GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

OTL.txt log first part

View previous topic View next topic Go down

OTL.txt log first part

Post by gordonh55 on Tue Aug 31, 2010 9:33 am

OTL logfile created on: 31/08/2010 10:07:14 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Usr1\My Documents\My Received Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 468.00 Mb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 218.40 Gb Free Space | 93.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC1
Current User Name: Usr1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/31 10:05:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Usr1\My Documents\My Received Files\OTL.com
PRC - [2010/08/02 19:29:44 | 000,165,376 | ---- | M] (ApexDC++ Development Team) -- C:\Documents and Settings\Usr1\Local Settings\Temp\Sbd.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/09/30 16:45:00 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 16:43:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/07/03 10:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/03 19:37:36 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/02/19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2007/10/11 19:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe


========== Modules (SafeList) ==========

MOD - [2010/08/31 10:05:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Usr1\My Documents\My Received Files\OTL.com
MOD - [2008/04/14 04:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 09:12:02 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - [2009/01/22 19:12:43 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2008/10/07 14:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/17 15:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/16 12:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/08/15 17:08:24 | 000,196,608 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2006/07/11 19:38:30 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 19:38:28 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/19 04:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 C5 37 E4 E5 1F CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2003/07/07 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [BSK91O3T6D] C:\Documents and Settings\Usr1\Local Settings\Temp\Sbd.exe (ApexDC++ Development Team)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\WINDOWS\System32\rundll32.exe C:\Program Files\NOS\bin\getPlus_Helper_3004.dll,Uninstall File not found
O4 - Startup: C:\Documents and Settings\Usr1\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} [You must be registered and logged in to see this link.] (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.162.128,93.188.161.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.128,93.188.161.218
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Usr1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Usr1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/10 11:17:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

gordonh55
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-08-03
OS : xp

View user profile

Back to top Go down

OTL.txt 2nd part

Post by gordonh55 on Tue Aug 31, 2010 9:35 am

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (72071204789288960)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/31 10:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/08/31 10:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/08/31 09:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/08/28 10:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/28 10:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/08/05 10:20:04 | 000,208,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvunrm.exe
[2010/08/05 10:20:04 | 000,110,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvtcp.sys
[2010/08/05 10:19:46 | 000,303,104 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrstr.dll
[2010/08/05 10:19:46 | 000,294,912 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrssv.dll
[2010/08/05 10:19:46 | 000,290,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsth.dll
[2010/08/05 10:19:46 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
[2010/08/05 10:19:46 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
[2010/08/05 10:19:46 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
[2010/08/05 10:19:46 | 000,225,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
[2010/08/05 10:19:46 | 000,167,936 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrszht.dll
[2010/08/05 10:19:46 | 000,163,840 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrszhc.dll
[2010/08/05 10:19:46 | 000,122,880 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
[2010/08/05 10:19:45 | 000,323,584 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrspt.dll
[2010/08/05 10:19:45 | 000,319,488 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsptb.dll
[2010/08/05 10:19:45 | 000,319,488 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsnl.dll
[2010/08/05 10:19:45 | 000,315,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsru.dll
[2010/08/05 10:19:45 | 000,303,104 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrssl.dll
[2010/08/05 10:19:45 | 000,299,008 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrssk.dll
[2010/08/05 10:19:45 | 000,299,008 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsno.dll
[2010/08/05 10:19:45 | 000,294,912 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrspl.dll
[2010/08/05 10:19:45 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
[2010/08/05 10:19:45 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
[2010/08/05 10:19:45 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
[2010/08/05 10:19:45 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
[2010/08/05 10:19:45 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
[2010/08/05 10:19:45 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
[2010/08/05 10:19:45 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
[2010/08/05 10:19:45 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
[2010/08/05 10:19:45 | 000,196,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsko.dll
[2010/08/05 10:19:44 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrses.dll
[2010/08/05 10:19:44 | 000,331,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
[2010/08/05 10:19:44 | 000,327,680 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsfr.dll
[2010/08/05 10:19:44 | 000,327,680 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsesm.dll
[2010/08/05 10:19:44 | 000,323,584 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsit.dll
[2010/08/05 10:19:44 | 000,315,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrshu.dll
[2010/08/05 10:19:44 | 000,303,104 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsfi.dll
[2010/08/05 10:19:44 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrseng.dll
[2010/08/05 10:19:44 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
[2010/08/05 10:19:44 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
[2010/08/05 10:19:44 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrshe.dll
[2010/08/05 10:19:44 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
[2010/08/05 10:19:44 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
[2010/08/05 10:19:44 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
[2010/08/05 10:19:44 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
[2010/08/05 10:19:44 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
[2010/08/05 10:19:44 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
[2010/08/05 10:19:44 | 000,212,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsja.dll
[2010/08/05 10:19:43 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsel.dll
[2010/08/05 10:19:43 | 000,331,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
[2010/08/05 10:19:43 | 000,311,296 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsde.dll
[2010/08/05 10:19:43 | 000,294,912 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsda.dll
[2010/08/05 10:19:43 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrscs.dll
[2010/08/05 10:19:43 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsar.dll
[2010/08/05 10:19:43 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
[2010/08/05 10:19:43 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
[2010/08/05 10:19:43 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
[2010/08/05 10:19:43 | 000,245,760 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
[2010/08/05 10:19:43 | 000,245,760 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
[2010/08/05 10:19:42 | 001,108,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpluir.dll
[2010/08/05 10:19:42 | 000,797,216 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcplui.exe
[2010/08/05 10:19:42 | 000,420,384 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.cpl
[2010/08/05 10:19:42 | 000,045,056 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccsrs.dll
[2010/08/05 10:19:41 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvuninst.exe
[2010/08/05 10:19:41 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2010/08/05 10:19:41 | 000,143,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2010/08/05 10:19:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/08/04 11:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/04 11:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/04 09:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usr1\My Documents\My Albums
[2010/08/04 09:40:36 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2010/08/04 09:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/04 09:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/08/04 09:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usr1\Local Settings\Application Data\ArcSoft
[2010/08/04 09:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usr1\Application Data\ArcSoft
[2010/08/04 09:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/08/04 09:22:44 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys
[2010/08/04 09:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/08/04 09:21:21 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2010/08/04 09:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/08/03 16:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/03 16:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/03 16:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/08/03 16:50:05 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/03 16:50:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/03 16:50:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/03 16:50:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/03 16:50:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/03 10:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/03 10:33:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview(2)
[2010/08/03 09:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/03 09:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/02 19:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/02 19:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/02 19:29:46 | 000,180,224 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Ssumaa.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/31 09:54:19 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Usr1\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/31 09:53:00 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/31 09:52:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/31 09:51:21 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/31 09:50:51 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\da2dd8df.job
[2010/08/31 09:50:47 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/31 09:50:45 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\Bajryn.job
[2010/08/31 09:50:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/31 09:50:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/31 09:50:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/31 09:50:37 | 938,790,912 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/31 09:49:36 | 003,960,832 | ---- | M] () -- C:\Documents and Settings\Usr1\ntuser.dat
[2010/08/31 09:49:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Usr1\ntuser.ini
[2010/08/31 09:49:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/31 09:29:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1085031214-1417001333-1003UA.job
[2010/08/30 15:29:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1085031214-1417001333-1003Core.job
[2010/08/28 10:39:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/04 09:40:36 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Video Impression 2.lnk
[2010/08/04 09:38:05 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2010/08/04 09:22:44 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Photo Impression 5.lnk
[2010/08/03 17:59:42 | 000,028,232 | ---- | M] () -- C:\Documents and Settings\Usr1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/03 17:32:44 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/03 16:49:53 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/03 16:49:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/03 16:49:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/03 16:49:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/03 16:49:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/02 19:29:50 | 000,075,776 | RHS- | M] () -- C:\WINDOWS\System32\msutbz.dll
[2010/08/02 19:29:41 | 000,180,224 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Ssumaa.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/31 09:54:19 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Usr1\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/31 09:41:17 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/05 10:27:22 | 938,790,912 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/05 10:20:04 | 000,003,903 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2010/08/05 10:19:46 | 000,200,819 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/05 10:19:42 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/08/05 10:19:42 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/08/05 10:19:42 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/08/05 10:19:42 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/08/05 10:19:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/08/05 10:19:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2010/08/05 10:19:41 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/08/05 10:19:41 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/08/05 10:19:41 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/08/05 10:19:41 | 000,018,477 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/08/04 09:40:36 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Video Impression 2.lnk
[2010/08/04 09:38:05 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2010/08/04 09:28:11 | 005,795,472 | R--- | C] () -- C:\Documents and Settings\Usr1\Desktop\OPM_OptioE85_EN.pdf
[2010/08/04 09:22:44 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Impression 5.lnk
[2010/08/03 09:50:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/03 09:38:01 | 003,960,832 | ---- | C] () -- C:\Documents and Settings\Usr1\ntuser.dat
[2010/08/02 19:29:50 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\msutbz.dll
[2010/08/02 19:29:50 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\Bajryn.job
[2010/08/02 19:29:47 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/02 19:29:42 | 000,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/02 19:29:38 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\da2dd8df.job
[2010/05/27 15:31:57 | 000,000,003 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2009/09/08 14:54:51 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Usr1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 15:05:09 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Usr1\Application Data\burnaware.ini
[2009/06/22 16:49:34 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/06/22 16:49:32 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2009/06/22 15:54:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ptql5f.dll
[2009/06/22 15:49:37 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/22 15:49:37 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/22 15:47:25 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/10 11:55:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/01/14 13:21:13 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/13 01:00:00 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Usr1\Application Data\da2dd8df.exe
[2004/11/18 09:16:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll
[2004/10/11 01:00:00 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll
[1998/03/22 13:50:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/08/02 19:29:50 | 000,075,776 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\msutbz.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/08/31 09:50:45 | 000,000,308 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\Bajryn.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/10 11:54:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/10 11:54:12 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/10 11:54:12 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2003/07/07 11:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/07/07 11:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2003/07/07 11:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2003/07/07 11:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/13 21:20:56 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2003/07/07 11:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2003/07/07 11:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2003/07/07 11:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2003/07/07 11:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2003/07/07 11:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/13 21:19:40 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/13 21:19:44 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/13 21:19:40 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/13 21:19:44 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/13 21:19:42 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 23:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 12:04:16 | 001,860,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

gordonh55
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-08-03
OS : xp

View user profile

Back to top Go down

OTL.txt 3rd part

Post by gordonh55 on Tue Aug 31, 2010 9:40 am

color=#A23BEC]< %systemroot%\system32\drivers\*.dll >[/color]

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/04/10 11:17:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/10 11:13:19 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/04/10 11:17:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/26 02:50:08 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\devcon.exe
[2009/01/03 15:57:02 | 000,291,071 | ---- | M] () -- C:\DPsFnshr.exe
[2009/01/22 19:13:46 | 000,000,630 | ---- | M] () -- C:\DPsFnshr.ini
[2007/04/07 19:52:09 | 000,000,420 | ---- | M] () -- C:\DriverPack_CPU_wnt5_x86-32.ini
[2008/12/28 19:20:48 | 000,003,535 | ---- | M] () -- C:\DriverPack_Graphics_A_wnt5_x86-32.ini
[2008/12/28 19:24:52 | 000,005,293 | ---- | M] () -- C:\DriverPack_Graphics_B_wnt5_x86-32.ini
[2008/12/28 19:39:48 | 000,003,512 | ---- | M] () -- C:\DriverPack_Graphics_C_wnt5_x86-32.ini
[2008/12/28 19:46:35 | 000,000,776 | ---- | M] () -- C:\DriverPack_LAN_wnt5_x86-32.ini
[2009/01/07 22:44:38 | 000,112,242 | ---- | M] () -- C:\DriverPack_MassStorage_wnt5_x86-32.ini
[2008/04/01 16:37:53 | 000,004,214 | ---- | M] () -- C:\DriverPack_Sound_A_wnt5_x86-32.ini
[2008/04/12 10:47:12 | 000,003,525 | ---- | M] () -- C:\DriverPack_Sound_B_wnt5_x86-32.ini
[2009/01/03 15:57:05 | 000,249,451 | ---- | M] () -- C:\DSPdsblr.exe
[2010/08/31 09:50:37 | 938,790,912 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 16:36:10 | 000,000,239 | ---- | M] () -- C:\INSTALL.LOG
[2009/06/22 16:08:54 | 000,000,422 | ---- | M] () -- C:\InstallHelper.log
[2009/04/10 11:17:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/31 10:01:43 | 000,006,024 | ---- | M] () -- C:\JavaRa.log
[2008/12/26 02:50:08 | 000,020,992 | ---- | M] () -- C:\makePNF.exe
[2009/04/10 11:17:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/26 02:50:08 | 000,137,728 | ---- | M] () -- C:\mute.exe
[2008/04/13 21:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 23:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/31 09:50:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/01/03 15:57:08 | 000,240,251 | ---- | M] () -- C:\pmtimer.exe
[2010/08/04 10:58:40 | 000,000,158 | ---- | M] () -- C:\twacker.log

gordonh55
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-08-03
OS : xp

View user profile

Back to top Go down

Re: OTL.txt log first part

Post by Belahzur on Wed Sep 01, 2010 12:39 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: OTL.txt log first part

Post by gordonh55 on Wed Sep 01, 2010 10:00 am

ComboFix 10-08-31.02 - Usr1 01/09/2010 10:38:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.895.673 [GMT 1:00]
Running from: c:\documents and settings\Usr1\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\PC Camer@
c:\documents and settings\All Users\Start Menu\Programs\PC Camer@ \Amcap.lnk
c:\documents and settings\All Users\Start Menu\Programs\PC Camer@ \Uninstall.lnk
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\ernel32.dll
c:\windows\system32\MailBee.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

Infected copy of c:\windows\system32\drivers\pci.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-08-31 08:47 . 2010-08-31 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-08-28 09:39 . 2010-08-28 09:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-08-05 10:02 . 2010-08-05 10:02 503808 ----a-w- c:\documents and settings\Usr1\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4a3df986-n\msvcp71.dll
2010-08-05 10:02 . 2010-08-05 10:02 499712 ----a-w- c:\documents and settings\Usr1\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4a3df986-n\jmc.dll
2010-08-05 10:02 . 2010-08-05 10:02 348160 ----a-w- c:\documents and settings\Usr1\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4a3df986-n\msvcr71.dll
2010-08-05 10:02 . 2010-08-05 10:02 61440 ----a-w- c:\documents and settings\Usr1\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-37bcf42e-n\decora-sse.dll
2010-08-05 10:02 . 2010-08-05 10:02 12800 ----a-w- c:\documents and settings\Usr1\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-37bcf42e-n\decora-d3d.dll
2010-08-05 09:20 . 2006-07-11 18:38 110592 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2010-08-05 09:20 . 2006-06-29 12:40 208896 ----a-w- c:\windows\system32\nvunrm.exe
2010-08-04 08:40 . 2005-04-27 15:36 245408 ----a-w- c:\windows\system32\unicows.dll
2010-08-04 08:37 . 2010-08-04 08:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-04 08:25 . 2010-08-04 08:25 -------- d-----w- c:\documents and settings\Usr1\Local Settings\Application Data\ArcSoft
2010-08-04 08:25 . 2010-08-05 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-08-04 08:25 . 2010-08-04 08:40 -------- d-----w- c:\documents and settings\Usr1\Application Data\ArcSoft
2010-08-04 08:22 . 2006-11-10 14:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2010-08-04 08:21 . 2010-08-04 08:40 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-08-04 08:21 . 2010-08-04 08:40 -------- d-----w- c:\program files\ArcSoft
2010-08-04 08:21 . 1995-08-01 03:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-08-03 15:50 . 2010-08-03 15:50 -------- d-----w- c:\program files\Common Files\Java
2010-08-03 15:50 . 2010-08-03 15:50 -------- d-----w- c:\program files\Sun
2010-08-03 15:50 . 2010-08-03 15:49 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-03 09:36 . 2010-08-03 09:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-03 09:33 . 2010-08-03 09:33 -------- d-----w- c:\windows\nview(2)
2010-08-03 08:50 . 2010-08-25 09:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-03 08:50 . 2010-09-01 08:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-02 18:33 . 2010-08-02 18:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-02 18:29 . 2010-08-02 18:29 75776 --sha-r- c:\windows\system32\msutbz.dll
2010-08-02 18:29 . 2010-08-02 18:29 180224 ----a-w- c:\windows\Ssumaa.exe
2010-08-02 18:29 . 2010-08-02 18:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 10:57 . 2009-06-24 10:51 1 ----a-w- c:\documents and settings\Usr1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-31 08:40 . 2009-04-10 10:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-05 09:20 . 2009-06-22 14:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 08:21 . 2009-06-22 14:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 16:59 . 2009-06-22 15:31 28232 ----a-w- c:\documents and settings\Usr1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-03 15:49 . 2009-06-22 15:58 -------- d-----w- c:\program files\Java
2010-08-03 15:31 . 2010-05-26 13:31 -------- d-----w- c:\program files\Brothersoft
2010-06-14 14:31 . 2009-04-10 10:15 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 15:51 . 2010-06-11 15:51 3055600 ----a-w- c:\documents and settings\Usr1\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 15:36 . 2010-06-11 15:36 275952 ----a-w- c:\documents and settings\Usr1\Application Data\Mozilla\plugins\npgoogletalk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Usr1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-23 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\Usr1\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Usr1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [10/04/2009 11:59 196608]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [22/06/2009 16:49 618112]
.
Contents of the 'Scheduled Tasks' folder

2010-09-01 c:\windows\Tasks\da2dd8df.job
- c:\documents and settings\Usr1\Application Data\da2dd8df.exe [2006-09-13 00:00]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1085031214-1417001333-1003Core.job
- c:\documents and settings\Usr1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-23 15:19]

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1085031214-1417001333-1003UA.job
- c:\documents and settings\Usr1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-23 15:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-01 10:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-01 10:56:11
ComboFix-quarantined-files.txt 2010-09-01 09:55

Pre-Run: 234,509,078,528 bytes free
Post-Run: 235,179,008,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8758DFB15F4D4369AEC424FE8AAD35AC

gordonh55
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-08-03
OS : xp

View user profile

Back to top Go down

Re: OTL.txt log first part

Post by Belahzur on Wed Sep 01, 2010 11:42 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: OTL.txt log first part

Post by gordonh55 on Tue Sep 07, 2010 11:08 am

Hi, i have tried the link for the eset scanner and it doesnt work, i have searched for it through google and it comes up with the website, when i place address in adress bar it defaults to bing search and then when i put the address of eset scanner in again it says webpage not available. can you help please ?

gordonh55
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-08-03
OS : xp

View user profile

Back to top Go down

Re: OTL.txt log first part

Post by Belahzur on Tue Sep 07, 2010 1:48 pm

Try Kaspersky online instead. Smile

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: OTL.txt log first part

Post by gordonh55 on Tue Sep 07, 2010 4:18 pm

Hi there i have tried this to but it wont download the latest database and keeps saying to be online to do this when i am online. The Error statement it comes up with is "updater logic error related to download process" any ideas ? thanks

gordonh55
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-08-03
OS : xp

View user profile

Back to top Go down

Re: OTL.txt log first part

Post by Belahzur on Wed Sep 08, 2010 5:14 pm

Okay then, how is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: OTL.txt log first part

Post by gordonh55 on Thu Sep 09, 2010 10:09 am

The machine is still functioning, but still when searching through google and clicking on website links , it is diverting the search to an unasociated site that i dont want, if i copy and paste the site into the address bar it goes to the site no problem

gordonh55
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-08-03
OS : xp

View user profile

Back to top Go down

Re: OTL.txt log first part

Post by Belahzur on Thu Sep 09, 2010 1:18 pm

Are you on a router? your router may have been hijacked, we have been seeing some new malware that is changing router settings from your ISP to different IP's and that's one thing that maybe causing this, cause your Combofix log looks good.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: OTL.txt log first part

Post by gordonh55 on Thu Sep 09, 2010 2:39 pm

Hi there, yes i am on a router

gordonh55
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-08-03
OS : xp

View user profile

Back to top Go down

Re: OTL.txt log first part

Post by Belahzur on Thu Sep 09, 2010 10:22 pm

Can you go into the router via the IP? usually 192.168.1.1 (the last .1 may not be yours though)

Check the IP's there, see if there is any you don't know, some (if not all) of them should trace back to your ISP. Is there any IP under these TWO ranges? 213.109.*.* & 93.188.*.*?

Also, please do the following.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum