Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

fake” XP Security center"

Started by pepoB , Aug 03 2011 09:06 AM

  • Please log in to reply

#1
pepoB
Posted 03 August 2011 - 09:06 AM

pepoB

    Member

  • Member
  • PipPip
  • 15 posts
Hello, my Friend has a Dell Dimension E510 with Windows XP & 1G RAM. She had a fake” XP Security center”. We were able to remove it with Eset online scanner, Combofix and Malwarebytes.
The PC boots up fine now and has no pop-ups or redirections, but after the pc boots, the task bar is unusable for about a minute or 2. If I click on a desktop icon such as Word or Firefox it will work fine, but if I go to the taskbar or start button the mouse cursor becomes an hourglass ? We must wait a few minutes for the cursor to switch from an hourglass to an arrow before we can click on the taskbar, after that the taskbar works great?
I also noticed in task manager one of the svchost.exe process start to climb in memory until it reaches 500,000 or 600,000k. I disabled every non essetial service according to some websites and I even downloaded Saluto utility but nothing seems to help.
Thanks

OTL logfile created on: 8/3/2011 7:47:41 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 320.02 Mb Available Physical Memory | 31.31% Memory free
2.40 Gb Paging File | 1.81 Gb Available in Paging File | 75.48% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 18.52 Gb Free Space | 26.53% Space Free | Partition Type: NTFS

Computer Name: MOCERI | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 07:28:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2011/07/21 11:52:22 | 001,706,544 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2011/07/21 11:52:22 | 000,392,224 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 07:28:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/21 11:52:22 | 000,392,224 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/21 11:33:54 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Soluto.sys -- (Soluto)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/12/20 20:20:31 | 000,016,968 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2008/01/15 14:53:22 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/01/15 14:53:22 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/20 09:40:28 | 000,023,217 | R--- | M] (INCA Internet Co., Ltd.) [Kernel | Auto | Running] -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - [2006/11/09 15:49:24 | 000,015,472 | R--- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Nexon\MapleStory\npkcusb.sys -- (npkcusb)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/15 00:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/09 12:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2003/11/17 23:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 23:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 23:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/12/13 04:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2001/01/08 09:53:24 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...F&PC=GM2TDF&q="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {4E77EDAD-9566-4089-88D1-C81498CEE770}:3.0
FF - prefs.js..extensions.enabledItems: {52794457-af6c-4c50-9def-f2e24f4c8889}:2.8.0.0
FF - prefs.js..extensions.enabledItems: {B6DBCA96-408F-4E27-9ED8-6572BE9F8344}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Admin\Application Data\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/21 13:36:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/01 20:47:53 | 000,000,000 | ---D | M]

[2008/06/18 11:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2011/08/01 22:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions
[2010/12/09 13:39:45 | 000,000,000 | ---D | M] (WhiteSmoke Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}
[2010/12/09 13:38:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\searchplugins\bing-zugo.xml
[2010/04/06 20:04:06 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\searchplugins\bing.xml
[2011/08/01 20:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/20 21:33:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/21 13:36:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2010/12/18 19:33:40 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/05/08 13:39:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2008/12/01 12:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

O1 HOSTS File: ([2011/08/02 23:22:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1139342167328 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} file:///C:/Documents%20and%20Settings/Anthony/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.217.3 64.233.217.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 07:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\New Folder
[2011/08/03 07:28:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/08/02 23:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/08/02 23:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/08/02 23:40:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/02 22:59:24 | 004,161,545 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/08/02 22:57:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/08/02 07:56:08 | 000,051,144 | ---- | C] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys
[2011/08/02 07:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2011/08/02 07:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soluto
[2011/08/02 07:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/08/02 07:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/08/02 07:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/08/02 07:51:54 | 000,000,000 | ---D | C] -- C:\471164efdf667bd1d58021f6a30cc1e5
[2011/08/02 07:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2011/08/02 07:15:15 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/08/02 07:13:25 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/08/01 23:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Win2000
[2011/08/01 23:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Lang
[2011/08/01 22:58:56 | 027,041,104 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\Admin\My Documents\R118968.EXE
[2011/08/01 22:56:46 | 004,641,568 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\Admin\My Documents\R126542.EXE
[2011/08/01 22:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/08/01 22:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\HiJackThis
[2011/08/01 22:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/01 22:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\comcasttb
[2011/08/01 21:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/01 21:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\nCleaner
[2011/08/01 21:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\nCleaner
[2011/08/01 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\NKProds
[2011/08/01 21:14:23 | 000,892,614 | ---- | C] (NKProds) -- C:\Documents and Settings\Admin\My Documents\ncleaner_setup.exe
[2011/08/01 20:54:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011/08/01 20:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/08/01 19:32:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/18 21:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/18 21:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/18 21:28:30 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/18 21:28:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/18 21:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2011/07/18 21:19:24 | 000,000,000 | ---D | C] -- C:\4a07f884163814a346a8f5
[2011/07/18 21:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Runscanner.net

========== Files - Modified Within 30 Days ==========

[2011/08/03 07:36:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/03 07:28:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/08/03 07:24:07 | 000,001,568 | ---- | M] () -- C:\WINDOWS\System32\.lck
[2011/08/03 07:24:07 | 000,000,112 | ---- | M] () -- C:\WINDOWS\System32\.rsp
[2011/08/03 07:23:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/03 07:21:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/02 23:50:56 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\NTFS.com Fixing and repair MBR.Fix MBR.Recover boot record.Recovery..url
[2011/08/02 23:31:09 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\MBRCheck.exe
[2011/08/02 23:22:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/02 22:59:24 | 004,161,545 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/08/02 22:55:31 | 001,388,094 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2011/08/02 22:51:25 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\96vinj89.exe
[2011/08/02 22:32:44 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/02 16:58:32 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2011/08/02 08:01:05 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/08/02 07:54:09 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/02 07:54:09 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/02 07:43:50 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\BootTimer – Objectively Measure Your Windows XP Boot Time.url
[2011/08/02 07:43:45 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\WeetHet - Windows - Improving Windows XP boot time.url
[2011/08/02 07:43:43 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Analyze (And Optimize) Your Windows XP Boot Time PCMech.url
[2011/08/02 07:15:09 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/02 07:15:09 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/02 07:12:32 | 000,335,992 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Dial-a-fix-v0.60.0.24.zip
[2011/08/01 23:01:44 | 004,641,568 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\Admin\My Documents\R126542.EXE
[2011/08/01 22:58:56 | 027,041,104 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\Admin\My Documents\R118968.EXE
[2011/08/01 22:57:00 | 002,520,016 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\CZ128400.exe
[2011/08/01 22:22:16 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\HiJackThis.lnk
[2011/08/01 21:54:50 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/01 21:54:49 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4002349156-3596628264-4241629931-1006Core.job
[2011/08/01 21:54:49 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 21:54:48 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4002349156-3596628264-4241629931-1006UA.job
[2011/08/01 21:52:17 | 001,829,880 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\ProcessExplorer.zip
[2011/08/01 21:52:17 | 000,620,972 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Autoruns.zip
[2011/08/01 21:34:37 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/01 21:32:15 | 000,049,875 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\TaskbarRepairToolPlus!.zip
[2011/08/01 21:14:44 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\nCleaner.lnk
[2011/08/01 21:14:25 | 000,892,614 | ---- | M] (NKProds) -- C:\Documents and Settings\Admin\My Documents\ncleaner_setup.exe
[2011/07/29 20:46:29 | 000,014,876 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kv1h3spw143o20xyju4u0o2s80x3o83i717
[2011/07/29 20:46:29 | 000,014,876 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\kv1h3spw143o20xyju4u0o2s80x3o83i717
[2011/07/24 22:20:10 | 000,014,036 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/21 11:33:54 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys
[2011/07/18 21:30:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/02 23:50:56 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\NTFS.com Fixing and repair MBR.Fix MBR.Recover boot record.Recovery..url
[2011/08/02 23:31:13 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\MBRCheck.exe
[2011/08/02 22:55:24 | 001,388,094 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2011/08/02 22:51:24 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\96vinj89.exe
[2011/08/02 08:06:12 | 000,001,568 | ---- | C] () -- C:\WINDOWS\System32\.lck
[2011/08/02 08:06:12 | 000,000,112 | ---- | C] () -- C:\WINDOWS\System32\.rsp
[2011/08/02 08:01:05 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/08/02 07:53:59 | 000,317,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/02 07:43:50 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\BootTimer – Objectively Measure Your Windows XP Boot Time.url
[2011/08/02 07:43:45 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\WeetHet - Windows - Improving Windows XP boot time.url
[2011/08/02 07:43:43 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Analyze (And Optimize) Your Windows XP Boot Time PCMech.url
[2011/08/02 07:12:31 | 000,335,992 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Dial-a-fix-v0.60.0.24.zip
[2011/08/01 23:03:16 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/08/01 23:00:16 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Instngin.dll
[2011/08/01 23:00:16 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Install.cfg
[2011/08/01 23:00:16 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\autorun.inf
[2011/08/01 22:57:00 | 002,520,016 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\CZ128400.exe
[2011/08/01 22:20:47 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\HiJackThis.lnk
[2011/08/01 21:52:13 | 000,620,972 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Autoruns.zip
[2011/08/01 21:52:08 | 001,829,880 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\ProcessExplorer.zip
[2011/08/01 21:34:35 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/01 21:33:59 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/08/01 21:32:18 | 000,049,875 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\TaskbarRepairToolPlus!.zip
[2011/08/01 21:14:44 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\nCleaner.lnk
[2011/07/29 20:44:15 | 000,014,876 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kv1h3spw143o20xyju4u0o2s80x3o83i717
[2011/07/29 20:44:15 | 000,014,876 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\kv1h3spw143o20xyju4u0o2s80x3o83i717
[2011/07/18 21:28:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 19:58:52 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/09 13:39:33 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Eganujahoz.dat
[2010/12/09 13:39:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qdamex.bin
[2010/04/10 16:39:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/04/10 16:39:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/02/25 20:40:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/25 20:40:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/25 20:40:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/25 20:40:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/25 20:40:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/21 18:19:52 | 000,077,351 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/10/07 21:55:00 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2009/10/07 21:52:40 | 000,176,705 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2009/10/07 21:52:39 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2008/08/12 13:37:34 | 000,056,588 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/06/24 21:11:17 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/13 18:23:16 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2007/08/13 18:23:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI
[2007/03/27 10:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 10:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2006/09/18 19:07:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/07/26 20:26:05 | 000,003,442 | ---- | C] () -- C:\WINDOWS\SportballChallenge.ini
[2006/07/05 21:44:02 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\PFP120JPR.{PB
[2006/07/05 21:44:02 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\PFP120JCM.{PB
[2006/02/07 17:55:31 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\FD69F22773.dll
[2006/02/06 18:20:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/06 17:27:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/01 16:09:02 | 000,001,089 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/12/30 18:01:22 | 000,006,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/28 18:57:11 | 000,000,077 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2005/12/28 18:52:35 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2005/12/28 18:44:11 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2005/12/28 18:44:11 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2005/12/26 12:32:12 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/26 12:32:12 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\FD69F22773.sys
[2005/12/24 15:48:30 | 000,001,377 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/12/24 12:59:38 | 000,000,538 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/12/23 21:46:35 | 000,000,030 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/12/23 18:27:25 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/23 18:27:17 | 000,003,026 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/12/23 18:20:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/23 18:13:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2005/12/20 00:43:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/20 00:37:34 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/20 00:33:39 | 000,014,036 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/20 00:31:02 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/20 00:07:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/20 00:07:24 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/12/20 00:06:58 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 06:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 06:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 06:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 06:27:59 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 06:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 06:18:33 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 06:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 06:18:33 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 06:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 06:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 06:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 06:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 06:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 06:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 06:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 06:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2001/01/08 09:53:24 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2000/12/29 13:32:40 | 000,003,953 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll

========== LOP Check ==========

[2005/12/23 18:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Aim
[2010/02/26 21:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG9
[2010/05/10 19:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\CallingID
[2011/08/01 22:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\comcasttb
[2011/08/01 21:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\nCleaner
[2007/06/19 15:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2010/12/20 21:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2005/12/23 18:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/12/20 20:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2006/08/03 14:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/04/10 16:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/08/02 08:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/03/05 16:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/07/13 01:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/06 19:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/14 13:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/03 21:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 10:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/13 10:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 03 August 2011 - 05:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:Services
HidServ

:OTL
FF - prefs.js..extensions.enabledItems: {4E77EDAD-9566-4089-88D1-C81498CEE770}:3.0
FF - prefs.js..extensions.enabledItems: {52794457-af6c-4c50-9def-f2e24f4c8889}:2.8.0.0
FF - prefs.js..extensions.enabledItems: {B6DBCA96-408F-4E27-9ED8-6572BE9F8344}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Admin\Application Data\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
[2010/12/09 13:39:45 | 000,000,000 | ---D | M] (WhiteSmoke Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}
[2010/12/20 21:33:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/09 13:38:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\searchplugins\bing-zugo.xml
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} file:///C:/Documents%20and%20Settings/Anthony/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/swflash.cab (Shockwave Flash Object)
[2011/07/29 20:46:29 | 000,014,876 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kv1h3spw143o20xyju4u0o2s80x3o83i717
[2011/07/29 20:46:29 | 000,014,876 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\kv1h3spw143o20xyju4u0o2s80x3o83i717

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Pause your anti-virus and run Combofix one more time. Allow it to update if it wants to and also allow it to install the Recovery Console if it hasn't already. Copy and paste the log.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


Ron
  • 0

#3
pepoB
Posted 03 August 2011 - 07:50 PM

pepoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank you for the reply
Here are the logs you requested.

========== PROCESSES ==========
========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
========== OTL ==========
Prefs.js: {4E77EDAD-9566-4089-88D1-C81498CEE770}:3.0 removed from extensions.enabledItems
Prefs.js: {52794457-af6c-4c50-9def-f2e24f4c8889}:2.8.0.0 removed from extensions.enabledItems
Prefs.js: {B6DBCA96-408F-4E27-9ED8-6572BE9F8344}:1.9.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\searchbar folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\options folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\radio\images folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\radio\css folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\radio folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\panels\default folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\panels\css folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\DTXWizard\skin\icon_library\Basics folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\DTXWizard\skin\icon_library folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\DTXWizard\skin folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin\DTXWizard folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\skin folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\data\weather folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\data\search folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\data\rss folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\data\dynamicElements folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\data folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.YouTube\skin\images folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.YouTube\skin\css folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.YouTube\skin folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.YouTube\js folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.YouTube\images folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.YouTube\css folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.YouTube folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Facebook\skin\images folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Facebook\skin\css folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Facebook\skin folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets\net.vmn.www.Facebook folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\newtab\images folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\newtab folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\modules folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\searchplugins\bing-zugo.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {406B5949-7190-4245-91A9-30A17DE16AD0}
C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{406B5949-7190-4245-91A9-30A17DE16AD0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{406B5949-7190-4245-91A9-30A17DE16AD0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{406B5949-7190-4245-91A9-30A17DE16AD0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{406B5949-7190-4245-91A9-30A17DE16AD0}\ not found.
Starting removal of ActiveX control {5F8469B4-B055-49DD-83F7-62B522420ECC}
C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5F8469B4-B055-49DD-83F7-62B522420ECC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F8469B4-B055-49DD-83F7-62B522420ECC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F8469B4-B055-49DD-83F7-62B522420ECC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F8469B4-B055-49DD-83F7-62B522420ECC}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File B6E-AE6D-11CF-96B8-444553540000} file:///C:/Documents%20and%20Settings/Anthony/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/swflash.cab not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\kv1h3spw143o20xyju4u0o2s80x3o83i717 moved successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\kv1h3spw143o20xyju4u0o2s80x3o83i717 moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Admin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Admin\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Admin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Admin\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Admin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Admin\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Admin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 08032011_210324

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...






ComboFix 11-08-03.03 - Admin 08/03/2011 21:15:30.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.651 [GMT -4:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 )))))))))))))))))))))))))))))))
.
.
2011-08-04 01:03 . 2011-08-04 01:03 -------- d-----w- C:\_OTL
2011-08-03 02:57 . 2011-08-03 02:57 -------- d-----w- C:\TDSSKiller_Quarantine
2011-08-02 11:56 . 2011-07-21 15:33 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-08-02 11:56 . 2011-08-02 11:56 -------- d-----w- c:\program files\Soluto
2011-08-02 11:53 . 2011-08-02 11:53 -------- d-----w- c:\windows\system32\XPSViewer
2011-08-02 11:53 . 2011-08-02 11:53 -------- d-----w- c:\program files\MSBuild
2011-08-02 11:53 . 2011-08-02 11:53 -------- d-----w- c:\program files\Reference Assemblies
2011-08-02 11:52 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-08-02 11:51 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-08-02 11:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-08-02 11:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-08-02 11:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-08-02 11:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-08-02 11:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-08-02 11:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-08-02 11:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-08-02 11:51 . 2011-08-02 11:52 -------- d-----w- C:\471164efdf667bd1d58021f6a30cc1e5
2011-08-02 11:44 . 2011-08-02 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2011-08-02 03:03 . 2006-02-10 01:05 520192 ------w- c:\windows\system32\ati2sgag.exe
2011-08-02 02:41 . 2011-08-02 02:41 -------- d-----w- c:\program files\Common Files\SWF Studio
2011-08-02 02:20 . 2011-08-02 02:20 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-02 02:20 . 2011-08-02 02:20 -------- d-----w- c:\program files\Trend Micro
2011-08-02 02:03 . 2011-08-02 02:03 -------- d-----w- c:\documents and settings\Admin\Application Data\comcasttb
2011-08-02 01:33 . 2011-03-11 14:10 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-08-02 01:14 . 2011-08-02 01:14 -------- d-----w- c:\documents and settings\Admin\Application Data\nCleaner
2011-08-02 01:14 . 2011-08-02 01:14 -------- d-----w- c:\program files\NKProds
2011-08-02 00:22 . 2011-08-02 00:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-07-21 17:36 . 2011-07-21 17:36 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-21 17:36 . 2011-07-21 17:36 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-19 01:54 . 2011-07-19 01:54 -------- d-----w- c:\program files\ESET
2011-07-19 01:28 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-19 01:28 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-19 01:19 . 2011-07-19 01:19 -------- d-----w- c:\program files\ACW
2011-07-19 01:19 . 2011-07-19 01:19 -------- d-----w- C:\4a07f884163814a346a8f5
2011-07-19 01:17 . 2011-07-19 01:17 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Runscanner.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2005-08-16 10:18 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-07-21 17:36 . 2011-05-08 17:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-03_12.35.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-04 01:05 . 2011-08-04 01:05 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2006-02-10 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
2004-11-11 16:26 26112 -c--a-w- c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 06:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McTaskManager"=2 (0x2)
"McShield"=3 (0x3)
"McAfeeFramework"=2 (0x2)
"wlidsvc"=2 (0x2)
"sprtsvc_dellsupportcenter"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NetSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"DSBrokerService"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ATI Smart"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
.
S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [8/2/2011 7:56 AM 51144]
S0 tzrrkbbs;tzrrkbbs;c:\windows\system32\drivers\utsgfzyp.sys --> c:\windows\system32\drivers\utsgfzyp.sys [?]
S0 yorytjgh;yorytjgh;c:\windows\system32\drivers\kqrnelut.sys --> c:\windows\system32\drivers\kqrnelut.sys [?]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [7/21/2011 11:52 AM 392224]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/18/2011 9:28 PM 41272]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [1/8/2001 9:53 AM 15576]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2010 9:40 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2010 9:40 PM 136176]
S4 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [12/20/2010 7:58 PM 16968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 01:39]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 01:39]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002349156-3596628264-4241629931-1006Core.job
- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-17 14:39]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002349156-3596628264-4241629931-1006UA.job
- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-17 14:39]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 64.233.217.3 64.233.217.5
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=GM2TDF&PC=GM2TDF&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-03 21:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS728080PLA380 rev.PF2OA63A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8711A176
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-03 21:27:13
ComboFix-quarantined-files.txt 2011-08-04 01:27
ComboFix2.txt 2011-08-03 12:39
ComboFix3.txt 2011-08-03 03:27
ComboFix5.txt 2011-08-04 01:14
.
Pre-Run: 19,849,945,088 bytes free
Post-Run: 19,932,823,552 bytes free
.
- - End Of File - - 248574BA7C951C47AB8B1030730767DC
  • 0

#4
pepoB
Posted 03 August 2011 - 08:02 PM

pepoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here are the 2 new OTL log's

OTL logfile created on: 8/3/2011 9:29:39 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 599.84 Mb Available Physical Memory | 58.69% Memory free
2.40 Gb Paging File | 2.16 Gb Available in Paging File | 90.14% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 18.60 Gb Free Space | 26.65% Space Free | Partition Type: NTFS

Computer Name: MOCERI | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 07:28:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 07:28:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/21 11:52:22 | 000,392,224 | ---- | M] (Soluto) [Auto | Stopped] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/21 11:33:54 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\Soluto.sys -- (Soluto)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/12/20 20:20:31 | 000,016,968 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2008/01/15 14:53:22 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/01/15 14:53:22 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/20 09:40:28 | 000,023,217 | R--- | M] (INCA Internet Co., Ltd.) [Kernel | Auto | Running] -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - [2006/11/09 15:49:24 | 000,015,472 | R--- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Nexon\MapleStory\npkcusb.sys -- (npkcusb)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/15 00:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/09 12:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2003/11/17 23:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 23:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 23:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/12/13 04:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2001/01/08 09:53:24 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...F&PC=GM2TDF&q="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Admin\Application Data\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/21 13:36:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/01 20:47:53 | 000,000,000 | ---D | M]

[2008/06/18 11:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2011/08/01 22:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\extensions
[2010/04/06 20:04:06 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\searchplugins\bing.xml
[2011/08/01 20:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/21 13:36:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2010/12/18 19:33:40 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/05/08 13:39:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2008/12/01 12:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

O1 HOSTS File: ([2011/08/03 21:03:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1139342167328 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.217.3 64.233.217.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 21:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\New Folder (2)
[2011/08/03 21:03:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/03 07:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\New Folder
[2011/08/03 07:28:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/08/02 23:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/08/02 23:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/08/02 22:59:24 | 004,163,573 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/08/02 22:57:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/08/02 07:56:08 | 000,051,144 | ---- | C] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys
[2011/08/02 07:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2011/08/02 07:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soluto
[2011/08/02 07:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/08/02 07:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/08/02 07:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/08/02 07:51:55 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/08/02 07:51:55 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/08/02 07:51:55 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/08/02 07:51:55 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/08/02 07:51:55 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/08/02 07:51:55 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/08/02 07:51:54 | 000,000,000 | ---D | C] -- C:\471164efdf667bd1d58021f6a30cc1e5
[2011/08/02 07:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2011/08/02 07:15:15 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/08/02 07:13:25 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/08/01 23:00:16 | 000,106,496 | ---- | C] (Intel® Corporation) -- C:\Documents and Settings\Admin\Desktop\PCIUtil.dll
[2011/08/01 23:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Win2000
[2011/08/01 23:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Lang
[2011/08/01 22:58:56 | 027,041,104 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\Admin\My Documents\R118968.EXE
[2011/08/01 22:56:46 | 004,641,568 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\Admin\My Documents\R126542.EXE
[2011/08/01 22:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/08/01 22:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\HiJackThis
[2011/08/01 22:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/01 22:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\comcasttb
[2011/08/01 21:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/01 21:33:58 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/08/01 21:15:08 | 003,608,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/08/01 21:15:08 | 001,168,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2011/08/01 21:15:08 | 000,832,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2011/08/01 21:15:08 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2011/08/01 21:15:08 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2011/08/01 21:15:08 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/08/01 21:15:08 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2011/08/01 21:15:08 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2011/08/01 21:15:08 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2011/08/01 21:15:08 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2011/08/01 21:15:08 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/08/01 21:15:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2011/08/01 21:15:08 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2011/08/01 21:15:07 | 006,076,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/08/01 21:15:07 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2011/08/01 21:15:07 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2011/08/01 21:15:07 | 000,634,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2011/08/01 21:15:07 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2011/08/01 21:15:07 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2011/08/01 21:15:07 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/08/01 21:15:07 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2011/08/01 21:15:07 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2011/08/01 21:15:07 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/08/01 21:15:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2011/08/01 21:15:07 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2011/08/01 21:15:07 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2011/08/01 21:15:07 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2011/08/01 21:15:07 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2011/08/01 21:15:07 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2011/08/01 21:15:07 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2011/08/01 21:15:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2011/08/01 21:15:07 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2011/08/01 21:15:07 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2011/08/01 21:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\nCleaner
[2011/08/01 21:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\nCleaner
[2011/08/01 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\NKProds
[2011/08/01 21:14:23 | 000,892,614 | ---- | C] (NKProds) -- C:\Documents and Settings\Admin\My Documents\ncleaner_setup.exe
[2011/08/01 20:54:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011/08/01 20:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/08/01 19:32:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/18 21:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/18 21:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/18 21:28:30 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/18 21:28:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/18 21:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2011/07/18 21:19:24 | 000,000,000 | ---D | C] -- C:\4a07f884163814a346a8f5
[2011/07/18 21:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Runscanner.net

========== Files - Modified Within 30 Days ==========

[2011/08/03 21:13:34 | 004,163,573 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/08/03 21:07:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/03 21:07:20 | 000,003,166 | ---- | M] () -- C:\WINDOWS\System32\.lck
[2011/08/03 21:07:19 | 000,000,332 | ---- | M] () -- C:\WINDOWS\System32\.rsp
[2011/08/03 21:05:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/03 21:03:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/03 18:30:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/03 07:28:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/08/02 23:50:56 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\NTFS.com Fixing and repair MBR.Fix MBR.Recover boot record.Recovery..url
[2011/08/02 23:31:09 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\MBRCheck.exe
[2011/08/02 22:55:31 | 001,388,094 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2011/08/02 22:51:25 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\96vinj89.exe
[2011/08/02 22:32:44 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/02 16:58:32 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2011/08/02 08:01:05 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/08/02 07:54:09 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/02 07:54:09 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/02 07:43:50 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\BootTimer – Objectively Measure Your Windows XP Boot Time.url
[2011/08/02 07:43:45 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\WeetHet - Windows - Improving Windows XP boot time.url
[2011/08/02 07:43:43 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Analyze (And Optimize) Your Windows XP Boot Time PCMech.url
[2011/08/02 07:15:09 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/02 07:15:09 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/02 07:12:32 | 000,335,992 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Dial-a-fix-v0.60.0.24.zip
[2011/08/01 23:01:44 | 004,641,568 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\Admin\My Documents\R126542.EXE
[2011/08/01 22:58:56 | 027,041,104 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\Admin\My Documents\R118968.EXE
[2011/08/01 22:57:00 | 002,520,016 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\CZ128400.exe
[2011/08/01 22:22:16 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\HiJackThis.lnk
[2011/08/01 21:54:50 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/01 21:54:49 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4002349156-3596628264-4241629931-1006Core.job
[2011/08/01 21:54:49 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 21:54:48 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4002349156-3596628264-4241629931-1006UA.job
[2011/08/01 21:52:17 | 001,829,880 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\ProcessExplorer.zip
[2011/08/01 21:52:17 | 000,620,972 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Autoruns.zip
[2011/08/01 21:34:37 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/01 21:32:15 | 000,049,875 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\TaskbarRepairToolPlus!.zip
[2011/08/01 21:14:44 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\nCleaner.lnk
[2011/08/01 21:14:25 | 000,892,614 | ---- | M] (NKProds) -- C:\Documents and Settings\Admin\My Documents\ncleaner_setup.exe
[2011/07/24 22:20:10 | 000,014,036 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/21 11:33:54 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys
[2011/07/18 21:30:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/02 23:50:56 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\NTFS.com Fixing and repair MBR.Fix MBR.Recover boot record.Recovery..url
[2011/08/02 23:31:13 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\MBRCheck.exe
[2011/08/02 22:55:24 | 001,388,094 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2011/08/02 22:51:24 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\96vinj89.exe
[2011/08/02 08:06:12 | 000,003,166 | ---- | C] () -- C:\WINDOWS\System32\.lck
[2011/08/02 08:06:12 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\.rsp
[2011/08/02 08:01:05 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/08/02 07:53:59 | 000,317,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/02 07:43:50 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\BootTimer – Objectively Measure Your Windows XP Boot Time.url
[2011/08/02 07:43:45 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\WeetHet - Windows - Improving Windows XP boot time.url
[2011/08/02 07:43:43 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Analyze (And Optimize) Your Windows XP Boot Time PCMech.url
[2011/08/02 07:12:31 | 000,335,992 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Dial-a-fix-v0.60.0.24.zip
[2011/08/01 23:03:16 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/08/01 23:00:16 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Instngin.dll
[2011/08/01 23:00:16 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Install.cfg
[2011/08/01 23:00:16 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\autorun.inf
[2011/08/01 22:57:00 | 002,520,016 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\CZ128400.exe
[2011/08/01 22:20:47 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\HiJackThis.lnk
[2011/08/01 21:52:13 | 000,620,972 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Autoruns.zip
[2011/08/01 21:52:08 | 001,829,880 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\ProcessExplorer.zip
[2011/08/01 21:34:35 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/01 21:33:59 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/08/01 21:32:18 | 000,049,875 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\TaskbarRepairToolPlus!.zip
[2011/08/01 21:14:44 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\nCleaner.lnk
[2011/07/18 21:28:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 19:58:52 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/09 13:39:33 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Eganujahoz.dat
[2010/12/09 13:39:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qdamex.bin
[2010/04/10 16:39:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/04/10 16:39:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/02/25 20:40:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/25 20:40:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/25 20:40:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/25 20:40:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/25 20:40:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/21 18:19:52 | 000,077,351 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/10/07 21:55:00 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2009/10/07 21:52:40 | 000,176,705 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2009/10/07 21:52:39 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2008/08/12 13:37:34 | 000,056,588 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/06/24 21:11:17 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/13 18:23:16 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2007/08/13 18:23:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI
[2007/03/27 10:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 10:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2006/09/18 19:07:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/07/26 20:26:05 | 000,003,442 | ---- | C] () -- C:\WINDOWS\SportballChallenge.ini
[2006/07/05 21:44:02 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\PFP120JPR.{PB
[2006/07/05 21:44:02 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\PFP120JCM.{PB
[2006/02/07 17:55:31 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\FD69F22773.dll
[2006/02/06 18:20:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/06 17:27:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/01 16:09:02 | 000,001,089 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/12/30 18:01:22 | 000,006,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/28 18:57:11 | 000,000,077 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2005/12/28 18:52:35 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2005/12/28 18:44:11 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2005/12/28 18:44:11 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2005/12/26 12:32:12 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/26 12:32:12 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\FD69F22773.sys
[2005/12/24 15:48:30 | 000,001,377 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/12/24 12:59:38 | 000,000,538 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/12/23 21:46:35 | 000,000,030 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/12/23 18:27:25 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/23 18:27:17 | 000,003,026 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/12/23 18:20:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/23 18:13:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2005/12/20 00:43:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/20 00:37:34 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/20 00:33:39 | 000,014,036 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/20 00:31:02 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/20 00:07:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/20 00:07:24 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/12/20 00:06:58 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 06:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 06:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 06:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 06:27:59 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 06:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 06:18:33 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 06:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 06:18:33 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 06:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 06:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 06:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 06:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 06:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 06:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 06:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 06:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2001/01/08 09:53:24 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2000/12/29 13:32:40 | 000,003,953 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll

< End of report >




And here is the Extra log




OTL Extras logfile created on: 8/3/2011 9:29:39 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 599.84 Mb Available Physical Memory | 58.69% Memory free
2.40 Gb Paging File | 2.16 Gb Available in Paging File | 90.14% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 18.60 Gb Free Space | 26.65% Space Free | Partition Type: NTFS

Computer Name: MOCERI | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Soluto\Soluto.exe" = C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray -- (Soluto)
"C:\Program Files\Soluto\SolutoService.exe" = C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service -- (Soluto)
"C:\Program Files\Soluto\SolutoConsole.exe" = C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console -- (Soluto)
"C:\Program Files\Soluto\SolutoUpdateService.exe" = C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service -- (Soluto)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1A812500-2C7D-47C1-972D-D31022D4D635}" = Soluto
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 23
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F99C5427-4D78-43E2-B97E-F4C4E622D612}" = MapleStory
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Bejeweled Blitz" = Bejeweled Blitz
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"EHome Devices" = Media Center Extender
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSNINST" = MSN
"nCleaner" = nCleaner second 2.3.4.0
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa2" = Picasa 2
"PROSet" = Intel® PRO Network Connections Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2011 11:20:25 AM | Computer Name = MOCERI | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 100.0.170.0, faulting module
hpqcpta.dll, version 10.0.0.202, fault address 0x000109b3.

Error - 7/27/2011 7:12:03 PM | Computer Name = MOCERI | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 7/27/2011 8:26:53 PM | Computer Name = MOCERI | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft Office File Validation Add-In -- Error 1704. An
installation for Bing Bar Platform is currently suspended. You must undo the changes
made by that installation to continue. Do you want to undo those changes?

Error - 8/1/2011 9:11:42 PM | Computer Name = MOCERI | Source = AntiSpywareService | ID = 0
Description =

Error - 8/1/2011 9:23:02 PM | Computer Name = MOCERI | Source = AntiSpywareService | ID = 0
Description =

Error - 8/1/2011 9:37:57 PM | Computer Name = MOCERI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/1/2011 9:37:57 PM | Computer Name = MOCERI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/1/2011 9:44:17 PM | Computer Name = MOCERI | Source = AntiSpywareService | ID = 0
Description =

Error - 8/1/2011 9:52:06 PM | Computer Name = MOCERI | Source = AntiSpywareService | ID = 0
Description =

Error - 8/1/2011 10:57:48 PM | Computer Name = MOCERI | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

[ System Events ]
Error - 8/3/2011 6:52:41 PM | Computer Name = MOCERI | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 8/3/2011 7:25:03 PM | Computer Name = MOCERI | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/3/2011 8:58:15 PM | Computer Name = MOCERI | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/3/2011 9:03:25 PM | Computer Name = MOCERI | Source = Service Control Manager | ID = 7034
Description = The Soluto PCGenome Core Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/3/2011 9:06:52 PM | Computer Name = MOCERI | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/3/2011 9:12:54 PM | Computer Name = MOCERI | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 8/3/2011 9:13:50 PM | Computer Name = MOCERI | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 8/3/2011 9:14:32 PM | Computer Name = MOCERI | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 8/3/2011 9:15:06 PM | Computer Name = MOCERI | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 8/3/2011 9:21:26 PM | Computer Name = MOCERI | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.


< End of report >
  • 0

#5
RKinner
Posted 03 August 2011 - 08:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

SecCenter::
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\utsgfzyp.sys
c:\windows\system32\drivers\kqrnelut.sys
c:\windows\system32\drivers\hitmanpro35.sys

Driver::
tzrrkbbs
yorytjgh
hitmanpro35

RootKit::
c:\windows\system32\drivers\utsgfzyp.sys
c:\windows\system32\drivers\kqrnelut.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"QWAVE"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.
  • 0

#6
pepoB
Posted 03 August 2011 - 08:37 PM

pepoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ComboFix 11-08-03.03 - Admin 08/03/2011 22:19:21.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.614 [GMT -4:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\cfscript.txt
.
FILE ::
"c:\windows\system32\drivers\hitmanpro35.sys"
"c:\windows\system32\drivers\kqrnelut.sys"
"c:\windows\system32\drivers\utsgfzyp.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\hitmanpro35.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HITMANPRO35
-------\Service_hitmanpro35
-------\Service_tzrrkbbs
-------\Service_yorytjgh
.
.
((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 )))))))))))))))))))))))))))))))
.
.
2011-08-04 01:03 . 2011-08-04 01:03 -------- d-----w- C:\_OTL
2011-08-03 02:57 . 2011-08-03 02:57 -------- d-----w- C:\TDSSKiller_Quarantine
2011-08-02 11:56 . 2011-07-21 15:33 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-08-02 11:56 . 2011-08-02 11:56 -------- d-----w- c:\program files\Soluto
2011-08-02 11:53 . 2011-08-02 11:53 -------- d-----w- c:\windows\system32\XPSViewer
2011-08-02 11:53 . 2011-08-02 11:53 -------- d-----w- c:\program files\MSBuild
2011-08-02 11:53 . 2011-08-02 11:53 -------- d-----w- c:\program files\Reference Assemblies
2011-08-02 11:52 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-08-02 11:51 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-08-02 11:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-08-02 11:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-08-02 11:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-08-02 11:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-08-02 11:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-08-02 11:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-08-02 11:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-08-02 11:51 . 2011-08-02 11:52 -------- d-----w- C:\471164efdf667bd1d58021f6a30cc1e5
2011-08-02 11:44 . 2011-08-02 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2011-08-02 03:03 . 2006-02-10 01:05 520192 ------w- c:\windows\system32\ati2sgag.exe
2011-08-02 02:41 . 2011-08-02 02:41 -------- d-----w- c:\program files\Common Files\SWF Studio
2011-08-02 02:20 . 2011-08-02 02:20 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-02 02:20 . 2011-08-02 02:20 -------- d-----w- c:\program files\Trend Micro
2011-08-02 02:03 . 2011-08-02 02:03 -------- d-----w- c:\documents and settings\Admin\Application Data\comcasttb
2011-08-02 01:33 . 2011-03-11 14:10 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-08-02 01:14 . 2011-08-02 01:14 -------- d-----w- c:\documents and settings\Admin\Application Data\nCleaner
2011-08-02 01:14 . 2011-08-02 01:14 -------- d-----w- c:\program files\NKProds
2011-08-02 00:22 . 2011-08-02 00:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-07-21 17:36 . 2011-07-21 17:36 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-21 17:36 . 2011-07-21 17:36 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-19 01:54 . 2011-07-19 01:54 -------- d-----w- c:\program files\ESET
2011-07-19 01:28 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-19 01:28 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-19 01:19 . 2011-07-19 01:19 -------- d-----w- c:\program files\ACW
2011-07-19 01:19 . 2011-07-19 01:19 -------- d-----w- C:\4a07f884163814a346a8f5
2011-07-19 01:17 . 2011-07-19 01:17 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Runscanner.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2005-08-16 10:18 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-07-21 17:36 . 2011-05-08 17:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2006-02-10 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
2004-11-11 16:26 26112 -c--a-w- c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 06:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McTaskManager"=2 (0x2)
"McShield"=3 (0x3)
"McAfeeFramework"=2 (0x2)
"wlidsvc"=2 (0x2)
"sprtsvc_dellsupportcenter"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NetSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"DSBrokerService"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ATI Smart"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [8/2/2011 7:56 AM 51144]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [7/21/2011 11:52 AM 392224]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/18/2011 9:28 PM 41272]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [1/8/2001 9:53 AM 15576]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2010 9:40 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2010 9:40 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 01:39]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 01:39]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002349156-3596628264-4241629931-1006Core.job
- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-17 14:39]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002349156-3596628264-4241629931-1006UA.job
- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-17 14:39]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 64.233.217.3 64.233.217.5
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ojnd86c6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=GM2TDF&PC=GM2TDF&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-03 22:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS728080PLA380 rev.PF2OA63A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8711B176
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-03 22:35:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-04 02:35
ComboFix2.txt 2011-08-04 01:27
ComboFix3.txt 2011-08-03 12:39
ComboFix4.txt 2011-08-03 03:27
ComboFix5.txt 2011-08-04 02:17
.
Pre-Run: 19,940,081,664 bytes free
Post-Run: 19,928,678,400 bytes free
.
- - End Of File - - D54B86EF298C0D339D681F9C6C3D6255
  • 0

#7
RKinner
Posted 03 August 2011 - 11:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall:
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 23





Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

I don't see an anti-virus.

Let's install the free Avast:

http://www.avast.com...ivirus-download

Download and save the installer then run it. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
If the PC is still acting odd:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?


Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Ron
  • 0

#8
pepoB
Posted 04 August 2011 - 06:38 AM

pepoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Yes, the fix button is enabled


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-04 08:26:20
-----------------------------
08:26:20.171 OS Version: Windows 5.1.2600 Service Pack 3
08:26:20.171 Number of processors: 2 586 0x403
08:26:20.171 ComputerName: MOCERI UserName: Admin
08:26:20.859 Initialize success
08:26:51.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
08:26:51.859 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
08:26:51.859 Device \Driver\atapi -> DriverStartIo 8711e176
08:26:53.859 Disk 0 MBR read successfully
08:26:53.859 Disk 0 MBR scan
08:26:53.859 Disk 0 Windows XP default MBR code found via API
08:26:53.859 Disk 0 unknown MBR code
08:26:53.859 Disk 0 MBR hidden
08:26:53.859 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
08:26:53.875 Disk 0 trace - called modules:
08:26:53.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8711e32b]<<
08:26:53.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87189ab8]
08:26:53.875 3 CLASSPNP.SYS[f75d2fd7] -> nt!IofCallDriver -> [0x871cc378]
08:26:53.890 \Driver\atapi[0x871a3310] -> IRP_MJ_CREATE -> 0x8711e32b
08:26:53.890 Scan finished successfully
08:27:08.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
08:27:08.343 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"






Process PID CPU Private Bytes Working Set Description Company Name
svchost.exe 1108 266,820 K 280,760 K Generic Host Process for Win32 Services Microsoft Corporation
iexplore.exe 1124 44,016 K 3,884 K Internet Explorer Microsoft Corporation
explorer.exe 1628 19,980 K 27,012 K Windows Explorer Microsoft Corporation
procexp.exe 1488 0.78 13,988 K 18,276 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
PresentationFontCache.exe 968 11,632 K 7,668 K PresentationFontCache.exe Microsoft Corporation
winlogon.exe 644 6,608 K 4,228 K Windows NT Logon Application Microsoft Corporation
wuauclt.exe 3824 6,500 K 6,900 K Windows Update Microsoft Corporation
svchost.exe 1796 6,068 K 7,160 K Generic Host Process for Win32 Services Microsoft Corporation
wmpnetwk.exe 604 5,848 K 8,408 K Windows Media Player Network Sharing Service Microsoft Corporation
spoolsv.exe 1504 3,920 K 6,100 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1832 3,704 K 5,076 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 192 3,684 K 6,744 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1000 3,200 K 5,248 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 880 3,128 K 5,800 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1332 3,080 K 4,540 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 380 2,832 K 3,948 K Generic Host Process for Win32 Services Microsoft Corporation
msiexec.exe 1440 2,828 K 6,436 K Windows® installer Microsoft Corporation
svchost.exe 1868 2,620 K 4,604 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1200 2,588 K 3,736 K Generic Host Process for Win32 Services Microsoft Corporation
ehrecvr.exe 1976 2,568 K 4,888 K Media Center Receiver Service Microsoft Corporation
wmiprvse.exe 3312 2,460 K 5,016 K WMI Microsoft Corporation
lsass.exe 700 2,400 K 1,460 K LSA Shell (Export Version) Microsoft Corporation
dllhost.exe 3740 2,304 K 6,352 K COM Surrogate Microsoft Corporation
svchost.exe 584 2,296 K 3,408 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1040 2,296 K 3,392 K Generic Host Process for Win32 Services Microsoft Corporation
RMSvc.exe 1360 2,296 K 4,560 K MCRD RM Service Microsoft Corporation
services.exe 688 1,796 K 3,512 K Services and Controller app Microsoft Corporation
csrss.exe 616 1,744 K 4,308 K Client Server Runtime Process Microsoft Corporation
alg.exe 4084 1,208 K 3,672 K Application Layer Gateway Service Microsoft Corporation
McrdSvc.exe 244 792 K 2,764 K MCRD Device Service Microsoft Corporation
ehSched.exe 1992 772 K 2,872 K Media Center Scheduler Service Microsoft Corporation
wscntfy.exe 3892 504 K 2,044 K Windows Security Center Notification App Microsoft Corporation
smss.exe 568 172 K 432 K Windows NT Session Manager Microsoft Corporation
System Idle Process 0 99.22 0 K 28 K
System 4 0 K 252 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
  • 0

#9
RKinner
Posted 04 August 2011 - 07:46 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If the Fix button (not the FixMBR button) was enabled then run it again and press the Fix button. You can speed up the scan by changing the box after AV Scan to none before hitting the Scan button. Post the new log after the scan.
  • 0

#10
pepoB
Posted 04 August 2011 - 02:50 PM

pepoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I ran aswMBR as you said but after the fix completed the PC froze up so I had to reboot the Computer.
Sorry about that. :)
and this log is from the a second aswMBR scan and the FIX button is no longer enabled.



aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-04 08:26:20
-----------------------------
08:26:20.171 OS Version: Windows 5.1.2600 Service Pack 3
08:26:20.171 Number of processors: 2 586 0x403
08:26:20.171 ComputerName: MOCERI UserName: Admin
08:26:20.859 Initialize success
08:26:51.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
08:26:51.859 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
08:26:51.859 Device \Driver\atapi -> DriverStartIo 8711e176
08:26:53.859 Disk 0 MBR read successfully
08:26:53.859 Disk 0 MBR scan
08:26:53.859 Disk 0 Windows XP default MBR code found via API
08:26:53.859 Disk 0 unknown MBR code
08:26:53.859 Disk 0 MBR hidden
08:26:53.859 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
08:26:53.875 Disk 0 trace - called modules:
08:26:53.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8711e32b]<<
08:26:53.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87189ab8]
08:26:53.875 3 CLASSPNP.SYS[f75d2fd7] -> nt!IofCallDriver -> [0x871cc378]
08:26:53.890 \Driver\atapi[0x871a3310] -> IRP_MJ_CREATE -> 0x8711e32b
08:26:53.890 Scan finished successfully
08:27:08.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
08:27:08.343 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-04 16:38:45
-----------------------------
16:38:45.359 OS Version: Windows 5.1.2600 Service Pack 3
16:38:45.359 Number of processors: 2 586 0x403
16:38:45.359 ComputerName: MOCERI UserName: Admin
16:38:51.796 Initialize success
16:39:06.265 AVAST engine defs: 11080400
16:39:14.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
16:39:14.234 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
16:39:16.234 Disk 0 MBR read successfully
16:39:16.234 Disk 0 MBR scan
16:39:16.265 Disk 0 Windows XP default MBR code
16:39:16.265 Disk 0 scanning sectors +156232125
16:39:16.343 Disk 0 scanning C:\WINDOWS\system32\drivers
16:39:30.203 Service scanning
16:39:31.484 Modules scanning
16:39:36.671 Disk 0 trace - called modules:
16:39:36.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:39:36.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871d5ab8]
16:39:36.703 3 CLASSPNP.SYS[f75d2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x87163b00]
16:39:36.703 Scan finished successfully
16:39:48.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
16:39:48.781 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"

Edited by pepoB, 04 August 2011 - 02:53 PM.

  • 0

Advertisements

#11
RKinner
Posted 04 August 2011 - 03:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
aswMBR just tacks the new log at the end of the old one so no problem. It appears that it did what it is supposed to do. It no longer complains:

"08:26:53.859 Disk 0 Windows XP default MBR code found via API
08:26:53.859 Disk 0 unknown MBR code
08:26:53.859 Disk 0 MBR hidden
08:26:53.859 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
08:26:53.875 Disk 0 trace - called modules:
08:26:53.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8711e32b]<<
08:26:53.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87189ab8]"

is now:
"16:39:16.265 Disk 0 Windows XP default MBR code
16:39:16.265 Disk 0 scanning sectors +156232125
16:39:16.343 Disk 0 scanning C:\WINDOWS\system32\drivers
16:39:30.203 Service scanning" which is what we want to see.

How is it running now?

Ron
  • 0

#12
pepoB
Posted 04 August 2011 - 04:15 PM

pepoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
The start menu and taskbar still require a few minutes after booting before they can be used but after that it seem to be running very good.
I checked Task manager and the svchost.exe is not going crazy like it was before. :)
  • 0

#13
RKinner
Posted 04 August 2011 - 04:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
With Avast there is a short delay for a rootkit check at boot. You can turn it off and see if that helps much. Sort of doubt it. Click on the Avast Ball then on Settings. Then on Troubleshooting. Uncheck the top box which says Enable Rootkit Scan on System Startup. OK. While you are in Settings go to Sounds and uncheck Automatic Update. (It will still update you just won't hear about it every time it happens.)

Your soluto program has its tentacles in everywhere so it's a possibility. Not exactly sure what it does for you but I'd try uninstalling it and see if it makes a difference.

Also let's run Vino Event Viewer and see if we are getting errors.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#14
pepoB
Posted 04 August 2011 - 04:58 PM

pepoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 04/08/2011 6:57:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/08/2011 6:50:38 PM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service hung on starting.

Log: 'System' Date/Time: 04/08/2011 6:27:45 PM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service hung on starting.

Log: 'System' Date/Time: 04/08/2011 6:04:11 PM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service hung on starting.

Log: 'System' Date/Time: 04/08/2011 4:38:32 PM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service hung on starting.

Log: 'System' Date/Time: 04/08/2011 4:19:35 PM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service hung on starting.

Log: 'System' Date/Time: 04/08/2011 8:10:01 AM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service hung on starting.

Log: 'System' Date/Time: 03/08/2011 10:31:50 PM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service hung on starting.

Log: 'System' Date/Time: 03/08/2011 10:27:57 PM
Type: error Category: 0
Event: 11 Source: PlugPlayManager
The device Root\LEGACY_HITMANPRO35\0000 disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 03/08/2011 10:24:49 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 03/08/2011 10:19:13 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 03/08/2011 10:19:13 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.

Log: 'System' Date/Time: 03/08/2011 10:19:10 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 03/08/2011 10:19:10 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 03/08/2011 10:19:10 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 03/08/2011 10:19:10 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Media Center Extender Resource Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 03/08/2011 10:19:10 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 03/08/2011 10:19:10 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 03/08/2011 10:19:10 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Print Spooler service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 03/08/2011 10:19:10 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 03/08/2011 10:18:44 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/08/2011 4:20:19 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 03/08/2011 8:00:46 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 03/08/2011 7:33:12 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/08/2011 11:46:40 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/08/2011 7:52:43 AM
Type: warning Category: 0
Event: 20 Source: Print
Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Log: 'System' Date/Time: 02/08/2011 7:52:31 AM
Type: warning Category: 0
Event: 20 Source: Print
Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Log: 'System' Date/Time: 01/08/2011 10:30:08 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 01/08/2011 10:20:23 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 29/07/2011 8:49:59 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 26/07/2011 12:15:00 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00123FB4447B. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 25/07/2011 2:18:31 PM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to power off MOCERI failed

Log: 'System' Date/Time: 24/07/2011 11:25:59 PM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to power off MOCERI failed

Log: 'System' Date/Time: 24/07/2011 10:22:22 PM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to power off MOCERI failed

Log: 'System' Date/Time: 23/07/2011 10:28:18 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\BASEMENT on the network \Device\NetBT_Tcpip_{0983A4D5-8DD8-4F77-8D04-70DC053714C0}. The data is the error code.

Log: 'System' Date/Time: 22/07/2011 3:05:57 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 21/07/2011 9:49:42 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00123FB4447B. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 19/07/2011 12:06:09 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 18/07/2011 10:40:59 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\BASEMENT on the network \Device\NetBT_Tcpip_{0983A4D5-8DD8-4F77-8D04-70DC053714C0}. The data is the error code.

Log: 'System' Date/Time: 18/07/2011 10:25:37 PM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to power off MOCERI failed

Log: 'System' Date/Time: 18/07/2011 10:25:19 PM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to power off MOCERI failed
  • 0

#15
pepoB
Posted 04 August 2011 - 05:06 PM

pepoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 04/08/2011 7:06:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/08/2011 10:57:48 PM
Type: error Category: 0
Event: 4099 Source: WmiAdapter
Open of service failed.

Log: 'Application' Date/Time: 01/08/2011 9:52:06 PM
Type: error Category: 0
Event: 0 Source: AntiSpywareService
The event description cannot be found.

Log: 'Application' Date/Time: 01/08/2011 9:44:17 PM
Type: error Category: 0
Event: 0 Source: AntiSpywareService
The event description cannot be found.

Log: 'Application' Date/Time: 01/08/2011 9:37:57 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 01/08/2011 9:37:57 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 01/08/2011 9:23:02 PM
Type: error Category: 0
Event: 0 Source: AntiSpywareService
The event description cannot be found.

Log: 'Application' Date/Time: 01/08/2011 9:11:42 PM
Type: error Category: 0
Event: 0 Source: AntiSpywareService
The event description cannot be found.

Log: 'Application' Date/Time: 27/07/2011 8:26:53 PM
Type: error Category: 0
Event: 11704 Source: MsiInstaller
Product: Microsoft Office File Validation Add-In -- Error 1704. An installation for Bing Bar Platform is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Log: 'Application' Date/Time: 27/07/2011 7:12:03 PM
Type: error Category: 0
Event: 36866 Source: Media Center Extender Services
ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Log: 'Application' Date/Time: 27/07/2011 11:20:25 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application hpqtra08.exe, version 100.0.170.0, faulting module hpqcpta.dll, version 10.0.0.202, fault address 0x000109b3.

Log: 'Application' Date/Time: 27/07/2011 11:15:30 AM
Type: error Category: 0
Event: 36866 Source: Media Center Extender Services
ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Log: 'Application' Date/Time: 26/07/2011 8:56:49 PM
Type: error Category: 0
Event: 36866 Source: Media Center Extender Services
ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Log: 'Application' Date/Time: 26/07/2011 12:15:04 PM
Type: error Category: 0
Event: 36866 Source: Media Center Extender Services
ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Log: 'Application' Date/Time: 25/07/2011 6:59:01 PM
Type: error Category: 0
Event: 36866 Source: Media Center Extender Services
ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Log: 'Application' Date/Time: 25/07/2011 4:55:54 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application hpqtra08.exe, version 100.0.170.0, faulting module hpqcpta.dll, version 10.0.0.202, fault address 0x000109b3.

Log: 'Application' Date/Time: 25/07/2011 1:09:02 PM
Type: error Category: 0
Event: 36866 Source: Media Center Extender Services
ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Log: 'Application' Date/Time: 24/07/2011 8:09:29 PM
Type: error Category: 0
Event: 36866 Source: Media Center Extender Services
ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Log: 'Application' Date/Time: 22/07/2011 3:04:21 PM
Type: error Category: 0
Event: 36866 Source: Media Center Extender Services
ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Log: 'Application' Date/Time: 21/07/2011 9:49:42 PM
Type: error Category: 0
Event: 36866 Source: Media Center Extender Services
ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Log: 'Application' Date/Time: 21/07/2011 1:36:22 PM
Type: error Category: 0
Event: 36866 Source: Media Center Extender Services
ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/08/2011 6:38:05 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel.activation already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 04/08/2011 6:38:05 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.runtime.serialization already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 04/08/2011 6:38:05 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 04/08/2011 6:38:04 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly. If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Log: 'Application' Date/Time: 04/08/2011 6:36:47 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 03/08/2011 12:09:23 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user MOCERI\Admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 02/08/2011 11:20:24 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user MOCERI\Admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 02/08/2011 11:20:22 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 02/08/2011 10:34:17 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'ProductNonBootFiles' failed during request for component '{DCD40BF8-8035-473D-992B-F2B1517F9A5C}'

Log: 'Application' Date/Time: 02/08/2011 10:34:17 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'ProductNonBootFiles', component '{DCD40BF8-8035-473D-992B-F2B1517F9A5C}' failed. The resource 'C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\DATA.BAK' does not exist.

Log: 'Application' Date/Time: 02/08/2011 10:34:17 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{90190409-6000-11D3-8CFE-0050048383C9}', feature 'ProductNonBootFiles', component '{DCD40BF8-8035-473D-992B-F2B1517F9A5C}' failed. The resource 'C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\DATA.BAK' does not exist.

Log: 'Application' Date/Time: 02/08/2011 10:34:17 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'ProductNonBootFiles', component '{DCD40BF8-8035-473D-992B-F2B1517F9A5C}' failed. The resource 'C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\DATA.BAK' does not exist.

Log: 'Application' Date/Time: 02/08/2011 7:53:41 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
HTTP namespace reservations are not installed.

Log: 'Application' Date/Time: 02/08/2011 7:53:35 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
HttpModules node ServiceModel does not exist in System.Web section group.

Log: 'Application' Date/Time: 02/08/2011 7:53:35 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
HttpHandlers node *.svc does not exist in System.Web section group.

Log: 'Application' Date/Time: 02/08/2011 7:53:35 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
All compilation assembly nodes do not exist in System.Web section group.

Log: 'Application' Date/Time: 02/08/2011 7:53:35 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
A configuration entry for BuildProvider System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 does not exist.

Log: 'Application' Date/Time: 02/08/2011 7:53:32 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly. If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Log: 'Application' Date/Time: 02/08/2011 7:51:36 AM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 01/08/2011 9:11:22 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'OUTLOOKNonBootFiles' failed during request for component '{72C23EF9-E5CF-11D1-A17F-00A0C90AB50F}'
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP