BANKERFOX. Please look at my log

View previous topic View next topic Go down

BANKERFOX. Please look at my log

Post by lydlqueenbee on 18th February 2010, 12:00 am

I have looked at your suggestions on other post. I downloaded OTL.exe. Below are my log files. Where do I go from here?

TL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 24.00 Mb Available Physical Memory | 9.00% Memory free
625.00 Mb Paging File | 410.00 Mb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 15.35 Gb Free Space | 41.27% Space Free | Partition Type: NTFS
Drive D: | 14.32 Gb Total Space | 6.34 Gb Free Space | 44.25% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ORNERY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/17 17:14:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/02/14 18:05:05 | 000,278,784 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\bexkte\qqassftav.exe
PRC - [2009/11/28 22:19:22 | 000,108,544 | ---- | M] (iWin Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
PRC - [2009/11/24 13:43:00 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/11/24 13:13:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2009/04/10 23:16:11 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2008/04/13 18:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/13 12:05:06 | 000,128,256 | ---- | M] (Mattel Inc.) -- C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
PRC - [2008/02/19 13:10:32 | 000,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/02/18 11:16:30 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/01/31 23:13:08 | 000,385,024 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/10/18 19:05:26 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/07/26 16:21:24 | 000,053,248 | R--- | M] (General) -- C:\WINDOWS\SYSTEM32\umonit.exe
PRC - [2004/12/17 08:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2004/01/06 13:55:16 | 000,086,016 | ---- | M] (Arcsoft, Inc.) -- C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
PRC - [2003/11/06 01:57:00 | 000,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
PRC - [2003/11/06 01:57:00 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/17 17:14:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 13:43:00 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/11/24 13:13:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/01/07 17:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/02/19 13:10:24 | 000,504,104 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/02/18 11:16:30 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/11/21 15:05:04 | 000,197,896 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2003/11/06 01:57:00 | 000,307,200 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/07/28 10:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/10/30 03:25:55 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2007/10/30 03:25:54 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2007/10/30 03:25:53 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - [2006/10/16 07:47:22 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\FlexiSIGN-PRO 8.1v1\Program\Par1284.sys -- (Par1284)
DRV - [2006/09/19 14:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/07/26 16:21:24 | 000,006,016 | R--- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fixustor.sys -- (fixustor)
DRV - [2006/02/21 18:23:43 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Haspnt.sys -- (Haspnt)
DRV - [2005/09/20 09:00:54 | 001,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/05/01 17:40:35 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/07/14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hardlock.sys -- (Hardlock)
DRV - [2003/08/28 17:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/08/26 16:25:14 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/08/26 16:24:06 | 000,675,840 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/08/26 16:22:34 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/16 14:42:18 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys -- (Ptilink)
DRV - [2003/05/06 08:14:34 | 000,580,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2003/04/15 09:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003/04/15 09:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2003/04/09 12:48:08 | 000,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/03/04 11:56:26 | 000,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel(R)
DRV - [2002/10/20 20:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Ca533av.sys -- (Ca533av) Icatch(IV)
DRV - [2002/07/24 20:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Bulk533.sys -- (USBCamera) Icatch(IV)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/01/08 16:22:42 | 000,074,972 | ---- | M] (Sound Vision Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SvStream.sys -- (DCamUSBSvis)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net?cid=NET_mmhpset"
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0848}:1.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB}:1.0.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/10 23:17:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009/12/20 09:23:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 11:40:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 14:36:21 | 000,000,000 | ---D | M]

[2008/08/31 14:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/16 23:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8fcm5d5p.default\extensions
[2010/02/13 22:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/05 00:35:20 | 000,000,000 | ---D | M] (Celebrity Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}

O1 HOSTS File: ([2006/12/03 16:24:34 | 000,000,732 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll ()
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe (Mattel Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [msxydmhm] C:\Documents and Settings\Owner\Local Settings\Application Data\bexkte\qqassftav.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\SYSTEM32\umonit.exe (General)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [msxydmhm] C:\Documents and Settings\Owner\Local Settings\Application Data\bexkte\qqassftav.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe (iWin Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceCheck = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 94 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [You must be registered and logged in to see this link.] (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} [You must be registered and logged in to see this link.] (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/17 17:14:26 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/14 18:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\bexkte
[2010/02/05 00:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Celebrity Toolbar
[2010/01/29 20:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Fisher-Price
[2010/01/24 15:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jakes 5 th Bday
[2004/05/13 05:50:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/05/13 05:50:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/05/13 05:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/05/13 05:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/17 17:28:04 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/17 17:27:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/17 17:27:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/17 17:25:25 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/17 17:25:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/17 17:14:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/17 17:08:24 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2C8464BE-0C1C-44C5-B3C3-FCED9FB7A38C}.job
[2010/02/11 21:21:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/10 03:13:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/05 00:48:28 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to 101_0694.lnk
[2010/02/05 00:43:58 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to new.lnk
[2010/02/05 00:42:11 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/05 00:28:21 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Randi with makeup.lnk
[2010/02/03 11:38:17 | 000,190,350 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TEAM COUCH SIGN.ai
[2010/02/01 08:40:34 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/29 20:51:48 | 000,001,779 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Digital Arts and Crafts Studio Share or Add Pictures.lnk
[2010/01/22 14:39:28 | 000,165,297 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\20100122143514086.pdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/05 00:48:28 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to 101_0694.lnk
[2010/02/05 00:43:58 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to new.lnk
[2010/02/05 00:28:21 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Randi with makeup.lnk
[2010/02/03 11:38:16 | 000,190,350 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\TEAM COUCH SIGN.ai
[2010/01/29 20:51:48 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Digital Arts and Crafts Studio Share or Add Pictures.lnk
[2010/01/22 14:39:20 | 000,165,297 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\20100122143514086.pdf
[2009/12/17 12:40:46 | 000,000,159 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2009/12/10 14:08:54 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2009/10/21 19:32:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/09/06 17:36:37 | 000,181,760 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/06/01 12:29:09 | 000,000,119 | ---- | C] () -- C:\WINDOWS\GALSWIN.INI
[2008/01/06 20:28:59 | 000,005,553 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2007/01/04 14:22:19 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2006/11/02 13:40:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/02/21 18:23:43 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/01/27 19:49:09 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI5_SETUP.ini
[2005/12/20 23:42:43 | 000,000,899 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/01/15 09:37:13 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/25 09:54:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/07 17:09:07 | 000,001,086 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/12/07 17:09:03 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\dosfnt32.dll
[2004/12/01 12:18:01 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\hpgt21.dll
[2004/11/30 21:51:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/11/22 23:59:34 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/22 16:14:34 | 000,000,231 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/11/21 01:55:54 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/08/10 17:51:26 | 000,000,344 | ---- | C] () -- C:\WINDOWS\KA.INI
[2004/07/12 14:34:48 | 000,001,380 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/06/12 10:04:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Find32.INI
[2004/05/21 09:52:03 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2004/05/21 09:52:03 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2004/05/20 01:13:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/05/20 01:11:01 | 000,001,622 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/05/19 17:39:52 | 000,000,012 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/05/19 01:14:33 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/05/19 01:05:32 | 000,001,736 | ---- | C] () -- C:\WINDOWS\System32\DEVTYPE.INI
[2004/05/19 01:04:08 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2003/02/03 05:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2001/04/23 11:21:38 | 000,020,635 | ---- | C] () -- C:\WINDOWS\Galavent.ini
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/06 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:43E0EC8A
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2836460B
< End of report >

lydlqueenbee
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-17
OS OS : windows xp
Points Points : 24963
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BANKERFOX. Please look at my log

Post by lydlqueenbee on 18th February 2010, 12:01 am

OTL Extras logfile created on: 2/17/2010 5:28:38 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 24.00 Mb Available Physical Memory | 9.00% Memory free
625.00 Mb Paging File | 410.00 Mb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 15.35 Gb Free Space | 41.27% Space Free | Partition Type: NTFS
Drive D: | 14.32 Gb Total Space | 6.34 Gb Free Space | 44.25% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ORNERY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\Program Files\FlexiSIGN-PRO 6.6\Program\App2.exe" = C:\Program Files\FlexiSIGN-PRO 6.6\Program\App2.exe:*:Enabled:Production -- File not found
"C:\Program Files\FlexiSIGN-PRO 7.6v1\Program\App.exe" = C:\Program Files\FlexiSIGN-PRO 7.6v1\Program\App.exe:*:Enabled:Design Software -- File not found
"C:\Program Files\FlexiSIGN-PRO 7.6v1\Program\App2.exe" = C:\Program Files\FlexiSIGN-PRO 7.6v1\Program\App2.exe:*:Enabled:Production -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\FlexiSIGN-PRO 8.1v1\Program\App2.exe" = C:\Program Files\FlexiSIGN-PRO 8.1v1\Program\App2.exe:*:Enabled:Production Manager -- (SA International)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\CompuServe 7.0\wcs2000.exe" = C:\Program Files\CompuServe 7.0\wcs2000.exe:*:Disabled:CompuServe -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__HOLLYWOOD_PETS___is1" = Hollywood Pets v1.3
"{069364A0-8F64-4691-8719-B3CC728BFD6C}" = ArcSoft PhotoImpression 5
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = Sentinel System Driver
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{983338D4-D972-4C58-AA6D-B81445070451}" = The Digital Arts and Crafts Studio
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7FDA25A-A18F-406F-A91A-6139A40550DA}" = FlexiSIGN-PRO 8.1v1
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D00353E1-9A80-11D8-A6E6-0000E24CCC1B}" = Digital Camera
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Bejeweled Deluxe 1.862" = Bejeweled Deluxe 1.862
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Celebrity Toolbar" = Celebrity Toolbar
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"DDR Screensaver 1" = DDR Screensaver 1
"Dogz" = Dogz (remove only)
"EOS Utility" = Canon Utilities EOS Utility
"Feeding Frenzy" = Feeding Frenzy
"FixUstor" = Generic color icon driver
"HangARoo_is1" = HangARoo v2.052
"HOPDKey" = Hooked on Phonics Learn to Read
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"iWinArcade" = iWin Games (remove only)
"LiveReg" = LiveReg (Symantec Corporation)
"Mah Jong Quest III" = Mah Jong Quest III (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Standard Edition
"PHONICS" = Jump Ahead Phonics 2000
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Rainbow Sentinel Driver" = Sentinel System Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sunplus CA533A" = Icatch(IV) Camera Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winnie the Pooh Preschool" = Disney's Winnie the Pooh Preschool
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/14/2010 11:46:45 PM | Computer Name = ORNERY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/14/2010 11:47:18 PM | Computer Name = ORNERY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server returned an invalid or unrecognized response

Error - 2/14/2010 11:47:19 PM | Computer Name = ORNERY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/14/2010 11:47:19 PM | Computer Name = ORNERY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/14/2010 11:47:19 PM | Computer Name = ORNERY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/14/2010 11:47:41 PM | Computer Name = ORNERY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server returned an invalid or unrecognized response

Error - 2/14/2010 11:47:42 PM | Computer Name = ORNERY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/14/2010 11:47:43 PM | Computer Name = ORNERY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/14/2010 11:47:43 PM | Computer Name = ORNERY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/17/2010 1:23:45 AM | Computer Name = ORNERY | Source = ESENT | ID = 623
Description = wuaueng.dll (1976) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 8Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x025403C0 Session-context: 0x00000000 Session-context ThreadId: 0x000007BC

[ System Events ]
Error - 2/17/2010 7:06:12 PM | Computer Name = ORNERY | Source = WMPNetworkSvc | ID = 866317
Description = A new media server was not initialized because the Windows Media Delivery
Engine did not initialize due to error '0x800700b7'. Restart your computer, and
then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows
Media Player if possible.

Error - 2/17/2010 7:27:47 PM | Computer Name = ORNERY | Source = Service Control Manager | ID = 7000
Description = The Icatch(IV) Video Camera Device service failed to start due to
the following error: %%1058

Error - 2/17/2010 7:27:47 PM | Computer Name = ORNERY | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 2/17/2010 7:27:51 PM | Computer Name = ORNERY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/17/2010 7:28:14 PM | Computer Name = ORNERY | Source = WMPNetworkSvc | ID = 866314
Description = A new media server was not initialized because RegisterRunningDevice()
encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc
service.

Error - 2/17/2010 7:28:23 PM | Computer Name = ORNERY | Source = WMPNetworkSvc | ID = 866321
Description = A media delivery engine with ID '0' was not initialized due to error
'0x800700b7' when adding the URL 'http://+:10243/WMPNSSv3/2175498140/'. Restart
your computer, and then restart the WMPNetworkSvc service. If the problem persists,
reinstall Windows Media Player if possible.

Error - 2/17/2010 7:28:23 PM | Computer Name = ORNERY | Source = WMPNetworkSvc | ID = 866317
Description = A new media server was not initialized because the Windows Media Delivery
Engine did not initialize due to error '0x800700b7'. Restart your computer, and
then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows
Media Player if possible.

Error - 2/17/2010 7:29:16 PM | Computer Name = ORNERY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 2/17/2010 7:29:16 PM | Computer Name = ORNERY | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 2/17/2010 7:29:17 PM | Computer Name = ORNERY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}


< End of report >

lydlqueenbee
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-17
OS OS : windows xp
Points Points : 24963
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BANKERFOX. Please look at my log

Post by lydlqueenbee on 18th February 2010, 1:32 am

Does anyone know what I should do next?

lydlqueenbee
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-17
OS OS : windows xp
Points Points : 24963
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BANKERFOX. Please look at my log

Post by Belahzur on 19th February 2010, 12:12 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    PRC - [2010/02/14 18:05:05 | 000,278,784 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\bexkte\qqassftav.exe
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKLM..\Run: [msxydmhm] C:\Documents and Settings\Owner\Local Settings\Application Data\bexkte\qqassftav.exe ()
    O4 - HKCU..\Run: [msxydmhm] C:\Documents and Settings\Owner\Local Settings\Application Data\bexkte\qqassftav.exe ()
    [2010/02/14 18:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\bexkte



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BANKERFOX. Please look at my log

Post by lydlqueenbee on 19th February 2010, 3:31 am

Look like I didn't get very good news. Here is the next log from OTL.
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret <[2010/02/14 18:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\bexkte> in the current context!

OTL by OldTimer - Version 3.1.28.0 log created on 02182010_212525

lydlqueenbee
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-17
OS OS : windows xp
Points Points : 24963
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BANKERFOX. Please look at my log

Post by lydlqueenbee on 19th February 2010, 1:07 pm

btt

lydlqueenbee
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-17
OS OS : windows xp
Points Points : 24963
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BANKERFOX. Please look at my log

Post by Belahzur on 20th February 2010, 12:06 am

Hello.
Did you miss :OTL as the top line? the script didn't run correctly.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BANKERFOX. Please look at my log

Post by lydlqueenbee on 20th February 2010, 12:13 am

Yes I did...thank you I will try again and be back soon.

lydlqueenbee
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-17
OS OS : windows xp
Points Points : 24963
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BANKERFOX. Please look at my log

Post by lydlqueenbee on 20th February 2010, 4:11 am

Thank you so much!!! My computer is cured!!!! Couldn't have done it without you. Donation on the way!!


Last edited by lydlqueenbee on 20th February 2010, 4:12 am; edited 1 time in total (Reason for editing : left out a word)

lydlqueenbee
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-17
OS OS : windows xp
Points Points : 24963
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BANKERFOX. Please look at my log

Post by Belahzur on 20th February 2010, 8:19 pm

Please post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum