Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

When running malwarebytes “you may not have permission to access the


  • This topic is locked This topic is locked

#16
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay.
  • 0

Advertisements


#17
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-30 12:58:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3250310AS rev.3.AAC
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwryiaog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF879387E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8793BFE]

---- Files - GMER 1.0.15 ----

ADS C:\WINDOWS\3864171036:3815615769.exe 816 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\$NtUninstallKB45451$\2054589068 0 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526 0 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\click.tlb 2144 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\L 0 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\L\mftyfpmd 138496 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\loader.tlb 2540 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\U 0 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\U\@00000001 45968 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\U\@000000c0 3584 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\U\@000000cb 2048 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\U\@80000000 26112 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\U\@800000c0 35840 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\U\@800000cb 27648 bytes
File C:\WINDOWS\$NtUninstallKB45451$\479351526\U\@800000cf 27648 bytes

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\3864171036:3815615769.exe [MANUAL] 1c9252e6 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
  • 0

#18
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

It looks like ComboFix was recently updated. I'd like to have you attempt running it again for me.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#19
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
We are getting there:

ComboFix 11-09-26.02 - Administrator 30/09/2011 13:28:14.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.381 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {C328BCBD-CCBA-408A-84ED-9C27A11CA876}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\program files\NCH Swift Sound\BroadWave\broadwave.exe
C:\svchost.exe
c:\windows\$NtUninstallKB45451$
c:\windows\$NtUninstallKB45451$\2054589068
c:\windows\$NtUninstallKB45451$\479351526\@
c:\windows\$NtUninstallKB45451$\479351526\click.tlb
c:\windows\$NtUninstallKB45451$\479351526\L\mftyfpmd
c:\windows\$NtUninstallKB45451$\479351526\loader.tlb
c:\windows\$NtUninstallKB45451$\479351526\U\@00000001
c:\windows\$NtUninstallKB45451$\479351526\U\@000000c0
c:\windows\$NtUninstallKB45451$\479351526\U\@000000cb
c:\windows\$NtUninstallKB45451$\479351526\U\@000000cf
c:\windows\$NtUninstallKB45451$\479351526\U\@80000000
c:\windows\$NtUninstallKB45451$\479351526\U\@800000c0
c:\windows\$NtUninstallKB45451$\479351526\U\@800000cb
c:\windows\$NtUninstallKB45451$\479351526\U\@800000cf
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\3864171036
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\comct332.ocx
c:\windows\system32\d3d9caps.dat
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6726CB99-64EE-4516-9B80-321BFEF2C3D4}\RP310\A0192668.exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6726CB99-64EE-4516-9B80-321BFEF2C3D4}\RP310\A0192665.exe
.
Infected copy of c:\program files\Common Files\LightScribe\LSSrvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6726CB99-64EE-4516-9B80-321BFEF2C3D4}\RP310\A0192664.exe
.
Infected copy of c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6726CB99-64EE-4516-9B80-321BFEF2C3D4}\RP310\A0192662.exe
.
Infected copy of c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6726CB99-64EE-4516-9B80-321BFEF2C3D4}\RP310\A0192661.exe
.
Infected copy of c:\program files\TeamViewer\Version5\TeamViewer_Service.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6726CB99-64EE-4516-9B80-321BFEF2C3D4}\RP310\A0192660.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_1c9252e6
-------\Legacy_BroadWaveService
-------\Service_BroadWaveService
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-22 12:01 . 2011-09-22 12:01 -------- d--h--w- c:\windows\PIF
2011-09-21 14:45 . 2011-09-21 14:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-20 15:44 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-19 13:49 . 2011-09-19 13:49 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-19 13:49 . 2011-09-19 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\3B251
2011-09-19 13:39 . 2011-09-19 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\1C366
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( [email protected]_18.48.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-30 17:39 . 2011-09-30 17:39 16384 c:\windows\temp\Perflib_Perfdata_108.dat
+ 2011-06-24 16:18 . 2004-06-22 15:05 61440 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpztbi10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 69632 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzflt10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 61440 c:\windows\system32\spool\drivers\w32x86\3\hpztbi10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 69632 c:\windows\system32\spool\drivers\w32x86\3\hpzflt10.dll
+ 2011-04-06 20:20 . 2011-04-06 20:20 75040 c:\windows\system32\jdns_sd.dll
+ 2011-06-30 17:39 . 2011-05-10 12:06 42496 c:\windows\system32\DRVSTORE\usbaapl_5CBB3A09528F68FC4AD2F36E43C028E7E6F20400\usbaapl.sys
+ 2011-06-30 17:39 . 2011-05-10 12:06 18432 c:\windows\system32\DRVSTORE\netaapl_B71F8545DA20A81C41BFD744E8D7D9784787E916\netaapl.sys
+ 2011-06-23 17:48 . 2008-04-14 04:15 15104 c:\windows\system32\drivers\usbscan.sys
+ 2011-06-09 21:23 . 2008-04-14 04:17 25856 c:\windows\system32\drivers\usbprint.sys
+ 2011-06-09 20:58 . 2008-04-14 04:15 32128 c:\windows\system32\drivers\usbccgp.sys
+ 2011-04-06 20:20 . 2011-04-06 20:20 91424 c:\windows\system32\dnssd.dll
+ 2008-04-14 12:00 . 2011-06-24 16:55 26112 c:\windows\system32\dllcache\userinit.exe
- 2008-04-14 12:00 . 2010-12-30 15:59 26112 c:\windows\system32\dllcache\userinit.exe
+ 2011-06-23 17:48 . 2008-04-14 04:15 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2011-06-09 21:23 . 2008-04-14 04:17 25856 c:\windows\system32\dllcache\usbprint.sys
+ 2011-06-09 20:58 . 2008-04-14 04:15 32128 c:\windows\system32\dllcache\usbccgp.sys
+ 2011-05-05 20:51 . 2011-09-30 15:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-10 18:35 . 2011-04-07 20:50 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-11-10 18:35 . 2011-09-30 15:54 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-05-05 20:51 . 2011-09-30 15:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-11-10 18:35 . 2011-04-07 20:50 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-09-25 04:48 . 2011-09-25 04:48 22016 c:\windows\Installer\34e7fef.msi
+ 2011-06-30 17:39 . 2011-06-30 17:39 27136 c:\windows\Installer\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}\AppleSoftwareUpdateIco.exe
+ 2011-05-27 08:35 . 2011-05-27 08:35 65536 c:\windows\Installer\{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-05-27 08:35 . 2011-05-27 08:35 65536 c:\windows\Installer\{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}\ARPPRODUCTICON.exe
- 2011-02-21 08:01 . 2011-03-17 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-02-21 08:01 . 2011-08-04 14:25 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-23 17:48 . 2001-08-18 02:36 5632 c:\windows\system32\ptpusb.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 155708 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzvip10.dll
+ 2011-06-24 16:19 . 2004-06-22 15:05 172032 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpztbu10.exe
+ 2011-06-24 16:19 . 2004-06-22 15:05 163840 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzstw10.exe
+ 2011-06-24 16:19 . 2004-06-22 15:05 385024 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzstc10.exe
+ 2011-06-24 16:18 . 2004-06-22 15:05 180315 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzsnt10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 679936 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzslk10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 368640 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzres10.dll
+ 2011-06-24 16:19 . 2004-06-22 15:05 331776 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzpre10.exe
+ 2011-06-24 16:18 . 2004-06-22 15:05 487424 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzpm310.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 143360 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzpcl10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 135249 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzlnt10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 200704 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzjui10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 352256 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzime10.dll
+ 2011-06-24 16:19 . 2004-06-22 15:05 647168 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzeng10.exe
+ 2011-06-24 16:18 . 2004-06-22 15:05 344064 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzcon10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 196608 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzcoi10.dll
+ 2011-06-24 16:19 . 2004-06-22 15:05 286720 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzcfg10.exe
+ 2011-06-24 16:18 . 2004-06-22 15:05 196608 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpz2ku10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 154397 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpop8310.dat
+ 2011-06-24 16:18 . 2004-06-22 15:05 155708 c:\windows\system32\spool\drivers\w32x86\3\hpzvip10.dll
+ 2011-06-24 16:34 . 2004-06-22 15:05 172032 c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
+ 2011-06-24 16:19 . 2004-06-22 15:05 172032 c:\windows\system32\spool\drivers\w32x86\3\hpztbu10.exe
+ 2011-06-24 16:19 . 2004-06-22 15:05 163840 c:\windows\system32\spool\drivers\w32x86\3\hpzstw10.exe
+ 2011-06-24 16:19 . 2004-06-22 15:05 385024 c:\windows\system32\spool\drivers\w32x86\3\hpzstc10.exe
+ 2011-06-24 16:18 . 2004-06-22 15:05 180315 c:\windows\system32\spool\drivers\w32x86\3\hpzsnt10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 679936 c:\windows\system32\spool\drivers\w32x86\3\hpzslk10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 368640 c:\windows\system32\spool\drivers\w32x86\3\hpzres10.dll
+ 2011-06-24 16:19 . 2004-06-22 15:05 331776 c:\windows\system32\spool\drivers\w32x86\3\hpzpre10.exe
+ 2011-06-24 16:18 . 2004-06-22 15:05 487424 c:\windows\system32\spool\drivers\w32x86\3\hpzpm310.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 143360 c:\windows\system32\spool\drivers\w32x86\3\hpzpcl10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 135249 c:\windows\system32\spool\drivers\w32x86\3\hpzlnt10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 200704 c:\windows\system32\spool\drivers\w32x86\3\hpzjui10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 352256 c:\windows\system32\spool\drivers\w32x86\3\hpzime10.dll
+ 2011-06-24 16:19 . 2004-06-22 15:05 647168 c:\windows\system32\spool\drivers\w32x86\3\hpzeng10.exe
+ 2011-06-24 16:18 . 2004-06-22 15:05 344064 c:\windows\system32\spool\drivers\w32x86\3\hpzcon10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 196608 c:\windows\system32\spool\drivers\w32x86\3\hpzcoi10.dll
+ 2011-06-24 16:19 . 2004-06-22 15:05 286720 c:\windows\system32\spool\drivers\w32x86\3\hpzcfg10.exe
+ 2011-06-24 16:18 . 2004-06-22 15:05 196608 c:\windows\system32\spool\drivers\w32x86\3\hpz2ku10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 154397 c:\windows\system32\spool\drivers\w32x86\3\hpop8310.dat
+ 2011-06-13 18:28 . 2001-08-18 02:34 132608 c:\windows\system32\spool\drivers\w32x86\3\HPDJRES.DLL
+ 2011-06-23 17:48 . 2008-04-14 09:42 159232 c:\windows\system32\ptpusd.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 180315 c:\windows\system32\hpzsnt10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 344064 c:\windows\system32\hpzcon10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 196608 c:\windows\system32\hpzcoi10.dll
+ 2010-12-13 21:48 . 2011-06-30 20:51 101720 c:\windows\system32\drivers\SBREDrv.sys
+ 2011-04-06 20:20 . 2011-04-06 20:20 197920 c:\windows\system32\dnssdX.dll
+ 2011-04-06 20:20 . 2011-04-06 20:20 107808 c:\windows\system32\dns-sd.exe
+ 2011-08-06 16:43 . 2011-08-06 16:43 749568 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2011-08-09 14:15 . 2011-02-26 14:35 171266 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 2011-05-27 08:35 . 2011-05-27 08:35 923136 c:\windows\Installer\e4ecfd6.msi
+ 2011-05-06 15:17 . 2011-05-06 15:17 304640 c:\windows\Installer\ab71989.msi
+ 2011-06-30 17:39 . 2011-06-30 17:39 771584 c:\windows\Installer\6329a5d.msi
+ 2011-06-30 17:37 . 2011-06-30 17:37 811520 c:\windows\Installer\6329a4d.msi
+ 2011-06-24 16:19 . 2004-06-22 15:05 7331840 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpztbx10.exe
+ 2011-06-24 16:18 . 2004-06-22 15:05 1695744 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzrm310.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 3182592 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzr3210.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 1671168 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzims10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 1589248 c:\windows\system32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzimc10.dll
+ 2011-06-24 16:19 . 2004-06-22 15:05 7331840 c:\windows\system32\spool\drivers\w32x86\3\hpztbx10.exe
+ 2011-06-24 16:18 . 2004-06-22 15:05 1695744 c:\windows\system32\spool\drivers\w32x86\3\hpzrm310.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 3182592 c:\windows\system32\spool\drivers\w32x86\3\hpzr3210.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 1671168 c:\windows\system32\spool\drivers\w32x86\3\hpzims10.dll
+ 2011-06-24 16:18 . 2004-06-22 15:05 1589248 c:\windows\system32\spool\drivers\w32x86\3\hpzimc10.dll
+ 2011-08-09 17:43 . 2011-09-19 13:50 1523360 c:\windows\system32\Restore\rstrlog.dat
+ 2011-06-30 17:39 . 2011-05-10 12:06 4517664 c:\windows\system32\DRVSTORE\usbaapl_5CBB3A09528F68FC4AD2F36E43C028E7E6F20400\usbaaplrc.dll
+ 2011-06-30 17:39 . 2011-04-08 18:59 1461992 c:\windows\system32\DRVSTORE\netaapl_B71F8545DA20A81C41BFD744E8D7D9784787E916\wdfcoinstaller01009.dll
+ 2011-06-30 17:39 . 2011-06-30 17:39 3085312 c:\windows\Installer\6329a58.msi
+ 2011-06-30 17:38 . 2011-06-30 17:38 1984000 c:\windows\Installer\6329a53.msi
+ 2011-08-04 14:24 . 2011-08-04 14:24 20333056 c:\windows\Installer\3975803c.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-09-08 849192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
TeamViewer 5.lnk - c:\program files\TeamViewer\Version5\TeamViewer.exe [2010-7-6 5279016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"85:TCP"= 85:TCP:BroadWave Web Server
"55723:TCP"= 55723:TCP:Trend Micro OfficeScan Listener
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/12/2010 5:48 PM 64288]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [06/07/2010 11:03 AM 173352]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [08/04/2011 8:53 AM 51792]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [20/10/2010 7:45 PM 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [20/10/2010 7:45 PM 36432]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S0 vmiyalv;vmiyalv;c:\windows\system32\drivers\iixvut.sys --> c:\windows\system32\drivers\iixvut.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2011 5:23 PM 136176]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2011 5:23 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [15/07/2009 6:37 PM 689416]
S4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [15/01/2008 10:28 AM 204800]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-21 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-03-16 16:29]
.
2010-12-16 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-12-06 19:33]
.
2011-05-07 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-12-06 14:22]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 20:48]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 20:48]
.
2010-12-09 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-12-06 19:33]
.
2011-04-27 c:\windows\Tasks\tempoperfectShakeIcon.job
- c:\program files\NCH Swift Sound\TempoPerfect\tempoperfect.exe [2011-03-16 18:08]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{7D214F70-5922-4225-9C94-B4E06E8D6E34}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{D3894A60-D1F2-410F-BF4D-E0890E4AD689}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2010-12-16 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-12-06 19:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sympatico.ca
uInternet Settings,ProxyOverride = <local>;*.local
TCP: Interfaces\{E59A6DC7-EE4C-45C9-B724-6D62D4BEA190}: NameServer = 206.191.0.140,206.191.0.210
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-BroadWave - c:\program files\NCH Swift Sound\BroadWave\broadwave.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 13:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,ae,b1,93,4a,f6,34,42,a0,6a,d6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,ae,b1,93,4a,f6,34,42,a0,6a,d6,\
.
[HKEY_USERS\S-1-5-21-606747145-1214440339-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,00,22,e7,f5,ae,d4,4b,b4,5a,d5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,00,22,e7,f5,ae,d4,4b,b4,5a,d5,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4044)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2011-09-30 13:45:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-30 17:45
.
Pre-Run: 233,454,735,360 bytes free
Post-Run: 233,392,861,184 bytes free
.
- - End Of File - - 133EDA2E04B544CBB9FF261E9D26AFE0
  • 0

#20
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Let me know how things are running in your next reply.

VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Choose File button and search for the following file: c:\windows\Installer\34e7fef.msi
  • Click Open
  • Then click Send File
If it says already scanned -- click "reanalyze now"

  • Please be patient while the file is scanned.
  • Once the scan results appear, please click on the Compact button.
  • A new window should appear with a bunch of tabs at the top. Please click on the BBCode tab.
  • Copy and Paste the contents of the text in the BBCode into your next reply for me to review.

Please post the results in your next reply

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Folder::
c:\documents and settings\All Users\Application Data\3B251
c:\documents and settings\All Users\Application Data\1C366

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#21
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Hello,

I have a few hiccups. First, for some reason IE cannot access the internet so I cannot run VirusTotal File Scan. I can ping out but I cannot browse. It looks like it gets redirected to a blank page.

I jumped to ComboFix. When I run the script over CF I get the message:

Current date is 2011-10-03. ComboFix has expired. Click yes for reduced functionality mode.

I clicked no and downloaded a new copy of CF via another PC and re ran the script. Same message so I went forward in reduced functionality mod. See log bellow.

I then ran MWB and obviously could not update that either but it was only 14 days old. It found nothing. See log bellow.


ComboFix 11-09-26.02 - Administrator 03/10/2011 9:16.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.262 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {C328BCBD-CCBA-408A-84ED-9C27A11CA876}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1C366
c:\documents and settings\All Users\Application Data\1C366\{EC819769-8E23-4FDA-860F-2A323B7EB30C}.swf
c:\documents and settings\All Users\Application Data\3B251
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-09-22 12:01 . 2011-09-22 12:01 -------- d--h--w- c:\windows\PIF
2011-09-21 14:45 . 2011-09-21 14:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-20 15:44 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-19 13:49 . 2011-09-19 13:49 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-30_17.39.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-03 13:18 . 2011-10-03 13:18 16384 c:\windows\temp\Perflib_Perfdata_4c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-09-08 849192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
TeamViewer 5.lnk - c:\program files\TeamViewer\Version5\TeamViewer.exe [2010-7-6 5279016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"85:TCP"= 85:TCP:BroadWave Web Server
"55723:TCP"= 55723:TCP:Trend Micro OfficeScan Listener
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/12/2010 5:48 PM 64288]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [06/07/2010 11:03 AM 173352]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [08/04/2011 8:53 AM 51792]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [20/10/2010 7:45 PM 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [20/10/2010 7:45 PM 36432]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S0 vmiyalv;vmiyalv;c:\windows\system32\drivers\iixvut.sys --> c:\windows\system32\drivers\iixvut.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2011 5:23 PM 136176]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2011 5:23 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [15/07/2009 6:37 PM 689416]
S4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [15/01/2008 10:28 AM 204800]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-21 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-03-16 16:29]
.
2010-12-16 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-12-06 19:33]
.
2011-05-07 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-12-06 14:22]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 20:48]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 20:48]
.
2010-12-09 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-12-06 19:33]
.
2011-04-27 c:\windows\Tasks\tempoperfectShakeIcon.job
- c:\program files\NCH Swift Sound\TempoPerfect\tempoperfect.exe [2011-03-16 18:08]
.
2011-10-03 c:\windows\Tasks\User_Feed_Synchronization-{7D214F70-5922-4225-9C94-B4E06E8D6E34}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2011-10-03 c:\windows\Tasks\User_Feed_Synchronization-{D3894A60-D1F2-410F-BF4D-E0890E4AD689}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2010-12-16 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-12-06 19:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sympatico.ca
uInternet Settings,ProxyOverride = <local>;*.local
TCP: Interfaces\{E59A6DC7-EE4C-45C9-B724-6D62D4BEA190}: NameServer = 206.191.0.140,206.191.0.210
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 09:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,ae,b1,93,4a,f6,34,42,a0,6a,d6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,ae,b1,93,4a,f6,34,42,a0,6a,d6,\
.
[HKEY_USERS\S-1-5-21-606747145-1214440339-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,00,22,e7,f5,ae,d4,4b,b4,5a,d5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,00,22,e7,f5,ae,d4,4b,b4,5a,d5,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-10-03 09:24:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-03 13:24
ComboFix2.txt 2011-09-30 17:45
.
Pre-Run: 234,374,606,848 bytes free
Post-Run: 234,356,359,168 bytes free
.
- - End Of File - - 3F02F2BB1EA26AC1E1C3CEF7B02D682F



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7755

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/10/2011 9:47:29 AM
mbam-log-2011-10-03 (09-47-29).txt

Scan type: Quick scan
Objects scanned: 164066
Time elapsed: 8 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#22
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Please check these settings:

Repair Network
If your network icon appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair.

Posted Image

If you have no task bar icon do this:

  • Click on the Start button.
  • Click on the Settings menu option.
  • Click on the Control Panel option.
  • When the Control Panel opens, double-click on the Network Connections icon.
    If your Control Panel is set to Category View, then double-click on
    Network and Internet Connections and then click on Network Connections
    at the bottom.
  • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
  • click on the Repair menu option.

Posted Image

Let the repair process perform its tasks and when it has finished, check to see if your Internet connection is working.
  • 0

#23
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
No go. Initially I had the IP set to static and I can ping anything. When I set it to dynamic it cannot get an IP and repair does not change anything. The virus/malware surely damaged something.
  • 0

#24
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Yes, this infection does some serious damage.

Try this:

Go to Start > Run > Type in: cmd.exe

Copy and Paste the following command followed by Enter: NETSH WINSOCK RESET CATALOG

Please reboot your computer after you run the above command.

Edited by SweetTech, 03 October 2011 - 09:24 AM.

  • 0

#25
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
No change. Even with a new net card, same issue.
  • 0

Advertisements


#26
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Did you run this command: NETSH WINSOCK RESET CATALOG and then reboot your computer after running it?

I ask because I originally posted a different command but quickly edited it.

Edited to Add in:

Out of curiosity can you try and boot up into Safe Mode w/ Networking and see if you're able to connect to the internet there?

Edited by SweetTech, 03 October 2011 - 10:23 AM.

  • 0

#27
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Yep. Ran the camand and rebooted. Even tried it in safe mode with NET. No go. :)
  • 0

#28
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Mike,

I'd like to have you run a new scan with OTL and post the log file for me to review.


Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

  • 0

#29
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
OTL logfile created on: 03/10/2011 1:35:04 PM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Administrator\Desktop\tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

502.42 Mb Total Physical Memory | 285.80 Mb Available Physical Memory | 56.89% Memory free
1.20 Gb Paging File | 1.03 Gb Available in Paging File | 85.85% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 218.44 Gb Free Space | 93.80% Space Free | Partition Type: NTFS
Drive E: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.47 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: FAT32

Computer Name: JEANBERUBE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/23 18:17:35 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2011/09/21 10:33:43 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\tools\OTL.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/11/01 08:58:58 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/23 18:17:35 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2008/01/15 10:28:20 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/02/12 13:18:50 | 000,924,160 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2007/02/12 13:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/02/12 13:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/02/12 13:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/12/02 12:19:30 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/11/03 10:32:30 | 004,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/01 08:59:40 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/11/01 08:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/11/01 08:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/11/01 08:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/11/01 08:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/11/01 08:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/11/01 08:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/11/01 08:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/09/15 09:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/09/15 09:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/06/29 07:53:00 | 000,244,864 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-1214440339-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
IE - HKU\S-1-5-21-606747145-1214440339-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKU\S-1-5-21-606747145-1214440339-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 55 E9 7E 96 90 CB 01 [binary data]
IE - HKU\S-1-5-21-606747145-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606747145-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 10:38:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/03 10:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/10/03 10:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/18 18:46:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/05/20 14:42:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/29 03:16:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 21:59:56 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/09/28 21:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/28 21:59:56 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/09/28 21:59:56 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/09/28 21:59:56 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/09/28 21:59:56 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/10/03 10:57:10 | 000,000,048 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-606747145-1214440339-1417001333-500\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\TeamViewer 5.lnk = C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1214440339-1417001333-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606747145-1214440339-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-606747145-1214440339-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-606747145-1214440339-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-606747145-1214440339-1417001333-500\..Trusted Domains: //@[email protected]/ ([]msni in My Computer)
O15 - HKU\S-1-5-21-606747145-1214440339-1417001333-500\..Trusted Domains: //@[email protected]/ ([]msni in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/30 11:20:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/23 03:22:58 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-606747145-1214440339-1417001333-500..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-606747145-1214440339-1417001333-500\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/03 11:04:27 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2011/10/03 10:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/10/03 10:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/10/03 10:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/10/03 10:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1F1F4
[2011/10/03 09:17:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/03 09:16:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/03 09:16:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/03 09:16:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/03 09:16:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/30 13:14:09 | 004,228,780 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/09/22 08:01:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/21 10:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tools
[2011/09/20 11:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/20 11:44:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/20 11:42:48 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.2.1300.exe

========== Files - Modified Within 30 Days ==========

[2011/10/03 13:34:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D3894A60-D1F2-410F-BF4D-E0890E4AD689}.job
[2011/10/03 12:53:05 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/03 11:38:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/03 11:38:08 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/03 11:38:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/03 11:05:47 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/03 11:05:47 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/03 10:57:10 | 000,000,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/03 10:38:14 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/03 10:38:14 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/03 10:25:42 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7D214F70-5922-4225-9C94-B4E06E8D6E34}.job
[2011/10/03 09:13:24 | 004,228,780 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/09/30 11:12:37 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/30 11:12:37 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/23 16:23:45 | 097,664,120 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_09_23_23_11.exe
[2011/09/23 15:18:33 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Inherit.exe
[2011/09/21 15:23:23 | 004,210,959 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\cmb.exe
[2011/09/20 11:48:20 | 000,000,310 | RHS- | M] () -- C:\boot.ini
[2011/09/20 11:44:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/20 11:42:15 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/19 13:07:30 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/15 15:15:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/10/03 10:38:14 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/03 10:38:14 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/03 10:38:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/03 09:16:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/03 09:16:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/03 09:16:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/03 09:16:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/03 09:16:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/23 16:23:45 | 097,664,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_09_23_23_11.exe
[2011/09/23 15:18:40 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Inherit.exe
[2011/09/22 13:21:24 | 004,210,959 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\cmb.exe
[2011/09/20 11:44:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 09:27:10 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/25 09:27:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/07 14:42:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/08/15 10:03:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/08 08:57:39 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2010/06/08 08:57:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/30 12:54:36 | 001,481,884 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2010/03/30 12:54:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2010/03/30 12:00:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/03/30 11:23:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/30 11:17:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/30 05:58:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/30 05:57:26 | 000,189,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,440,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2008/04/14 08:00:00 | 000,071,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/01/17 13:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >

OTL Extras logfile created on: 03/10/2011 1:35:04 PM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Administrator\Desktop\tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

502.42 Mb Total Physical Memory | 285.80 Mb Available Physical Memory | 56.89% Memory free
1.20 Gb Paging File | 1.03 Gb Available in Paging File | 85.85% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 218.44 Gb Free Space | 93.80% Space Free | Partition Type: NTFS
Drive E: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.47 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: FAT32

Computer Name: JEANBERUBE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-606747145-1214440339-1417001333-500\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"85:TCP" = 85:TCP:*:Enabled:BroadWave Web Server
"55723:TCP" = 55723:TCP:*:Enabled:Trend Micro OfficeScan Listener

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6599091B-D42D-4765-ABC3-8B25E844C746}" = Roxio Easy CD and DVD Burning
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{874AF83E-1BF6-4F2B-9086-BF62BDAE1033}" = Nero 7 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BroadWave" = BroadWave
"Doxillion" = Doxillion Document Converter
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"iMesh" = iMesh
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 7.0.1 (x86 fr)" = Mozilla Firefox 7.0.1 (x86 fr)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MVApplication1" = Memorex exPressit Label Design Studio
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"Switch" = Switch Sound File Converter
"TeamViewer 5" = TeamViewer 5
"TempoPerfect" = TempoPerfect Metronome Software
"ToolBox" = NCH Toolbox
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/05/2011 9:23:27 AM | Computer Name = JEANBERUBE | Source = ESENT | ID = 490
Description = svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 09/05/2011 9:23:27 AM | Computer Name = JEANBERUBE | Source = ESENT | ID = 470
Description = Catalog Database (1200) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 10/05/2011 12:05:35 AM | Computer Name = JEANBERUBE | Source = Application Error | ID = 1000
Description = Faulting application imesh.exe, version 10.0.0.0, faulting module
imesh.exe, version 10.0.0.0, fault address 0x00ccd4d9.

Error - 10/05/2011 8:52:51 AM | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/05/2011 8:53:22 AM | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/05/2011 12:36:03 PM | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/05/2011 12:36:04 PM | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/05/2011 12:36:05 PM | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/05/2011 4:51:18 PM | Computer Name = JEANBERUBE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 21/05/2011 10:17:16 AM | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 03/10/2011 11:39:07 AM | Computer Name = JEANBERUBE | Source = E100B | ID = 262148
Description = Adapter Intel 8255x-based PCI Ethernet Adapter (10/100): Adapter Link
Down

Error - 03/10/2011 11:39:19 AM | Computer Name = JEANBERUBE | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 03/10/2011 11:39:19 AM | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 03/10/2011 11:39:49 AM | Computer Name = JEANBERUBE | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 03/10/2011 11:39:49 AM | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 03/10/2011 11:40:19 AM | Computer Name = JEANBERUBE | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 03/10/2011 11:40:19 AM | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 03/10/2011 11:40:49 AM | Computer Name = JEANBERUBE | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 03/10/2011 11:40:49 AM | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 03/10/2011 11:41:19 AM | Computer Name = JEANBERUBE | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#30
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Please browse to this folder and let me know what is in it.

C:\Documents and Settings\All Users\Application Data\1F1F4
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP