Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

OTL 4/5/2013 Tinman [Closed]


  • This topic is locked This topic is locked

#1
Tinmanlich

Tinmanlich

    New Member

  • Member
  • Pip
  • 1 posts
OTL logfile created on: 4/5/2013 1:38:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

521.48 Mb Total Physical Memory | 387.86 Mb Available Physical Memory | 74.38% Memory free
684.29 Mb Paging File | 588.06 Mb Available in Paging File | 85.94% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 5.39 Gb Total Space | 2.31 Gb Free Space | 42.80% Space Free | Partition Type: NTFS

Computer Name: ITS02715002 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day

========== Processes (SafeList) ==========

PRC - [2013/04/02 23:05:13 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/02 20:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/02/24 14:04:21 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/25 23:09:18 | 000,112,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Virtual Machine Additions\vmusrvc.exe
PRC - [2007/01/25 23:09:16 | 000,091,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Virtual Machine Additions\vmsrvc.exe
PRC - [2007/01/25 23:04:02 | 000,066,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Virtual Machine Additions\vpcmap.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/04/02 23:05:13 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/27 09:18:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/06/26 00:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2007/01/25 23:09:16 | 000,091,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Virtual Machine Additions\vmsrvc.exe -- (1-vmsrvc)
SRV - [2007/01/25 23:04:02 | 000,066,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Virtual Machine Additions\vpcmap.exe -- (VPCMap)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/06/26 00:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/01/25 23:09:10 | 000,068,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vmsrvc.sys -- (1-driver-vmsrvc)
DRV - [2007/01/25 23:04:08 | 000,114,568 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\mrxvpc.sys -- (MRxVPC)
DRV - [2005/11/17 04:48:00 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vpc-s3.sys -- (vpc-s3)
DRV - [2005/11/17 04:47:58 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\msvmmouf.sys -- (msvmmouf)
DRV - [2001/08/17 13:57:46 | 000,065,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3legacy.sys -- (s3legacy)
DRV - [2001/08/17 12:19:20 | 000,096,256 | ---- | M] (Copyright © Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16)
DRV - [2001/08/17 12:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000003ffece5c9
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8008

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..network.proxy.backup.ftp: "10.248.241.20"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.248.241.20"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.248.241.20"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8008
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8008
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8008
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8008
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/03 09:08:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/04/03 09:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/04/05 09:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gmxx9ko8.default\extensions
[2013/04/05 09:11:07 | 002,163,784 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gmxx9ko8.default\extensions\[email protected]
[2013/04/03 09:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/27 09:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/03 21:06:12 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013/03/27 09:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/27 09:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 19:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [VMUserServices] C:\Program Files\Virtual Machine Additions\vmusrvc.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InstallWatch Pro.lnk = C:\Program Files\Epsilon Squared\InstallWatch Pro\InstallWatch.exe (Epsilon Squared, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/26 14:59:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 1 Day ==========

[2013/04/05 11:25:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/04/05 11:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/04/05 11:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2013/04/05 09:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2013/04/05 09:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2013/04/05 09:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
[2013/04/05 09:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/04/04 14:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\For Test
[2013/04/04 13:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TrackFolderChanges
[2013/04/04 13:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Share
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 1 Day ==========

[2013/04/05 13:36:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/05 13:36:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/05 13:36:20 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\vpc-s3.cfg
[2013/04/05 11:26:36 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2013/04/05 11:21:39 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2013/04/05 10:39:41 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\Administrator\WebScarab.properties
[2013/04/05 09:16:54 | 008,512,850 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\hackerfoxv0.1.rar
[2013/04/04 13:56:54 | 000,190,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TrackFolderChanges.zip
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/05 11:28:22 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2013/04/05 11:21:09 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2013/04/05 09:16:34 | 008,512,850 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\hackerfoxv0.1.rar
[2013/04/04 13:56:52 | 000,190,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TrackFolderChanges.zip
[2013/04/02 22:55:01 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\Administrator\WebScarab.properties

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/02/24 14:04:45 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 19:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 19:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

< End of report >
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi and welcome to Geeks to Go. :)

What is the purpose of this topic you have created/posted and why seek assistance for what appears to be a Virtual Machine if I may ask ?
  • 0

#3
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP