OLT files...possible malware

View previous topic View next topic Go down

OLT files...possible malware

Post by BJPalmer85 on 21st April 2011, 7:51 pm

trying to post my OLT stuff but firefox keeps telling me it is having a connection issue but it will let me post this

EDIT: it let me post the extras

B


Last edited by BJPalmer85 on 21st April 2011, 7:55 pm; edited 1 time in total

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 21st April 2011, 7:55 pm

OTL Extras logfile created on: 4/21/2011 3:39:35 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 550.00 Mb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 129.47 Gb Total Space | 92.37 Gb Free Space | 71.34% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 17.60 Gb Free Space | 90.11% Space Free | Partition Type: NTFS
Drive Q: | 298.03 Gb Total Space | 268.09 Gb Free Space | 89.96% Space Free | Partition Type: NTFS

Computer Name: VOSTRO200 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2240:UDP" = 2240:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"2241:UDP" = 2241:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"2242:UDP" = 2242:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks Enterprise Solutions 10.0\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks Enterprise Solutions 10.0\QBDBMgrN.exe:*:Enabled:QuickBooks Enterprise 10.0 Data Manager -- (Intuit, Inc.)
"E:\Temp\InstEng\Setup.exe" = E:\Temp\InstEng\Setup.exe:*:Enabled:Hewlett-Packard Installer
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\WINDOWS\LMIF5.tmp\lmi_rescue.exe" = C:\WINDOWS\LMIF5.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMIFC.tmp\lmi_rescue.exe" = C:\WINDOWS\LMIFC.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\QBDBMgrN.exe:*:Enabled:QuickBooks Enterprise 11.0 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{061BBC42-C5A9-4F82-AD24-EAE562968D0B}" = QuickBooks
"{0700E22B-A433-40A5-BD20-04BF618CA0F9}" = QuickBooks Enterprise Solutions: Contractor Edition 10.0
"{11E0AC7D-6833-4F67-865F-EE1C13D28C38}" = QuickBooks Enterprise Solutions: Contractor Edition 11.0
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}" = Macrium Reflect - Free Edition
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5715A83C-6FE9-4730-A6E2-D6584584DD01}" = HP Care Pack Core
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{748B1880-9025-439D-B5D1-E078F2329993}" = HP LaserJet P3005
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFDBC-EC2C-46B9-B715-E31FF5FC2021}" = Intuit Field Svc. Integration
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}" = MotoConnect
"{E1A7C08D-1724-4A94-9E14-F83AB1530B16}" = HP Care Pack Products
"{E5FB06C0-15C6-459D-AB0C-8E06671686A2}" = Brother HL-2170W
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet P3005" = HP LaserJet P3005
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2011 2:30:49 PM | Computer Name = VOSTRO200 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
Contractor 11.0": DQE execution failed. Could not retrieve COUNT(user name

Error - 4/21/2011 2:30:49 PM | Computer Name = VOSTRO200 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
Contractor 11.0": DB error -101 ErrorMessage:'Not connected to a database' from
file:'src\DMSQLTransaction.cpp' at line 175 from function:'DBMgr::SADMTransaction::DBSQLCommi

Error - 4/21/2011 2:30:53 PM | Computer Name = VOSTRO200 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
Contractor 11.0": DB error -308 ErrorMessage:'Connection was terminated' from file:'src\SQLDynamicQuery.cpp'
at line 274 from function:'DQE::DMDQEDynamicQuery::DBDoQuer

Error - 4/21/2011 2:30:53 PM | Computer Name = VOSTRO200 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
Contractor 11.0": ExecuteQuery failed (DETAIL AVAILABLE), error id: -6019, sub id:
0, 'Succeeded',

Error - 4/21/2011 2:30:53 PM | Computer Name = VOSTRO200 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
Contractor 11.0": DQE execution failed. Could not retrieve COUNT(user name

Error - 4/21/2011 2:30:53 PM | Computer Name = VOSTRO200 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
Contractor 11.0": DB error -101 ErrorMessage:'Not connected to a database' from
file:'src\DMSQLTransaction.cpp' at line 175 from function:'DBMgr::SADMTransaction::DBSQLCommi

Error - 4/21/2011 2:30:54 PM | Computer Name = VOSTRO200 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
Contractor 11.0": DB error -308 ErrorMessage:'Connection was terminated' from file:'src\SQLDynamicQuery.cpp'
at line 274 from function:'DQE::DMDQEDynamicQuery::DBDoQuer

Error - 4/21/2011 2:30:54 PM | Computer Name = VOSTRO200 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
Contractor 11.0": ExecuteQuery failed (DETAIL AVAILABLE), error id: -6019, sub id:
0, 'Succeeded',

Error - 4/21/2011 2:30:54 PM | Computer Name = VOSTRO200 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
Contractor 11.0": DQE execution failed. Could not retrieve COUNT(user name

Error - 4/21/2011 2:30:54 PM | Computer Name = VOSTRO200 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
Contractor 11.0": DB error -101 ErrorMessage:'Not connected to a database' from
file:'src\DMSQLTransaction.cpp' at line 175 from function:'DBMgr::SADMTransaction::DBSQLCommi

[ OSession Events ]
Error - 4/14/2011 9:30:52 AM | Computer Name = VOSTRO200 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 71
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/21/2011 11:11:42 AM | Computer Name = VOSTRO200 | Source = Service Control Manager | ID = 7034
Description = The System Event Notification service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/21/2011 11:34:46 AM | Computer Name = VOSTRO200 | Source = Service Control Manager | ID = 7031
Description = The Background Intelligent Transfer Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 4/21/2011 11:34:46 AM | Computer Name = VOSTRO200 | Source = Service Control Manager | ID = 7034
Description = The COM+ Event System service terminated unexpectedly. It has done
this 2 time(s).

Error - 4/21/2011 11:34:46 AM | Computer Name = VOSTRO200 | Source = Service Control Manager | ID = 7031
Description = The Help and Support service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 100 milliseconds:
Restart the service.

Error - 4/21/2011 11:34:46 AM | Computer Name = VOSTRO200 | Source = Service Control Manager | ID = 7034
Description = The Network Location Awareness (NLA) service terminated unexpectedly.
It has done this 2 time(s).

Error - 4/21/2011 11:34:46 AM | Computer Name = VOSTRO200 | Source = Service Control Manager | ID = 7034
Description = The Remote Access Connection Manager service terminated unexpectedly.
It has done this 2 time(s).

Error - 4/21/2011 11:34:46 AM | Computer Name = VOSTRO200 | Source = Service Control Manager | ID = 7031
Description = The Task Scheduler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/21/2011 11:34:46 AM | Computer Name = VOSTRO200 | Source = Service Control Manager | ID = 7034
Description = The System Event Notification service terminated unexpectedly. It
has done this 2 time(s).

Error - 4/21/2011 11:34:46 AM | Computer Name = VOSTRO200 | Source = Service Control Manager | ID = 7034
Description = The Telephony service terminated unexpectedly. It has done this 2
time(s).

Error - 4/21/2011 11:34:46 AM | Computer Name = VOSTRO200 | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 2 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.


< End of report >

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 21st April 2011, 7:56 pm

OTL logfile created on: 4/21/2011 3:39:35 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 550.00 Mb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 129.47 Gb Total Space | 92.37 Gb Free Space | 71.34% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 17.60 Gb Free Space | 90.11% Space Free | Partition Type: NTFS
Drive Q: | 298.03 Gb Total Space | 268.09 Gb Free Space | 89.96% Space Free | Partition Type: NTFS

Computer Name: VOSTRO200 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/21 15:39:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.com
PRC - [2011/03/28 07:36:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/06 01:04:06 | 001,156,384 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/03/05 23:26:12 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/03/05 21:03:00 | 001,257,760 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/01/05 13:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/12/27 19:23:50 | 000,400,384 | R--- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for JavaRa.zip\JavaRa.exe
PRC - [2010/09/28 09:02:58 | 000,220,128 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2010/04/29 12:30:44 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/04/29 12:30:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/02/09 12:55:38 | 000,300,328 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
PRC - [2009/01/25 21:43:31 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/05 18:21:30 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\Dfawep\bin\hpbwepdelay.exe


========== Modules (SafeList) ==========

MOD - [2011/04/21 15:39:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.com
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/05 23:26:12 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/03/05 21:03:00 | 001,257,760 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/28 09:02:58 | 000,220,128 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2010/04/29 12:30:44 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/28 09:03:21 | 000,015,328 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2010/01/25 20:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 D0 98 3B 4D 00 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.6.20101009
FF - prefs.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=FuorQ99h&q="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=FuorQ99h&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/20 12:55:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/21 09:50:20 | 000,000,000 | ---D | M]

[2010/10/13 08:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/04/21 08:51:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vth4bosg.default\extensions
[2010/10/18 08:15:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vth4bosg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/28 16:01:23 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vth4bosg.default\extensions\nasanightlaunch@example.com
[2011/03/04 15:21:52 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vth4bosg.default\searchplugins\google-search.xml
[2011/04/21 15:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/21 15:38:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/21 15:37:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/04 15:21:52 | 000,002,197 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-search.xml

Hosts file not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\QBW32.EXE (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 10.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/06 01:14:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{566479b1-2e33-11e0-98fa-001d09850493}\Shell - "" = AutoRun
O33 - MountPoints2\{566479b1-2e33-11e0-98fa-001d09850493}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{566479b1-2e33-11e0-98fa-001d09850493}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{e753d104-1e71-11e0-98f5-001d09850493}\Shell - "" = AutoRun
O33 - MountPoints2\{e753d104-1e71-11e0-98f5-001d09850493}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e753d104-1e71-11e0-98f5-001d09850493}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{e753d107-1e71-11e0-98f5-001d09850493}\Shell - "" = AutoRun
O33 - MountPoints2\{e753d107-1e71-11e0-98f5-001d09850493}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e753d107-1e71-11e0-98f5-001d09850493}\Shell\AutoRun\command - "" = H:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2011/04/21 15:37:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/21 15:37:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/21 15:37:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/21 15:37:30 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/21 09:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/21 09:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/21 09:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/21 09:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/04/21 09:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/04/21 09:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/21 08:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/04/21 08:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/20 15:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
[2011/04/20 15:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2011/04/20 14:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(3)
[2011/04/20 14:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(3)
[2011/04/20 14:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update(2)
[2011/04/20 14:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(3)
[2011/04/20 14:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/04/20 13:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(3)
[2011/04/20 12:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2011/04/20 12:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2011/04/20 12:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[2011/04/20 12:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(2)
[2011/04/20 09:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/20 09:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/20 09:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/04/20 09:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/20 09:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/20 09:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/20 09:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/20 08:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/20 08:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/20 08:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\869F877438A97CEB1289ECB7E933DD1C
[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[2011/03/30 09:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2011/03/23 09:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/03/23 08:14:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2011/03/23 08:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DivX
[2011/03/23 08:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DivX Movies
[2011/03/23 08:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2011/03/23 08:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/03/23 08:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2011/03/23 08:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/03/23 08:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/03/23 08:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/21 15:37:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/21 15:37:13 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/21 15:37:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/21 15:37:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/21 15:37:13 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/21 15:09:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/21 14:57:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/21 14:26:21 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\ZKDZH.job
[2011/04/21 14:23:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/21 13:32:05 | 000,000,099 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011/04/21 13:31:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/21 13:18:09 | 000,080,384 | RHS- | M] () -- C:\WINDOWS\System32\wowdebn.dll
[2011/04/21 09:52:39 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/21 09:50:11 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/04/21 09:49:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/21 08:55:45 | 000,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/20 15:44:24 | 003,190,784 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.rhk
[2011/04/20 13:40:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/18 11:57:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/18 11:55:24 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/18 11:55:24 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/18 11:46:59 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\xp_exe_fix.zip
[2011/04/18 10:32:42 | 000,011,700 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\68u80y7xi5q0ohmm42pgk30d
[2011/04/18 10:32:42 | 000,011,700 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\68u80y7xi5q0ohmm42pgk30d
[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[2011/03/30 11:19:23 | 000,000,111 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/21 13:18:09 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\ZKDZH.job
[2011/04/21 13:18:08 | 000,080,384 | RHS- | C] () -- C:\WINDOWS\System32\wowdebn.dll
[2011/04/21 13:18:00 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/21 13:17:59 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/21 09:52:39 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/21 09:50:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/04/20 15:44:24 | 003,190,784 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.rhk
[2011/04/20 08:51:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/18 11:46:59 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\xp_exe_fix.zip
[2011/04/18 10:30:29 | 000,011,700 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\68u80y7xi5q0ohmm42pgk30d
[2011/04/18 10:30:29 | 000,011,700 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\68u80y7xi5q0ohmm42pgk30d
[2010/12/27 09:27:22 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/12/27 09:27:21 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2170W.DAT
[2010/12/27 09:27:18 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/12/27 09:27:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/12/27 09:27:17 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2010/12/27 09:27:15 | 000,009,868 | ---- | C] () -- C:\WINDOWS\HL-2170W.INI
[2010/12/27 09:26:43 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/12/21 08:51:22 | 000,059,712 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/17 03:25:44 | 000,665,856 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/13 13:28:01 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/10/13 13:27:27 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpljp300xg.ini
[2010/10/13 13:25:15 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpljp300xm.ini
[2010/10/13 09:15:52 | 000,000,111 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/10/13 08:54:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/06 13:35:47 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/10/06 03:34:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/10/06 03:30:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2010/10/06 01:16:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/06 01:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/05 20:56:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/05 20:55:46 | 000,282,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/25 21:44:58 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2005/03/22 13:48:43 | 013,107,200 | R--- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | R--- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,435,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,068,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/10/06 01:14:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/02/13 20:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 21st April 2011, 7:57 pm

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/10/06 01:14:33 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/06 01:28:08 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/10/06 01:28:08 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2004/04/19 00:39:14 | 000,005,632 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Owner\My Documents\DotNetInstaller.exe
[2010/02/16 13:52:18 | 008,327,264 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 3.6.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2006/04/12 11:11:42 | 000,000,109 | ---- | M] () -- C:\WINDOWS\Driver Cache\acfpdf.txt
[2009/06/22 09:14:08 | 000,728,227 | ---- | M] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\WINDOWS\Driver Cache\acpdf400.dll
[2009/06/22 09:14:08 | 000,414,437 | ---- | M] (AMYUNI Technologies
[You must be registered and logged in to see this link.] -- C:\WINDOWS\Driver Cache\acpdfui400.dll
[2009/06/22 09:14:10 | 004,194,304 | ---- | M] (Amyuni Technologies
[You must be registered and logged in to see this link.] -- C:\WINDOWS\Driver Cache\cdintf400.dll
[2008/08/14 13:13:18 | 000,031,736 | ---- | M] () -- C:\WINDOWS\Driver Cache\CUTEPDFW.PPD
[2006/12/07 12:11:50 | 001,740,800 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpbcfgre.DLL
[2007/08/06 21:22:18 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\hpbicoin.dll
[2006/11/16 19:16:08 | 000,024,576 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBMIAPI.DLL
[2006/06/06 14:20:20 | 000,241,721 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPBMINI.DLL
[2005/06/20 14:33:06 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPBNRAC2.DLL
[2006/11/16 19:15:52 | 000,025,600 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBOID.DLL
[2006/11/16 19:16:04 | 000,007,680 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBOIDPS.DLL
[2006/11/16 19:16:06 | 000,038,912 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBPRO.DLL
[2006/11/16 19:16:08 | 000,007,680 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBPROPS.DLL
[2007/02/01 09:43:22 | 000,012,282 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30056.GPD
[2007/01/22 14:36:26 | 000,032,354 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30x56.XML
[2007/02/13 15:26:20 | 000,111,706 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30xx6.GPD
[2007/02/15 19:48:12 | 007,087,661 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30xxc.cab
[2007/01/22 14:25:06 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30xxc.INI
[2006/11/29 17:26:42 | 000,671,816 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\hpcdmc32.DLL
[2006/11/02 19:32:06 | 000,018,747 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpceac06.hpi
[2006/09/27 14:38:54 | 000,108,865 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3005.CFG
[2006/09/27 14:38:54 | 000,021,814 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3005.cf_
[2005/06/20 14:33:48 | 000,163,840 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPJCMN2U.DLL
[2005/06/20 14:33:52 | 000,094,208 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPJIPX1U.DLL
[2007/02/13 18:47:54 | 000,977,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz3c4wm.dll
[2007/02/15 15:10:36 | 000,012,038 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpz6m4wm.GPD
[2007/02/13 20:23:12 | 001,468,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz6r4wm.DLL
[2007/02/13 20:22:18 | 000,435,712 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzev4wm.DLL
[2007/02/14 09:36:44 | 002,337,433 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPZHL4wm.CAB
[2006/08/31 19:19:58 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPZIDR12.DLL
[2006/05/11 18:15:42 | 000,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPZINW12.DLL
[2006/05/11 18:15:50 | 000,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPZIPM12.DLL
[2006/08/31 19:34:04 | 000,033,792 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPZIPR12.DLL
[2006/09/01 14:29:24 | 000,030,208 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPZIPT12.DLL
[2006/09/01 15:18:02 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPZISN12.DLL
[2007/02/13 20:22:38 | 001,588,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzls4wm.DLL
[2007/02/13 20:22:20 | 000,179,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpe4wm.DLL
[2007/02/13 20:23:18 | 000,117,248 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzpi4wm.DLL
[2007/02/13 20:23:26 | 000,103,424 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpnp.dll
[2007/02/13 20:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpp4wm.DLL
[2006/07/04 23:36:14 | 000,008,294 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsc4wm.DTD
[2007/02/14 09:30:54 | 000,144,720 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsm4wm.GPD
[2007/02/13 19:53:18 | 000,670,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzss4wm.DLL
[2007/02/13 18:42:42 | 005,580,288 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzst4wm.DLL
[2007/02/13 20:22:14 | 003,269,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzui4wm.DLL
[2007/02/13 18:47:12 | 003,459,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzur4wm.dll
[2007/02/15 19:48:20 | 000,302,967 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2arww.cab
[2007/02/15 19:48:22 | 000,302,845 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2caww.cab
[2007/02/15 19:48:26 | 000,303,849 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2csww.cab
[2007/02/15 19:48:32 | 000,302,695 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2daww.cab
[2007/02/15 19:48:34 | 000,303,569 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2deww.cab
[2007/02/15 19:48:44 | 000,303,541 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2elww.cab
[2007/02/15 19:48:38 | 000,303,435 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2enww.cab
[2007/02/15 19:48:40 | 000,302,845 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2esww.cab
[2007/02/15 19:49:12 | 000,302,867 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2fiww.cab
[2007/02/15 19:48:42 | 000,304,585 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2frww.cab
[2007/02/15 19:48:46 | 000,302,621 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2heww.cab
[2007/02/15 19:48:56 | 000,303,953 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2huww.cab
[2007/02/15 19:48:48 | 000,304,303 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2itww.cab
[2007/02/15 19:48:50 | 000,302,781 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2jaww.cab
[2007/02/15 19:48:54 | 000,301,793 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2koww.cab
[2007/02/15 19:48:58 | 000,303,635 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2nlww.cab
[2007/02/15 19:49:00 | 000,302,909 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2noww.cab
[2007/02/15 19:49:02 | 000,304,057 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2plww.cab
[2007/02/15 19:49:04 | 000,304,097 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2ptww.cab
[2007/02/15 19:49:08 | 000,303,187 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2ruww.cab
[2007/02/15 19:49:10 | 000,303,435 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2skww.cab
[2007/02/15 19:49:14 | 000,302,733 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2svww.cab
[2007/02/15 19:49:16 | 000,303,435 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2thww.cab
[2007/02/15 19:49:18 | 000,303,549 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2trww.cab
[2007/02/15 19:48:28 | 000,302,159 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2zhcn.cab
[2007/02/15 19:48:30 | 000,300,553 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2zhtw.cab
[2006/09/28 08:48:40 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\pclxl.DLL
[2006/09/28 06:59:50 | 000,010,375 | ---- | M] () -- C:\WINDOWS\Driver Cache\pclxl.GPD
[2006/09/28 06:59:50 | 000,001,156 | ---- | M] () -- C:\WINDOWS\Driver Cache\pjl.GPD
[2006/11/02 04:46:12 | 000,728,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\PS5UI.DLL
[2006/09/18 16:32:38 | 000,026,038 | ---- | M] () -- C:\WINDOWS\Driver Cache\PSCRIPT.HLP
[2006/09/18 16:48:38 | 001,060,548 | ---- | M] () -- C:\WINDOWS\Driver Cache\PSCRIPT.NTF
[2006/11/02 04:46:12 | 000,543,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\PSCRIPT5.DLL
[2006/09/28 06:59:54 | 000,014,362 | ---- | M] () -- C:\WINDOWS\Driver Cache\STDNAMES.GPD
[2006/09/28 08:48:44 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\UNIDRV.DLL
[2006/09/28 08:06:50 | 000,021,225 | ---- | M] () -- C:\WINDOWS\Driver Cache\UNIDRV.HLP
[2006/09/28 08:48:46 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\UNIDRVUI.DLL
[2006/09/28 08:48:46 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\UNIRES.DLL

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 21st April 2011, 8:00 pm

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/03/28 07:36:12 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/03/28 07:36:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/03/28 07:36:14 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/03/28 07:36:15 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/06 01:28:08 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2011/04/21 13:18:09 | 000,080,384 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wowdebn.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2011/04/21 14:26:21 | 000,000,306 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\ZKDZH.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/10/05 20:54:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/10/05 20:54:54 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/10/05 20:54:54 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 05:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 05:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 05:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 05:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/13 22:20:56 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 05:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 05:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 05:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/13 22:19:40 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/13 22:19:44 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/13 22:19:40 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/13 22:19:44 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/13 22:19:42 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 00:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/12/31 09:14:45 | 001,864,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/02/13 20:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2010/10/06 01:14:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/06 01:10:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/06 01:14:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/06 01:14:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/14 09:19:30 | 000,000,843 | -H-- | M] () -- C:\IPH.PH
[2011/04/21 15:36:40 | 000,000,320 | ---- | M] () -- C:\JavaRa.log
[2010/10/06 01:14:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/21 13:31:31 | 3196,059,648 | -HS- | M] () -- C:\pagefile.sys

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 21st April 2011, 8:01 pm

< %PROGRAMFILES%\*. >
[2010/10/06 13:35:44 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2010/10/06 13:36:14 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/01/14 09:16:28 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/04/21 09:49:00 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/04/21 08:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update(2)
[2011/04/21 09:20:42 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/04/21 08:50:42 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour(2)
[2011/04/21 08:46:44 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour(3)
[2010/12/27 09:27:13 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2010/12/27 09:27:17 | 000,000,000 | ---D | M] -- C:\Program Files\Brownie
[2011/04/21 09:05:48 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/10/06 01:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/10/29 10:39:03 | 000,000,000 | ---D | M] -- C:\Program Files\Corrigo
[2011/04/21 09:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2011/03/23 09:13:17 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/10/06 13:35:32 | 000,000,000 | ---D | M] -- C:\Program Files\GPLGS
[2010/10/13 13:28:55 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/10/13 13:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/12/27 09:27:08 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/06 03:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/21 08:52:23 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/11/09 10:02:26 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2011/04/20 14:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2011/04/21 09:51:49 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/04/21 08:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\iPod(2)
[2011/04/21 08:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\iPod(3)
[2011/04/21 09:52:37 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/04/21 08:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes(2)
[2011/04/21 08:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes(3)
[2010/10/06 13:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/06 08:15:30 | 000,000,000 | ---D | M] -- C:\Program Files\Macrium
[2011/04/21 08:50:58 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/06 01:11:32 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/10/06 01:14:45 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/12/06 16:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/02/11 09:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2010/12/06 16:07:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/12/06 16:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 21st April 2011, 8:02 pm

[2011/01/05 09:56:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/10/13 13:18:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/01/12 13:33:33 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2010/10/06 07:32:13 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/03/28 07:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/12/06 16:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/10/06 01:10:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/10/06 01:11:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/10/06 07:30:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/10/06 01:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/10/06 01:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/01/05 09:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/04/21 09:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/04/21 08:50:21 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime(2)
[2011/04/21 08:47:53 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime(3)
[2010/10/06 03:34:09 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/10/13 09:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/10/06 01:27:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 21st April 2011, 8:04 pm

[2011/01/03 08:28:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2010/10/06 01:14:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/10/06 01:11:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/04/21 08:45:08 | 000,000,000 | ---D | M] -- C:\Program Files\Wise Disk Cleaner
[2011/04/21 08:45:08 | 000,000,000 | ---D | M] -- C:\Program Files\Wise Registry Cleaner
[2010/10/06 01:14:45 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2010/10/05 20:56:25 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2009/01/25 21:52:12 | 017,778,896 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/01/25 21:52:12 | 017,778,896 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2009/01/25 21:52:12 | 017,778,896 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/01/25 21:43:29 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=47B6AAEC570F2C11D8BAD80A064D8ED1 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 21st April 2011, 8:07 pm

< MD5 for: NETLOGON.DLL >
[2009/01/25 21:44:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/01/25 21:44:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\system32\netlogon.dll

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 21st April 2011, 8:07 pm

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 21st April 2011, 8:07 pm

< MD5 for: USBSTOR.SYS >
[2009/01/25 21:52:12 | 017,778,896 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 05:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/14 05:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 21st April 2011, 8:11 pm

sorry i used so many post but its the only way i could post it. kept giving me the timed our or connection issue error message there are still 2 lines of txt that it wont let me post for some reason

basically the comp is slow as hell. i keep getting Generic Host Win32 error messages. had the XP 2011 virus thing early in the week, got rid of it, had run32dll.exe issues, fixed that now im dealing with this.

B

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by Belahzur on 21st April 2011, 8:14 pm

Hello.
Not a problem.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [b
    :OTL
    [2011/04/21 13:18:09 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\ZKDZH.job
    [2011/04/21 13:18:08 | 000,080,384 | RHS- | C] () -- C:\WINDOWS\System32\wowdebn.dll
    [2011/04/21 13:18:00 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2011/04/21 13:17:59 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
    [2011/04/18 10:30:29 | 000,011,700 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\68u80y7xi5q0ohmm42pgk30d
    [2011/04/18 10:30:29 | 000,011,700 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\68u80y7xi5q0ohmm42pgk30d

    :commands
    [emptytemp]
    [reboot]
    [/b]

  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 22nd April 2011, 12:30 pm

All processes killed
Error: Unable to interpret <[b> in the current context!
========== OTL ==========
C:\WINDOWS\tasks\ZKDZH.job moved successfully.
C:\WINDOWS\system32\wowdebn.dll moved successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\68u80y7xi5q0ohmm42pgk30d moved successfully.
C:\Documents and Settings\All Users\Application Data\68u80y7xi5q0ohmm42pgk30d moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32793645 bytes
->Java cache emptied: 847 bytes
->Flash cache emptied: 43202 bytes

User: NetworkService
->Temp folder emptied: 722446 bytes
->Temporary Internet Files folder emptied: 57410985 bytes
->Java cache emptied: 8188 bytes
->Flash cache emptied: 42846 bytes

User: Owner
->Temp folder emptied: 162040403 bytes
->Temporary Internet Files folder emptied: 10657334 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 212317132 bytes
->Flash cache emptied: 4566 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402411 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 463263 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 109259874 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 30861783 bytes

Total Files Cleaned = 590.00 mb

Error: Unable to interpret <[/b]> in the current context!

OTL by OldTimer - Version 3.2.22.3 log created on 04222011_081646

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 22nd April 2011, 2:06 pm

still getting the Generic Host Win32 services error. svchost.exe running in the 300k+ range

B

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by Belahzur on 22nd April 2011, 8:16 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 26th April 2011, 6:56 pm

ComboFix 11-04-25.03 - Owner 04/26/2011 14:11:50.2.2 - x86
Running from: c:\documents and settings\Owner\My Documents\Brandon\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
----- File Replicators -----
.
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut1_5DDC3DFBB658402487936E98D3651BFD.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut1011_5774C111B8F246B0AFB1F71F20FF4E67.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut102_5644560183D14A7B8DC5AA115758DEAA.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut211_8C085A93DB0043388676173D40A360A3.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut29_64E38A90B85F447EA9D42C14DFF7B399.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut311_4604B4259921471B96EC624AFEA12F1B.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut32_F9B129D0055B4A3694BB83B45342EB06.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut411_D7FFEBDC368A4660B7F21BA64BFCD866.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut42_3242FA92AA814582BF8F363E375E2617.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut511_C00D6FDD7F0C4313938DD0B302929D40.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut52_0BE5792C876246FC9ABE69B6DDA308A3.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut711_017ECA06492B42F79CDC1E5C8EA0D4DB.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut72_CAD273ADB04649A6BD8728786328AA87.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut811_35DFAD5C171D44088EAA810BD0A23520.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut82_C55036898DFD4AC78FAF03E64357D1C5.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut911_52BC2593A7AD474C89760DD3095F858D.exe
c:\windows\Installer\{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}\NewShortcut92_995982DA6F5147D0B263EACCBFB80EEC.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-26 18:03 . 2011-04-26 18:03 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKslf37dc4bc.sys
2011-04-26 18:01 . 2011-04-26 18:03 -------- d-----w- C:\32788R22FWJFW
2011-04-26 18:01 . 2011-04-26 18:01 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKsle097958a.sys
2011-04-26 16:36 . 2011-04-26 16:36 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKsl9c7c8180.sys
2011-04-26 12:50 . 2011-04-26 12:50 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKslfeed2b18.sys
2011-04-25 16:11 . 2011-04-25 16:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-25 16:11 . 2011-04-25 16:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-04-22 12:16 . 2011-04-22 12:16 -------- d-----w- C:\_OTL
2011-04-21 19:37 . 2011-04-21 19:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-21 13:51 . 2011-04-21 13:51 -------- d-----w- c:\program files\iPod
2011-04-21 13:51 . 2011-04-21 13:52 -------- d-----w- c:\program files\iTunes
2011-04-21 13:48 . 2011-04-21 13:49 -------- d-----w- c:\program files\Apple Software Update
2011-04-21 13:20 . 2011-04-21 13:20 -------- d-----w- c:\program files\Bonjour
2011-04-21 13:03 . 2011-04-18 13:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\mpengine.dll
2011-04-21 12:54 . 2011-04-21 12:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-21 12:50 . 2011-04-21 13:50 -------- d-----w- c:\program files\QuickTime
2011-04-20 19:46 . 2011-04-21 12:45 -------- d-----w- c:\program files\Wise Disk Cleaner
2011-04-20 19:39 . 2011-04-21 12:45 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-04-20 18:00 . 2011-04-20 18:00 -------- d-----w- c:\program files\IObit
2011-04-20 13:57 . 2011-04-20 13:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-20 13:56 . 2011-04-20 13:56 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-04-20 13:51 . 2011-04-20 13:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-04-20 13:51 . 2011-04-20 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-20 13:50 . 2011-04-21 12:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-30 13:56 . 2011-03-30 13:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-21 19:37 . 2010-10-06 17:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:31 . 2010-10-06 05:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2009-01-26 01:44 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27 . 2009-01-26 01:44 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2009-01-26 01:45 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2009-01-26 01:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2009-01-26 01:45 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2009-01-26 01:45 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:19 . 2009-01-26 01:43 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:19 . 2009-01-26 01:44 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-10-06 07:40 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 09:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 09:42 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 09:41 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 23:03 . 2007-04-03 12:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-08 13:33 . 2008-04-14 09:41 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-02 22:11 . 2010-10-06 17:40 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-16 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-16 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 16132608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2006-07-12 626688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5825880]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-3-6 1156384]
QuickBooks Web Connector.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe [2009-2-9 300328]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks Enterprise Solutions 11.0\QBW32.EXE [2011-3-6 1178400]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Enterprise Solutions 10.0\\QBDBMgrN.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Enterprise Solutions 11.0\\QBDBMgrN.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2240:UDP"= 2240:UDP:Windows Media Format SDK (wmplayer.exe)
"2241:UDP"= 2241:UDP:Windows Media Format SDK (wmplayer.exe)
"2242:UDP"= 2242:UDP:Windows Media Format SDK (wmplayer.exe)
.
R1 MpKsl4335a724;MpKsl4335a724;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D5131BE-6318-4D1E-9A4C-7A1DFF286CCA}\MpKsl4335a724.sys [x]
R1 MpKsl64deb866;MpKsl64deb866;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00AEFD8B-0591-4B46-93FC-ABD52782B932}\MpKsl64deb866.sys [x]
R1 MpKsl6de5c06d;MpKsl6de5c06d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36FAC27D-1BA0-49B0-BD77-56F121E989E2}\MpKsl6de5c06d.sys [x]
R1 MpKsl87e18573;MpKsl87e18573;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98955048-38E0-4FA4-8E75-E625260C14B9}\MpKsl87e18573.sys [x]
R1 MpKslb8672459;MpKslb8672459;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E1D8520-9163-4B7B-A026-F463C2D8C700}\MpKslb8672459.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 9472]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2010-09-28 15328]
S1 MpKsl9c7c8180;MpKsl9c7c8180;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKsl9c7c8180.sys [2011-04-26 28752]
S1 MpKsle097958a;MpKsle097958a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKsle097958a.sys [2011-04-26 28752]
S1 MpKslf37dc4bc;MpKslf37dc4bc;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKslf37dc4bc.sys [2011-04-26 28752]
S1 MpKslfeed2b18;MpKslfeed2b18;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKslfeed2b18.sys [2011-04-26 28752]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-04-29 91456]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-03-06 1257760]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-09-28 220128]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL9C7C8180
*NewlyCreated* - MPKSLE097958A
*NewlyCreated* - MPKSLF37DC4BC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks Enterprise Solutions 10.0\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks Enterprise Solutions 11.0\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vth4bosg.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NASA Night Launch: [You must be registered and logged in to see this link.] - %profile%\extensions\nasanightlaunch@example.com
FF - user.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
Notify-lonerty - c:\documents and settings\LocalService\Local Settings\Application Data\lonerty.dll
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-26 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600 Disk: ST3160815AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8653657B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\WININET.dll
.
Completion time: 2011-04-26 14:41:09
ComboFix-quarantined-files.txt 2011-04-26 18:41
.
Pre-Run: 98,876,182,528 bytes free
Post-Run: 98,994,831,360 bytes free
.
- - End Of File - - 6889ABAD4BC13ECFB9A533881534093C


sorry it took me so long to run this. had the weekend and then have been dealing with network issues

B

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by Belahzur on 26th April 2011, 11:32 pm

Hello.

Please reboot your machine.

As it is rebooting, you will notice an extra menu, and an extra option for the Microsoft Windows Recovery Console.

Please select that option to boot the RC, Windows will boot to a text based screen and ask you to select the installation to log into, please choose the correct one, usually option 1 and press enter.

In there, type in the following commands, 1 line at a time.


fixmbr
exit

After the copy command, you may be prompted with a yes/no to confirm the copy, type in "y" to confirm it.

After that, boot back to normal mode and re-run Combofix, then post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 27th April 2011, 12:18 pm

ComboFix 11-04-26.03 - Owner 04/27/2011 8:09.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.616 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Brandon\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-26 18:03 . 2011-04-26 18:41 -------- d-----w- C:\Combo-Fix
2011-04-25 16:11 . 2011-04-25 16:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-25 16:11 . 2011-04-25 16:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-04-22 12:16 . 2011-04-22 12:16 -------- d-----w- C:\_OTL
2011-04-21 19:37 . 2011-04-21 19:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-21 13:51 . 2011-04-21 13:51 -------- d-----w- c:\program files\iPod
2011-04-21 13:51 . 2011-04-21 13:52 -------- d-----w- c:\program files\iTunes
2011-04-21 13:48 . 2011-04-21 13:49 -------- d-----w- c:\program files\Apple Software Update
2011-04-21 13:20 . 2011-04-21 13:20 -------- d-----w- c:\program files\Bonjour
2011-04-21 12:54 . 2011-04-21 12:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-21 12:50 . 2011-04-21 13:50 -------- d-----w- c:\program files\QuickTime
2011-04-20 19:46 . 2011-04-21 12:45 -------- d-----w- c:\program files\Wise Disk Cleaner
2011-04-20 19:39 . 2011-04-21 12:45 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-04-20 18:00 . 2011-04-20 18:00 -------- d-----w- c:\program files\IObit
2011-04-20 13:57 . 2011-04-20 13:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-20 13:56 . 2011-04-20 13:56 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-04-20 13:51 . 2011-04-20 13:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-04-20 13:51 . 2011-04-20 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-20 13:50 . 2011-04-21 12:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-30 13:56 . 2011-03-30 13:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-21 19:37 . 2010-10-06 17:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:31 . 2010-10-06 05:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2009-01-26 01:44 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27 . 2009-01-26 01:44 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2009-01-26 01:45 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2009-01-26 01:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2009-01-26 01:45 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2009-01-26 01:45 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:19 . 2009-01-26 01:43 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:19 . 2009-01-26 01:44 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-10-06 07:40 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 09:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 09:42 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 09:41 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 23:03 . 2007-04-03 12:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-08 13:33 . 2008-04-14 09:41 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-02 22:11 . 2010-10-06 17:40 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
.
[-] 2009-01-26 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-27 12:00 . 2011-04-27 12:00 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-16 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-16 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 16132608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2006-07-12 626688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5825880]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-3-6 1156384]
QuickBooks Web Connector.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe [2009-2-9 300328]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks Enterprise Solutions 11.0\QBW32.EXE [2011-3-6 1178400]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Enterprise Solutions 10.0\\QBDBMgrN.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Enterprise Solutions 11.0\\QBDBMgrN.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2240:UDP"= 2240:UDP:Windows Media Format SDK (wmplayer.exe)
"2241:UDP"= 2241:UDP:Windows Media Format SDK (wmplayer.exe)
"2242:UDP"= 2242:UDP:Windows Media Format SDK (wmplayer.exe)
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [9/28/2010 9:40 AM 15328]
R1 MpKsl05194f44;MpKsl05194f44;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKsl05194f44.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKsl05194f44.sys [?]
R1 MpKsl20b79647;MpKsl20b79647;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKsl20b79647.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKsl20b79647.sys [?]
R1 MpKsldbc7dc20;MpKsldbc7dc20;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKsldbc7dc20.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKsldbc7dc20.sys [?]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [1/12/2011 1:33 PM 91456]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [3/5/2011 9:03 PM 1257760]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [9/28/2010 9:40 AM 220128]
S1 MpKsl4335a724;MpKsl4335a724;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D5131BE-6318-4D1E-9A4C-7A1DFF286CCA}\MpKsl4335a724.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D5131BE-6318-4D1E-9A4C-7A1DFF286CCA}\MpKsl4335a724.sys [?]
S1 MpKsl64deb866;MpKsl64deb866;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00AEFD8B-0591-4B46-93FC-ABD52782B932}\MpKsl64deb866.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00AEFD8B-0591-4B46-93FC-ABD52782B932}\MpKsl64deb866.sys [?]
S1 MpKsl6de5c06d;MpKsl6de5c06d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36FAC27D-1BA0-49B0-BD77-56F121E989E2}\MpKsl6de5c06d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36FAC27D-1BA0-49B0-BD77-56F121E989E2}\MpKsl6de5c06d.sys [?]
S1 MpKsl819ce1b0;MpKsl819ce1b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKsl819ce1b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CE6FAA-8B56-44C5-B896-8FAFBEE742B4}\MpKsl819ce1b0.sys [?]
S1 MpKsl87e18573;MpKsl87e18573;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98955048-38E0-4FA4-8E75-E625260C14B9}\MpKsl87e18573.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98955048-38E0-4FA4-8E75-E625260C14B9}\MpKsl87e18573.sys [?]
S1 MpKslb8672459;MpKslb8672459;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E1D8520-9163-4B7B-A026-F463C2D8C700}\MpKslb8672459.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E1D8520-9163-4B7B-A026-F463C2D8C700}\MpKslb8672459.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [1/12/2011 1:33 PM 9472]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL20B79647
*NewlyCreated* - MPKSLDBC7DC20
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks Enterprise Solutions 10.0\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks Enterprise Solutions 11.0\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vth4bosg.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NASA Night Launch: [You must be registered and logged in to see this link.] - %profile%\extensions\nasanightlaunch@example.com
FF - user.js: keyword.URL - [You must be registered and logged in to see this link.]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-27 08:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-04-27 08:16:54
ComboFix-quarantined-files.txt 2011-04-27 12:16
ComboFix2.txt 2011-04-26 18:41
.
Pre-Run: 99,084,308,480 bytes free
Post-Run: 99,112,054,784 bytes free
.
- - End Of File - - 506793F2C81043C7197AC29AE4795F81

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 27th April 2011, 12:21 pm

also to a note I had an unresponsive script error this morning and yesterday one of those svchost.exe things was running in the 200k - 300k range. one time it was at the 550k mark using up 60%+ of the CPU.

just trying to give you all the info i got. I really appreciate the help and shall be donating as soon as i get the funds.

B

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by Belahzur on 27th April 2011, 4:39 pm

Hello.
Don't worry about that, we aren't done just yet.

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    sfcfiles.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by BJPalmer85 on 28th April 2011, 5:06 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 13:03 on 28/04/2011 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "sfcfiles.dll"
C:\WINDOWS\system32\sfcfiles.dll --a---- 1614848 bytes [01:52 26/01/2009] [01:52 26/01/2009] 362BC5AF8EAF712832C58CC13AE05750

-= EOF =-

BJPalmer85
Novice
Novice

Posts Posts : 19
Joined Joined : 2011-04-20
OS OS : XP
Points Points : 20871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OLT files...possible malware

Post by Belahzur on 28th April 2011, 5:59 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum