BankerFox.A and Antivirus soft

View previous topic View next topic Go down

BankerFox.A and Antivirus soft

Post by maro on Sat Feb 20, 2010 8:20 pm

I have been following the instructions from other posts. I downloaded OTL.exe. Below are my log files. Where do I go from here? Please and thank you.

OTL logfile created on: 2/20/2010 3:12:46 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Owner.Meagan\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 406.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.52 Gb Total Space | 181.82 Gb Free Space | 79.56% Space Free | Partition Type: NTFS
Drive D: | 4.35 Gb Total Space | 1.37 Gb Free Space | 31.57% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MEAGAN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 15:02:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Meagan\Desktop\OTL.exe
PRC - [2010/02/17 17:59:58 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/17 17:59:56 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/17 17:00:44 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/02/17 17:00:42 | 001,611,368 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2010/02/17 17:00:42 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/02/15 18:37:08 | 001,069,728 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.2\THGuard.exe
PRC - [2010/02/01 18:50:23 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/01 18:50:11 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/01 18:50:01 | 000,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/02/01 18:49:59 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/11/30 20:38:10 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.Meagan\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/08/29 16:27:05 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/08/22 05:31:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/07 13:16:50 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2007/09/07 13:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/22 06:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/05/03 09:48:46 | 000,307,200 | ---- | M] (ta2027) -- C:\Program Files\Styler\Styler.exe
PRC - [2005/12/09 20:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/09/18 10:32:00 | 000,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004/08/10 14:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 15:02:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Meagan\Desktop\OTL.exe
MOD - [2008/04/13 19:12:08 | 000,158,208 | ---- | M] () -- C:\WINDOWS\esaxudipotafa.dll
MOD - [2008/04/13 19:11:56 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2006/05/02 04:10:50 | 000,053,248 | ---- | M] (ta2027) -- C:\Program Files\Styler\StylerHelper.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/17 17:59:56 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/17 17:00:44 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2010/02/01 18:49:59 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/08/29 16:27:05 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/09/07 13:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/22 06:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/09/18 10:32:00 | 000,131,139 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/02/17 21:01:04 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/01 18:51:09 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/07 14:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2009/09/27 17:34:07 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 13:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 19:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/12 15:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
DRV - [2005/09/26 17:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/09/18 10:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/07/29 19:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 19:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/17 11:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 11:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 11:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/12 00:46:00 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/10 19:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 19:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/08/10 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/10 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/10 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/10 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/10 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/10 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/10 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/10 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/03/17 14:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\4.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.4.6
FF - prefs.js..extensions.enabledItems: {861E52FC-C5E5-4FD2-961D-2977EEF90DCE}:1.9.1
FF - prefs.js..keyword.URL: "http://www.greatsearchnow.com/greatsearch.aspx?category=web&Toolbar_Id={941DCC48-164D-2CD2-C4C5-F8964E1F4E99}&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\4.bin [2010/02/18 22:57:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{861E52FC-C5E5-4FD2-961D-2977EEF90DCE}: C:\Documents and Settings\Owner.Meagan\Local Settings\Application Data\{861E52FC-C5E5-4FD2-961D-2977EEF90DCE} [2010/02/18 23:01:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/17 17:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 23:04:01 | 000,000,000 | ---D | M]

[2009/08/29 20:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Meagan\Application Data\Mozilla\Extensions
[2010/02/20 14:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Meagan\Application Data\Mozilla\Firefox\Profiles\hvni3dwv.default\extensions
[2009/10/31 16:33:17 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Owner.Meagan\Application Data\Mozilla\Firefox\Profiles\hvni3dwv.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/01/18 14:27:00 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\Owner.Meagan\Application Data\Mozilla\Firefox\Profiles\hvni3dwv.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010/01/18 14:27:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner.Meagan\Application Data\Mozilla\Firefox\Profiles\hvni3dwv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/08 16:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Meagan\Application Data\Mozilla\Firefox\Profiles\hvni3dwv.default\extensions\foxmarks@kei.com
[2010/01/28 23:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Meagan\Application Data\Mozilla\Firefox\Profiles\hvni3dwv.default\extensions\max@subfighter.com
[2009/08/30 01:12:29 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Owner.Meagan\Application Data\Mozilla\Firefox\Profiles\hvni3dwv.default\searchplugins\ask.xml
[2009/08/29 20:18:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogonStudio] C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Slomuzifuloruz] C:\windows\esaxudipotafa.DLL ()
O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.2\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Owner.Meagan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Mal Updater 2] C:\Program Files\Mal Updater 2\MalUpdater.exe File not found
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - Startup: C:\Documents and Settings\Owner.Meagan\Start Menu\Programs\Startup\Styler.lnk = C:\Documents and Settings\Owner.Meagan\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\windows\system32\logonuiX.exe) - C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.Meagan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.Meagan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fdd237aa-9523-11de-b503-00155848c0e8}\Shell\AutoRun\command - "" = K:\.\MigWiz\migsetup.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/20 15:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WTablet
[2010/02/20 15:02:08 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Meagan\Desktop\OTL.exe
[2010/02/20 14:27:37 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.Meagan\Desktop\mbam-setup(2).exe
[2010/02/19 00:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Meagan\Application Data\TrojanHunter
[2010/02/19 00:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.2
[2010/02/19 00:16:46 | 000,000,000 | ---D | C] -- C:\6e8bd7832afbc66c67e6eb3bfc6072
[2010/02/19 00:16:35 | 000,000,000 | ---D | C] -- C:\d04af9255ef20ed8ca
[2010/02/19 00:16:33 | 000,000,000 | ---D | C] -- C:\50004ce46409ce9bf9
[2010/02/19 00:16:29 | 000,000,000 | ---D | C] -- C:\967c5bee23f048d8a2c72d408953c7
[2010/02/19 00:16:19 | 000,000,000 | ---D | C] -- C:\2d14042d871e134b6e2e057ec2fc
[2010/02/19 00:16:16 | 000,000,000 | ---D | C] -- C:\bc79673e60b1a5ed6faaf90fe5
[2010/02/19 00:16:13 | 000,000,000 | ---D | C] -- C:\7896847f20d951c570
[2010/02/19 00:16:10 | 000,000,000 | ---D | C] -- C:\daea6f7858f2a4a10a6755
[2010/02/19 00:10:10 | 022,044,544 | ---- | C] (Mischel Internet Security ) -- C:\Documents and Settings\Owner.Meagan\Desktop\TrojanHunterSetup.exe
[2010/02/19 00:04:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/02/19 00:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/19 00:04:52 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/02/19 00:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/19 00:04:23 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.Meagan\Desktop\mbam-setup.exe
[2010/02/19 00:01:53 | 009,758,152 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner.Meagan\Desktop\windows-kb890830-v3.4.exe
[2010/02/19 00:00:16 | 010,037,704 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner.Meagan\Desktop\windows-kb890830-x64-v3.4.exe
[2010/02/18 23:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Meagan\Local Settings\Application Data\{861E52FC-C5E5-4FD2-961D-2977EEF90DCE}
[2010/02/18 22:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Meagan\Local Settings\Application Data\pajtfj
[2010/02/17 21:01:04 | 000,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgrkx86.sys
[2010/02/17 20:59:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/17 20:59:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/17 20:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/17 17:55:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/17 17:51:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/17 17:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Meagan\Application Data\Uniblue
[2010/02/17 17:01:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/17 16:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/02/01 18:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/01 18:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/01 18:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/02/01 14:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Meagan\Local Settings\Application Data\PCHealth
[2010/01/29 00:17:53 | 000,028,672 | ---- | C] (FunWebProducts.com) -- C:\windows\System32\f3PSSavr.scr
[2010/01/29 00:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts
[2010/01/29 00:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\MyWebSearch
[2010/01/21 21:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Speedbit
[2010/01/21 21:32:54 | 000,172,032 | ---- | C] (Jin Hui E-mail: [You must be registered and logged in to see this link.] Web: [You must be registered and logged in to see this link.] -- C:\windows\System32\AniGIF.ocx
[2010/01/21 21:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Accelerator
[2010/01/21 21:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Downloader
[2009/11/08 17:06:44 | 000,323,584 | ---- | C] ( ) -- C:\windows\System32\LXDDhcp.dll
[2009/11/08 17:06:43 | 000,999,424 | ---- | C] ( ) -- C:\windows\System32\lxddusb1.dll
[2009/11/08 17:06:43 | 000,413,696 | ---- | C] ( ) -- C:\windows\System32\lxddinpa.dll
[2009/11/08 17:06:43 | 000,397,312 | ---- | C] ( ) -- C:\windows\System32\lxddiesc.dll
[2009/11/08 17:06:42 | 001,232,896 | ---- | C] ( ) -- C:\windows\System32\lxddserv.dll
[2009/11/08 17:06:42 | 000,163,840 | ---- | C] ( ) -- C:\windows\System32\lxddprox.dll
[2009/11/08 17:06:41 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\lxddpmui.dll
[2009/11/08 17:06:41 | 000,585,728 | ---- | C] ( ) -- C:\windows\System32\lxddlmpm.dll
[2009/11/08 17:06:41 | 000,094,208 | ---- | C] ( ) -- C:\windows\System32\lxddpplc.dll
[2009/11/08 17:06:40 | 000,700,416 | ---- | C] ( ) -- C:\windows\System32\lxddhbn3.dll
[2009/11/08 17:06:37 | 000,684,032 | ---- | C] ( ) -- C:\windows\System32\lxddcomc.dll
[2009/11/08 17:06:37 | 000,425,984 | ---- | C] ( ) -- C:\windows\System32\lxddcomm.dll
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/20 15:12:17 | 000,000,024 | ---- | M] () -- C:\windows\LogonStudio.ini
[2010/02/20 15:12:16 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\Owner.Meagan\Start Menu\Programs\Startup\Styler.lnk
[2010/02/20 15:12:15 | 000,030,277 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2010/02/20 15:10:38 | 000,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/02/20 15:08:01 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/02/20 15:07:58 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/02/20 15:07:57 | 938,004,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/20 15:06:16 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Owner.Meagan\NTUSER.DAT
[2010/02/20 15:06:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner.Meagan\ntuser.ini
[2010/02/20 15:02:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Meagan\Desktop\OTL.exe
[2010/02/20 14:43:02 | 000,000,992 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-535288826-2902857498-2776652753-1006UA.job
[2010/02/20 14:30:06 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/20 14:28:05 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.Meagan\Desktop\mbam-setup(2).exe
[2010/02/20 14:27:37 | 055,963,047 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010/02/20 14:19:58 | 000,000,000 | ---- | M] () -- C:\windows\Ehoruyutomobun.bin
[2010/02/20 14:19:28 | 000,001,170 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/02/19 00:22:50 | 000,059,392 | R--- | M] () -- C:\windows\System32\streamhlp.dll
[2010/02/19 00:22:50 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Owner.Meagan\Desktop\TrojanHunter.lnk
[2010/02/19 00:15:46 | 000,000,424 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Shortcut to My Documents.lnk
[2010/02/19 00:10:30 | 022,044,544 | ---- | M] (Mischel Internet Security ) -- C:\Documents and Settings\Owner.Meagan\Desktop\TrojanHunterSetup.exe
[2010/02/19 00:04:26 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.Meagan\Desktop\mbam-setup.exe
[2010/02/19 00:02:03 | 009,758,152 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner.Meagan\Desktop\windows-kb890830-v3.4.exe
[2010/02/19 00:00:25 | 010,037,704 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner.Meagan\Desktop\windows-kb890830-x64-v3.4.exe
[2010/02/18 23:21:06 | 000,008,224 | ---- | M] () -- C:\windows\System32\GDIPFONTCACHEV1.DAT
[2010/02/18 23:01:27 | 000,000,120 | ---- | M] () -- C:\windows\Hmepuqugar.dat
[2010/02/18 20:43:00 | 000,000,940 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-535288826-2902857498-2776652753-1006Core.job
[2010/02/17 21:01:28 | 000,142,495 | ---- | M] () -- C:\windows\System32\drivers\Avg\microavi.avg
[2010/02/17 21:01:04 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgrkx86.sys
[2010/02/17 18:40:22 | 000,000,258 | ---- | M] () -- C:\windows\tasks\Windows Update.job
[2010/02/17 18:01:06 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/02/17 17:18:36 | 000,000,628 | ---- | M] () -- C:\windows\win.ini
[2010/02/17 17:18:36 | 000,000,282 | ---- | M] () -- C:\windows\system.ini
[2010/02/16 19:22:43 | 000,000,260 | ---- | M] () -- C:\windows\tasks\Disk Cleanup.job
[2010/02/10 21:23:05 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Owner.Meagan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/10 00:33:30 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2010/02/09 07:41:25 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\lxdd
[2010/02/08 19:53:41 | 000,000,300 | ---- | M] () -- C:\windows\tasks\Ad-Aware.job
[2010/02/08 01:13:16 | 000,028,672 | ---- | M] (FunWebProducts.com) -- C:\windows\System32\f3PSSavr.scr
[2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/02/01 18:51:09 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2010/02/01 18:51:08 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2010/02/01 18:50:29 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2010/02/01 18:50:02 | 000,113,461 | ---- | M] () -- C:\windows\System32\drivers\Avg\iavichjw.avm
[2010/02/01 16:34:54 | 000,010,235 | ---- | M] () -- C:\Documents and Settings\Owner.Meagan\My Documents\University of Central Florida Essays.docx
[2010/01/31 21:53:37 | 000,071,776 | ---- | M] () -- C:\Documents and Settings\Owner.Meagan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/31 21:02:35 | 000,253,472 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/01/28 20:54:42 | 000,743,945 | ---- | M] () -- C:\Documents and Settings\Owner.Meagan\My Documents\Japanese Fashion.pptx
[2010/01/27 19:53:57 | 000,015,880 | ---- | M] () -- C:\windows\System32\lsdelete.exe
[2010/01/21 21:32:54 | 000,172,032 | ---- | M] (Jin Hui E-mail: [You must be registered and logged in to see this link.] Web: [You must be registered and logged in to see this link.] -- C:\windows\System32\AniGIF.ocx
[2010/01/21 17:10:16 | 000,054,156 | -H-- | M] () -- C:\windows\QTFont.qfn
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/19 00:22:50 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Owner.Meagan\Desktop\TrojanHunter.lnk
[2010/02/19 00:22:42 | 000,059,392 | R--- | C] () -- C:\windows\System32\streamhlp.dll
[2010/02/19 00:15:46 | 000,000,424 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Shortcut to My Documents.lnk
[2010/02/19 00:05:03 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/18 23:01:27 | 000,000,120 | ---- | C] () -- C:\windows\Hmepuqugar.dat
[2010/02/18 23:01:27 | 000,000,000 | ---- | C] () -- C:\windows\Ehoruyutomobun.bin
[2010/02/17 17:35:59 | 000,000,472 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/02/01 16:34:53 | 000,010,235 | ---- | C] () -- C:\Documents and Settings\Owner.Meagan\My Documents\University of Central Florida Essays.docx
[2010/01/28 20:02:55 | 000,743,945 | ---- | C] () -- C:\Documents and Settings\Owner.Meagan\My Documents\Japanese Fashion.pptx
[2010/01/02 20:11:18 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Owner.Meagan\Local Settings\Application Data\fusioncache.dat
[2009/11/08 17:13:21 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxddvs.dll
[2009/11/08 17:13:14 | 000,344,064 | ---- | C] () -- C:\windows\System32\lxddcoin.dll
[2009/11/08 17:11:46 | 000,692,224 | ---- | C] () -- C:\windows\System32\lxdddrs.dll
[2009/11/08 17:11:46 | 000,069,632 | ---- | C] () -- C:\windows\System32\lxddcnv4.dll
[2009/11/08 17:11:46 | 000,065,536 | ---- | C] () -- C:\windows\System32\lxddcaps.dll
[2009/11/08 17:11:07 | 000,045,056 | ---- | C] () -- C:\windows\System32\LXF3PMON.DLL
[2009/11/08 17:11:07 | 000,032,768 | ---- | C] () -- C:\windows\System32\LXF3FXPU.DLL
[2009/11/08 17:10:47 | 000,036,864 | ---- | C] () -- C:\windows\System32\lxf3oem.dll
[2009/11/08 17:10:47 | 000,012,288 | ---- | C] () -- C:\windows\System32\LXF3PMRC.DLL
[2009/11/08 17:08:10 | 000,000,044 | ---- | C] () -- C:\windows\System32\lxddrwrd.ini
[2009/11/08 17:06:44 | 000,286,720 | ---- | C] () -- C:\windows\System32\LXDDinst.dll
[2009/11/08 17:06:39 | 000,208,896 | ---- | C] () -- C:\windows\System32\lxddgrd.dll
[2009/09/17 15:00:30 | 000,000,024 | ---- | C] () -- C:\windows\LogonStudio.ini
[2009/09/17 14:59:54 | 000,187,392 | ---- | C] () -- C:\windows\System32\JPGUtils.dll
[2009/08/29 21:51:27 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Owner.Meagan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/29 17:57:44 | 000,000,002 | ---- | C] () -- C:\windows\msoffice.ini
[2009/08/29 16:27:23 | 000,023,552 | ---- | C] () -- C:\windows\System32\jesterss.dll
[2009/08/29 16:22:42 | 000,000,164 | ---- | C] () -- C:\windows\avrack.ini
[2009/08/29 16:22:34 | 000,156,672 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2009/08/29 16:16:07 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/08/29 14:50:21 | 000,158,208 | ---- | C] () -- C:\windows\esaxudipotafa.dll
[2006/06/20 15:41:55 | 001,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2006/06/20 15:41:54 | 001,662,976 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2006/06/20 15:41:53 | 000,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2006/06/20 15:41:52 | 000,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2006/06/20 15:41:51 | 001,466,368 | ---- | C] () -- C:\windows\System32\nview.dll
[2006/06/20 15:41:51 | 000,573,440 | ---- | C] () -- C:\windows\System32\nvhwvid.dll
[2006/06/20 15:41:49 | 000,046,080 | ---- | C] () -- C:\windows\System32\nvapi.dll
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2005/01/12 12:38:00 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2005/01/09 18:49:16 | 000,001,222 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2005/01/09 18:49:16 | 000,000,490 | ---- | C] () -- C:\windows\System32\emver.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
< End of report >

maro
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-02-20
OS OS : Windows XP
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Antivirus soft

Post by maro on Sat Feb 20, 2010 8:21 pm

OTL Extras logfile created on: 2/20/2010 3:12:46 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Owner.Meagan\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 406.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.52 Gb Total Space | 181.82 Gb Free Space | 79.56% Space Free | Partition Type: NTFS
Drive D: | 4.35 Gb Total Space | 1.37 Gb Free Space | 31.57% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MEAGAN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\app4r.exe:*:Enabled:Printing Application -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1251581055\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1251581055\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:2500 Series Server -- ( )
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Device Monitor Application -- ()
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"AIM_7" = AIM 7
"AVG9Uninstall" = AVG 9.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"gtw_logo" = gtw_logo
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Lexmark 2500 Series" = Lexmark 2500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWebSearch bar Uninstall" = My Web Search (Zwinky)
"nik Color Efex Pro 2.0 GE" = nik Color Efex Pro 2.0 GE
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Pen Tablet
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"QuickTime" = QuickTime
"Rainlendar2" = Rainlendar2 (remove only)
"RealPlayer 6.0" = RealPlayer Basic
"RocketDock_is1" = RocketDock 1.3.5
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"TrojanHunter_is1" = TrojanHunter 5.2
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yume Nikki 0.10 English v3" = Yume Nikki 0.10 English v3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/20/2009 4:48:33 PM | Computer Name = MEAGAN | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041f: InitEventCollector fail

Error - 10/26/2009 10:01:07 PM | Computer Name = MEAGAN | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 9.2 -- A process is running that cannot be shut
down by Setup. Please either close all applications and run Setup again, or restart
your computer and run Setup again.

Error - 11/18/2009 8:31:06 PM | Computer Name = MEAGAN | Source = Application Error | ID = 1000
Description = Faulting application avgwdsvc.exe, version 8.5.0.401, faulting module
avgsched.dll, version 8.5.0.401, fault address 0x0001beec.

Error - 11/20/2009 8:45:24 PM | Computer Name = MEAGAN | Source = Application Error | ID = 1000
Description = Faulting application mspaint.exe, version 5.1.2600.5512, faulting
module mfc42u.dll, version 6.2.8071.0, fault address 0x0000793e.

Error - 11/30/2009 9:47:47 PM | Computer Name = MEAGAN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: An internal certificate chaining error has occurred.

Error - 12/14/2009 8:03:31 PM | Computer Name = MEAGAN | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/19/2010 1:22:04 AM | Computer Name = MEAGAN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 2/19/2010 1:22:04 AM | Computer Name = MEAGAN | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 2/19/2010 1:23:31 AM | Computer Name = MEAGAN | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 2/20/2010 3:19:56 PM | Computer Name = MEAGAN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 2/20/2010 3:19:56 PM | Computer Name = MEAGAN | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 2/20/2010 3:21:21 PM | Computer Name = MEAGAN | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 2/20/2010 4:08:10 PM | Computer Name = MEAGAN | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'mhgesftav.exe' on the volume 'HarddiskVolume1'. It
has stopped monitoring the volume.

Error - 2/20/2010 4:08:24 PM | Computer Name = MEAGAN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 2/20/2010 4:08:24 PM | Computer Name = MEAGAN | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 2/20/2010 4:09:49 PM | Computer Name = MEAGAN | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.


< End of report >

maro
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-02-20
OS OS : Windows XP
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Antivirus soft

Post by Belahzur on Sat Feb 20, 2010 8:41 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\4.bin\MWSSRCAS.DLL (MyWebSearch.com)
    IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
    FF - prefs.js..browser.search.order.1: "Ask"
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL (MyWebSearch.com)
    O4 - HKLM..\Run: [Slomuzifuloruz] C:\windows\esaxudipotafa.DLL ()
    O33 - MountPoints2\{fdd237aa-9523-11de-b503-00155848c0e8}\Shell\AutoRun\command - "" = K:\.\MigWiz\migsetup.exe -- File not found
    O33 - MountPoints2\J\Shell - "" = AutoRun
    O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
    [2010/01/29 00:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts
    [2010/01/29 00:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\MyWebSearch
    [2010/02/20 14:19:58 | 000,000,000 | ---- | M] () -- C:\windows\Ehoruyutomobun.bin
    [2010/02/18 23:01:27 | 000,000,120 | ---- | M] () -- C:\windows\Hmepuqugar.dat


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A and Antivirus soft

Post by maro on Sat Feb 20, 2010 10:54 pm

Thank you very much. This fixed the problem.

maro
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-02-20
OS OS : Windows XP
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Antivirus soft

Post by Belahzur on Sat Feb 20, 2010 11:46 pm

I doubt it has, I saw another infection there, your searches should be hijacked.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum