mij Posted March 22, 2010 Posted March 22, 2010 I started this in the Vista forum and was redirected here having reported a backdoor virus/trojan that supermalwarebites found and dealt with. Need I do anything else? I have (via the phone and son) installed and ran spybot S&D, supermalwarebites and hijackthis. Also belarc advisor to compare the contents of the two computers that run this proggy. A cheapy Acer runs this program and saves/loads these files to his server in 30 seconds. The slightly better spec machine (I'll call it Onslow)takes 7 or 8 minutes to perform the same function. I have an older machine of his here and that takes 80 seconds to load/save a 170MB file from his server (he is about 15 miles from me by road). Is there a next step? Having run the above I thought it was dealt with? Cheers jim Quote
Match Posted March 22, 2010 Posted March 22, 2010 I think the problem here is that we could play for months and still not resolve the problem !!! My best suggested course of action would be to Back up, and do a clean install of the OS, from a full format of the HDD, then re install the program and hope that things are better. Problem being this could be a registry problem, a Bad sector on the HDD, or a failing HDD, but doubt the last as I think I read somewhere before it's just this one application that is having problems. Quote
mij Posted March 22, 2010 Author Posted March 22, 2010 I think the problem here is that we could play for months and still not resolve the problem !!! My best suggested course of action would be to Back up, and do a clean install of the OS, from a full format of the HDD, then re install the program and hope that things are better. Problem being this could be a registry problem, a Bad sector on the HDD, or a failing HDD, but doubt the last as I think I read somewhere before it's just this one application that is having problems. A re-installation would be the natural thing to do but he says he has already done this so many times before that his licence wont allow another. I am of the opinion that his program on this machine has somehow got corrupted - of course I know nutting...... cheers jim Quote
mij Posted March 23, 2010 Author Posted March 23, 2010 I have just spoken with him about this and got the info on remote access to his 'pooter. He says that because of his problems he has come to the end of his licensed allowances and it would cost him another £600.00 to re-install the whole thing again. He is obviously loathe to do this. Perhaps we can disinfect it in some other way. cheers jim Quote
RandyL Posted March 23, 2010 Posted March 23, 2010 mij I can't understand this. A brand new Windows disk costs less. In addition is he aware that you can only install one copy on one computer without paying more? Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
mij Posted March 23, 2010 Author Posted March 23, 2010 mij I can't understand this. A brand new Windows disk costs less. In addition is he aware that you can only install one copy on one computer without paying more? It's not just windows is it. It's autocad that is the limiting factor. That is needed/part of Autodesk max 2009 or whatever it is. It's his graphics design package that is limited licence. cheers jim Quote
Match Posted March 23, 2010 Posted March 23, 2010 I think he is a little mixed up on the terms of the licence and may find this page interesting ;) Autodesk - Licensing, Registration & Activation - Autodesk Product Activation FAQ especially 7 and 8 Quote
mij Posted March 24, 2010 Author Posted March 24, 2010 I think he is a little mixed up on the terms of the licence and may find this page interesting ;) Autodesk - Licensing, Registration & Activation - Autodesk Product Activation FAQ especially 7 and 8 I'll raise this tomorrow errrr. later on I mean.... cheers jim Quote
RandyL Posted March 24, 2010 Posted March 24, 2010 Oh sorry. I thought you meant Windows not Autodesk. Now I understand. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
ExTS Admin Starbuck Posted March 24, 2010 ExTS Admin Posted March 24, 2010 Hi Jim If you want me to take a look.... a few things for you to do: Step 1 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Step 2 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab:Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 3 Download OTL to your desktop. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in the codebox below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: MBAM scan report Both reports from OTL Thanks. Quote Member of:UNITE
mij Posted March 24, 2010 Author Posted March 24, 2010 Ok will do as I now have the pc here, but I am occupied until tomorrow afternoon. I'll get back asap. Cheers jim Quote
ExTS Admin Starbuck Posted March 25, 2010 ExTS Admin Posted March 25, 2010 No problem Jim Just post the reports when you have them. Now you have the pc there, it'll make life a lot easier. Quote Member of:UNITE
mij Posted March 26, 2010 Author Posted March 26, 2010 No problem Jim Just post the reports when you have them. Now you have the pc there, it'll make life a lot easier. Hmmmm, I now realize I should have brought his cable from computer to router with me. A new one is in the post and will be with me Monday. Ok I hope I can do this then. cheers jim Quote
ExTS Admin Starbuck Posted March 26, 2010 ExTS Admin Posted March 26, 2010 Hi Jim, if this is malware related, the malware will still be there on Monday...... so will i. Just post when you are ready, then the good guys will take on the bad guys. :) Quote Member of:UNITE
mij Posted March 29, 2010 Author Posted March 29, 2010 Hi Jim, if this is malware related, the malware will still be there on Monday...... so will i. Just post when you are ready, then the good guys will take on the bad guys. :) Ok, I have carried out the directions and all went OK - I think. Here are the reports, there is rather a lot to them. Hmmm Unfortunately that report is too long for a single reply. I will split it into three, hopefully I can find the join in the document. The first is the malware bytes report Malwarebytes' Anti-Malware 1.44 Database version: 3929 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 29/03/2010 22:10:44 mbam-log-2010-03-29 (22-10-44).txt Scan type: Full Scan (C:\|) Objects scanned: 334047 Time elapsed: 38 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL Txt OTL logfile created on: 29/03/2010 22:23:02 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\novatech 01\Desktop 64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 40.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 464.76 Gb Total Space | 332.93 Gb Free Space | 71.63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NOVATECH01 Current User Name: novatech 01 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Windows\SysWow64\hasplms.exe File not found PRC - C:\Users\novatech 01\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) PRC - C:\Program Files (x86)\IPEVO\Control Center\IPEVO Control Center.exe (IPEVO) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\Remote Access Host\RemoteAH.exe (Pro-SoftNet Corp.) PRC - C:\Program Files (x86)\Remote Access Host\RemoteAHC.exe (Pro Softnet Corp) PRC - C:\Program Files (x86)\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files\ASUS\EPU\EPU.exe () PRC - C:\Program Files\ASUS\TurboV\TurboV.exe () PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe () PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe () PRC - C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () PRC - C:\Program Files (x86)\Remote Access Host\RemoteAM.exe () PRC - C:\Program Files (x86)\Remote Access Host\RemotePCM.exe () Quote
mij Posted March 29, 2010 Author Posted March 29, 2010 OTL logfile created on: 29/03/2010 22:23:02 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\novatech 01\Desktop 64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 40.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 464.76 Gb Total Space | 332.93 Gb Free Space | 71.63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NOVATECH01 Current User Name: novatech 01 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Windows\SysWow64\hasplms.exe File not found PRC - C:\Users\novatech 01\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) PRC - C:\Program Files (x86)\IPEVO\Control Center\IPEVO Control Center.exe (IPEVO) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\Remote Access Host\RemoteAH.exe (Pro-SoftNet Corp.) PRC - C:\Program Files (x86)\Remote Access Host\RemoteAHC.exe (Pro Softnet Corp) PRC - C:\Program Files (x86)\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files\ASUS\EPU\EPU.exe () PRC - C:\Program Files\ASUS\TurboV\TurboV.exe () PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe () PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe () PRC - C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () PRC - C:\Program Files (x86)\Remote Access Host\RemoteAM.exe () PRC - C:\Program Files (x86)\Remote Access Host\RemotePCM.exe () ========== Modules (SafeList) ========== MOD - C:\Users\novatech 01\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (Aladdin Knowledge Systems Ltd.) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (mi-raysat_3dsMax2009_64) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe () SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () SRV - (remotepc) -- C:\Program Files (x86)\Remote Access Host\RemotePCM.exe () SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 14:34:14 | 000,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab) DRV:64bit: - (mv2) -- C:\Windows\SysNative\DRIVERS\mv2.sys (UVNC BVBA) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation) DRV:64bit: - (akshasp) -- C:\Windows\SysNative\DRIVERS\akshasp.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (aksusb) -- C:\Windows\SysNative\DRIVERS\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (akshhl) -- C:\Windows\SysNative\DRIVERS\akshhl.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\DRIVERS\aksfridge.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.) DRV:64bit: - (UMPass) -- C:\Windows\SysNative\DRIVERS\umpass.sys (Microsoft Corporation) DRV:64bit: - (ioatdma) Intel® -- C:\Windows\SysNative\drivers\ioatdma.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation) DRV:64bit: - (EMSCR) -- C:\Windows\SysNative\drivers\ems7sk.sys (ENE Technology Inc.) DRV:64bit: - (ESDCR) -- C:\Windows\SysNative\drivers\esd7sk.sys (ENE Technology Inc.) DRV:64bit: - (ESMCR) -- C:\Windows\SysNative\drivers\esm7sk.sys (ENE Technology Inc.) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (CSC) -- C:\Windows\CSC [2009/08/24 10:45:22 | 000,000,000 | ---D | M] DRV - (SNXUAAAF) -- C:\Windows\SysWOW64\drivers\SNXUAAAF.sys (SONIX) DRV - (monitor) -- C:\Program Files (x86)\Autodesk\Backburner\monitor.exe (Autodesk, Inc.) DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (no name) - - C:\Program Files\AutoCAD LT 2010\AdComFolderWatch.dll (Autodesk, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe () O4 - HKCU..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIBUA.EXE File not found O4 - HKCU..\Run: [iPEVO Control Center] C:\Program Files (x86)\IPEVO\Control Center\IPEVO Control Center.exe (IPEVO) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\novatech 01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1438558c-1333-11df-b48e-00248c7959d6}\Shell - "" = AutoRun O33 - MountPoints2\{1438558c-1333-11df-b48e-00248c7959d6}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/21 04:05:45 | 000,000,000 | ---D | M] NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/21 04:07:54 | 000,000,000 | ---D | M] NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) OTL cannot create restorepoints on Vista OSs! Quote
mij Posted March 29, 2010 Author Posted March 29, 2010 (remainder of OTL report) ========== Files/Folders - Created Within 30 Days ========== [2010/03/29 22:18:39 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\novatech 01\Desktop\OTL.exe [2010/03/29 21:26:14 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\novatech 01\Desktop\mbam-setup.exe [2010/03/29 21:20:40 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\novatech 01\Desktop\TFC.exe [2010/03/29 21:18:29 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\novatech 01\Documents\TFC.exe [2010/03/19 14:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc [2010/03/19 13:03:15 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2010/03/19 13:02:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll [2010/03/19 13:02:28 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll [2010/03/19 13:02:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll [2010/03/19 13:02:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll [2010/03/19 13:00:41 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010/03/19 13:00:41 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010/03/19 13:00:41 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010/03/19 13:00:41 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010/03/19 13:00:41 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010/03/19 13:00:41 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010/03/19 13:00:41 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010/03/19 13:00:41 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010/03/19 13:00:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010/03/19 13:00:40 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010/03/19 13:00:40 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll [2010/03/19 13:00:40 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010/03/19 13:00:40 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010/03/19 13:00:40 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll [2010/03/19 13:00:40 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010/03/19 13:00:40 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010/03/19 13:00:40 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010/03/19 13:00:40 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010/03/19 13:00:37 | 004,698,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010/03/19 13:00:01 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010/03/19 13:00:01 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010/03/19 13:00:01 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010/03/19 13:00:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll [2010/03/19 13:00:01 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll [2010/03/19 13:00:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll [2010/03/19 13:00:01 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll [2010/03/19 13:00:01 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll [2010/03/19 13:00:00 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll [2010/03/19 13:00:00 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010/03/19 12:59:53 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2010/03/19 12:59:53 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2010/03/19 12:59:52 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll [2010/03/19 12:59:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2010/03/19 12:59:49 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2010/03/19 12:59:49 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2010/03/19 12:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Turbo Squid Tentacles [2010/03/19 12:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbo Squid Tentacles [2010/03/16 12:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Cleaner [2010/03/16 12:26:44 | 000,000,000 | ---D | C] -- C:\Users\novatech 01\AppData\Local\Threat Expert [2010/03/16 11:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010/03/15 15:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/03/15 15:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010/03/15 13:30:07 | 000,000,000 | ---D | C] -- C:\Users\novatech 01\AppData\Roaming\Malwarebytes [2010/03/15 13:30:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/03/15 13:30:03 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/03/15 13:30:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/03/15 13:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes ========== Files - Modified Within 30 Days ========== [2010/03/29 22:21:23 | 002,621,440 | -HS- | M] () -- C:\Users\novatech 01\NTUSER.DAT [2010/03/29 22:18:42 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\novatech 01\Desktop\OTL.exe [2010/03/29 22:13:30 | 000,011,776 | ---- | M] () -- C:\Users\novatech 01\Documents\Malwarebytes log report.doc [2010/03/29 21:28:41 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/03/29 21:28:41 | 000,599,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/03/29 21:28:41 | 000,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/03/29 21:27:43 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/29 21:26:19 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\novatech 01\Desktop\mbam-setup.exe [2010/03/29 21:23:26 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/03/29 21:23:26 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/03/29 21:23:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/03/29 21:23:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/03/29 21:22:40 | 000,524,288 | -HS- | M] () -- C:\Users\novatech 01\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TMContainer00000000000000000001.regtrans-ms [2010/03/29 21:22:40 | 000,065,536 | -HS- | M] () -- C:\Users\novatech 01\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TM.blf [2010/03/29 21:22:38 | 001,983,745 | -H-- | M] () -- C:\Users\novatech 01\AppData\Local\IconCache.db [2010/03/29 21:20:42 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\novatech 01\Desktop\TFC.exe [2010/03/29 21:18:31 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\novatech 01\Documents\TFC.exe [2010/03/23 15:28:08 | 000,085,360 | ---- | M] () -- C:\Users\novatech 01\AppData\Local\GDIPFONTCACHEV1.DAT [2010/03/23 15:27:40 | 000,319,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/03/23 15:17:24 | 000,000,984 | ---- | M] () -- C:\Users\novatech 01\Desktop\httpwww.google.co.uk.lnk [2010/03/19 14:35:43 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk [2010/03/19 12:55:15 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\Turbo Squid Tentacles 64-bit.lnk [2010/03/19 12:54:31 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\Turbo Squid Tentacles 32-bit.lnk [2010/03/19 12:51:43 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2009 32-bit.lnk [2010/03/19 12:27:25 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2009 64-bit.lnk ========== Files Created - No Company Name ========== [2010/03/29 22:13:28 | 000,011,776 | ---- | C] () -- C:\Users\novatech 01\Documents\Malwarebytes log report.doc [2010/03/29 21:27:43 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/23 15:17:24 | 000,000,984 | ---- | C] () -- C:\Users\novatech 01\Desktop\httpwww.google.co.uk.lnk [2010/03/19 14:35:43 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk [2010/03/19 12:55:15 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\Turbo Squid Tentacles 64-bit.lnk [2010/03/19 12:54:31 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\Turbo Squid Tentacles 32-bit.lnk [2010/03/19 12:51:43 | 000,001,928 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2009 32-bit.lnk [2010/03/19 12:42:10 | 000,199,937 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\dd_depcheck_NETFX_EXP_35.txt [2010/03/19 12:42:07 | 000,000,002 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\dd_dotnetfx35error.txt [2010/03/19 12:42:06 | 000,190,522 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\dd_dotnetfx35install.txt [2010/03/19 12:27:25 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2009 64-bit.lnk [2010/03/16 11:19:23 | 000,364,470 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\dd_vcredistMSI0300.txt [2010/03/16 11:19:23 | 000,011,170 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\dd_vcredistUI0300.txt [2010/03/16 11:19:23 | 000,010,582 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\dd_vcredistUI0301.txt [2009/11/06 10:25:43 | 000,000,000 | ---- | C] () -- C:\Windows\plugin.ini [2009/09/08 09:45:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/08 09:43:38 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/09/05 20:32:26 | 000,006,656 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/27 11:53:14 | 000,049,983 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\dd_depcheck_NETFX20_EXP_35.txt [2009/08/27 11:53:11 | 000,177,520 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\dd_dotnetfx20install.txt [2009/08/27 11:53:11 | 000,013,084 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\uxeventlog.txt [2009/08/27 11:53:11 | 000,005,266 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\dd_dotnetfx20error.txt [2009/08/26 12:24:49 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2009/08/25 09:21:25 | 000,011,474 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\dd_vcredistUI33B8.txt [2009/08/25 09:21:03 | 000,011,474 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\dd_vcredistUI3370.txt [2009/08/25 08:43:57 | 000,000,027 | ---- | C] () -- C:\Windows\CDE P34903590EF.ini [2009/08/24 12:58:58 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2009/08/24 12:58:02 | 000,000,025 | ---- | C] () -- C:\Windows\CDE ESP1400Euro.ini [2009/08/24 11:24:14 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2009/08/24 11:24:14 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2009/08/24 11:24:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2009/08/24 11:24:11 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2009/08/24 11:00:30 | 000,040,940 | ---- | C] () -- C:\Windows\Ascd_log.ini [2009/08/24 10:59:50 | 000,032,061 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009/08/24 10:57:23 | 000,000,732 | ---- | C] () -- C:\Users\novatech 01\AppData\Local\d3d9caps64.dat [2008/01/21 03:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007/12/28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2009/11/17 17:04:19 | 000,000,000 | ---D | M] -- C:\Users\novatech 01\AppData\Roaming\Autodesk [2009/09/09 14:33:34 | 000,000,000 | ---D | M] -- C:\Users\novatech 01\AppData\Roaming\Blitware [2009/08/28 16:29:38 | 000,000,000 | ---D | M] -- C:\Users\novatech 01\AppData\Roaming\EPSON [2009/09/17 17:00:15 | 000,000,000 | ---D | M] -- C:\Users\novatech 01\AppData\Roaming\GoodSync [2009/08/26 12:26:10 | 000,000,000 | ---D | M] -- C:\Users\novatech 01\AppData\Roaming\MioNetApplet [2009/09/01 14:57:20 | 000,000,000 | ---D | M] -- C:\Users\novatech 01\AppData\Roaming\Nemetschek [2009/09/08 11:07:05 | 000,000,000 | ---D | M] -- C:\Users\novatech 01\AppData\Roaming\OpenOffice.org [2010/02/06 16:33:04 | 000,000,000 | ---D | M] -- C:\Users\novatech 01\AppData\Roaming\Western Digital [2009/10/19 09:14:10 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2010/03/29 21:22:41 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/21 03:45:05 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008/01/21 03:45:05 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008/01/21 03:45:04 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009/04/11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007/09/29 23:03:32 | 000,384,024 | R--- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows\ConfigSetRoot\MSD\IASTOR.SYS < MD5 for: IASTORV.SYS > [2008/01/21 03:45:13 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008/01/21 03:49:23 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009/04/11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008/01/21 03:46:46 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008/01/21 03:45:08 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/21 03:48:49 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008/01/21 03:48:07 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009/04/11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > Quote
mij Posted March 29, 2010 Author Posted March 29, 2010 OTL Extras logfile created on: 29/03/2010 22:23:02 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\novatech 01\Desktop 64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 40.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 464.76 Gb Total Space | 332.93 Gb Free Space | 71.63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NOVATECH01 Current User Name: novatech 01 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 62 71 2D 74 DC 5B C8 01 [binary data] "VistaSp2" = 45 F5 96 ED 3A 31 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1EF3AEAB-B43F-43B2-B519-1C459758F6C9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2AA1D453-86C5-484C-9FA2-1667C4E129B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{303FD19C-24E5-46B2-A07D-64C134BF811F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7CDAF0D2-BFB2-44EA-B7CD-B6CB12ECD651}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{81F2B809-0917-49D3-9F74-8FA61EDABC80}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A1542872-471C-432C-8442-AD6C2D2587E4}" = lport=1947 | protocol=17 | dir=in | name=hasp srm | "{D5C8C151-048D-4423-998B-627E75665D5A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E284E111-3DDF-4D45-948F-1D88F31DA4CA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{EABAE6CB-6E6F-4688-8AC4-4D787DD49493}" = lport=1947 | protocol=6 | dir=in | name=hasp srm | "{F1133995-6B9D-495C-940F-8AD4C302187F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06B1EABD-96C6-46C3-8BFF-F3DDBD6E9735}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{120CB383-05E8-40DA-A068-B1DFC0BD2707}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{278E4F38-7055-4B45-A907-5515D1256B19}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{38B4C160-402B-47EE-BE60-C200CCF8D07F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{45B85B4F-B339-42B8-93E4-DFB27A9F37C1}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{5D473BDC-4AD5-4CD4-A9E1-A0AAF24B6519}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe | "{6A67CB74-C0F5-410A-BF66-33EA6DD532F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{94948B23-DB75-4316-8309-A133B9D7BBAB}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2009\3dsmax.exe | "{ABC55D41-1968-4462-9264-B78FAA4317AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B44408F9-2410-4332-9AB1-A1C932CB495D}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2009\3dsmax.exe | "{D4798DD7-080A-408A-A0E6-5C550377DBC5}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{D62A1711-FBAF-4226-B27C-252C1BF282C2}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{DD7038C0-EB68-4FA5-A674-42EEEE392698}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe | "{E7FE802D-F8EB-412B-978A-3282D94A9389}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{FC4DA74D-EF69-49CA-8C6B-7EE346B0E7AD}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{FD24BF92-A450-4497-B93C-A326B819FD19}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "TCP Query User{79601333-8B93-4174-AA63-AD9A13204990}D:\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=d:\wd discovery software\wd discovery.exe | "TCP Query User{8C698114-3660-4F99-8251-B39F2305A04F}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe | "TCP Query User{C8FE8A22-615B-4159-9E07-287D35CFDF80}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | "TCP Query User{EF0DB2CE-9C5A-448F-A58C-C3EE906D0E88}C:\program files (x86)\vectorworks 12.5.1\vectorworks.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks 12.5.1\vectorworks.exe | "TCP Query User{FD98864D-4ECF-4C1B-84C2-10A5700BB4ED}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{0E8EB38E-F829-435A-9660-760F5FD29409}D:\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=d:\wd discovery software\wd discovery.exe | "UDP Query User{5C088636-B49A-433C-B3FB-C5AD09D507AA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{97556E71-A1E3-4DCB-BA3B-F3DB2668B919}C:\program files (x86)\vectorworks 12.5.1\vectorworks.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks 12.5.1\vectorworks.exe | "UDP Query User{9C3966F0-2849-4897-ABA2-D31267B902DF}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe | "UDP Query User{DBFA34B1-054C-4018-94DD-A1466A2B4C5C}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{155AB5E8-9913-0409-A7E7-D076DDE2AA6C}" = Autodesk 3ds Max Design 2009 64-bit Architectural Materials Library "{27B84DEC-78D2-E520-4B4F-DB6CE8CEC318}" = ccc-utility64 "{29421E62-F88F-45F1-8686-8EAE6748AE59}" = Turbo Squid Tentacles 3ds Max 2009 64-bit "{3605AC81-55E5-0409-BB41-0407FB67C639}" = Bluerock Technologies Flight Studio 3ds Max Design 2009 64-bit "{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel "{5783F2D7-8009-0409-0102-0060B0CE6BBA}" = AutoCAD LT 2010 - English "{5BD1364B-58D6-0409-8633-9B8E8D0AD52F}" = Autodesk 3ds Max Design 2009 64-bit ProMaterials™ Library "{7A1FD936-C444-0409-92D2-043B1F4ED886}" = Autodesk 3ds Max Design 2009 64-bit Movies "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support "{B36AB323-9849-4486-AB8F-93E64A06E716}" = WD SmartWare "{B7D0751A-3F16-0409-9F9B-FF3DC390F139}" = Autodesk 3ds Max Design 2009 64-bit Vault 2008 Plug-In "{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes "{BD3BAF20-F7C6-4D50-9862-D24DC5A04869}" = AMD USB Audio Driver Filter "{CD853BA5-AA85-0409-85DC-A805D779DCA8}" = Autodesk 3ds Max Design 2009 64-bit Additional Maps and Material Libraries "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour "{E9B98A5F-09E8-F8AE-5B26-4ED63288E442}" = ATI Catalyst Install Manager "{EC2280DF-BBAF-0409-9359-BCCD15545FFB}" = Autodesk 3ds Max Design 2009 64-bit "{FA3E35E2-F088-0409-A563-C96430FF73F6}" = Autodesk 3ds Max Design 2009 64-bit Vault 2009 Plug-In "AutoCAD LT 2010 - English" = AutoCAD LT 2010 - English "CutePDF Writer Installation" = CutePDF Writer 2.8 "EPSON Printer and Utilities" = EPSON Printer Software "FBX Plugin 2009.0 for Max 2009 64" = FBX Plugin 2009.0 for Max 2009 64 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 Quote
mij Posted March 29, 2010 Author Posted March 29, 2010 (Remaider of Extras report) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B56244C-7B61-0409-A739-3E29DDE4DC3C}" = Bluerock Technologies Flight Studio 3ds Max Design 2009 32-bit "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17 "{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = HASP SRM Run-time "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2AB45FAF-2D92-0409-8D33-E2FE6172280E}" = Autodesk 3ds Max Design 2009 32-bit ProMaterials™ Library "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{305D5417-E687-0409-AA09-53DE06E059F8}" = Autodesk 3ds Max Design 2009 32-bit Movies "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{44DE1D99-E3B6-46FE-A16B-7DC6D9ABFC5F}" = IPEVO Control Center "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{6F95F0C8-95BA-C742-4518-B0DB5E70C697}" = Catalyst Control Center HydraVision Full "{6FFDCE15-3ED2-345C-1427-8FA9FD31F00B}" = ccc-core-static "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{744A5C19-AA4C-0409-BC07-9F4C73C8B247}" = Autodesk 3ds Max Design 2009 32-bit Vault 2009 Plug-In "{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}" = Turbo Squid Tentacles 3ds Max 2009 32-bit "{7FB9B2BA-4D63-2443-449C-636349E19582}" = Catalyst Control Center Graphics Light "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84297897-B666-9BD2-EF44-4D037511EBFF}" = HydraVision "{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU "{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV "{A54169C1-D596-3D2A-545A-FE0F9D0CB02A}" = Catalyst Control Center Core Implementation "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2 "{B2275BC7-DB61-3F2E-604F-7F6B4ABE9956}" = Catalyst Control Center InstallProxy "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print "{BC94ECAE-9957-9F57-5B88-DB9D73252B90}" = Catalyst Control Center Graphics Full New "{BEF74D66-A6EC-B084-68F7-B35DE80F0768}" = CCC Help English "{C251E4E6-89BA-0409-9B42-1B3D01D34783}" = Autodesk 3ds Max Design 2009 32-bit Architectural Materials Library "{CF8F115B-A76E-B5EA-9262-E036FF673F97}" = Catalyst Control Center Graphics Previews Common "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari "{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding "{E2C051BE-EFBA-62BE-38D1-B9C703E897B3}" = Catalyst Control Center Graphics Full Existing "{E303AE56-119E-E516-9C69-960456160E90}" = Catalyst Control Center Graphics Previews Vista "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{EFCBBB01-F876-0409-B91F-7B6132E8BB64}" = Autodesk 3ds Max Design 2009 32-bit Vault 2008 Plug-In "{F681200C-0446-0409-ABE4-EA9105E40EE4}" = Autodesk 3ds Max Design 2009 32-bit Additional Maps and Material Libraries "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility "{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max Design 2009 32-bit "{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 6.0" = Adobe Photoshop 6.0 "Adobe SVG Viewer" = Adobe SVG Viewer "Belarc Advisor" = Belarc Advisor 8.1 "EPSON Scanner" = EPSON Scan "ESP1400_1410 User's Guide" = ESP1400_1410 User's Guide "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Remote Access Host_is1" = Remote Access Host Ver 4.4.3 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 16/03/2010 06:18:58 | Computer Name = novatech01 | Source = Perflib | ID = 1023 Description = Error - 16/03/2010 08:23:32 | Computer Name = novatech01 | Source = Application Hang | ID = 1002 Description = The program 3dsmax.exe version 11.0.0.57 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1398 Start Time: 01cac500483df1eb Termination Time: 166 Error - 16/03/2010 08:26:42 | Computer Name = novatech01 | Source = Application Error | ID = 1000 Description = Faulting application WSCommCntr1.exe, version 18.0.55.0, time stamp 0x498fdff7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0000000000000000, process id 0xa78, application start time 0x01cac5004d26c7eb. Error - 19/03/2010 06:56:48 | Computer Name = novatech01 | Source = Windows Search Service | ID = 3013 Description = Error - 19/03/2010 06:56:49 | Computer Name = novatech01 | Source = Windows Search Service | ID = 3013 Description = Error - 19/03/2010 07:25:59 | Computer Name = novatech01 | Source = System Restore | ID = 8193 Description = Error - 19/03/2010 07:27:50 | Computer Name = novatech01 | Source = Windows Search Service | ID = 3013 Description = Error - 19/03/2010 07:43:25 | Computer Name = novatech01 | Source = Application Hang | ID = 1002 Description = The program 3dsmax.exe version 11.0.0.57 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: fc8 Start Time: 01cac757d849648d Termination Time: 88 Error - 19/03/2010 07:45:38 | Computer Name = novatech01 | Source = Application Error | ID = 1000 Description = Faulting application WSCommCntr1.exe, version 18.0.55.0, time stamp 0x498fdff7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0000000000000000, process id 0x1090, application start time 0x01cac75801aaa78d. Error - 19/03/2010 07:50:24 | Computer Name = novatech01 | Source = System Restore | ID = 8193 Description = [ System Events ] Error - 12/11/2009 10:08:45 | Computer Name = novatech01 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\DRIVERS\SNXUAAAF.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 12/11/2009 10:08:45 | Computer Name = novatech01 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\DRIVERS\SNXUAAAF.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 17/11/2009 12:02:10 | Computer Name = novatech01 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\DRIVERS\SNXUAAAF.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 17/11/2009 12:02:10 | Computer Name = novatech01 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\DRIVERS\SNXUAAAF.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 18/11/2009 06:40:31 | Computer Name = novatech01 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\DRIVERS\SNXUAAAF.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 18/11/2009 06:40:31 | Computer Name = novatech01 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\DRIVERS\SNXUAAAF.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 20/11/2009 13:07:03 | Computer Name = novatech01 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\DRIVERS\SNXUAAAF.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 20/11/2009 13:07:03 | Computer Name = novatech01 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\DRIVERS\SNXUAAAF.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 06/02/2010 09:57:57 | Computer Name = novatech01 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\DRIVERS\SNXUAAAF.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 06/02/2010 09:57:57 | Computer Name = novatech01 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\DRIVERS\SNXUAAAF.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. < End of report > Quote
ExTS Admin Starbuck Posted March 30, 2010 ExTS Admin Posted March 30, 2010 Hi Jim, After looking through the reports, i don't think that the problem is malware related. The reports do throw up some questions and concerns though: You are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can and run a complete scan of the computer: Avira AntiVir Avast free Bitdefender Free MS Security Essentials ... see note* Install one of these, update the definitions and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove. Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. ----------------- Why do you have 2 different versions of Autodesk 3ds Max Design 2009 on your system? Autodesk 3ds Max Design 2009 32-bit Autodesk 3ds Max Design 2009 64-bit ---------------- This error seems to crop up a lot: Error - 17/11/2009 12:02:10 | Computer Name = novatech01 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\DRIVERS\SNXUAAAF.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. It's related to: Sonix USB Audio Lower Filter Driver Was this system originally a 64 bit system, or have you upgraded to a 64 bit Operating System? ------------------ If you are concerned about the system being slow, the first thing i would do is to get rid of: Spybot Search & Destroy , and certainly wouldn't have the 'Teatimer' installed. This is known to slow down some systems .... and isn't as effective as most anti spyware programs now. ------------------ There are a few entries (mainly orphan) that we can remove: Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O33 - MountPoints2\{1438558c-1333-11df-b48e-00248c7959d6}\Shell - "" = AutoRun O33 - MountPoints2\{1438558c-1333-11df-b48e-00248c7959d6}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 :commands [emptytemp] [purity] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Thanks. Quote Member of:UNITE
mij Posted March 30, 2010 Author Posted March 30, 2010 Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Thanks. Thanks, have done that. Here is the log (with luck) All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1438558c-1333-11df-b48e-00248c7959d6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1438558c-1333-11df-b48e-00248c7959d6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1438558c-1333-11df-b48e-00248c7959d6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1438558c-1333-11df-b48e-00248c7959d6}\ not found. File E:\WD SmartWare.exe not found. ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully. ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: novatech 01 ->Temp folder emptied: 319372 bytes ->Temporary Internet Files folder emptied: 16944918 bytes ->Java cache emptied: 12118713 bytes ->Apple Safari cache emptied: 61463458 bytes ->Flash cache emptied: 775 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8410351 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 95.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: novatech 01 ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.1.37.3 log created on 03302010_140112 Files\Folders moved on Reboot... C:\Users\novatech 01\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot. Registry entries deleted on Reboot... Quote
mij Posted March 30, 2010 Author Posted March 30, 2010 I have downloaded and installed avira I will remove S&D Thanks jim PS There was Norton &/or AVG on this computer. They were the first things we removed to try and speed it up - hence the 'no antivirus' status of this machine. Quote
mij Posted March 30, 2010 Author Posted March 30, 2010 Update:- the 32bit copy can be removed, it is a 64bit machine the error with the audio filter/whatever it can be removed, it is not needed. Cheers jim Quote
ExTS Admin Starbuck Posted March 30, 2010 ExTS Admin Posted March 30, 2010 Hi Jim, the 32bit copy can be removed, it is a 64bit machine Best removed using the add/remove facility within Vista. the error with the audio filter/whatever it can be removed, it is not needed. Ok, this script will remove it..... i suggest you try the system for a couple of days, if it is needed for any reason or causes problems we can reinstall it from OTL's moved folder. Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl DRV - (SNXUAAAF) -- C:\Windows\SysWOW64\drivers\SNXUAAAF.sys (SONIX) :Files C:\Windows\SysWOW64\drivers\SNXUAAAF.sys :commands [emptytemp] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Quote Member of:UNITE
mij Posted March 30, 2010 Author Posted March 30, 2010 Hi Jim, Best removed using the add/remove facility within Vista. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles OK, that's done and here is the log:- All processes killed ========== OTL ========== Service SNXUAAAF stopped successfully! Service SNXUAAAF deleted successfully! C:\Windows\SysWOW64\drivers\SNXUAAAF.sys moved successfully. ========== FILES ========== File\Folder C:\Windows\SysWOW64\drivers\SNXUAAAF.sys not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: novatech 01 ->Temp folder emptied: 13268 bytes ->Temporary Internet Files folder emptied: 13780239 bytes ->Java cache emptied: 0 bytes ->Apple Safari cache emptied: 35838897 bytes ->Flash cache emptied: 775 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8405015 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 55.00 mb OTL by OldTimer - Version 3.1.37.3 log created on 03302010_203332 Files\Folders moved on Reboot... C:\Users\novatech 01\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot. Registry entries deleted on Reboot... and now re-booted. I will now remove the 32 bit copy using the add/remove programs from within windows control panel. cheers jim Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.