Unable to access internet after successful deletion of malware

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Unable to access internet after successful deletion of malware

Post by guybagnall on Sun 19 Sep 2010, 10:53 pm

I cannot access internet (Orange.co.uk homepage) after successful removal of Total Security malware. Made no changes to settings, can access ISP (Orange France) but not from 'livebox' to internet. Can anyone advise? Regards

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by Belahzur on Mon 20 Sep 2010, 6:22 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

catch 22

Post by guybagnall on Mon 20 Sep 2010, 9:10 pm

Hi - very grateful for your response. My problem is that I simply can't make the connection from my ISP (today in England and it is PlusNet) to Orange.co.uk to access emails. I have full wireless connection from the laptop to the wireless device but it is from there to Orange that I get the message telling me it can't connect and it's a problem Windows cannot solve. I have looked at my basic internet connection settings and they all seem ok. The Catch 22 is that I can't download to my desktop because I can't get onto the web! I have access to another computer at present and can send and receive emails via that but the laptop problem remains. Could I download to a usp and then from that onto my Desktop or does it need the net connection to scan etc? Kind Regards

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Tue 21 Sep 2010, 2:57 am

Tried usb route and here they are: OTL logfile created on: 20/09/2010 16:44:42 - Run 2
OTL by OldTimer - Version 3.2.14.0 Folder = F:\
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.17 Gb Total Space | 49.73 Gb Free Space | 50.14% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.49 Gb Free Space | 54.91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 7.43 Gb Free Space | 99.67% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PETERWYETH-LAP
Current User Name: Peter Wyeth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/20 16:20:38 | 000,576,000 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/11 17:05:57 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/04 08:59:52 | 000,095,232 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/05/15 18:31:07 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 14:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 22:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/08/29 06:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/07/27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/04/27 09:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/16 17:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2006/11/05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/09/13 00:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\System32\brss01a.exe
PRC - [2005/03/17 14:25:54 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\System32\brsvc01a.exe


========== Modules (SafeList) ==========

MOD - [2010/09/20 16:20:38 | 000,576,000 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/23 14:53:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 22:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\System32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/06/16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/29 10:02:00 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\archlp.sys -- (archlp)
DRV - [2007/12/28 23:13:01 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/12/28 23:13:01 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/12/28 23:13:01 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/29 06:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/05/24 13:35:02 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/05/10 08:00:06 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/26 06:23:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/04/16 23:44:34 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/02/28 12:25:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/28 12:25:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/02/28 12:25:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/25 15:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe File not found
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [smss32.exe] C:\Windows\System32\smss32.exe File not found
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GYIKVZG] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe File not found
O4 - Startup: C:\Users\Peter Wyeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Users\PETERW~1\AppData\Local\Temp\dagny115.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Users\PETERW~1\AppData\Local\Temp\dagny115.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Users\PETERW~1\AppData\Local\Temp\dagny115.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Users\PETERW~1\AppData\Local\Temp\dagny115.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Users\PETERW~1\AppData\Local\Temp\dagny115.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Users\PETERW~1\AppData\Local\Temp\dagny115.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Users\PETERW~1\AppData\Local\Temp\dagny115.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} [You must be registered and logged in to see this link.] (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/08/24 12:02:32 | 000,000,063 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6d30a39d-b54f-11dc-a235-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6d30a39d-b54f-11dc-a235-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/16 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\Peter Wyeth\AppData\Roaming\Malwarebytes
[2010/09/16 21:26:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/16 21:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/16 21:26:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/16 21:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/16 14:57:03 | 000,000,000 | ---D | C] -- C:\Users\Peter Wyeth\AppData\Roaming\Nolimit
[2010/09/16 09:01:12 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/09/14 13:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/14 13:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/24 12:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/24 11:31:08 | 000,000,000 | ---D | C] -- C:\Users\Peter Wyeth\AppData\Local\Xenocode
[137 C:\Users\Peter Wyeth\Documents\Documents\*.tmp files -> C:\Users\Peter Wyeth\Documents\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/20 16:44:46 | 003,145,728 | -HS- | M] () -- C:\Users\Peter Wyeth\ntuser.dat
[2010/09/20 16:41:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A3832D7D-1307-4965-9C27-1EF0AA857DE4}.job
[2010/09/20 16:30:19 | 000,000,277 | ---- | M] () -- C:\Users\Peter Wyeth\Desktop\OTL - Shortcut.lnk
[2010/09/20 16:29:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/20 16:28:49 | 000,032,441 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/20 16:28:48 | 000,032,441 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/20 16:28:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/20 12:09:11 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 12:09:11 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 11:51:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/20 10:29:05 | 000,000,900 | ---- | M] () -- C:\Users\Peter Wyeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/09/20 10:09:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/20 10:09:06 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/20 09:20:14 | 000,524,288 | -HS- | M] () -- C:\Users\Peter Wyeth\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/09/20 09:20:14 | 000,065,536 | -HS- | M] () -- C:\Users\Peter Wyeth\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/09/20 09:20:12 | 003,243,851 | -H-- | M] () -- C:\Users\Peter Wyeth\AppData\Local\IconCache.db
[2010/09/20 09:18:39 | 000,405,504 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\The Matter of Vision Chapters.doc
[2010/09/19 18:15:35 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/09/17 17:01:06 | 000,002,585 | ---- | M] () -- C:\Users\Peter Wyeth\Desktop\Microsoft Word.lnk
[2010/09/17 15:24:58 | 000,697,154 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/17 15:24:58 | 000,604,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/17 15:24:58 | 000,107,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/16 21:26:57 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/16 14:02:30 | 000,020,480 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\Consilience.doc
[2010/09/15 15:49:33 | 000,025,088 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\Consillience crit on Amazon Olly Buxton 15 09 10.doc
[2010/09/15 14:43:18 | 000,027,806 | ---- | M] () -- C:\Users\Peter Wyeth\GeneratePDFTickets Will Easybus oct 4th.pdf
[2010/09/14 13:18:53 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/09/14 13:18:53 | 000,001,854 | ---- | M] () -- C:\Users\Peter Wyeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/14 13:16:48 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/14 11:19:49 | 000,025,088 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\DeVere booking sheet update 14 09 10.xls
[2010/09/14 08:59:08 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/09/10 10:18:52 | 000,020,212 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\may_09_al.xls
[2010/09/10 10:18:37 | 000,020,351 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\june_09_al.xls
[2010/09/10 09:25:17 | 000,022,016 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\The Matter of Vision - an introduction 10 09 10.doc
[2010/09/08 16:20:45 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/09/06 10:04:02 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/02 18:20:56 | 000,026,112 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\Promobike Booking v10(1).xls
[2010/09/02 12:41:24 | 000,000,162 | -H-- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\~$e Matter of Vision.doc
[2010/09/01 16:35:01 | 000,020,992 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\BARRINGTON COURT RESIDENTS letter 1 9 10.doc
[2010/08/31 16:29:40 | 000,000,680 | ---- | M] () -- C:\Users\Peter Wyeth\AppData\Local\d3d9caps.dat
[2010/08/26 12:59:09 | 000,050,176 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\The Matter of Vision.doc
[2010/08/24 22:21:47 | 000,024,064 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\Barrington Court Residents August 24th 2010..doc
[2010/08/24 15:54:30 | 000,024,576 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\FURNITURE May 2010.doc
[2010/08/24 15:39:48 | 000,026,624 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\Death List.doc
[2010/08/24 12:38:13 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/24 07:34:44 | 000,038,400 | ---- | M] () -- C:\Users\Peter Wyeth\Documents\Documents\Death's Door.doc
[137 C:\Users\Peter Wyeth\Documents\Documents\*.tmp files -> C:\Users\Peter Wyeth\Documents\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/20 16:30:19 | 000,000,277 | ---- | C] () -- C:\Users\Peter Wyeth\Desktop\OTL - Shortcut.lnk
[2010/09/17 11:09:38 | 000,002,485 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2010/09/17 11:09:38 | 000,001,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/09/17 11:09:38 | 000,000,900 | ---- | C] () -- C:\Users\Peter Wyeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/09/16 22:29:09 | 2145,431,552 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/16 21:26:57 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 14:51:00 | 000,025,088 | ---- | C] () -- C:\Users\Peter Wyeth\Documents\Documents\Consillience crit on Amazon Olly Buxton 15 09 10.doc
[2010/09/15 14:43:18 | 000,027,806 | ---- | C] () -- C:\Users\Peter Wyeth\GeneratePDFTickets Will Easybus oct 4th.pdf
[2010/09/15 09:03:15 | 000,020,480 | ---- | C] () -- C:\Users\Peter Wyeth\Documents\Documents\Consilience.doc
[2010/09/14 13:16:48 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/14 11:19:49 | 000,025,088 | ---- | C] () -- C:\Users\Peter Wyeth\Documents\Documents\DeVere booking sheet update 14 09 10.xls
[2010/09/10 10:18:52 | 000,020,212 | ---- | C] () -- C:\Users\Peter Wyeth\Documents\Documents\may_09_al.xls
[2010/09/10 10:18:37 | 000,020,351 | ---- | C] () -- C:\Users\Peter Wyeth\Documents\Documents\june_09_al.xls
[2010/09/10 09:11:44 | 000,022,016 | ---- | C] () -- C:\Users\Peter Wyeth\Documents\Documents\The Matter of Vision - an introduction 10 09 10.doc
[2010/09/02 18:20:56 | 000,026,112 | ---- | C] () -- C:\Users\Peter Wyeth\Documents\Documents\Promobike Booking v10(1).xls
[2010/09/01 15:30:04 | 000,020,992 | ---- | C] () -- C:\Users\Peter Wyeth\Documents\Documents\BARRINGTON COURT RESIDENTS letter 1 9 10.doc
[2010/08/26 11:56:12 | 000,000,162 | -H-- | C] () -- C:\Users\Peter Wyeth\Documents\Documents\~$e Matter of Vision.doc
[2010/08/25 08:54:47 | 000,405,504 | ---- | C] () -- C:\Users\Peter Wyeth\Documents\Documents\The Matter of Vision Chapters.doc
[2010/08/24 21:57:36 | 000,024,064 | ---- | C] () -- C:\Users\Peter Wyeth\Documents\Documents\Barrington Court Residents August 24th 2010..doc
[2010/08/24 12:38:13 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/16 09:33:33 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/04/12 14:10:58 | 000,142,336 | RHS- | C] () -- C:\Users\Peter Wyeth\AppData\Roaming\sdcltz.dll
[2010/02/10 09:51:08 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/09 18:03:29 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/02/09 18:03:29 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/21 22:48:51 | 000,000,462 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/09/21 22:48:51 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2009/09/21 22:48:51 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/09/21 10:50:54 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/09/16 10:21:34 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\archlp.sys
[2009/08/04 22:33:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/01 18:31:46 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2009/07/01 18:31:46 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
[2009/02/17 08:24:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/07/30 18:17:11 | 000,017,920 | ---- | C] () -- C:\Users\Peter Wyeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/04 15:03:52 | 000,000,680 | ---- | C] () -- C:\Users\Peter Wyeth\AppData\Local\d3d9caps.dat
[2008/02/20 12:47:31 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/20 12:47:31 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2008/02/20 12:47:27 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2008/02/14 21:44:20 | 000,027,905 | ---- | C] () -- C:\Users\Peter Wyeth\AppData\Roaming\nvModes.001
[2008/02/14 11:23:40 | 000,027,905 | ---- | C] () -- C:\Users\Peter Wyeth\AppData\Roaming\nvModes.dat
[2008/02/13 16:52:20 | 000,000,168 | ---- | C] () -- C:\Users\Peter Wyeth\AppData\Roaming\wklnhst.dat
[2007/12/28 23:13:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/28 23:13:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/07 20:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll
[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
< End of report >

2nd doc in 2nd post as advised

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Tue 21 Sep 2010, 2:57 am

2nd doc:

OTL Extras logfile created on: 20/09/2010 16:34:56 - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = F:\
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.17 Gb Total Space | 49.73 Gb Free Space | 50.14% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.49 Gb Free Space | 54.91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 7.43 Gb Free Space | 99.67% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PETERWYETH-LAP
Current User Name: Peter Wyeth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F1A544-1E3C-45C8-BC29-0EADCB1FD763}" = rport=445 | protocol=6 | dir=out | app=system |
"{3A1F6C9A-3956-477F-A1C8-109F2DF9A0CF}" = rport=138 | protocol=17 | dir=out | app=system |
"{430022D6-7EDD-4180-92C1-6F08CACA7BC1}" = lport=137 | protocol=17 | dir=in | app=system |
"{69C081E8-4450-4D94-8667-E9C80C3B103F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8615AAD7-7236-4967-8F40-A45DE47083F6}" = rport=137 | protocol=17 | dir=out | app=system |
"{88B45AA7-3155-4BD6-907B-7B75BC2AFDD7}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F6DA411-ECA8-45D5-8FA7-A2D2553232AC}" = rport=139 | protocol=6 | dir=out | app=system |
"{902E3CA9-C5B5-47C6-94F8-BD7F92C64DDF}" = lport=138 | protocol=17 | dir=in | app=system |
"{94627918-7984-48E5-9938-2EEEA08E645E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D3978933-51DF-4A00-86E7-939A0A8647C9}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{189F1352-E741-4554-A5EC-102C6B0B49F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D746157-26A2-425B-9A74-A4908730CB83}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1FA065CD-C376-4152-B042-97D7CD85390C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{28A42212-9A2C-4A83-A29A-E804851979C0}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{316A818E-0DBE-4979-9619-C8032790C407}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{335A6005-0076-4D16-A791-974350256087}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{363E61D6-F332-44CB-9ECC-DB511A181D0B}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{3839D06D-77DF-4F07-897D-1B8EC18D5FC2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{4655669A-37C4-4ABB-8776-AAED6BA0EFB9}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{58B3D0DA-25F2-40D7-B5E6-538ADE43E483}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BD78D31-2EE1-4BDB-BDD5-B4089EB15CB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71B307EF-75D5-4FEF-BB2D-93C1E02E1C5A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{765E93C4-7D9D-47C6-A280-FB886F7ED8D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{767BBDFB-1062-4DDE-A4E1-782DF83B9CB1}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{9A4BCE01-059E-4459-AFF1-1BED9A78CBFA}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A22436B3-6093-49D8-929C-5669E5FC1358}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AD527BEA-626A-4417-8ADF-4A9E57418419}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{B40C8313-7525-4FFA-BC8E-72F4679990A7}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{BE2FBECC-A80F-4E25-AF35-B53C40D92626}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F5864257-E7C1-488A-9140-3AA84786B9B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F6937CD2-2FEE-428D-AADF-3BC2CA1C52D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA156339-2D77-4F48-91A6-977691ECE703}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"TCP Query User{89275478-608D-4C86-9177-7F794A6D4C45}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{E067E0A5-3652-4130-BEF5-3E02D02B3BD8}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E75A819D-EA07-408F-8F46-9D5B1C956F7F}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E8C76746-84AC-4630-B2AB-01E3F7688F96}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1A97F50-1249-4CCB-9CDD-56BC926E7F1D}" = ArcSoft TotalMedia Extreme
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{C26ED93F-A16E-4FC9-B158-A1D5CC604949}" = Newsoft H264 Decoder
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EB088C1A-E2B9-71D3-0688-1E137095F323}" = Shrink O'Matic
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Debut" = Debut Video Capture Software
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DV CIG Guide" = CANON iMAGE GATEWAY Registration Guide
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O'Matic
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Dell Touchpad
"VLC media player" = VLC media player 1.0.5
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/09/2010 03:53:43 | Computer Name = PeterWyeth-lap | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 04:51:15 | Computer Name = PeterWyeth-lap | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 04:52:59 | Computer Name = PeterWyeth-lap | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 05:51:14 | Computer Name = PeterWyeth-lap | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 05:57:45 | Computer Name = PeterWyeth-lap | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 06:07:06 | Computer Name = PeterWyeth-lap | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =

Error - 17/09/2010 06:07:22 | Computer Name = PeterWyeth-lap | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 06:07:52 | Computer Name = PeterWyeth-lap | Source = Application Error | ID = 1000
Description = Faulting application RoxWatchTray9.exe, version 9.0.1.64, time stamp
0x454e39e6, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x61545f6f, process id 0xc50, application start time
0x01cb565017f5b1cd.

Error - 17/09/2010 06:09:11 | Computer Name = PeterWyeth-lap | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 17/09/2010 06:10:22 | Computer Name = PeterWyeth-lap | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =

[ System Events ]
Error - 20/09/2010 05:29:48 | Computer Name = PeterWyeth-lap | Source = DCOM | ID = 10010
Description =

Error - 20/09/2010 05:29:48 | Computer Name = PeterWyeth-lap | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =

Error - 20/09/2010 05:43:54 | Computer Name = PeterWyeth-lap | Source = Service Control Manager | ID = 7023
Description =

Error - 20/09/2010 05:44:24 | Computer Name = PeterWyeth-lap | Source = DCOM | ID = 10010
Description =

Error - 20/09/2010 06:44:24 | Computer Name = PeterWyeth-lap | Source = Service Control Manager | ID = 7023
Description =

Error - 20/09/2010 06:51:00 | Computer Name = PeterWyeth-lap | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =

Error - 20/09/2010 06:51:30 | Computer Name = PeterWyeth-lap | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =

Error - 20/09/2010 06:52:02 | Computer Name = PeterWyeth-lap | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =

Error - 20/09/2010 09:46:51 | Computer Name = PeterWyeth-lap | Source = Service Control Manager | ID = 7023
Description =

Error - 20/09/2010 10:47:21 | Computer Name = PeterWyeth-lap | Source = Service Control Manager | ID = 7023
Description =


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F1A544-1E3C-45C8-BC29-0EADCB1FD763}" = rport=445 | protocol=6 | dir=out | app=system |
"{3A1F6C9A-3956-477F-A1C8-109F2DF9A0CF}" = rport=138 | protocol=17 | dir=out | app=system |
"{430022D6-7EDD-4180-92C1-6F08CACA7BC1}" = lport=137 | protocol=17 | dir=in | app=system |
"{69C081E8-4450-4D94-8667-E9C80C3B103F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8615AAD7-7236-4967-8F40-A45DE47083F6}" = rport=137 | protocol=17 | dir=out | app=system |
"{88B45AA7-3155-4BD6-907B-7B75BC2AFDD7}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F6DA411-ECA8-45D5-8FA7-A2D2553232AC}" = rport=139 | protocol=6 | dir=out | app=system |
"{902E3CA9-C5B5-47C6-94F8-BD7F92C64DDF}" = lport=138 | protocol=17 | dir=in | app=system |
"{94627918-7984-48E5-9938-2EEEA08E645E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D3978933-51DF-4A00-86E7-939A0A8647C9}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{189F1352-E741-4554-A5EC-102C6B0B49F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D746157-26A2-425B-9A74-A4908730CB83}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1FA065CD-C376-4152-B042-97D7CD85390C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{28A42212-9A2C-4A83-A29A-E804851979C0}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{316A818E-0DBE-4979-9619-C8032790C407}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{335A6005-0076-4D16-A791-974350256087}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{363E61D6-F332-44CB-9ECC-DB511A181D0B}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{3839D06D-77DF-4F07-897D-1B8EC18D5FC2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{4655669A-37C4-4ABB-8776-AAED6BA0EFB9}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{58B3D0DA-25F2-40D7-B5E6-538ADE43E483}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BD78D31-2EE1-4BDB-BDD5-B4089EB15CB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71B307EF-75D5-4FEF-BB2D-93C1E02E1C5A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{765E93C4-7D9D-47C6-A280-FB886F7ED8D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{767BBDFB-1062-4DDE-A4E1-782DF83B9CB1}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{9A4BCE01-059E-4459-AFF1-1BED9A78CBFA}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A22436B3-6093-49D8-929C-5669E5FC1358}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AD527BEA-626A-4417-8ADF-4A9E57418419}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{B40C8313-7525-4FFA-BC8E-72F4679990A7}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{BE2FBECC-A80F-4E25-AF35-B53C40D92626}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F5864257-E7C1-488A-9140-3AA84786B9B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F6937CD2-2FEE-428D-AADF-3BC2CA1C52D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA156339-2D77-4F48-91A6-977691ECE703}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"TCP Query User{89275478-608D-4C86-9177-7F794A6D4C45}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{E067E0A5-3652-4130-BEF5-3E02D02B3BD8}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E75A819D-EA07-408F-8F46-9D5B1C956F7F}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E8C76746-84AC-4630-B2AB-01E3F7688F96}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1A97F50-1249-4CCB-9CDD-56BC926E7F1D}" = ArcSoft TotalMedia Extreme
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{C26ED93F-A16E-4FC9-B158-A1D5CC604949}" = Newsoft H264 Decoder
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EB088C1A-E2B9-71D3-0688-1E137095F323}" = Shrink O'Matic
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Debut" = Debut Video Capture Software
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DV CIG Guide" = CANON iMAGE GATEWAY Registration Guide
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O'Matic
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Dell Touchpad
"VLC media player" = VLC media player 1.0.5
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/09/2010 03:53:43 | Computer Name = PeterWyeth-lap | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 04:51:15 | Computer Name = PeterWyeth-lap | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 04:52:59 | Computer Name = PeterWyeth-lap | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 05:51:14 | Computer Name = PeterWyeth-lap | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 05:57:45 | Computer Name = PeterWyeth-lap | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 06:07:06 | Computer Name = PeterWyeth-lap | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =

Error - 17/09/2010 06:07:22 | Computer Name = PeterWyeth-lap | Source = Google Update | ID = 20
Description =

Error - 17/09/2010 06:07:52 | Computer Name = PeterWyeth-lap | Source = Application Error | ID = 1000
Description = Faulting application RoxWatchTray9.exe, version 9.0.1.64, time stamp
0x454e39e6, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x61545f6f, process id 0xc50, application start time
0x01cb565017f5b1cd.

Error - 17/09/2010 06:09:11 | Computer Name = PeterWyeth-lap | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 17/09/2010 06:10:22 | Computer Name = PeterWyeth-lap | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =

[ System Events ]
Error - 20/09/2010 05:29:48 | Computer Name = PeterWyeth-lap | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =

Error - 20/09/2010 05:43:54 | Computer Name = PeterWyeth-lap | Source = Service Control Manager | ID = 7023
Description =

Error - 20/09/2010 05:44:24 | Computer Name = PeterWyeth-lap | Source = DCOM | ID = 10010
Description =

Error - 20/09/2010 06:44:24 | Computer Name = PeterWyeth-lap | Source = Service Control Manager | ID = 7023
Description =

Error - 20/09/2010 06:51:00 | Computer Name = PeterWyeth-lap | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =

Error - 20/09/2010 06:51:30 | Computer Name = PeterWyeth-lap | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =

Error - 20/09/2010 06:52:02 | Computer Name = PeterWyeth-lap | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =

Error - 20/09/2010 09:46:51 | Computer Name = PeterWyeth-lap | Source = Service Control Manager | ID = 7023
Description =

Error - 20/09/2010 10:47:21 | Computer Name = PeterWyeth-lap | Source = Service Control Manager | ID = 7023
Description =

Error - 20/09/2010 11:39:43 | Computer Name = PeterWyeth-lap | Source = bowser | ID = 8003
Description =


< End of report >


guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by Belahzur on Tue 21 Sep 2010, 10:35 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Wed 22 Sep 2010, 2:10 am

Hi- thanks for the further help. When trying to download the update (from the usb stick with the installed programme, including checkmarks on update and launch as in point one of the instructions) the error message came up:MBAM_ERROR_UPDATING(12007.0.Winl-lttpSendReport). I couldn't send literally from the laptop as net contact absent, but I hope this helps. I thus couldn't do the quick scan as download was presumably interrupted. Regards

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Wed 22 Sep 2010, 2:55 am

Hi - a version saved so I followed the instructions and here is the resulting log (one programme was identified and removed:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

21/09/2010 16:44:45
mbam-log-2010-09-21 (16-44-45).txt

Scan type: Quick scan
Objects scanned: 133294
Time elapsed: 10 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by Belahzur on Wed 22 Sep 2010, 8:16 am

Hello.


  • Download combofix from here
    Link 1
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Thu 23 Sep 2010, 2:09 am

Hi - combofix.txt below:
ComboFix 10-09-21.03 - Peter Wyeth 22/09/2010 15:56:26.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.2045.949 [GMT 1:00]
Running from: F:\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.

2010-09-22 15:02 . 2010-09-22 15:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-22 15:02 . 2010-09-22 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-16 20:27 . 2010-09-16 20:27 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\Malwarebytes
2010-09-16 20:26 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-16 20:26 . 2010-09-16 20:26 -------- d-----w- c:\programdata\Malwarebytes
2010-09-16 20:26 . 2010-09-21 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-16 20:26 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-16 13:57 . 2010-09-16 13:57 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\Nolimit
2010-09-16 08:01 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 08:01 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 08:01 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 08:01 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 12:17 . 2010-09-14 12:17 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-14 12:15 . 2010-09-14 12:15 -------- d-----w- c:\program files\iPod
2010-09-14 12:15 . 2010-09-14 12:16 -------- d-----w- c:\program files\iTunes
2010-09-14 12:10 . 2010-09-14 12:10 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-24 11:37 . 2010-08-24 11:38 -------- d-----w- c:\program files\QuickTime
2010-08-24 10:31 . 2010-08-24 10:31 -------- d-----w- c:\users\Peter Wyeth\AppData\Local\Xenocode

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 14:33 . 2010-02-09 17:03 32441 ----a-w- c:\programdata\nvModes.dat
2010-09-16 17:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 18:25 . 2009-02-16 21:28 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\Skype
2010-09-14 15:01 . 2009-02-17 07:24 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\skypePM
2010-09-14 12:18 . 2010-05-02 08:53 -------- d-----w- c:\program files\Safari
2010-09-14 12:15 . 2009-01-27 20:36 -------- d-----w- c:\program files\Common Files\Apple
2010-09-02 10:24 . 2010-05-11 09:17 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\vlc
2010-08-31 17:56 . 2008-11-21 10:00 -------- d-----w- c:\programdata\Apple
2010-08-31 15:29 . 2008-07-04 14:03 680 ----a-w- c:\users\Peter Wyeth\AppData\Local\d3d9caps.dat
2010-08-25 04:07 . 2009-10-12 16:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 04:06 . 2009-10-12 16:31 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-08-24 18:01 . 2009-01-27 20:38 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\Apple Computer
2010-08-11 09:11 . 2010-08-11 09:11 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-30 10:01 . 2010-07-22 10:00 -------- d-----w- c:\program files\McAfee Security Scan
2010-07-29 19:33 . 2010-02-25 13:27 -------- d-----w- c:\programdata\NOS
2010-07-22 10:00 . 2010-07-22 10:00 77184 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-07-05 10:00 . 2010-03-13 21:14 439816 ----a-w- c:\users\Peter Wyeth\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-26 06:05 . 2010-08-12 11:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 11:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 11:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 11:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2007-12-28 14:29 . 2007-12-28 14:29 76 --sh--r- c:\windows\CT4CET.bin
2007-12-28 22:13 . 2007-12-28 22:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-11 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-01-29 23975720]
"GYIKVZG"="c:\users\Peter Wyeth\AppData\Roaming\sdcltz.dll" [2010-04-12 142336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-15 185896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-15 622592]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\users\Peter Wyeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-4-4 95232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-12-28 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate1ca258659139ea5;Google Update Service (gupdate1ca258659139ea5);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2008-01-29 11392]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 13:16]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 13:16]

2010-09-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-09-21 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{A3832D7D-1307-4965-9C27-1EF0AA857DE4}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = ;*.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-22 16:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-22 16:04:39
ComboFix-quarantined-files.txt 2010-09-22 15:04
ComboFix2.txt 2010-09-22 10:05

Pre-Run: 56,365,805,568 bytes free
Post-Run: 56,332,128,256 bytes free

- - End Of File - - 4AFBC892B64061E2CCB818FF67547455

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Sat 25 Sep 2010, 10:03 pm

Hi - haven't heard any further since 21st, have I run out of options that you can help me with? Regards

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by Belahzur on Sun 26 Sep 2010, 11:11 am

Hello.
Don't worry, you haven't been forgetting, we must have missed your topic, we deal with lots of topics every day and sometimes 1 or 2 gets pushed back and missed.

Submit a file for analysis.

  1. Please visit this website: Jotti's Malware Scanner
  2. Press the "Browse" button and locate the following file in bold:
    C:\WINDOWS\system32\drivers\archlp.sys
  3. Press the "Submit File button to submit the file for analysis.
  4. Allow it to be scanned, it could take a few minutes depending on server load.
  5. Copy and paste the result back here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Tue 28 Sep 2010, 2:12 am

Hi - I don't have such a file on my laptop. The combofix responds in search to the file name as far as 'drivers' but not the highlighted 'archip.sys'. Regards

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by Belahzur on Tue 28 Sep 2010, 6:53 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\programdata\NOS\Adobe_Downloads\arh.exe
    c:\users\Peter Wyeth\AppData\Roaming\sdcltz.dll

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GYIKVZG"=-

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = ;*.local
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Tue 28 Sep 2010, 7:16 am

Hi - for some reason internet connection has returned, not sure why but there it is. Not apparently connected to any action I have taken. Thank you for your help. Kind Regards

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by Belahzur on Tue 28 Sep 2010, 7:29 am

Hello.
Please run my script above anyway as there is malware left.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Tue 28 Sep 2010, 10:14 pm

Hi - log as suggested:


ComboFix 10-09-21.03 - Peter Wyeth 28/09/2010 12:01:14.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.2045.1166 [GMT 1:00]
Running from: F:\ComboFix.exe
Command switches used :: c:\users\Peter Wyeth\Desktop\CFScript.lnk
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-28 )))))))))))))))))))))))))))))))
.

2010-09-28 11:03 . 2010-09-28 11:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-28 11:03 . 2010-09-28 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-27 19:07 . 2010-09-27 19:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-27 19:05 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2010-09-22 10:05 . 2010-09-28 11:03 -------- d-----w- c:\users\Peter Wyeth\AppData\Local\temp
2010-09-16 20:27 . 2010-09-16 20:27 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\Malwarebytes
2010-09-16 20:26 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-16 20:26 . 2010-09-16 20:26 -------- d-----w- c:\programdata\Malwarebytes
2010-09-16 20:26 . 2010-09-21 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-16 20:26 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-16 13:57 . 2010-09-16 13:57 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\Nolimit
2010-09-16 08:01 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 08:01 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 08:01 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 08:01 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 12:17 . 2010-09-14 12:17 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-14 12:15 . 2010-09-14 12:15 -------- d-----w- c:\program files\iPod
2010-09-14 12:15 . 2010-09-14 12:16 -------- d-----w- c:\program files\iTunes
2010-09-14 12:10 . 2010-09-14 12:10 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 10:45 . 2010-02-09 17:03 32441 ----a-w- c:\programdata\nvModes.dat
2010-09-27 18:55 . 2008-04-14 16:14 -------- d-----w- c:\program files\Google
2010-09-27 18:24 . 2010-05-11 09:17 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\vlc
2010-09-27 17:54 . 2009-12-25 13:43 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\dvdcss
2010-09-24 10:31 . 2008-07-04 14:03 680 ----a-w- c:\users\Peter Wyeth\AppData\Local\d3d9caps.dat
2010-09-16 17:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 18:25 . 2009-02-16 21:28 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\Skype
2010-09-14 15:01 . 2009-02-17 07:24 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\skypePM
2010-09-14 12:18 . 2010-05-02 08:53 -------- d-----w- c:\program files\Safari
2010-09-14 12:15 . 2009-01-27 20:36 -------- d-----w- c:\program files\Common Files\Apple
2010-08-31 17:56 . 2008-11-21 10:00 -------- d-----w- c:\programdata\Apple
2010-08-25 04:07 . 2009-10-12 16:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 04:06 . 2009-10-12 16:31 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-08-24 18:01 . 2009-01-27 20:38 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\Apple Computer
2010-08-24 11:38 . 2010-08-24 11:37 -------- d-----w- c:\program files\QuickTime
2010-08-11 09:11 . 2010-08-11 09:11 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-22 10:00 . 2010-07-22 10:00 77184 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-07-05 10:00 . 2010-03-13 21:14 439816 ----a-w- c:\users\Peter Wyeth\AppData\Roaming\Real\Update\setup3.10\setup.exe
2007-12-28 14:29 . 2007-12-28 14:29 76 --sh--r- c:\windows\CT4CET.bin
2007-12-28 22:13 . 2007-12-28 22:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Peter Wyeth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\users\Peter Wyeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 10:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-02-15 13:29 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 13:51 65536 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GYIKVZG]
2010-04-12 13:10 142336 --sha-r- c:\users\Peter Wyeth\AppData\Roaming\sdcltz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-17 13:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 11:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-17 13:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 16:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 04:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-01-29 14:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 09:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-05-15 17:31 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2972705696-2721235102-1664095926-1000]
"EnableNotificationsRef"=dword:00000001

R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
R4 gupdate1ca258659139ea5;Google Update Service (gupdate1ca258659139ea5);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 133104]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2008-01-29 11392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 13:16]

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 13:16]

2010-09-27 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-09-21 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-09-28 c:\windows\Tasks\User_Feed_Synchronization-{A3832D7D-1307-4965-9C27-1EF0AA857DE4}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = ;*.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-28 12:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-28 12:08:52
ComboFix-quarantined-files.txt 2010-09-28 11:08
ComboFix2.txt 2010-09-22 15:04
ComboFix3.txt 2010-09-22 10:05

Pre-Run: 55,993,454,592 bytes free
Post-Run: 55,984,484,352 bytes free

- - End Of File - - DCCEDF75812C7DA69B32F6ADCED9F380

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by Belahzur on Wed 29 Sep 2010, 7:34 am

Hello.
That didn't work correctly for 2 reasons.

First you used a shortcut and not a .txt file, and Combofix is out of date now, please delete it and download a new copy, then try the script again using a Notepad file this time.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Wed 29 Sep 2010, 10:19 am

Hi - thanks for instructions - log below:

ComboFix 10-09-27.05 - Peter Wyeth 28/09/2010 23:58:47.6.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.2045.1085 [GMT 1:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\NOS\Adobe_Downloads\arh.exe"
"c:\users\Peter Wyeth\AppData\Roaming\sdcltz.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\NOS\Adobe_Downloads\arh.exe
c:\users\Peter Wyeth\AppData\Roaming\sdcltz.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-28 )))))))))))))))))))))))))))))))
.

2010-09-28 23:09 . 2010-09-28 23:09 -------- d-----w- c:\users\Peter Wyeth\AppData\Local\temp
2010-09-28 23:09 . 2010-09-28 23:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-28 23:09 . 2010-09-28 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-27 19:07 . 2010-09-27 19:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-27 19:05 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2010-09-16 20:27 . 2010-09-16 20:27 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\Malwarebytes
2010-09-16 20:26 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-16 20:26 . 2010-09-16 20:26 -------- d-----w- c:\programdata\Malwarebytes
2010-09-16 20:26 . 2010-09-21 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-16 20:26 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-16 13:57 . 2010-09-16 13:57 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\Nolimit
2010-09-16 08:01 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 08:01 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 08:01 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 08:01 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 12:17 . 2010-09-14 12:17 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-14 12:15 . 2010-09-14 12:15 -------- d-----w- c:\program files\iPod
2010-09-14 12:15 . 2010-09-14 12:16 -------- d-----w- c:\program files\iTunes
2010-09-14 12:10 . 2010-09-14 12:10 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 22:12 . 2010-02-09 17:03 32441 ----a-w- c:\programdata\nvModes.dat
2010-09-28 17:32 . 2010-05-11 09:17 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\vlc
2010-09-27 18:55 . 2008-04-14 16:14 -------- d-----w- c:\program files\Google
2010-09-27 17:54 . 2009-12-25 13:43 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\dvdcss
2010-09-24 10:31 . 2008-07-04 14:03 680 ----a-w- c:\users\Peter Wyeth\AppData\Local\d3d9caps.dat
2010-09-16 17:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 18:25 . 2009-02-16 21:28 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\Skype
2010-09-14 15:01 . 2009-02-17 07:24 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\skypePM
2010-09-14 12:18 . 2010-05-02 08:53 -------- d-----w- c:\program files\Safari
2010-09-14 12:15 . 2009-01-27 20:36 -------- d-----w- c:\program files\Common Files\Apple
2010-08-31 17:56 . 2008-11-21 10:00 -------- d-----w- c:\programdata\Apple
2010-08-25 04:07 . 2009-10-12 16:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 04:06 . 2009-10-12 16:31 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-08-24 18:01 . 2009-01-27 20:38 -------- d-----w- c:\users\Peter Wyeth\AppData\Roaming\Apple Computer
2010-08-24 11:38 . 2010-08-24 11:37 -------- d-----w- c:\program files\QuickTime
2010-08-11 09:11 . 2010-08-11 09:11 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-05 10:00 . 2010-03-13 21:14 439816 ----a-w- c:\users\Peter Wyeth\AppData\Roaming\Real\Update\setup3.10\setup.exe
2007-12-28 14:29 . 2007-12-28 14:29 76 --sh--r- c:\windows\CT4CET.bin
2007-12-28 22:13 . 2007-12-28 22:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Peter Wyeth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\users\Peter Wyeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 10:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-02-15 13:29 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 13:51 65536 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-17 13:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 11:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-17 13:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 16:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 04:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-01-29 14:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 09:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-05-15 17:31 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2972705696-2721235102-1664095926-1000]
"EnableNotificationsRef"=dword:00000001

R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
R4 gupdate1ca258659139ea5;Google Update Service (gupdate1ca258659139ea5);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 133104]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2008-01-29 11392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 13:16]

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 13:16]

2010-09-28 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-09-21 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-09-28 c:\windows\Tasks\User_Feed_Synchronization-{A3832D7D-1307-4965-9C27-1EF0AA857DE4}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-GYIKVZG - c:\users\Peter Wyeth\AppData\Roaming\sdcltz.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-29 00:09
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-29 00:15:49
ComboFix-quarantined-files.txt 2010-09-28 23:15
ComboFix2.txt 2010-09-28 22:45
ComboFix3.txt 2010-09-28 11:08
ComboFix4.txt 2010-09-22 15:04
ComboFix5.txt 2010-09-28 22:48

Pre-Run: 56,545,284,096 bytes free
Post-Run: 56,517,332,992 bytes free

- - End Of File - - 6D6154B7DFEFBD6F900E63FE3E3D30F8

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by Belahzur on Thu 30 Sep 2010, 10:34 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Fri 01 Oct 2010, 2:16 am

Hi - scan completed and one threat removed but no log saved. Is it advisable to get the log and post? Thanks and Regards

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by Belahzur on Fri 01 Oct 2010, 10:40 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Fri 01 Oct 2010, 9:40 pm

Hi - Combofix uninstalled last time around. Tried re-installing but not recognised when renamed svchost, nor when named as Combofix, so uninstall request comes back as not found. So I tried running ESET scan as per your instructions and it reported no infected files this time. Is it worth retrying to install Combofix and follow your script to the full, if so can you advise if I am doing it wrongly? Thanks again.

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by Belahzur on Sat 02 Oct 2010, 9:36 am

Hello.
Sorry about that, how is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by guybagnall on Sat 02 Oct 2010, 6:24 pm

Hi - machine appears to be running fine. Do you think it not necessary to have ESET scan log? Future concern Windows Security Essentials completely defeated by that particular malware. Should I periodically run ESET? Many thanks for your repeated help. Kind Regards

guybagnall

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-09-17
Operating System : vista

View user profile

Back to top Go down

Re: Unable to access internet after successful deletion of malware

Post by Sponsored content Today at 6:09 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum