Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

View previous topic View next topic Go down

Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 3:36 pm

It's bloacking the download (either by USB stick or internet) says "You have choosen to open OTL.exe which is a Binary File from: [You must be registered and logged in to see this link.] Would you like to save this file? If I choose Save File, it won't do anything.

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 4:04 pm

Hello.

Does this happen with every tool?

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 4:08 pm

I get the following, and then nothing after I click on OK

"HijackThis(2).msi" is an executable file. Executable files may contain viruses or other malicious code that could harm your computer. Use caution when opening this file. Are you sure you want to launch "HijackThis(2).msi"?

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 4:11 pm

I'm able to work in Firefox, however the IE Verision: 6.0.2900.5512.xpsp_sp3_gdr.091208-2036 and the rest of my computer are pretty much jack'd right now.

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 4:13 pm

Lets try IceSword instead.

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 4:17 pm

ok, that worked, now what?

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 4:17 pm

Hello.

  • Now, on the left hand side tool, hit the Process button at the top of the list.
  • Just above the list, there is a log button, press that and save the log to your Desktop.
  • Next, hit the Startup on the left side list.
  • Press the log button again.
  • Post the two logs in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 4:19 pm

Dam, can't figure out how to save the log to my Desktop.

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 4:20 pm

Might have it...found it

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 4:21 pm

Once you hit the LOG button, give the log a name and press Save.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 4:24 pm

ok, got the log saved to the desktop, however...
Clicked on Statup, and then log again and getting the following

The item 'NkMonitor.exe' that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly. Do you want to delete this shortcut?

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 4:27 pm

When I try to open the log files from the desktop...the malware closes them don before I can copy them

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 4:35 pm

Can you transfer the logs over to another machine via USB?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 4:40 pm

Process:

System Idle Process
System
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Local Settings\Application Data\hqnkai\symosftav.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\user\Desktop\IceSword122en\IceSword.exe
------------------------------------------------------------------------------------------------

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 4:40 pm

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ehTray
C:\WINDOWS\ehome\ehtray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IAAnotif
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SigmatelSysTrayApp
stsystra.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxtray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxhkcmd
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxpers
C:\WINDOWS\system32\igfxpers.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SMSERIAL
sm56hlpr.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IntelZeroConfig
"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IntelWireless
"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EOUApp
"C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AS00_WN511B
C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
vptray
C:\PROGRA~1\SYMANT~1\VPTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo R340 Series
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O18 "IP_192.168.1.106P2" /M "Stylus Photo R340"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TPP Auto Loader
C:\WINDOWS\tppaldr.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AppleSyncNotifier
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BlackBerryAutoUpdate
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BrMfcWnd
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ControlCenter3
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
googletalk
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LifeCam
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
VX3000
C:\WINDOWS\vVX3000.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
lodrqneq
C:\Documents and Settings\user\Local Settings\Application Data\hqnkai\symosftav.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
lodrqneq
C:\Documents and Settings\user\Local Settings\Application Data\hqnkai\symosftav.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Remark£ºBluetooth start-up shortcut)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Desktop Manager.lnk
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Printkey2000.lnk
C:\Program Files\PrintKey2000\Printkey2000.exe (Remark£º)

C:\Documents and Settings\user\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\user\Start Menu\Programs\Startup
Nikon Monitor.lnk
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Remark£º)

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 4:52 pm

let me know if this part takes you awhile...thx

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 5:01 pm

Hello.

  • Open IceSword again.
  • Go into the Process list again, and right click on the following filename:

    symosftav.exe

  • Select Terminate Process.
  • Does the process re-appear ot stay dead?

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 5:16 pm

Process is staying dead and the Malwarebytes' Anti-Malware Scan is running...will post MBAM log when it completes

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 5:19 pm

8 objects were found to be infected and have been selected for deletion. Will reboot now. Here is the log...

Malwarebytes' Anti-Malware 1.44
Database version: 3815
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/2/2010 12:17:41 PM
mbam-log-2010-03-02 (12-17-41).txt

Scan type: Quick Scan
Objects scanned: 141087
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lodrqneq (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lodrqneq (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\user\Local Settings\Temp\rbdhvy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 5:25 pm

Okay, try run OTL now, it should work.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 5:29 pm

Reboot complete...OTL scan running

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 5:32 pm

OTL complete....log below

OTL logfile created on: 3/2/2010 12:28:35 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 59.70 Gb Free Space | 53.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARTONE
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/02 12:27:58 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/07/24 15:05:26 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/02/25 17:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/05/20 14:26:36 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 14:13:52 | 001,085,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/01/31 17:27:04 | 000,118,784 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2007/11/18 07:55:38 | 000,118,784 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\TPPALDR.EXE
PRC - [2007/09/11 12:26:12 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/04/20 14:02:06 | 001,413,241 | ---- | M] ( ) -- C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe
PRC - [2006/02/09 03:30:00 | 000,085,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/02/09 03:29:54 | 000,169,200 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/02/09 03:29:52 | 001,764,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/02/09 03:29:44 | 000,020,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/01/11 12:22:16 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2005/12/28 15:00:56 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2005/12/28 14:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/12/28 14:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/28 14:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/28 14:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 14:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 14:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/12/27 12:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/12/21 12:33:40 | 000,177,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/12/21 12:33:30 | 000,186,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/12/21 12:33:28 | 000,048,800 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/10/19 20:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/10/12 15:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/10/12 15:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [1999/09/30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe


========== Modules (SafeList) ==========

MOD - [2010/03/02 12:27:58 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
MOD - [2007/09/11 12:24:00 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/02/25 17:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2006/02/09 03:29:54 | 000,169,200 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/02/09 03:29:52 | 001,764,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/02/09 03:29:44 | 000,020,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/12/28 14:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2005/12/28 14:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2005/12/28 14:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/12/21 12:33:40 | 000,177,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/12/21 12:33:38 | 000,083,616 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/12/21 12:33:30 | 000,186,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/10/19 20:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/10/12 15:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/31 00:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/02/04 04:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100228.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/04 04:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100228.005\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/27 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/24 15:05:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/01/09 16:18:02 | 000,027,136 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/09/08 22:58:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/18 07:55:38 | 000,036,096 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TPP200.SYS -- (TPP200) USB Storage Adapter V2 (TPP)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/11 23:01:44 | 000,879,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/08/30 01:02:20 | 000,539,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/08/27 00:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/06/28 23:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/31 00:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/29 03:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/03/22 21:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/12/12 02:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/03 00:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/04/13 01:48:12 | 000,542,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wn511b.sys -- (BCM43XX)
DRV - [2006/01/23 11:50:00 | 000,244,480 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/01/11 12:32:20 | 000,861,639 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/12/28 16:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/27 12:21:38 | 001,099,336 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/19 23:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 23:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/12/05 03:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/28 17:20:20 | 001,353,820 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/10/19 20:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/10/12 15:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
DRV - [2005/09/21 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/17 03:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/31 00:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/10/15 03:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/10 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/10 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/10 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/10 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/10 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/10 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/10 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/10 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/10 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/04/11 20:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2001/08/17 13:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/08/17 12:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/24 15:36:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/24 15:36:14 | 000,000,000 | ---D | M]

[2010/02/24 15:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/03/02 10:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\umtpz9zl.default\extensions
[2010/02/24 19:39:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\umtpz9zl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/24 15:36:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe ( )
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} [You must be registered and logged in to see this link.] (WebTrain.ctlWebTrain)
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} [You must be registered and logged in to see this link.] (SayaTV Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} [You must be registered and logged in to see this link.] (JNILoader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} [You must be registered and logged in to see this link.] (Shutterfly Picture Upload Plugin)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} [You must be registered and logged in to see this link.] (compid Class)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.3.1_02)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D79BD4AB-C8E1-48C7-9A86-DF163C340383} [You must be registered and logged in to see this link.] (JNILoader Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} [You must be registered and logged in to see this link.] (BoardCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{67caee42-d1cf-11dd-9477-00130287de50}\Shell - "" = AutoRun
O33 - MountPoints2\{67caee42-d1cf-11dd-9477-00130287de50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67caee42-d1cf-11dd-9477-00130287de50}\Shell\AutoRun\command - "" = F:\DPFMate.exe -- File not found
O33 - MountPoints2\{67caee46-d1cf-11dd-9477-00130287de50}\Shell - "" = AutoRun
O33 - MountPoints2\{67caee46-d1cf-11dd-9477-00130287de50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67caee46-d1cf-11dd-9477-00130287de50}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
O33 - MountPoints2\{a81c38d5-c367-11db-9378-444553544200}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/02 12:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/03/02 12:08:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/02 12:08:29 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/02 12:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/02 12:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/02 11:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\IceSword122en
[2010/03/02 09:32:09 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/03/02 09:32:09 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/03/02 09:32:09 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/03/02 09:32:09 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010/03/02 09:32:09 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/03/02 09:32:09 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010/03/02 09:32:09 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010/03/02 09:32:09 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/03/02 09:32:09 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/03/02 09:32:09 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/03/02 09:32:09 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/03/02 08:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\hqnkai
[2010/02/24 20:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\PC-FAX TX
[2010/02/24 15:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Mozilla
[2010/02/24 15:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Mozilla
[2010/02/24 15:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/24 03:00:23 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/02/23 10:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Downloads
[2010/02/23 09:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Temp
[2010/02/23 09:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Deployment
[2010/02/21 19:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/02/19 12:24:23 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/02/19 12:24:11 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/02/19 12:24:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/02/19 12:24:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/02/19 12:24:02 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/02/19 12:23:51 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/02/19 12:23:42 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/02/19 12:23:32 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/02/19 12:23:21 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/02/19 12:23:03 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/02/19 12:23:03 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/02/19 12:22:29 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/02/19 12:22:29 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/02/19 12:22:29 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/02/19 12:22:29 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/02/19 12:22:28 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/02/19 12:22:28 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/02/19 12:22:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/02/19 12:22:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/02/19 12:21:40 | 001,961,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VX3000.sys
[2010/02/19 12:21:40 | 000,762,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
[2010/02/19 12:21:40 | 000,676,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LCCoin30.dll
[2010/02/19 12:21:40 | 000,227,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.dll
[2010/02/19 12:21:40 | 000,175,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cVX3000.dll
[2010/02/19 12:21:40 | 000,101,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\VX3000.dll
[2010/02/19 12:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2010/02/19 12:19:45 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010/02/19 12:19:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/02/17 18:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2010/02/03 11:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\MetaGeek,_LLC
[2010/02/03 11:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek
[2010/02/02 09:12:05 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS
[2010/02/02 09:06:01 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/02/01 20:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\7 Habits of highly Effective People
[2010/02/01 17:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\How to Win Friends and Influence People
[2010/02/01 17:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\How to Stop Worrying
[2010/01/22 13:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/07/22 02:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/22 08:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/14 08:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/30 16:25:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/12/15 16:01:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/02 12:26:43 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/03/02 12:23:22 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/02 12:22:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/02 12:21:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/02 12:21:37 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/02 12:20:36 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/03/02 12:20:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/03/02 12:20:05 | 020,180,992 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2010/03/02 12:08:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/02 10:22:22 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to OTL.exe.lnk
[2010/02/27 19:52:57 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/27 09:35:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/24 20:56:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2010/02/24 20:55:54 | 000,000,153 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2010/02/24 15:36:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/02/24 15:36:19 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/22 10:53:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/21 19:24:09 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/19 12:21:47 | 000,001,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2010/02/19 08:31:40 | 000,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2010/02/19 08:29:50 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf08b.dat
[2010/02/17 18:40:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iPlayer.INI
[2010/02/17 18:38:21 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InterActual Player.lnk
[2010/02/17 16:51:58 | 000,000,076 | ---- | M] () -- C:\WINDOWS\Setup Wizard.INI
[2010/02/15 09:38:20 | 000,000,014 | R--- | M] () -- C:\WINDOWS\System32\winsys.ini
[2010/02/15 08:47:08 | 000,015,977 | ---- | M] () -- C:\logfile
[2010/02/10 03:07:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 20:50:54 | 002,123,825 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Spelling Bee.3GP
[2010/02/05 06:26:49 | 000,874,914 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Town of Camillus.pdf
[2010/02/02 10:11:27 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Netgear Dual Band Router Settings.doc
[2010/02/02 09:54:54 | 000,006,038 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Router_Setup.html
[2010/02/02 05:17:10 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/01 15:26:45 | 003,216,642 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Router firmware upgrade wnr834bv1_1_0_4_2_for_na.img
[2010/02/01 12:03:15 | 453,304,439 | ---- | M] () -- C:\Documents and Settings\user\Desktop\How To Win Friends And Influence People.zip
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/02 12:08:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/02 10:22:22 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to OTL.exe.lnk
[2010/03/02 09:32:09 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/03/02 09:32:09 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/03/02 09:32:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/02/24 15:36:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/24 15:36:19 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/21 19:24:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/20 08:56:46 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/19 12:21:47 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2010/02/19 12:21:40 | 000,524,144 | ---- | C] () -- C:\WINDOWS\System32\LcProxy.ax
[2010/02/19 12:21:40 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2010/02/19 12:21:40 | 000,013,023 | ---- | C] () -- C:\WINDOWS\VX3000.src
[2010/02/17 18:40:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/02/17 18:38:21 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InterActual Player.lnk
[2010/02/15 09:29:40 | 000,000,014 | R--- | C] () -- C:\WINDOWS\System32\winsys.ini
[2010/02/09 20:50:54 | 002,123,825 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Spelling Bee.3GP
[2010/02/05 06:26:49 | 000,874,914 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Town of Camillus.pdf
[2010/02/02 10:11:27 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Netgear Dual Band Router Settings.doc
[2010/02/02 09:54:55 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\user\Desktop\Router Login.url
[2010/02/02 09:54:53 | 000,006,038 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Router_Setup.html
[2010/02/01 15:26:44 | 003,216,642 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Router firmware upgrade wnr834bv1_1_0_4_2_for_na.img
[2010/02/01 12:02:54 | 453,304,439 | ---- | C] () -- C:\Documents and Settings\user\Desktop\How To Win Friends And Influence People.zip
[2009/11/09 08:50:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SupportPrinters
[2009/11/09 08:44:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Strings
[2009/11/08 18:37:36 | 000,000,820 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/11/08 18:37:36 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/11/08 18:37:13 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/11/08 18:37:12 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/11/08 18:35:54 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/11/08 18:35:52 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/11/04 17:28:54 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Setup Wizard.INI
[2008/11/04 12:06:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/11/04 07:36:47 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/08/03 17:15:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/08/02 14:06:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2008/08/02 14:06:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Sync Schema
[2008/08/02 14:04:39 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/08/02 14:04:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Super Strings
[2008/03/16 16:27:45 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/20 13:58:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2007/09/11 12:24:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/09/11 12:12:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/04/05 10:21:56 | 000,004,565 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/02 19:11:33 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/08 04:42:07 | 000,000,099 | ---- | C] () -- C:\WINDOWS\notesnsd.ini
[2007/02/05 15:06:15 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2007/01/30 14:15:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/01/20 17:58:41 | 000,080,624 | ---- | C] () -- C:\WINDOWS\System32\sh31w32.dll
[2007/01/20 17:58:39 | 000,004,470 | ---- | C] () -- C:\WINDOWS\Vsl.ini
[2006/12/31 23:05:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/11 12:22:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/01/11 12:22:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/01/11 12:22:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/01/11 12:22:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/01/11 12:22:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/01/11 12:22:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/01/11 12:22:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/01/11 12:22:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2006/01/11 12:22:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 13:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2005/01/12 12:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 18:49:16 | 000,000,461 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 18:49:16 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/24 01:20:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/01/14 11:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
< End of report >

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 5:38 pm

Hello.

Lets tidy this up now. First, please move OTL to your Desktop!, I see it running from here:

C:\Documents and Settings\user\My Documents\Downloads\OTL.exe

Next,

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O33 - MountPoints2\{67caee42-d1cf-11dd-9477-00130287de50}\Shell - "" = AutoRun
    O33 - MountPoints2\{67caee42-d1cf-11dd-9477-00130287de50}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{67caee42-d1cf-11dd-9477-00130287de50}\Shell\AutoRun\command - "" = F:\DPFMate.exe -- File not found
    O33 - MountPoints2\{67caee46-d1cf-11dd-9477-00130287de50}\Shell - "" = AutoRun
    O33 - MountPoints2\{67caee46-d1cf-11dd-9477-00130287de50}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{67caee46-d1cf-11dd-9477-00130287de50}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
    O33 - MountPoints2\{a81c38d5-c367-11db-9378-444553544200}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
    [2010/03/02 08:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\hqnkai



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 5:45 pm

OTL to your Desktop - Check

Removed the Proxy setting in Internet Explorer - Check

Run OTL.exe, copied commands with file paths to the clipboard, pasted in the "Custom Scans/Fixes" window, clicked the red Run Fix button, fix log is below...

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67caee42-d1cf-11dd-9477-00130287de50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67caee42-d1cf-11dd-9477-00130287de50}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67caee42-d1cf-11dd-9477-00130287de50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67caee42-d1cf-11dd-9477-00130287de50}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67caee42-d1cf-11dd-9477-00130287de50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67caee42-d1cf-11dd-9477-00130287de50}\ not found.
File F:\DPFMate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67caee46-d1cf-11dd-9477-00130287de50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67caee46-d1cf-11dd-9477-00130287de50}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67caee46-d1cf-11dd-9477-00130287de50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67caee46-d1cf-11dd-9477-00130287de50}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67caee46-d1cf-11dd-9477-00130287de50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67caee46-d1cf-11dd-9477-00130287de50}\ not found.
File E:\DPFMate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a81c38d5-c367-11db-9378-444553544200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a81c38d5-c367-11db-9378-444553544200}\ not found.
File E:\setupSNK.exe not found.
C:\Documents and Settings\user\Local Settings\Application Data\hqnkai folder moved successfully.

OTL by OldTimer - Version 3.1.32.0 log created on 03022010_124146

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 5:46 pm

Hello.
Please post Extras.txt as well, you've only posted OTL.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 5:50 pm

Extras.txt


OTL Extras logfile created on: 3/2/2010 12:28:35 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 59.70 Gb Free Space | 53.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARTONE
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Brother\Brmfl08d\FAXRX.exe" = C:\Program Files\Brother\Brmfl08d\FAXRX.exe:*:Enabled:FAXRX.EXE -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142140}" = Java 2 Runtime Environment, SE v1.4.2_14
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{882C685B-3735-452E-9B77-D562A6A6AFE3}" = inSSIDer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1121C1F-1962-4A23-B2C2-B9515C837179}" = OverDrive Media Console
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F5294001-AACD-4DD4-B228-CE44AD4C0F87}" = Brother MFL-Pro Suite MFC-5490CN
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F996DEB7-4AD7-4F15-84AA-114B8BE45911}" = Polar UpLink Tool
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCC9C6EF-9B5F-4F64-8358-489250C9159C}" = RangeMax(tm) NEXT Wireless Notebook Adapter WN511B
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Printer and Utilities" = EPSON Printer Software
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InterActual Player" = InterActual Player
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PrintKey2000" = PrintKey2000
"ProInst" = Intel(R) PROSet/Wireless Software
"SkillSoft Course Manager" = Video Professor Course Manager
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TPP200" = USB Storage Adapter V2 (TPP)
"TurboTax 2008" = TurboTax 2008
"TurboTax Premier 2007" = TurboTax Premier 2007
"UnityWebPlayer" = Unity Web Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2010 3:13:20 AM | Computer Name = MARTONE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.FakeAV in File: C:\Documents and
Settings\user\Local Settings\Temp\pttomp.dll by: Scheduled scan. Action: Quarantine
succeeded. Action Description: The file was quarantined successfully.

Error - 1/26/2010 3:41:03 AM | Computer Name = MARTONE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.FakeAV in File: c:\documents and settings\user\local
settings\Temp\pttomp.dll by: Scheduled scan. Action: Quarantine succeeded. Action
Description: The file was quarantined successfully.

Error - 1/30/2010 9:51:23 PM | Computer Name = MARTONE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5921, fault address 0x00094f36.

Error - 2/3/2010 12:02:05 PM | Computer Name = MARTONE | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft .NET Framework 2.0 -- Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see [You must be registered and logged in to see this link.]

Error - 2/3/2010 12:13:23 PM | Computer Name = MARTONE | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 2/12/2010 6:56:12 AM | Computer Name = MARTONE | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 2/12/2010 8:11:25 AM | Computer Name = MARTONE | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/15/2010 7:14:31 PM | Computer Name = MARTONE | Source = MsiInstaller | ID = 11905
Description = Product: ESSgui -- Error 1905.Module C:\Program Files\Kodak\Kodak
EasyShare software\bin\ESCom.dll failed to unregister. HRESULT -2147220472. Contact
your support personnel.

Error - 2/22/2010 2:34:36 PM | Computer Name = MARTONE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5921, fault address 0x00072357.

Error - 2/22/2010 2:37:41 PM | Computer Name = MARTONE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5921, fault address 0x00072357.

[ System Events ]
Error - 2/15/2010 7:09:15 AM | Computer Name = MARTONE | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00130287DE50. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 2/19/2010 9:38:51 AM | Computer Name = MARTONE | Source = Print | ID = 6161
Description = The document u5l4s1_exercise.pdf owned by user failed to print on
printer Brother MFC-5490CN Printer. Data type: NT EMF 1.008. Size of the spool file
in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document:
1. Number of pages printed: 0. Client machine: \\MARTONE. Win32 error code returned
by the print processor: 2250 (0x8ca).

Error - 2/19/2010 8:41:26 PM | Computer Name = MARTONE | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00130287DE50. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 2/20/2010 5:35:46 PM | Computer Name = MARTONE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.244
on the Network Card with network address 00130287DE50.

Error - 2/21/2010 8:21:35 PM | Computer Name = MARTONE | Source = Service Control Manager | ID = 7022
Description = The MSCamSvc service hung on starting.

Error - 2/27/2010 7:23:02 AM | Computer Name = MARTONE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f020b: Microsoft - Other hardware - HID Non-User Input Data Filter
(KB 911895).

Error - 3/2/2010 10:19:05 AM | Computer Name = MARTONE | Source = DCOM | ID = 10010
Description = The server {1434DD3D-0AF6-41E0-BB71-8C86010D9AF5} did not register
with DCOM within the required timeout.

Error - 3/2/2010 11:46:02 AM | Computer Name = MARTONE | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 3/2/2010 11:46:32 AM | Computer Name = MARTONE | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 3/2/2010 12:29:56 PM | Computer Name = MARTONE | Source = DCOM | ID = 10010
Description = The server {0006F020-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 5:55 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java 2 Runtime Environment Standard Edition v1.3.1_02
    Java 2 Runtime Environment, SE v1.4.2_14

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 6:18 pm

ESET Online Scanner is running in Internet Explorer as requested...

My Symantec just picked up this....

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Threat: Trojan.FakeAV
File: C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1197\A0075734.exe
Location: Unknown Storage
Computer: MARTONE
User: MARTONE\SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Tuesday, March 02, 2010 13:15:49

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 6:21 pm

Don't worry about that, it's just an infected system restore point, we'll reset that later.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 6:25 pm

The timer on the ESET Online Scanner is still running, however it has been at 28% for some time now.

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 6:35 pm

Okay, leave it for now and let it go, it might be scanning a big file.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 6:36 pm

Can anything else be done in the mean time?

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 6:44 pm

Not really, the scan goes faster when it uses as many resources as possible, and that's usually when the PC is idle and your not taking up resources neither.

My suggestion - stop the scan and run a quick MBAM scan, then restart the scan before you go to bed and let the scan run overnight.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 6:59 pm

ok, here's the MBAM log

Malwarebytes' Anti-Malware 1.44
Database version: 3815
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/2/2010 1:59:26 PM
mbam-log-2010-03-02 (13-59-26).txt

Scan type: Quick Scan
Objects scanned: 141272
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on Tue Mar 02, 2010 7:03 pm

BTW...anyway we can reset that infected system restore point that Symantec picked up?

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on Tue Mar 02, 2010 7:05 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

That will have sorted any infected system restore points now. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum