40 | Computer Name = MARK-90BF2CC8F2 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL. Error - 27/12/2010 16:10:10 | Computer Name = MARK-90BF2CC8F2 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL. Error - 27/12/2010 18:36:36 | Computer Name = MARK-90BF2CC8F2 | Source = Application Error | ID = 1000 Description = Faulting application ipsechlp.exe, version 2.6.1.651, faulting module ipsechlp.exe, version 2.6.1.651, fault address 0x0000ccc2. Error - 30/12/2010 15:21:14 | Computer Name = MARK-90BF2CC8F2 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL. Error - 31/12/2010 14:37:16 | Computer Name = MARK-90BF2CC8F2 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL. Error - 31/12/2010 21:13:22 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 7842, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 31/12/2010 21:13:22 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section. Error - 31/12/2010 21:13:26 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 7842, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 31/12/2010 21:13:26 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The Error code is the first DWORD in Data section. Error - 31/12/2010 21:13:27 | Computer Name = MARK-90BF2CC8F2 | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 7842, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. [ System Events ] Error - 27/12/2010 16:03:15 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:03:15 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:03:40 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:03:40 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:03:40 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:10:10 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:10:10 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 27/12/2010 16:10:10 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2106.0 Update Source: %%859 Update Stage: %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 30/12/2010 15:21:13 | Computer Name = MARK-90BF2CC8F2 | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2664.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 30/12/2010 15:25:16 | Computer Name = MARK-90BF2CC8F2 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.6 for the Network Card with network address 00166F7951D3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). < End of report > OTL logfile created on: 01/01/2011 21:09:53 - Run 1 OTL by OldTimer - Version 3.2.20.0 Folder = C:\Documents and Settings\Mark.MARK-90BF2CC8F2\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 1908 3816 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.16 Gb Total Space | 10.96 Gb Free Space | 29.50% Space Free | Partition Type: NTFS Drive E: | 1.81 Gb Total Space | 0.36 Gb Free Space | 19.66% Space Free | Partition Type: FAT Computer Name: MARK-90BF2CC8F2 | User Name: Mark | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/01/01 21:09:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark.MARK-90BF2CC8F2\Desktop\OTL.exe PRC - [2010/10/10 05:02:30 | 000,045,568 | ---- | M] (Teradyne Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe PRC - [2010/10/10 05:01:48 | 000,017,920 | ---- | M] () -- C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe PRC - [2010/10/10 05:01:10 | 000,127,488 | ---- | M] (Teradyne Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe PRC - [2010/10/10 04:54:40 | 000,090,624 | ---- | M] (Teradyne Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe PRC - [2010/10/10 04:54:08 | 000,074,240 | ---- | M] (Teradyne Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe PRC - [2010/10/10 03:42:02 | 000,461,824 | ---- | M] (Teradyne Diagnostic Solutions Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe PRC - [2010/10/10 03:26:04 | 000,205,312 | ---- | M] (Teradyne Diagnostic Solutions Ltd) -- C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2010/05/21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/06/03 01:31:50 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2005/06/03 01:28:34 | 000,372,809 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2005/06/03 01:25:56 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2005/06/03 01:25:20 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2005/05/31 22:51:36 | 000,225,353 | ---- | M] (Intel
  15. Scan complete.. no infected items Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5426 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01/01/2011 20:37:02 mbam-log-2011-01-01 (20-37-02).txt Scan type: Quick scan Objects scanned: 197964 Time elapsed: 4 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.