Bankerfox.a & win32/nuqel.e NO FIXES WORK

View previous topic View next topic Go down

Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Jinchu on Fri Dec 11, 2009 6:42 pm

I appreciate any help that anyone can offer. My roommates PC is horribly infected with Bankerfox.a & win32/nuqel.e. I have tried all kinds of fixes with no luck. Currently nothing can be opened because the computer claims ALL .exe are infected, internet cannot open, and safe mode wont open. He has no programs that can aid in the removal of this and everything I try to transfer to his computer from mine via flashdrive cannot open or be installed due to the .exe problem. Is there anything that can be done?

Jinchu
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-11
OS OS : XP
Points Points : 25693
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Belahzur on Fri Dec 11, 2009 8:02 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Jinchu on Sat Dec 12, 2009 10:30 pm

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:15:37 PM, on 12/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Sean\Local Settings\Application Data\mwqkmi\xmamsysguard.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1154464176\ee\AOLHostManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Sean\My Documents\?ecurity\m?hta.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Sean\LOCALS~1\Temp\x1uyi.exe
C:\DOCUME~1\Sean\LOCALS~1\Temp\nvsvc32.exe
C:\Program Files\Common Files\AOL\1154464176\ee\AOLServiceHost.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154464176\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [narenh] RUNDLL32.EXE C:\WINDOWS\system32\msgygnsb.dll,w
O4 - HKLM\..\Run: [rucdmtpx] "C:\Documents and Settings\Sean\Local Settings\Application Data\mwqkmi\xmamsysguard.exe"
O4 - HKLM\..\Run: [joyozukas] Rundll32.exe "c:\windows\system32\werudowi.dll",a
O4 - HKLM\..\Run: [bosarejehu] "Rundll32.exe" "vosevodi.dll",s
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Ddnwrak] "C:\Documents and Settings\Sean\My Documents\?ystem32\r?ndll32.exe"
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [Lakevib] C:\WINDOWS\?ppPatch\?ervices.exe
O4 - HKCU\..\Run: [A00F1206E285.exe] C:\DOCUME~1\Sean\LOCALS~1\Temp\_A00F1206E285.exe
O4 - HKCU\..\Run: [A00F3655D9.exe] C:\DOCUME~1\Sean\LOCALS~1\Temp\_A00F3655D9.exe
O4 - HKCU\..\Run: [A00F28F097.exe] C:\DOCUME~1\Sean\LOCALS~1\Temp\_A00F28F097.exe
O4 - HKCU\..\Run: [A00FEE8EEC.exe] C:\DOCUME~1\Sean\LOCALS~1\Temp\_A00FEE8EEC.exe
O4 - HKCU\..\Run: [A00F8F65369.exe] C:\DOCUME~1\Sean\LOCALS~1\Temp\_A00F8F65369.exe
O4 - HKCU\..\Run: [Cjg] "C:\Program Files\F?nts\?srss.exe"
O4 - HKCU\..\Run: [Flvfan] "C:\Program Files\Common Files\?ppPatch\?hkntfs.exe"
O4 - HKCU\..\Run: [Xntmxd] "C:\Documents and Settings\Sean\My Documents\?ecurity\m?hta.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [notepad] "rundll32.exe" C:\DOCUME~1\NETWOR~1\ntload.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Sean\LOCALS~1\Temp\x1uyi.exe
O4 - HKCU\..\Run: [rucdmtpx] "C:\Documents and Settings\Sean\Local Settings\Application Data\mwqkmi\xmamsysguard.exe"
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Sean\LOCALS~1\Temp\nvsvc32.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{44C156C5-B54C-48EA-825F-D1A9ABEF0EFE}: NameServer = 193.104.110.38,4.2.2.1,68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEC42048-F0CD-4665-A8B2-033562058410}: NameServer = 193.104.110.38,4.2.2.1
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O20 - Winlogon Notify: __c00C3AF4 - C:\WINDOWS\system32\__c00C3AF4.dat (file missing)
O21 - SSODL: sidejoter - {4c22d8d1-f3ed-4dec-89df-ec2a589703cf} - c:\windows\system32\werudowi.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: gar873hruefrh87w3hjinhef87w3h7dfd - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\n733l5.dll
O22 - SharedTaskScheduler: gahurihor - {4c22d8d1-f3ed-4dec-89df-ec2a589703cf} - c:\windows\system32\werudowi.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14251 bytes

Jinchu
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-11
OS OS : XP
Points Points : 25693
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Jinchu on Sun Dec 13, 2009 4:13 pm

I hate to double post, but does anyone have any ideas? I think its the SpySweeper garbage? It's finals week and my roommate is freaking out that he has lost all of his work... Thanks.

Jinchu
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-11
OS OS : XP
Points Points : 25693
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Belahzur on Sun Dec 13, 2009 7:00 pm

Hello.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
    O4 - HKLM\..\Run: [narenh] RUNDLL32.EXE C:\WINDOWS\system32\msgygnsb.dll,w
    O4 - HKLM\..\Run: [rucdmtpx] "C:\Documents and Settings\Sean\Local Settings\Application Data\mwqkmi\xmamsysguard.exe"
    O4 - HKLM\..\Run: [joyozukas] Rundll32.exe "c:\windows\system32\werudowi.dll",a
    O4 - HKLM\..\Run: [bosarejehu] "Rundll32.exe" "vosevodi.dll",s
    O4 - HKCU\..\Run: [Ddnwrak] "C:\Documents and Settings\Sean\My Documents\?ystem32\r?ndll32.exe"
    O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
    O4 - HKCU\..\Run: [Lakevib] C:\WINDOWS\?ppPatch\?ervices.exe
    O4 - HKCU\..\Run: [A00F1206E285.exe] C:\DOCUME~1\Sean\LOCALS~1\Temp\_A00F1206E285.exe
    O4 - HKCU\..\Run: [A00F3655D9.exe] C:\DOCUME~1\Sean\LOCALS~1\Temp\_A00F3655D9.exe
    O4 - HKCU\..\Run: [A00F28F097.exe] C:\DOCUME~1\Sean\LOCALS~1\Temp\_A00F28F097.exe
    O4 - HKCU\..\Run: [A00FEE8EEC.exe] C:\DOCUME~1\Sean\LOCALS~1\Temp\_A00FEE8EEC.exe
    O4 - HKCU\..\Run: [A00F8F65369.exe] C:\DOCUME~1\Sean\LOCALS~1\Temp\_A00F8F65369.exe
    O4 - HKCU\..\Run: [Cjg] "C:\Program Files\F?nts\?srss.exe"
    O4 - HKCU\..\Run: [Flvfan] "C:\Program Files\Common Files\?ppPatch\?hkntfs.exe"
    O4 - HKCU\..\Run: [Xntmxd] "C:\Documents and Settings\Sean\My Documents\?ecurity\m?hta.exe"
    O4 - HKCU\..\Run: [notepad] "rundll32.exe" C:\DOCUME~1\NETWOR~1\ntload.dll,_IWMPEvents@0
    O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Sean\LOCALS~1\Temp\x1uyi.exe
    O4 - HKCU\..\Run: [rucdmtpx] "C:\Documents and Settings\Sean\Local Settings\Application Data\mwqkmi\xmamsysguard.exe"
    O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Sean\LOCALS~1\Temp\nvsvc32.exe
    O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
    O20 - Winlogon Notify: __c00C3AF4 - C:\WINDOWS\system32\__c00C3AF4.dat (file missing)
    O21 - SSODL: sidejoter - {4c22d8d1-f3ed-4dec-89df-ec2a589703cf} - c:\windows\system32\werudowi.dll
    O22 - SharedTaskScheduler: gar873hruefrh87w3hjinhef87w3h7dfd - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\n733l5.dll
    O22 - SharedTaskScheduler: gahurihor - {4c22d8d1-f3ed-4dec-89df-ec2a589703cf} - c:\windows\system32\werudowi.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Jinchu on Mon Dec 14, 2009 2:27 am

After the HijackThis it seems to be working better, but when I try to open the Malwarebytes i get the Error:

Setup:
Unable to execute file:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Create Process failed; code 2.
The system cannot find the file specified.

Jinchu
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-11
OS OS : XP
Points Points : 25693
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Belahzur on Mon Dec 14, 2009 2:52 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Jinchu on Tue Dec 15, 2009 1:53 am

After I couldn't get Malwarebytes to open I ran Spyware Doctor and removed the problems it had found. The computer has been working ALOT better, but I still went ahead and did what you said to do. Right now the only obvious problem is that it still is not connecting to the internet. Below are the 2 files you asked for. Thanks for everything so far.

Jinchu
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-11
OS OS : XP
Points Points : 25693
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Jinchu on Tue Dec 15, 2009 1:53 am

OTL logfile created on: 12/15/2009 12:26:25 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Sean\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.17 Mb Total Physical Memory | 260.83 Mb Available Physical Memory | 51.13% Memory free
1.21 Gb Paging File | 0.39 Gb Available in Paging File | 32.55% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46.56 Gb Total Space | 10.97 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
Drive D: | 8.30 Gb Total Space | 1.31 Gb Free Space | 15.82% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEAN
Current User Name: Sean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/15 00:24:10 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
PRC - [2009/11/18 12:47:14 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/01/28 18:25:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/28 18:25:35 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2008/02/19 12:10:32 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/02/19 12:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/01/15 09:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007/10/01 15:40:44 | 05,367,608 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2007/10/01 15:40:40 | 03,567,928 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/10/01 15:24:36 | 00,210,232 | ---- | M] () -- C:\Program Files\Webroot\Spy Sweeper\ssu.exe
PRC - [2007/07/27 11:05:19 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 15:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/06 10:44:42 | 01,672,752 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
PRC - [2006/07/13 13:33:14 | 00,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
PRC - [2006/07/13 13:22:50 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
PRC - [2006/04/18 01:42:14 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2006/04/18 01:41:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2005/12/22 09:57:10 | 00,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/12/22 01:06:58 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005/12/13 17:45:58 | 00,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/12/12 12:39:52 | 00,094,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2005/12/08 14:45:12 | 00,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005/11/15 16:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/11/10 22:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/11/10 16:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/09/24 01:42:32 | 00,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/08/02 13:33:02 | 00,159,832 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1154464176\ee\AOLHostManager.exe
PRC - [2005/08/02 13:33:02 | 00,151,640 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1154464176\ee\AOLServiceHost.exe
PRC - [2005/07/07 22:55:02 | 00,491,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2005/06/19 14:50:08 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/04/15 13:32:16 | 00,110,592 | ---- | M] (Arcsoft, Inc.) -- C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
PRC - [2005/02/17 00:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/03/12 16:18:32 | 00,124,128 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/03/12 16:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/03/12 16:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/02/29 17:44:54 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/02/29 17:44:48 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/02/29 17:44:46 | 00,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2003/12/22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [1998/12/23 15:51:54 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/15 00:24:10 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
MOD - [2009/12/13 19:41:16 | 00,092,672 | ---- | M] () -- C:\WINDOWS\system32\lusanuwo.dll
MOD - [2009/12/09 18:37:28 | 00,032,768 | ---- | M] (USA) -- C:\WINDOWS\system32\msgygnsb.dll
MOD - [2009/10/30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2007/03/08 09:36:28 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\curslib.dll
MOD - [2006/08/25 09:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/01/28 18:25:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/02/19 12:10:24 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/01/15 09:28:20 | 00,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/10/01 15:40:40 | 03,567,928 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/02/14 18:19:54 | 00,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/04/18 01:42:14 | 00,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2005/12/22 01:06:58 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/15 16:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/10 16:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/12 16:18:06 | 00,169,192 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 16:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 16:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/03/11 15:58:32 | 00,193,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/02/29 17:44:54 | 00,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/29 17:44:52 | 00,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/29 17:44:48 | 00,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - [2009/12/05 03:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091205.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/12/05 03:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091205.006\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/08/21 23:49:58 | 00,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 00,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/02/18 10:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/01 15:24:36 | 00,023,864 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/10/01 15:24:34 | 00,163,640 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2007/10/01 15:24:34 | 00,021,816 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2007/10/01 15:24:34 | 00,020,280 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0BB9.SYS -- (SSFS0BB9)
DRV - [2007/06/18 20:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/09/29 16:22:32 | 00,065,408 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV - [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/06/02 15:55:10 | 00,082,048 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2005/11/28 03:35:38 | 00,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/10 16:51:00 | 01,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/10/29 01:01:28 | 00,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/09/30 05:11:00 | 00,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 04:30:56 | 00,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 03:06:00 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 03:06:00 | 00,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 03:06:00 | 00,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 02:22:54 | 00,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 04:00:00 | 00,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 03:58:00 | 00,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/19 14:33:18 | 00,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/05 11:04:08 | 00,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 11:04:04 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/04/25 03:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/03/09 16:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/04 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 02:00:00 | 00,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\winsts.sys -- (winsts)
DRV - [2004/03/16 22:04:00 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/03/11 15:58:10 | 00,263,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/03/11 15:58:08 | 00,176,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2004/03/11 15:58:08 | 00,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/03/05 00:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 16:43:56 | 00,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 16:43:56 | 00,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2002/11/26 14:54:58 | 00,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)
DRV - [2001/08/17 13:10:28 | 00,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 09:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4 \Extensions\\Components: C:\PROGRA~1\NETSCAPE\NETSCA~1\Components
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4 \Extensions\\Plugins: C:\PROGRA~1\NETSCAPE\NETSCA~1\Plugins


O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154464176\ee\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [joyozukas] C:\WINDOWS\System32\lusanuwo.DLL ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [narenh] C:\WINDOWS\System32\msgygnsb.DLL (USA)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Sean\Start Menu\Programs\Startup\scandisk.lnk = File not found
O4 - Startup: C:\Documents and Settings\Sean\Start Menu\Programs\Startup\VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - AppInit_DLLs: (c:\windows\system32\lusanuwo.dll) - C:\WINDOWS\system32\lusanuwo.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O21 - SSODL: bofoyubib - {10e48a4a-c2a2-46d8-a95d-0260e09b08c8} - C:\WINDOWS\system32\lusanuwo.dll ()
O22 - SharedTaskScheduler: {10e48a4a-c2a2-46d8-a95d-0260e09b08c8} - jugezatag - C:\WINDOWS\system32\lusanuwo.dll ()
O28 - HKLM ShellExecuteHooks: {B1A64443-6FCA-41CE-8D51-5F8991257555} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B3102264-D09D-4322-B625-503FBF18DD7E} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\yayyYOhH) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{14f92923-f1ce-11da-9ba1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{14f92923-f1ce-11da-9ba1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7dcaf3da-c715-11dd-9d8d-0014a5a3e378}\Shell\AutoRun\command - "" = F:\JDSecure\Windows\JDSecure31.exe -- File not found
O33 - MountPoints2\{c16d938b-fc50-11dd-9d97-0014a5a3e378}\Shell - "" = AutoRun
O33 - MountPoints2\{c16d938b-fc50-11dd-9d97-0014a5a3e378}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c16d938b-fc50-11dd-9d97-0014a5a3e378}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/15 00:25:53 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
[2009/12/14 02:02:52 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/12/14 02:02:52 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/12/14 02:02:52 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/12/14 02:02:27 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/12/14 02:01:19 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/12/14 02:01:17 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/12/14 02:00:04 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/12/14 01:59:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/14 01:59:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/12/14 01:59:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/12/14 01:59:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Application Data\PC Tools
[2009/12/14 01:56:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/14 01:54:28 | 34,355,312 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Sean\Desktop\7.0.0.514c-sdrevenue-setup.exe
[2009/12/14 01:25:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Application Data\Malwarebytes
[2009/12/12 20:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/11 17:00:43 | 11,748,680 | ---- | C] (ParetoLogic ) -- C:\Documents and Settings\Sean\Desktop\Pareto_AV_Setup_RW.exe
[2009/12/11 16:52:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/11 16:52:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/11 16:52:22 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/11 16:52:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/11 16:51:31 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sean\Desktop\mbam-setup.exe
[2009/12/10 07:12:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/12/10 06:43:02 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Sean\Favorites
[2009/12/10 05:09:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/12/09 19:51:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/09 18:41:20 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2009/12/09 18:41:20 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regsvr32.exe
[2009/12/09 18:40:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Local Settings\Application Data\mwqkmi
[2009/12/09 18:37:28 | 00,032,768 | ---- | C] (USA) -- C:\WINDOWS\System32\msgygnsb.dll
[2009/12/09 18:34:58 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\dcgwhpoh.exe
[2009/12/02 13:18:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Desktop\steve mcqueen
[2009/01/23 19:16:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/10 15:11:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Netscape
[2008/07/31 17:21:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/07/14 15:16:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2008/07/14 15:16:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2008/07/14 15:15:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Symantec
[2008/07/14 15:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2008/05/14 19:34:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/14 19:34:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/04 17:43:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Webroot
[2008/05/04 15:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2008/05/04 00:24:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2008/05/03 13:36:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008/05/03 13:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/05/03 13:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/05/03 13:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2005/09/24 01:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[1998/12/08 20:53:54 | 00,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 20:53:54 | 00,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 20:53:54 | 00,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 20:53:54 | 00,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 20:53:54 | 00,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 20:53:54 | 00,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\Documents and Settings\Sean\My Documents\*.tmp files -> C:\Documents and Settings\Sean\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/15 00:24:10 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
[2009/12/15 00:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\zngxmhgj.job
[2009/12/14 23:41:27 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\nam paper rewrite.doc
[2009/12/14 23:32:11 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\Microsoft Word.lnk
[2009/12/14 23:11:51 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/14 23:09:50 | 00,000,011 | ---- | M] () -- C:\WINDOWS\System32\worker.info
[2009/12/14 23:09:50 | 00,000,011 | ---- | M] () -- C:\WINDOWS\System32\thread.xml
[2009/12/14 22:36:23 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\Vietnam paper.doc
[2009/12/14 21:13:29 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Sean\My Documents\~$etnam paper.doc
[2009/12/14 20:53:28 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9B593201-44F3-4C6C-9EDA-99F952A528CC}.job
[2009/12/14 20:51:45 | 00,002,439 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\HiJackThis.lnk
[2009/12/14 20:50:51 | 00,001,392 | -HS- | M] () -- C:\hpqp.ini
[2009/12/14 18:22:34 | 00,001,893 | ---- | M] () -- C:\Documents and Settings\Sean\Start Menu\Programs\Startup\VZAccess Manager.lnk
[2009/12/14 15:24:59 | 00,019,725 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\screen 2 rewrites.celtx
[2009/12/14 14:35:56 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/14 14:35:13 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/12/14 14:34:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/14 14:34:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/14 14:34:16 | 53,502,3616 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/14 14:25:44 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/14 13:03:07 | 08,388,608 | -H-- | M] () -- C:\Documents and Settings\Sean\NTUSER.DAT
[2009/12/14 13:03:07 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Sean\ntuser.ini
[2009/12/14 13:01:33 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\Sean Conno1.doc
[2009/12/14 13:01:07 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\screen 2 journal.doc
[2009/12/14 12:31:20 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\screen 2 scene by scene rewrite.doc
[2009/12/14 12:28:22 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\screen 2 road warrior essay final.doc
[2009/12/14 11:49:02 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\pd road warrior..doc
[2009/12/14 02:36:39 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\hovatiba
[2009/12/14 02:00:39 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/12/14 01:52:06 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\ComboFix.exe
[2009/12/14 01:46:04 | 34,355,312 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Sean\Desktop\7.0.0.514c-sdrevenue-setup.exe
[2009/12/14 01:34:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/14 01:23:48 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sean\Desktop\mbam-setup.exe
[2009/12/13 19:47:08 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\rorabetu.dll
[2009/12/13 19:47:08 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\bunahotu.dll
[2009/12/13 19:47:07 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\hogayigi.dll
[2009/12/13 19:41:16 | 00,092,672 | ---- | M] () -- C:\WINDOWS\System32\lusanuwo.dll
[2009/12/13 19:40:54 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\vinomisu.dll
[2009/12/13 19:40:18 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\moriyava.dll
[2009/12/11 16:59:10 | 11,748,680 | ---- | M] (ParetoLogic ) -- C:\Documents and Settings\Sean\Desktop\Pareto_AV_Setup_RW.exe
[2009/12/11 16:40:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/11 14:55:55 | 00,001,689 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\Symantec AntiVirus.lnk
[2009/12/10 16:07:05 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/10 06:44:06 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\nesilifo.dll
[2009/12/10 06:43:35 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kahitepi.exe
[2009/12/10 06:43:35 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\felozomi.exe
[2009/12/10 06:43:27 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\rozomihi.dll
[2009/12/10 06:43:27 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\hulifofa.dll
[2009/12/10 06:43:06 | 00,000,369 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2009/12/10 06:43:06 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2009/12/09 18:49:01 | 00,002,960 | ---- | M] () -- C:\WINDOWS\System32\t1p0_895047285061.b1k
[2009/12/09 18:37:28 | 00,032,768 | ---- | M] (USA) -- C:\WINDOWS\System32\msgygnsb.dll
[2009/12/09 18:35:23 | 00,156,672 | ---- | M] (Microsoft Corporation) -- C:\dcgwhpoh.exe
[2009/12/09 17:04:49 | 00,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 17:04:49 | 00,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 17:04:48 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 14:39:52 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\urban geo, shanghai.doc
[2009/12/09 14:39:48 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\screen 2 road warrior essay.doc
[2009/12/09 14:04:11 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Sean\My Documents\~$sthetics road warrior paper.doc
[2009/12/09 13:02:04 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/09 12:57:37 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\Connor Review
[2009/12/05 13:55:28 | 00,052,736 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\idea 1.doc
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 14:54:11 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\films of 60's Steve Mcqueen.doc
[2009/12/03 11:52:41 | 00,603,648 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\Steve McQueen 60's film.ppt
[2009/12/02 11:35:46 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\urban geo philly paper.doc
[2009/11/28 20:10:10 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/23 20:35:28 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\screen 2 q's.doc
[2009/11/18 14:53:38 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\screen 2 into if needed.doc
[2009/11/17 00:14:00 | 00,038,811 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\screen 2.celtx
[2009/11/16 14:29:58 | 00,085,747 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\Off Balance.pdf
[2009/11/16 14:29:28 | 00,085,747 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\Off Balance.pdf
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\Documents and Settings\Sean\My Documents\*.tmp files -> C:\Documents and Settings\Sean\My Documents\*.tmp -> ]

Jinchu
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-11
OS OS : XP
Points Points : 25693
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Jinchu on Tue Dec 15, 2009 1:54 am

========== Files Created - No Company Name ==========

[2009/12/14 23:41:01 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\nam paper rewrite.doc
[2009/12/14 21:13:29 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Sean\My Documents\~$etnam paper.doc
[2009/12/14 13:01:30 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\Sean Conno1.doc
[2009/12/14 12:10:17 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\screen 2 road warrior essay final.doc
[2009/12/14 08:49:39 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\screen 2 journal.doc
[2009/12/14 02:02:53 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/12/14 02:02:52 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/12/14 02:02:52 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/12/14 02:02:52 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/12/14 02:02:52 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/12/14 02:02:30 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/12/14 02:01:19 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/12/14 02:01:19 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/12/14 02:00:39 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/12/14 02:00:04 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/12/14 01:54:22 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\ComboFix.exe
[2009/12/13 19:56:15 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\zngxmhgj.job
[2009/12/13 19:47:08 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\rorabetu.dll
[2009/12/13 19:47:08 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\bunahotu.dll
[2009/12/13 19:47:07 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\hogayigi.dll
[2009/12/13 19:41:16 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\lusanuwo.dll
[2009/12/13 19:40:54 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\vinomisu.dll
[2009/12/13 19:40:18 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\moriyava.dll
[2009/12/13 19:19:37 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\worker.info
[2009/12/13 19:19:37 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\thread.xml
[2009/12/12 20:58:46 | 00,002,439 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\HiJackThis.lnk
[2009/12/11 16:52:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/11 14:55:55 | 00,001,689 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\Symantec AntiVirus.lnk
[2009/12/10 16:07:05 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/12/10 16:06:56 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/12/10 06:44:06 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\nesilifo.dll
[2009/12/10 06:43:35 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\kahitepi.exe
[2009/12/10 06:43:35 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\felozomi.exe
[2009/12/10 06:43:27 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\rozomihi.dll
[2009/12/10 06:43:27 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\hulifofa.dll
[2009/12/10 06:43:06 | 00,000,369 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2009/12/10 06:43:06 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2009/12/09 18:49:01 | 00,002,960 | ---- | C] () -- C:\WINDOWS\System32\t1p0_895047285061.b1k
[2009/12/09 14:04:11 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Sean\My Documents\~$sthetics road warrior paper.doc
[2009/12/09 13:48:24 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\screen 2 road warrior essay.doc
[2009/12/09 13:33:31 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\urban geo, shanghai.doc
[2009/12/09 12:57:35 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\Connor Review
[2009/12/07 13:06:11 | 00,019,725 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\screen 2 rewrites.celtx
[2009/12/06 21:25:37 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\screen 2 scene by scene rewrite.doc
[2009/12/02 13:17:15 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\films of 60's Steve Mcqueen.doc
[2009/12/02 13:13:37 | 00,603,648 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\Steve McQueen 60's film.ppt
[2009/12/01 20:45:11 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\urban geo philly paper.doc
[2009/11/30 20:20:08 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\Vietnam paper.doc
[2009/11/22 17:36:42 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\screen 2 q's.doc
[2009/11/18 14:53:38 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\screen 2 into if needed.doc
[2009/11/16 14:29:52 | 00,085,747 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\Off Balance.pdf
[2009/11/16 14:29:22 | 00,085,747 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\Off Balance.pdf
[2009/09/13 19:47:01 | 00,029,696 | -HS- | C] () -- C:\WINDOWS\System32\nelezuga.dll
[2009/09/13 19:47:00 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\rutasaka.dll
[2009/09/09 18:43:24 | 00,003,044 | -HS- | C] () -- C:\WINDOWS\System32\womojozo.dll
[2009/09/09 18:43:22 | 00,003,044 | -HS- | C] () -- C:\WINDOWS\System32\wukohiwe.dll
[2009/09/09 18:43:21 | 00,003,044 | -HS- | C] () -- C:\WINDOWS\System32\bivegedu.dll
[2009/03/06 17:05:17 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Sean\Application Data\wklnhst.dat
[2009/03/04 14:10:09 | 00,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/03/04 14:10:05 | 00,000,351 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/02/25 15:21:16 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2009/02/25 15:19:40 | 00,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2008/12/10 17:41:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2008/09/02 09:38:53 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/19 13:16:35 | 00,003,384 | -HS- | C] () -- C:\WINDOWS\System32\ytgrsoic.ini
[2008/06/11 17:00:25 | 03,812,369 | -HS- | C] () -- C:\WINDOWS\System32\idijhbun.ini
[2008/06/06 00:09:12 | 02,910,231 | -HS- | C] () -- C:\WINDOWS\System32\afwvwuoo.ini
[2008/05/30 00:22:10 | 02,218,886 | -HS- | C] () -- C:\WINDOWS\System32\coqdesqi.ini
[2008/05/29 14:00:21 | 01,537,684 | -HS- | C] () -- C:\WINDOWS\System32\fvcuugnh.ini
[2008/05/25 13:35:20 | 00,003,917 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/05/25 13:34:45 | 01,420,087 | -HS- | C] () -- C:\WINDOWS\System32\dtdhejqk.ini
[2008/05/24 12:14:07 | 00,711,628 | -HS- | C] () -- C:\WINDOWS\System32\HhOYyyay.ini2
[2008/05/24 12:14:06 | 00,711,628 | -HS- | C] () -- C:\WINDOWS\System32\HhOYyyay.ini
[2008/05/04 17:19:31 | 00,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/05/04 15:41:04 | 00,026,424 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2008/05/03 14:14:17 | 00,026,880 | ---- | C] () -- C:\WINDOWS\voiceip.dll
[2008/05/03 14:14:17 | 00,018,688 | ---- | C] () -- C:\WINDOWS\swin32.dll
[2008/05/03 14:14:17 | 00,015,360 | ---- | C] () -- C:\WINDOWS\cdsm32.dll
[2008/05/03 14:14:15 | 00,019,712 | ---- | C] () -- C:\WINDOWS\mspphe.dll
[2008/05/03 14:14:10 | 00,026,368 | ---- | C] () -- C:\WINDOWS\didduid.ini
[2008/05/03 14:14:10 | 00,018,432 | ---- | C] () -- C:\WINDOWS\saiemod.dll
[2008/05/03 14:14:09 | 00,019,968 | ---- | C] () -- C:\WINDOWS\msa64chk.dll
[2008/05/03 14:14:09 | 00,016,896 | ---- | C] () -- C:\WINDOWS\shdocpl.dll
[2008/05/03 14:14:09 | 00,015,360 | ---- | C] () -- C:\WINDOWS\msapasrc.dll
[2008/05/03 14:14:08 | 00,021,504 | ---- | C] () -- C:\WINDOWS\shdocpe.dll
[2008/05/03 14:14:07 | 00,031,744 | ---- | C] () -- C:\WINDOWS\audiosrv32.dll
[2008/05/03 14:14:07 | 00,030,208 | ---- | C] () -- C:\WINDOWS\winsb.dll
[2008/05/03 14:14:07 | 00,017,152 | ---- | C] () -- C:\WINDOWS\avisynthex32.dll
[2008/05/03 14:14:07 | 00,016,896 | ---- | C] () -- C:\WINDOWS\autodisc32.dll
[2008/05/03 14:14:07 | 00,013,568 | ---- | C] () -- C:\WINDOWS\aviwrap32.dll
[2008/05/03 14:14:07 | 00,011,264 | ---- | C] () -- C:\WINDOWS\avifile32.dll
[2008/05/03 14:14:07 | 00,008,704 | ---- | C] () -- C:\WINDOWS\browserad.dll
[2008/05/03 14:14:06 | 00,024,320 | ---- | C] () -- C:\WINDOWS\ati2dvag32.dll
[2008/05/03 14:14:06 | 00,017,152 | ---- | C] () -- C:\WINDOWS\athprxy32.dll
[2008/05/03 14:14:06 | 00,016,640 | ---- | C] () -- C:\WINDOWS\asycfilt32.dll
[2008/05/03 14:14:06 | 00,016,384 | ---- | C] () -- C:\WINDOWS\ati2dvaa32.dll
[2008/05/03 14:14:05 | 00,016,128 | ---- | C] () -- C:\WINDOWS\asferror32.dll
[2008/05/03 14:14:05 | 00,011,008 | ---- | C] () -- C:\WINDOWS\changeurl_30.dll
[2008/05/03 13:42:03 | 01,042,209 | -HS- | C] () -- C:\WINDOWS\System32\QXxFffii.ini2
[2008/05/03 13:42:02 | 01,042,209 | -HS- | C] () -- C:\WINDOWS\System32\QXxFffii.ini
[2007/12/06 01:23:17 | 00,160,188 | ---- | C] () -- C:\Program Files\cs_pacman.bsp
[2007/01/30 16:54:39 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/15 14:44:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/08/24 02:23:02 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/24 02:23:02 | 00,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/08/24 02:22:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/06/27 17:15:36 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/01 18:33:22 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Sean\Local Settings\Application Data\fusioncache.dat
[2006/04/12 04:03:42 | 00,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/12 03:59:55 | 00,000,748 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/12 03:40:13 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/12 03:26:04 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/12 03:19:13 | 00,001,979 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/02 04:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 07:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 07:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/04 02:00:00 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\winsts.sys
[2004/01/13 13:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[1999/01/22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Unicode (All) ==========
[2009/12/14 12:09:05 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\My Documents\?ecurity) -- C:\Documents and Settings\Sean\My Documents\ѕecurity
[2009/09/30 11:20:54 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
[2009/09/30 11:20:54 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
[2008/10/24 20:17:58 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\ΑppPatch
[2008/10/24 20:17:58 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\ΑppPatch
[2008/10/15 16:18:31 | 00,000,000 | ---D | C](C:\Documents and Settings\Sean\My Documents\?ecurity) -- C:\Documents and Settings\Sean\My Documents\ѕecurity
[2008/10/14 02:11:49 | 00,000,000 | ---D | M](C:\WINDOWS\System32\T?sks) -- C:\WINDOWS\System32\Tаsks
[2008/10/14 02:11:49 | 00,000,000 | ---D | C](C:\WINDOWS\System32\T?sks) -- C:\WINDOWS\System32\Tаsks
[2008/09/01 18:06:01 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\??mbols) -- C:\Documents and Settings\Sean\Application Data\ѕуmbols
[2008/09/01 18:06:01 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\??mbols) -- C:\Documents and Settings\Sean\Application Data\ѕуmbols
[2008/07/20 00:01:32 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
[2008/07/20 00:01:32 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
[2008/07/18 21:56:29 | 00,000,000 | ---D | M](C:\Program Files\??sks) -- C:\Program Files\Таsks
[2008/07/18 21:56:29 | 00,000,000 | ---D | M](C:\Program Files\??sks) -- C:\Program Files\Таsks
[2008/07/10 23:10:06 | 00,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fοnts
[2008/07/10 23:10:06 | 00,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fοnts
[2008/07/10 15:40:19 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\?ymantec) -- C:\Documents and Settings\Sean\Application Data\Ѕymantec
[2008/07/10 15:40:19 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\?ymantec) -- C:\Documents and Settings\Sean\Application Data\Ѕymantec
[2008/06/26 16:23:47 | 00,000,000 | ---D | M](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
[2008/06/20 01:08:34 | 00,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Аdobe
[2008/06/20 01:08:34 | 00,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Аdobe
[2008/06/17 12:58:05 | 00,000,000 | ---D | M](C:\WINDOWS\s?stem32) -- C:\WINDOWS\sуstem32
[2008/06/17 12:58:05 | 00,000,000 | ---D | C](C:\WINDOWS\s?stem32) -- C:\WINDOWS\sуstem32
[2008/06/15 13:30:23 | 00,000,000 | ---D | M](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fοnts
[2008/06/15 13:30:23 | 00,000,000 | ---D | C](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fοnts
[2008/06/12 20:50:16 | 00,000,000 | ---D | M](C:\WINDOWS\??crosoft.NET) -- C:\WINDOWS\Μіcrosoft.NET
[2008/06/12 20:50:16 | 00,000,000 | ---D | C](C:\WINDOWS\??crosoft.NET) -- C:\WINDOWS\Μіcrosoft.NET
[2008/06/11 17:04:39 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2008/06/11 17:04:39 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2008/06/06 00:24:57 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\??sks) -- C:\Documents and Settings\Sean\Application Data\Таsks
[2008/06/06 00:24:57 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\??sks) -- C:\Documents and Settings\Sean\Application Data\Таsks
[2008/06/03 18:08:09 | 00,000,000 | ---D | C](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
[2008/05/04 02:38:45 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\??pPatch) -- C:\Documents and Settings\Sean\Application Data\ΑрpPatch
[2008/05/04 02:38:45 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\??pPatch) -- C:\Documents and Settings\Sean\Application Data\ΑрpPatch
[2007/10/14 16:12:58 | 00,000,000 | ---D | M](C:\WINDOWS\??stem) -- C:\WINDOWS\ѕуstem
[2007/10/14 16:12:51 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
[2007/10/14 16:12:51 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
[2007/10/07 17:31:04 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\My Documents\?ystem32) -- C:\Documents and Settings\Sean\My Documents\ѕystem32
[2007/10/03 15:46:58 | 00,000,000 | ---D | M](C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
[2007/10/03 15:46:58 | 00,000,000 | ---D | M](C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
[2007/10/01 00:08:54 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\s?stem) -- C:\Documents and Settings\Sean\Application Data\sуstem
[2007/10/01 00:08:54 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\s?stem) -- C:\Documents and Settings\Sean\Application Data\sуstem
[2007/09/29 15:32:52 | 00,000,000 | ---D | C](C:\WINDOWS\??stem) -- C:\WINDOWS\ѕуstem
[2007/09/24 19:20:35 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\?ystem32) -- C:\Documents and Settings\Sean\Application Data\ѕystem32
[2007/09/24 19:20:35 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\?ystem32) -- C:\Documents and Settings\Sean\Application Data\ѕystem32
[2007/09/06 00:31:52 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\?ymbols) -- C:\Documents and Settings\Sean\Application Data\ѕymbols
[2007/09/06 00:31:52 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\Application Data\?ymbols) -- C:\Documents and Settings\Sean\Application Data\ѕymbols
[2007/09/02 03:17:30 | 00,000,000 | ---D | C](C:\Documents and Settings\Sean\My Documents\?ystem32) -- C:\Documents and Settings\Sean\My Documents\ѕystem32
[2007/08/27 17:16:05 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?asks) -- C:\Program Files\Common Files\Τasks
[2007/08/27 17:16:05 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?asks) -- C:\Program Files\Common Files\Τasks
[2007/08/15 14:53:22 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\My Documents\M?crosoft) -- C:\Documents and Settings\Sean\My Documents\Mіcrosoft
[2007/08/15 14:53:22 | 00,000,000 | ---D | C](C:\Documents and Settings\Sean\My Documents\M?crosoft) -- C:\Documents and Settings\Sean\My Documents\Mіcrosoft
[2007/08/03 12:53:52 | 00,000,000 | ---D | M](C:\Documents and Settings\Sean\My Documents\??curity) -- C:\Documents and Settings\Sean\My Documents\ѕеcurity
[2007/08/03 12:53:52 | 00,000,000 | ---D | C](C:\Documents and Settings\Sean\My Documents\??curity) -- C:\Documents and Settings\Sean\My Documents\ѕеcurity
[2007/06/21 11:06:18 | 00,000,000 | ---D | M](C:\Program Files\M?crosoft) -- C:\Program Files\Mіcrosoft
[2007/06/21 11:06:18 | 00,000,000 | ---D | M](C:\Program Files\M?crosoft) -- C:\Program Files\Mіcrosoft
(C:\Program Files\M?crosoft) -- C:\Program Files\Mіcrosoft
(C:\Program Files\F?nts) -- C:\Program Files\Fοnts
(C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
(C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\ΑppPatch
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
(C:\Program Files\Common Files\?asks) -- C:\Program Files\Common Files\Τasks
(C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
(C:\Program Files\?dobe) -- C:\Program Files\Аdobe
(C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
(C:\Program Files\??sks) -- C:\Program Files\Таsks
(C:\Documents and Settings\Sean\Application Data\s?stem) -- C:\Documents and Settings\Sean\Application Data\sуstem
(C:\Documents and Settings\Sean\Application Data\?ystem32) -- C:\Documents and Settings\Sean\Application Data\ѕystem32
(C:\Documents and Settings\Sean\Application Data\?ymbols) -- C:\Documents and Settings\Sean\Application Data\ѕymbols
(C:\Documents and Settings\Sean\Application Data\?ymantec) -- C:\Documents and Settings\Sean\Application Data\Ѕymantec
(C:\Documents and Settings\Sean\Application Data\??sks) -- C:\Documents and Settings\Sean\Application Data\Таsks
(C:\Documents and Settings\Sean\Application Data\??pPatch) -- C:\Documents and Settings\Sean\Application Data\ΑрpPatch
(C:\Documents and Settings\Sean\Application Data\??mbols) -- C:\Documents and Settings\Sean\Application Data\ѕуmbols

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Jinchu
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-11
OS OS : XP
Points Points : 25693
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Jinchu on Tue Dec 15, 2009 1:54 am

OTL Extras logfile created on: 12/15/2009 12:26:25 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Sean\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.17 Mb Total Physical Memory | 260.83 Mb Available Physical Memory | 51.13% Memory free
1.21 Gb Paging File | 0.39 Gb Available in Paging File | 32.55% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46.56 Gb Total Space | 10.97 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
Drive D: | 8.30 Gb Total Space | 1.31 Gb Free Space | 15.82% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEAN
Current User Name: Sean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\1154464176\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1154464176\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Common Files\AOL\1154464176\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1154464176\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\spcpb21\team fortress classic\hl.exe" = C:\Program Files\Steam\steamapps\spcpb21\team fortress classic\hl.exe:*:Disabled:Half-Life Launcher -- File not found
"C:\Program Files\Steam\steamapps\spcpb21\half-life\hl.exe" = C:\Program Files\Steam\steamapps\spcpb21\half-life\hl.exe:*:Disabled:Half-Life Launcher -- File not found
"C:\Program Files\Steam\steamapps\spcpb21\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\spcpb21\counter-strike\hl.exe:*:Disabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\steamapps\hey_sup_1212@msn.com\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\hey_sup_1212@msn.com\counter-strike\hl.exe:*:Disabled:Half-Life Launcher -- File not found
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Disabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:IEXPLORE -- (Microsoft Corporation)
"C:\Program Files\HP\HP Software Update\hpwuSchd2.exe" = C:\Program Files\HP\HP Software Update\hpwuSchd2.exe:*:Enabled:HPWuSchd2 -- (Hewlett-Packard Co.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3580211E-3BB7-42C0-ADC3-9A8C1EFFF2CB}" = ArcSoft Media Card Companion
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54266945-8A11-424D-B20F-4F747A714FBA}" = DV TS
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{6505DF6D-C5E3-4BCD-8F87-014F292B5116}" = VZAccess Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{93F599DF-519B-4706-A3F1-9530DF2590B4}" = ArcSoft PhotoImpression 5
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B1B3A995-2FA8-46F1-9C3F-B3913CD0C3D4}" = iPodRip
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 G1
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
"{E5BD1F9C-8BBA-410E-837D-94D523269F8F}" = ArcSoft MediaConverter
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"384E0BF4-1E1F-45A6-B60E-42144A3F15CD" = Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
"5658FB14-16A4-4DAE-946B-1457BE31572E" = Boggle Supreme from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"6E377D95-DF37-4E67-B64B-68C314600BCB" = Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89" = FATE from Hewlett-Packard Laptops (remove only)
"7948472C-423F-4134-B68F-48D660A05D71" = Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Explorer" = AOL Explorer
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 2.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AskSBar Uninstall" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)
"B0769D17-E72A-4E87-A83F-1F7A3F080008" = Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
"C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"Celtx (0.9.9.5)" = Celtx (0.9.9.5)
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"hp photosmart 7700 series_Driver" = hp photosmart 7700 series
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"JDSecure" = JD Secure 3.1
"Lexmark 1200 Series" = Lexmark 1200 Series
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OINAnalytics" = OIN Analytics
"Spyware Doctor" = Spyware Doctor 7.0
"Steam" = Steam
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2009 8:50:06 PM | Computer Name = SEAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module curslib.dll, version 6.0.88.4, fault address 0x00003f91.

Error - 12/14/2009 8:50:32 PM | Computer Name = SEAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module curslib.dll, version 6.0.88.4, fault address 0x00003f91.

Error - 12/14/2009 11:59:44 PM | Computer Name = SEAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module curslib.dll, version 6.0.88.4, fault address 0x00003f91.

Error - 12/14/2009 11:59:51 PM | Computer Name = SEAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module , version 6.0.88.4, fault address 0x00003f91.

Error - 12/15/2009 1:07:46 AM | Computer Name = SEAN | Source = Application Error | ID = 1000
Description = Faulting application helpctr.exe, version 5.1.2600.2180, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 12/15/2009 1:24:00 AM | Computer Name = SEAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module curslib.dll, version 6.0.88.4, fault address 0x00003f91.

Error - 12/15/2009 1:24:01 AM | Computer Name = SEAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module curslib.dll, version 6.0.88.4, fault address 0x00003f91.

Error - 12/15/2009 1:32:06 AM | Computer Name = SEAN | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2009 1:32:06 AM | Computer Name = SEAN | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2009 2:25:27 AM | Computer Name = SEAN | Source = Application Error | ID = 1000
Description = Faulting application media card companion.exe, version 1.0.0.48, faulting
module media card companion.exe, version 1.0.0.48, fault address 0x0001a07b.

[ System Events ]
Error - 12/14/2009 5:17:30 AM | Computer Name = SEAN | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 12/14/2009 2:56:53 PM | Computer Name = SEAN | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000000D'
while processing the file 'BOOT.INI' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 12/14/2009 4:24:48 PM | Computer Name = SEAN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.109 for the Network Card with network
address 0014A5A3E378 has been denied by the DHCP server 192.168.240.5 (The DHCP
Server sent a DHCPNACK message).

Error - 12/14/2009 4:37:11 PM | Computer Name = SEAN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PC Tools Security Service
service to connect.

Error - 12/14/2009 4:37:11 PM | Computer Name = SEAN | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%1053

Error - 12/14/2009 4:37:11 PM | Computer Name = SEAN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine
service to connect.

Error - 12/14/2009 4:37:11 PM | Computer Name = SEAN | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053

Error - 12/14/2009 4:44:11 PM | Computer Name = SEAN | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/14/2009 5:25:47 PM | Computer Name = SEAN | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000000D'
while processing the file 'BOOT.INI' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 12/14/2009 7:54:34 PM | Computer Name = SEAN | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.216.186
on the Network Card with network address 0014A5A3E378.


< End of report >

Jinchu
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-11
OS OS : XP
Points Points : 25693
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Belahzur on Tue Dec 15, 2009 4:57 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 11
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 3
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [joyozukas] C:\WINDOWS\System32\lusanuwo.DLL ()
    O4 - HKLM..\Run: [narenh] C:\WINDOWS\System32\msgygnsb.DLL (USA)
    O20 - AppInit_DLLs: (c:\windows\system32\lusanuwo.dll) - C:\WINDOWS\system32\lusanuwo.dll ()
    O21 - SSODL: bofoyubib - {10e48a4a-c2a2-46d8-a95d-0260e09b08c8} - C:\WINDOWS\system32\lusanuwo.dll ()
    O22 - SharedTaskScheduler: {10e48a4a-c2a2-46d8-a95d-0260e09b08c8} - jugezatag - C:\WINDOWS\system32\lusanuwo.dll ()
    O28 - HKLM ShellExecuteHooks: {B1A64443-6FCA-41CE-8D51-5F8991257555} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {B3102264-D09D-4322-B625-503FBF18DD7E} - Reg Error: Key error. File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\yayyYOhH) - File not found

    :files
    C:\dcgwhpoh.exe
    C:\WINDOWS\System32\msgygnsb.dll
    C:\WINDOWS\tasks\zngxmhgj.job
    C:\WINDOWS\System32\rorabetu.dll
    C:\WINDOWS\System32\bunahotu.dll
    C:\WINDOWS\System32\hogayigi.dll
    C:\WINDOWS\System32\lusanuwo.dll
    C:\WINDOWS\System32\vinomisu.dll
    C:\WINDOWS\System32\moriyava.dll
    C:\WINDOWS\System32\nesilifo.dll
    C:\WINDOWS\System32\kahitepi.exe
    C:\WINDOWS\System32\felozomi.exe
    C:\WINDOWS\System32\rozomihi.dll
    C:\WINDOWS\System32\hulifofa.dll
    C:\WINDOWS\System32\uses32.dat
    C:\WINDOWS\System32\nelezuga.dll
    C:\WINDOWS\System32\rutasaka.dll
    C:\WINDOWS\System32\womojozo.dll
    C:\WINDOWS\System32\wukohiwe.dll
    C:\WINDOWS\System32\bivegedu.dll
    C:\WINDOWS\System32\ytgrsoic.ini
    C:\WINDOWS\System32\idijhbun.ini
    C:\WINDOWS\System32\afwvwuoo.ini
    C:\WINDOWS\System32\coqdesqi.ini
    C:\WINDOWS\System32\fvcuugnh.ini
    C:\WINDOWS\System32\dtdhejqk.ini
    C:\WINDOWS\System32\HhOYyyay.ini2
    C:\WINDOWS\System32\HhOYyyay.ini
    C:\WINDOWS\System32\QXxFffii.ini2
    C:\WINDOWS\System32\QXxFffii.ini

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=-
    "AppInit_DLLs"=""
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Jinchu on Thu Dec 17, 2009 11:35 pm

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\ deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\joyozukas deleted successfully.
C:\WINDOWS\system32\lusanuwo.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\narenh deleted successfully.
C:\WINDOWS\system32\msgygnsb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\lusanuwo.dll deleted successfully.
File C:\WINDOWS\system32\lusanuwo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\bofoyubib deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10e48a4a-c2a2-46d8-a95d-0260e09b08c8}\ deleted successfully.
File C:\WINDOWS\system32\lusanuwo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{10e48a4a-c2a2-46d8-a95d-0260e09b08c8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10e48a4a-c2a2-46d8-a95d-0260e09b08c8}\ deleted successfully.
File C:\WINDOWS\system32\lusanuwo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B1A64443-6FCA-41CE-8D51-5F8991257555} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1A64443-6FCA-41CE-8D51-5F8991257555}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B3102264-D09D-4322-B625-503FBF18DD7E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3102264-D09D-4322-B625-503FBF18DD7E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\yayyYOhH deleted successfully.
========== FILES ==========
C:\dcgwhpoh.exe moved successfully.
File\Folder C:\WINDOWS\System32\msgygnsb.dll not found.
C:\WINDOWS\tasks\zngxmhgj.job moved successfully.
C:\WINDOWS\System32\rorabetu.dll moved successfully.
C:\WINDOWS\System32\bunahotu.dll moved successfully.
C:\WINDOWS\System32\hogayigi.dll moved successfully.
File\Folder C:\WINDOWS\System32\lusanuwo.dll not found.
C:\WINDOWS\System32\vinomisu.dll moved successfully.
C:\WINDOWS\System32\moriyava.dll moved successfully.
C:\WINDOWS\System32\nesilifo.dll moved successfully.
C:\WINDOWS\System32\kahitepi.exe moved successfully.
C:\WINDOWS\System32\felozomi.exe moved successfully.
C:\WINDOWS\System32\rozomihi.dll moved successfully.
C:\WINDOWS\System32\hulifofa.dll moved successfully.
C:\WINDOWS\System32\uses32.dat moved successfully.
C:\WINDOWS\System32\nelezuga.dll moved successfully.
C:\WINDOWS\System32\rutasaka.dll moved successfully.
C:\WINDOWS\System32\womojozo.dll moved successfully.
C:\WINDOWS\System32\wukohiwe.dll moved successfully.
C:\WINDOWS\System32\bivegedu.dll moved successfully.
C:\WINDOWS\System32\ytgrsoic.ini moved successfully.
C:\WINDOWS\System32\idijhbun.ini moved successfully.
C:\WINDOWS\System32\afwvwuoo.ini moved successfully.
C:\WINDOWS\System32\coqdesqi.ini moved successfully.
C:\WINDOWS\System32\fvcuugnh.ini moved successfully.
C:\WINDOWS\System32\dtdhejqk.ini moved successfully.
C:\WINDOWS\System32\HhOYyyay.ini2 moved successfully.
C:\WINDOWS\System32\HhOYyyay.ini moved successfully.
C:\WINDOWS\System32\QXxFffii.ini2 moved successfully.
C:\WINDOWS\System32\QXxFffii.ini moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\АppPatch folder moved successfully.
C:\WINDOWS\Μіcrosoft.NET folder moved successfully.
C:\WINDOWS\ѕуstem folder moved successfully.
C:\WINDOWS\sуstem32 folder moved successfully.
C:\WINDOWS\System32\Fοnts folder moved successfully.
C:\WINDOWS\System32\Tаsks folder moved successfully.
C:\Program Files\Аdobe folder moved successfully.
C:\Program Files\Fοnts folder moved successfully.
C:\Program Files\Mіcrosoft folder moved successfully.
C:\Program Files\ѕуstem32 folder moved successfully.
C:\Program Files\Таsks folder moved successfully.
C:\Program Files\Common Files\Αdobe folder moved successfully.
C:\Program Files\Common Files\Аdobe\Аdobe folder moved successfully.
C:\Program Files\Common Files\Аdobe folder moved successfully.
C:\Program Files\Common Files\ΑppPatch folder moved successfully.
C:\Program Files\Common Files\Ѕymantec folder moved successfully.
C:\Program Files\Common Files\Ѕуmantec folder moved successfully.
C:\Program Files\Common Files\Τasks folder moved successfully.
C:\Documents and Settings\Sean\My Documents\Mіcrosoft folder moved successfully.
C:\Documents and Settings\Sean\My Documents\ѕecurity folder moved successfully.
C:\Documents and Settings\Sean\My Documents\ѕеcurity folder moved successfully.
C:\Documents and Settings\Sean\My Documents\ѕystem32 folder moved successfully.
C:\Documents and Settings\Sean\Application Data\ΑрpPatch folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Ѕymantec folder moved successfully.
C:\Documents and Settings\Sean\Application Data\ѕymbols folder moved successfully.
C:\Documents and Settings\Sean\Application Data\ѕуmbols folder moved successfully.
C:\Documents and Settings\Sean\Application Data\sуstem folder moved successfully.
C:\Documents and Settings\Sean\Application Data\ѕystem32 folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Таsks folder moved successfully.

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 24274788 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2401922 bytes

User: Sean
->Temp folder emptied: -1172948372 bytes
->Temporary Internet Files folder emptied: 29484120 bytes
->Java cache emptied: 9157049 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 137745 bytes
Windows Temp folder emptied: 91540322 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23948172 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 108295 bytes
RecycleBin emptied: 24862525 bytes

Total Files Cleaned = -922.20 mb


OTL by OldTimer - Version 3.1.17.0 log created on 12172009_170627

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\WTKF0V4J\Com_Mess;MN=93189867;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\WTKF0V4J\Main;MN=93204663;u=017432A8DD52070D;wm=o;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mre=1;nie=1;[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\R68FR90X\Com_Mess;MN=93189867;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\R68FR90X\Com_Mess;MN=93189867;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[2] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\R68FR90X\Com_Mess;MN=93189868;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\R68FR90X\Com_Mess;MN=93189870;u=017432A8DD52070D;wm=o;rm=1;af1=1;af4=1;am4=1;inc=7;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mre=1;nie=1;car[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9G72165\Com_Mess;MN=93189867;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9G72165\Com_Mess;MN=93189868;u=017432A8DD52070D;wm=o;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mre=1;ni[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9BCTK7U\Main;MN=93192002;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mr[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9BCTK7U\Main;MN=93227026;u=017432A8DD52070D;wm=o;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mre=1;nie=1;[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTI1GD6N\Com_Mess;MN=93189868;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTI1GD6N\Com_Mess;MN=93189870;u=017432A8DD52070D;wm=o;rm=1;af1=1;af4=1;am4=1;inc=7;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mre=1;nie=1;car[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTI1GD6N\Main;MN=93192002;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mr[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZ27ETY3\Com_Mess;MN=93189868;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZ27ETY3\Com_Mess;MN=93189870;u=017432A8DD52070D;wm=o;rm=1;af1=1;af4=1;am4=1;inc=7;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mre=1;nie=1;car[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZ27ETY3\Top;MN=93237071;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mre[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\8ZKRGZUR\Com_Mess;MN=93189867;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\8ZKRGZUR\Com_Mess;MN=93189867;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[2] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\8ZKRGZUR\Main;MN=93204663;u=017432A8DD52070D;wm=o;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;l33=1;l76=1;l20=1;l54=1;ch5=1;chn=2;dwe=1;wwm=1;l2=1;l12=1;l14=1;l22=1;l21=1;l[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\8ZKRGZUR\Top;MN=93237071;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mre[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\870FABUP\Com_Mess;MN=93189867;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\870FABUP\Com_Mess;MN=93189868;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\870FABUP\Main;MN=93227026;u=017432A8DD52070D;wm=o;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;l33=1;l76=1;l20=1;l54=1;ch5=1;chn=2;dwe=1;wwm=1;l2=1;l12=1;l14=1;l22=1;l21=1;l[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\83IXWNID\Com_Mess;MN=93189867;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\83IXWNID\Com_Mess;MN=93189868;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\83IXWNID\Main;MN=93192002;u=017432A8DD52070D;wm=o;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mre=1;nie=1;[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\83IXWNID\Main;MN=93192002;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mr[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\83IXWNID\Main;MN=93225964;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mr[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\83IXWNID\Top;MN=93237071;u=017432A8DD52070D;wm=o;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mre=1;nie=1;c[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\4RF720XP\click,AAAAACtYAwBWFQcAd4ICAAIACAAAAP8AAAACCwICAAMvgQMAcE4CAMfvAwAAAAAAAAAAAAAAAAAAAAAAAAAAAIFJCkcAAAAA,,file%3A%2F%2F%2Fc%3A%2Fdocuments+and+settings%2Fsean[2].html,;ord=1191856513 not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\4RF720XP\Com_Mess;MN=93189867;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\4RF720XP\Com_Mess;MN=93189867;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[2] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\4RF720XP\Com_Mess;MN=93189868;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\4RF720XP\Com_Mess;MN=93189868;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[2] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\4RF720XP\Main;MN=93225964;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mr[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\4RF720XP\nd%3Dhkazrj%2Cbdqtrkxbvfpv%26s%3D%26bg1%3D%26bg2%3D%26bg3%3D%26fid%3D%26sp%3D0%26cat%3D%26tvvid%3D%26tvch%3D%26tvcat%3D%26tvmcat%3D%26nwcat%3D%26nwvert%3D%26dwcat%3D,;ord=1191822680 not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\3J9NV1OK\Main;MN=93225964;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mr[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\3J9NV1OK\Top;MN=93237071;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mre[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\2TPANMLO\Com_Mess;MN=93189867;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=[1] not found!
File\Folder C:\Documents and Settings\Sean\Local Settings\Temp\Temporary Internet Files\Content.IE5\2TPANMLO\Main;MN=93204663;u=017432A8DD52070D;wm=o;rsi=10968;rm=1;af1=1;af4=1;am4=1;inc=7;r101=1;chl=2;mar=1;hme=2;ch5=1;chn=2;dwe=1;wwm=1;ccb=1;ccg=1;cct=1;ccu=1;aah=4;cby=1;mob=1;mr[1] not found!

Registry entries deleted on Reboot...

Jinchu
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-11
OS OS : XP
Points Points : 25693
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Belahzur on Fri Dec 18, 2009 6:02 am

Can you run MBAM now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Jinchu on Fri Dec 18, 2009 2:14 pm

I tried to uninstall and reinstall MBAM. When I tried to run it I got this:

The application failed to initialize properly (0x0000033). Click on OK to terminate the application.

I also still cannot get the internet to run. The computer is getting signal from the router, but I get:

Internet Explorer cannot display the webpage.

Jinchu
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-11
OS OS : XP
Points Points : 25693
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Belahzur on Fri Dec 18, 2009 2:16 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Can you get online now? Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Jinchu on Sat Dec 19, 2009 5:06 pm

The internet now works, THANKS! Are there any further steps at this point I should have him take?

Jinchu
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-11
OS OS : XP
Points Points : 25693
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Belahzur on Sat Dec 19, 2009 6:25 pm

Hello.

Please uninstall MBAM, then download and run this little program:
[You must be registered and logged in to see this link.]

Then re-install MBAM see if you can get it working now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

banker fox.A and win32/nuqel.E

Post by jjindesert on Mon Jan 18, 2010 12:52 pm

PLEASE HELP!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:08, on 1/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [dyktonmm] C:\Users\jjindesert\AppData\Local\nrfmvs\koljsysguard.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\The Print Shop 23\Remind.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98971e83cac90) (gupdate1c98971e83cac90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8941 bytes

jjindesert
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-01-17
OS OS : Windows Vista
Points Points : 25178
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a & win32/nuqel.e NO FIXES WORK

Post by Belahzur on Mon Jan 18, 2010 4:58 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKCU\..\Run: [dyktonmm] C:\Users\jjindesert\AppData\Local\nrfmvs\koljsysguard.exe



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum