BankerFoxA, OTL Results

View previous topic View next topic Go down

BankerFoxA, OTL Results

Post by dsw on 21st January 2010, 10:03 pm

Yet another BankerFoxA issue. Tried installing Norton Internet Security, then tried using Norton Recovery Tool to install, then tried using Hijack This, but nȯne worked.

Here are my results from OTL, running in safe mode with networking, the only way I could run. Any help would be greatly appreciated.

Thank you.

OTL logfile created on: 1/21/2010 4:42:21 PM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 664.00 Mb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 123.77 Gb Free Space | 86.53% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 0.99 Gb Free Space | 16.58% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/21 16:42:15 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Desktop\OTL.exe
PRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004/08/04 07:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/01/21 16:42:15 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Desktop\OTL.exe
MOD - [2009/11/21 11:36:13 | 00,470,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2004/08/04 13:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 07:00:00 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2009/11/20 14:39:12 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/10/16 14:56:53 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/03/28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/10/10 14:42:32 | 00,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Stopped] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2004/10/22 12:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/14 01:03:54 | 00,327,680 | ---- | M] (Apple Computer, Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2004/07/15 10:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2007/03/28 17:41:26 | 00,266,552 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/03/28 17:41:24 | 00,018,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/03/28 17:41:20 | 00,037,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/03/28 17:41:18 | 00,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/03/28 17:41:14 | 00,171,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/03/28 17:41:12 | 00,011,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/12/12 11:28:26 | 00,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/15 21:52:12 | 00,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/03 09:53:54 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2005/04/20 11:00:56 | 02,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 11:42:16 | 00,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 11:08:44 | 00,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/03/09 16:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/26 11:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/19 19:21:56 | 00,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/14 23:38:26 | 00,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/08/04 07:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 01:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/29 12:07:18 | 01,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 20:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 17:28:56 | 00,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 16:43:50 | 00,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 18:07:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 18:07:30 | 00,000,000 | ---D | M]

[2009/10/15 06:19:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2004/08/04 13:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [bqmcqvsu] C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kcttdp\tdqqsysguard.exe ()
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe (OLYMPUS IMAGING CORP.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} [You must be registered and logged in to see this link.] (LEAD Main Control (13.0))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.37.23 205.152.144.23
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/26 23:53:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/21 16:42:10 | 00,547,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Desktop\OTL.exe
[2010/01/21 16:32:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Application Data\Macromedia
[2010/01/21 16:32:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Application Data\Adobe
[2010/01/20 18:24:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/20 18:23:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/20 18:23:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/20 18:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/20 09:18:34 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Application Data\Microsoft
[2010/01/20 09:18:34 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Application Data
[2010/01/20 09:18:34 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Favorites
[2010/01/20 09:18:34 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Cookies
[2010/01/20 09:18:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Local Settings
[2010/01/20 09:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Application Data\Symantec
[2010/01/20 09:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Application Data\SampleView
[2010/01/20 09:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Application Data\Real
[2010/01/20 09:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Local Settings\Application Data\Microsoft
[2010/01/20 09:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Application Data\InterMute
[2010/01/20 09:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Application Data\Identities
[2010/01/20 09:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Local Settings\Application Data\Google
[2010/01/20 09:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Desktop
[2010/01/20 09:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Local Settings\Application Data\ApplicationHistory
[2010/01/20 09:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Local Settings\Application Data\Apple Computer
[2010/01/20 09:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Application Data\Apple Computer
[2010/01/20 09:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2010/01/20 09:18:33 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\SendTo
[2010/01/20 09:18:33 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Recent
[2010/01/20 09:18:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Start Menu
[2010/01/20 09:18:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\My Documents\My Videos
[2010/01/20 09:18:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\My Documents\My Pictures
[2010/01/20 09:18:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\My Documents\My Music
[2010/01/20 09:18:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\My Documents
[2010/01/20 09:18:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Templates
[2010/01/20 09:18:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\PrintHood
[2010/01/20 09:18:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\NetHood
[2010/01/20 09:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\WINDOWS
[2010/01/07 10:45:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/07 10:32:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/01/07 10:07:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/01/06 18:36:57 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/06 18:36:13 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/06 18:36:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/05 17:35:17 | 06,067,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/05 17:35:17 | 02,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/01/05 17:35:17 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/01/05 17:35:17 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/05 17:35:17 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/01/05 17:35:17 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/05 17:35:17 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/01/05 17:35:17 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/05 17:35:17 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/01/05 17:35:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/12/24 16:39:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2006/05/08 15:15:07 | 02,115,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB917425-x86-ENU.exe
[2006/05/08 15:14:25 | 01,577,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\NDP1.1sp1-KB886903-X86.exe
[2006/05/08 15:13:57 | 10,703,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\NDP1.1sp1-KB867460-X86.exe
[2006/05/08 15:12:16 | 24,265,736 | ---- | C] (Microsoft) -- C:\Program Files\dotnetfx.exe
[2006/03/29 15:28:01 | 11,817,800 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\GoogleEarth.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/21 16:42:15 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Desktop\OTL.exe
[2010/01/21 16:39:25 | 01,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\NTUSER.DAT
[2010/01/21 16:38:38 | 01,401,344 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Desktop\HijackThis.msi
[2010/01/21 16:30:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/21 16:29:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/21 16:26:17 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\ntuser.ini
[2010/01/18 13:49:30 | 00,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/01/17 20:35:01 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/17 13:44:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/07 10:44:50 | 00,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/07 10:03:07 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/12/24 16:38:03 | 00,001,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/21 16:38:15 | 01,401,344 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Desktop\HijackThis.msi
[2010/01/20 09:18:37 | 00,001,132 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\Desktop\Help and Support.lnk
[2010/01/20 09:18:33 | 01,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\NTUSER.DAT
[2010/01/20 09:18:33 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator.YOUR-F78BF48CE2.000\ntuser.ini
[2009/12/24 16:38:03 | 00,001,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2009/11/15 14:26:45 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/11/15 14:26:13 | 00,000,226 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/11/15 14:26:13 | 00,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/11/15 14:25:31 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/11/15 14:25:31 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/11/15 14:25:16 | 00,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/11/15 14:25:14 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/10/27 17:06:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2006/12/15 11:00:32 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DSSPLAY.INI
[2006/09/15 15:22:18 | 00,000,734 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/05 18:02:44 | 00,003,120 | ---- | C] () -- C:\WINDOWS\JDOI.ini
[2006/05/08 15:05:00 | 00,424,360 | ---- | C] () -- C:\Program Files\wavepadsetup.exe
[2006/04/13 16:38:20 | 00,729,576 | ---- | C] () -- C:\Program Files\iVocalize4Setup.exe
[2006/04/07 08:53:25 | 05,846,632 | ---- | C] () -- C:\Program Files\winzip100.exe
[2006/04/05 17:19:33 | 02,855,080 | ---- | C] () -- C:\Program Files\aawsepersonal.exe
[2006/04/04 19:12:23 | 00,460,848 | ---- | C] () -- C:\Program Files\ymesetup.exe
[2006/02/02 20:10:34 | 00,000,069 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/01/01 13:21:56 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2005/09/04 16:58:32 | 00,081,920 | ---- | C] () -- C:\WINDOWS\asr32311.dll
[2005/09/04 16:58:32 | 00,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2005/08/26 15:53:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2005/08/26 15:34:15 | 00,000,079 | ---- | C] () -- C:\WINDOWS\srlink.ini
[2005/08/09 19:41:05 | 00,002,638 | ---- | C] () -- C:\WINDOWS\InstText.ini
[2005/06/10 12:19:25 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/10 12:16:55 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/06/10 12:16:55 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/06/10 12:16:55 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/06/10 12:16:55 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/06/10 12:16:55 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/06/10 12:16:55 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/06/10 11:47:25 | 00,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/06/10 11:47:19 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/06/10 11:46:59 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/06/10 11:44:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/10 11:29:45 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/10 11:23:23 | 00,094,143 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/06/10 11:23:23 | 00,083,779 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/06/10 11:13:10 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/06/10 11:11:19 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/06/10 11:11:19 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/06/10 11:10:59 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 12:56:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/20 00:45:40 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/20 00:45:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 07:00:00 | 00,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 07:00:00 | 00,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 07:00:00 | 00,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 07:00:00 | 00,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 07:00:00 | 00,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/04 07:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/06/15 23:38:00 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 00:04:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 00:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

dsw
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-01-20
OS OS : Windows XP Home
Points Points : 25188
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFoxA, OTL Results

Post by Belahzur on 21st January 2010, 11:19 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [bqmcqvsu] C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kcttdp\tdqqsysguard.exe ()
    O32 - AutoRun File - [2004/04/30 23:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFoxA, OTL Results

Post by dsw on 22nd January 2010, 8:06 pm

Thank you very much. We are good to go. I appreciate your help.

dsw
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-01-20
OS OS : Windows XP Home
Points Points : 25188
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFoxA, OTL Results

Post by Belahzur on 22nd January 2010, 9:25 pm

Please post the OTL log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum