Bankerfox. I've already followed the OTL and am posting my info for help..

View previous topic View next topic Go down

Bankerfox. I've already followed the OTL and am posting my info for help..

Post by remimousy on Thu Mar 11, 2010 3:12 am

I don't know what to do after this. Its suppose to save something to my desktop but it didn't. I had to run my computer in safe mode with network just to post this. I could really use some help.

OTL logfile created on: 3/10/2010 8:55:05 PM - Run 2
OTL by OldTimer - Version 3.1.36.1 Folder = C:\Users\chrisf\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.29 Gb Total Space | 50.57 Gb Free Space | 48.96% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 3.66 Gb Free Space | 43.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISF-PC
Current User Name: chrisf
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/10 20:23:29 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\chrisf\Downloads\explorer.exe
PRC - [2010/03/03 16:12:24 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/10 20:23:29 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\chrisf\Downloads\explorer.exe
MOD - [2008/01/19 01:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/03 16:12:24 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/28 14:49:32 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 11:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/06 08:45:37 | 000,517,040 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2006/12/16 14:14:47 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2009/08/05 21:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/06 15:12:38 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/01/18 23:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/02 16:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/02 16:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/08 17:55:10 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/08 17:54:02 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/08 17:53:48 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 14:39:42 | 000,812,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 01:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/05/03 21:40:42 | 000,390,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd)
DRV - [2002/10/01 15:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPCA561.SYS -- (CA561)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.order.2: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: flashplugin@idm:4.1.0.077
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.5
FF - prefs.js..extensions.enabledItems: {5B04A1F7-4D37-4977-AF3C-793E50D62E16}:1.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=13&tid={ADDC3473-4B31-4542-1631-D14CD5D6D96D}&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"


FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010/03/08 23:11:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/17 21:33:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/17 21:33:26 | 000,000,000 | ---D | M]

[2009/09/21 14:19:40 | 000,000,000 | ---D | M] -- C:\Users\chrisf\AppData\Roaming\mozilla\Extensions
[2009/09/21 14:19:40 | 000,000,000 | ---D | M] -- C:\Users\chrisf\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/03/10 17:06:08 | 000,000,000 | ---D | M] -- C:\Users\chrisf\AppData\Roaming\mozilla\Firefox\Profiles\s9nnejdk.default\extensions
[2009/08/07 06:32:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chrisf\AppData\Roaming\mozilla\Firefox\Profiles\s9nnejdk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/18 18:05:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\chrisf\AppData\Roaming\mozilla\Firefox\Profiles\s9nnejdk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/30 14:58:36 | 000,000,000 | ---D | M] (My Web Tattoo (Fast Browser Search)) -- C:\Users\chrisf\AppData\Roaming\mozilla\Firefox\Profiles\s9nnejdk.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/11/10 21:07:41 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\chrisf\AppData\Roaming\mozilla\Firefox\Profiles\s9nnejdk.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/01/25 15:05:31 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\chrisf\AppData\Roaming\mozilla\Firefox\Profiles\s9nnejdk.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/04/21 22:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrisf\AppData\Roaming\mozilla\Firefox\Profiles\s9nnejdk.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/02/14 14:59:39 | 000,000,000 | ---D | M] -- C:\Users\chrisf\AppData\Roaming\mozilla\Firefox\Profiles\s9nnejdk.default\extensions\flashplugin@idm
[2008/07/03 00:54:39 | 000,000,000 | ---D | M] -- C:\Users\chrisf\AppData\Roaming\mozilla\Firefox\Profiles\s9nnejdk.default\extensions\OberonGameHost@OberonGames.com
[2009/11/10 21:07:54 | 000,004,554 | ---- | M] () -- C:\Users\chrisf\AppData\Roaming\Mozilla\FireFox\Profiles\s9nnejdk.default\searchplugins\aim-search.xml
[2009/04/21 22:51:11 | 000,000,681 | ---- | M] () -- C:\Users\chrisf\AppData\Roaming\Mozilla\FireFox\Profiles\s9nnejdk.default\searchplugins\ask.xml
[2009/12/03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Users\chrisf\AppData\Roaming\Mozilla\FireFox\Profiles\s9nnejdk.default\searchplugins\BearShareWebSearch.xml
[2009/05/15 17:33:48 | 000,005,407 | ---- | M] () -- C:\Users\chrisf\AppData\Roaming\Mozilla\FireFox\Profiles\s9nnejdk.default\searchplugins\fast-browser-search.xml
[2009/09/28 19:46:40 | 000,002,160 | ---- | M] () -- C:\Users\chrisf\AppData\Roaming\Mozilla\FireFox\Profiles\s9nnejdk.default\searchplugins\MySpace.xml
[2007/12/11 13:50:06 | 000,000,276 | ---- | M] () -- C:\Users\chrisf\AppData\Roaming\Mozilla\FireFox\Profiles\s9nnejdk.default\searchplugins\search.xml
[2009/11/27 16:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/06 19:22:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2009/09/23 11:50:35 | 000,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
[2009/12/03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2009/12/28 04:40:53 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/12/28 04:40:53 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\bae.dll (Gateway Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ICSDCLT] C:\Windows\System32\icsdclt.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe (Lexmark)
O4 - HKLM..\Run: [LXDICATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXDItime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [aaq0v] C:\Windows\System32\qqlqlqagqa.exe File not found
O4 - HKCU..\Run: [afvava] C:\Windows\System32\q1fqqllql.exe File not found
O4 - HKCU..\Run: [allffl] C:\Windows\System32\llqa5a3fvl.exe File not found
O4 - HKCU..\Run: [alqaql] C:\Windows\System32\qvfaq6ll.exe File not found
O4 - HKCU..\Run: [alv1v] C:\Windows\System32\lv1gaagaq6.exe File not found
O4 - HKCU..\Run: [aqqvqff] C:\Windows\System32\82fl48l.exe File not found
O4 - HKCU..\Run: [avv1f] C:\Windows\System32\appfavavav6.exe File not found
O4 - HKCU..\Run: [cmxrmm] C:\Windows\System32\m0rcxrrm3.exe File not found
O4 - HKCU..\Run: [faf6v] C:\Windows\System32\v2ql5qal1.exe File not found
O4 - HKCU..\Run: [faqqq03] C:\Windows\System32\akqa0qva.exe File not found
O4 - HKCU..\Run: [ffaalv] C:\Windows\System32\aqq3lfvv2.exe File not found
O4 - HKCU..\Run: [ffafpp5] C:\Windows\System32\p8ka1pfp5fp.exe File not found
O4 - HKCU..\Run: [ffvllf] C:\Windows\System32\ql1lv0qv.exe File not found
O4 - HKCU..\Run: [flvqf] C:\Windows\System32\lvf8aq1fvf5.exe File not found
O4 - HKCU..\Run: [flvqvf] C:\Windows\System32\alv1faafaq6.exe File not found
O4 - HKCU..\Run: [fvakva] C:\Windows\System32\vqkkq6kkfkf.exe File not found
O4 - HKCU..\Run: [gaqlgv0] C:\Windows\System32\qvqvg4g6g.exe File not found
O4 - HKCU..\Run: [ggvvq] C:\Windows\System32\1aqvqll.exe File not found
O4 - HKCU..\Run: [glqla6v] C:\Windows\System32\5qal1qa.exe File not found
O4 - HKCU..\Run: [gmwg4g] C:\Windows\System32\00b3gmg.exe File not found
O4 - HKCU..\Run: [jncontmon] C:\Windows\System32\ssjitsys32.exe File not found
O4 - HKCU..\Run: [kaafp] C:\Windows\System32\vfkvpkkp.exe File not found
O4 - HKCU..\Run: [kavqqv] C:\Windows\System32\aa7akva0.exe File not found
O4 - HKCU..\Run: [kkffv] C:\Windows\System32\pvpvfaavv.exe File not found
O4 - HKCU..\Run: [laal48] C:\Windows\System32\f9q31lfv.exe File not found
O4 - HKCU..\Run: [lal6q] C:\Windows\System32\fq1fflff.exe File not found
O4 - HKCU..\Run: [llfvv] C:\Windows\System32\qqffafqa0vv.exe File not found
O4 - HKCU..\Run: [lvqv9] C:\Windows\System32\q1ll1fl7vv9.exe File not found
O4 - HKCU..\Run: [mhxxr] C:\Windows\System32\cxxhrmr8mm.exe File not found
O4 - HKCU..\Run: [mmgg0m] C:\Windows\System32\g0mbg6w7.exe File not found
O4 - HKCU..\Run: [mndpro32] C:\Windows\System32\primndd.exe File not found
O4 - HKCU..\Run: [mwmwwbm] C:\Windows\System32\b70mbg6w7g.exe File not found
O4 - HKCU..\Run: [ncstatsc] C:\Windows\System32\lsnccq.exe File not found
O4 - HKCU..\Run: [paaappk] C:\Windows\System32\afafpaapf.exe File not found
O4 - HKCU..\Run: [pqezlr32] C:\Windows\System32\eyclcm.exe File not found
O4 - HKCU..\Run: [prodcmmp] C:\Windows\System32\ikddmch.exe File not found
O4 - HKCU..\Run: [qallffl] C:\Windows\System32\qfvvqlavq.exe File not found
O4 - HKCU..\Run: [qavvqa] C:\Windows\System32\afaqavqql.exe File not found
O4 - HKCU..\Run: [qffaav] C:\Windows\System32\qq1qkkfv.exe ()
O4 - HKCU..\Run: [qisdrmss] C:\Windows\System32\qodesnaq.exe File not found
O4 - HKCU..\Run: [qlfflvv] C:\Windows\System32\faafavflav2.exe File not found
O4 - HKCU..\Run: [qlgg1l] C:\Windows\System32\gaagaqqll.exe File not found
O4 - HKCU..\Run: [qqffl] C:\Windows\System32\qffa5afvq6a.exe File not found
O4 - HKCU..\Run: [qqvaf] C:\Windows\System32\llvalv3qqff.exe File not found
O4 - HKCU..\Run: [qqvfa1] C:\Windows\System32\afl71vqv.exe File not found
O4 - HKCU..\Run: [qvgqlql] C:\Windows\System32\llqlaav5g.exe File not found
O4 - HKCU..\Run: [qvqkqqq] C:\Windows\System32\qkkffk216.exe File not found
O4 - HKCU..\Run: [qvqvfqq] C:\Windows\System32\fq5fvaqq3.exe File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [tddydti] C:\Windows\System32\ttyttitto.exe File not found
O4 - HKCU..\Run: [udccndw2] C:\Windows\System32\psiomcp.exe File not found
O4 - HKCU..\Run: [vfvql] C:\Windows\System32\alq2llqla.exe File not found
O4 - HKCU..\Run: [vgqql] C:\Windows\System32\llqglglvq.exe File not found
O4 - HKCU..\Run: [Vhagidopumama] C:\Users\chrisf\AppData\Local\ofedahem.DLL File not found
O4 - HKCU..\Run: [vlaq5f] C:\Windows\System32\llaafaq6v4.exe File not found
O4 - HKCU..\Run: [vllqv] C:\Windows\System32\v7lfvvlqlq.exe File not found
O4 - HKCU..\Run: [vqffa] C:\Windows\System32\vkkffaq0kq.exe ()
O4 - HKCU..\Run: [vqqqqv] C:\Windows\System32\lv4ga0av6.exe File not found
O4 - HKCU..\Run: [vqqvf8] C:\Windows\System32\vqlall5qlf9.exe File not found
O4 - HKCU..\Run: [vqqvlq] C:\Windows\System32\fvv2q0qqf.exe File not found
O4 - HKCU..\Run: [vqvvl] C:\Windows\System32\flqlav2f.exe File not found
O4 - HKCU..\Run: [vvqf1v] C:\Windows\System32\qf9a0vq0kqk.exe ()
O4 - HKCU..\Run: [wbwwmwr] C:\Windows\System32\bm882b5ww6b.exe File not found
O4 - HKCU..\Run: [whncsufm] C:\Users\chrisf\AppData\Local\mtfkvp\ncuesftav.exe ()
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\RunServices: [SSDPSRV] C:\Windows\System32\ssdpsrv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\chrisf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/01/02 00:56:14 | 000,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/01/02 00:56:14 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/01/02 00:56:14 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/01/02 00:56:14 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} [You must be registered and logged in to see this link.] (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} [You must be registered and logged in to see this link.] (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} [You must be registered and logged in to see this link.] (PhotoPickConvert Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~2\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (OldTimer Tools)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4461627256-7918093704-188033784-7756\yv8g67.exe) - C:\RECYCLER\S-1-5-21-4461627256-7918093704-188033784-7756\yv8g67.exe (EfzdG36Ug)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8036063778-2559651331-268422544-9958\rundll32.exe) - C:\RECYCLER\S-1-5-21-8036063778-2559651331-268422544-9958\.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Users\chrisf\AppData\Roaming\ufxw.exe) - C:\Users\chrisf\AppData\Roaming\ufxw.exe (DyehypOiRB3kU3KJ)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-4461627256-7918093704-188033784-7756\yv8g67.exe) - C:\RECYCLER\S-1-5-21-4461627256-7918093704-188033784-7756\yv8g67.exe (EfzdG36Ug)
O20 - HKCU Winlogon: Shell - (explorer.exe) - explorer.exe (OldTimer Tools)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\chrisf\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\chrisf\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{43550ce8-cce3-11dd-8f43-0019d1486c13}\Shell\AutoRun\command - "" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe -- [2010/01/12 03:24:32 | 017,758,136 | ---- | M] (MusicLab, LLC)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/10 20:26:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/10 20:08:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/10 20:08:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/10 20:08:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/10 20:08:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/10 20:08:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/03/10 20:08:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/10 20:08:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/08 20:57:59 | 000,000,000 | ---D | C] -- C:\Users\chrisf\AppData\Roaming\Malwarebytes
[2010/03/08 20:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/08 20:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/08 16:34:12 | 000,000,000 | ---D | C] -- C:\Users\chrisf\AppData\Local\mtfkvp
[2010/03/03 15:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\361BF
[2010/03/02 15:36:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/02 15:36:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/02/23 21:17:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 21:16:58 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 21:16:58 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 21:16:57 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 21:16:57 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 21:16:57 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 21:16:57 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 21:16:56 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 21:16:56 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 21:16:56 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/23 18:33:05 | 000,000,000 | ---D | C] -- C:\Users\chrisf\Desktop\Games
[2010/02/21 05:09:59 | 000,000,000 | ---D | C] -- C:\Users\chrisf\AppData\Roaming\IMVUClient
[2010/02/13 21:44:16 | 000,000,000 | ---D | C] -- C:\Users\chrisf\AppData\Roaming\Facebook
[2010/02/09 18:40:02 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 18:40:02 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 18:39:25 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 18:39:25 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/09 18:39:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/02/09 18:39:24 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 18:39:24 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/12/28 17:13:47 | 000,274,432 | RHS- | C] (DyehypOiRB3kU3KJ) -- C:\Users\chrisf\AppData\Roaming\ufxw.exe
[2007/09/14 21:04:20 | 000,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2007/03/02 12:09:26 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2007/03/02 12:07:44 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2007/03/02 12:02:28 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2007/03/02 12:02:23 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2007/03/02 12:01:40 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2007/03/02 12:00:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2007/03/02 11:59:59 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2007/03/02 11:59:23 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2007/03/02 11:56:08 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2007/03/02 11:56:05 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2007/03/02 11:55:02 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2005/04/20 23:16:28 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2004/02/16 19:59:50 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/10 20:53:24 | 000,044,544 | RHS- | M] () -- C:\Windows\System32\qq1qkkfv.exe
[2010/03/10 20:53:23 | 000,044,544 | RHS- | M] () -- C:\Windows\System32\vkkffaq0kq.exe
[2010/03/10 20:53:23 | 000,044,544 | RHS- | M] () -- C:\Windows\System32\qf9a0vq0kqk.exe
[2010/03/10 20:52:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/10 20:52:26 | 204,109,964 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/10 20:51:22 | 004,456,448 | -HS- | M] () -- C:\Users\chrisf\ntuser.dat
[2010/03/10 20:44:49 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/10 20:44:49 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/10 20:44:49 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/10 20:39:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/10 20:38:43 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/10 20:38:43 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/10 20:38:40 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\PAV.job
[2010/03/10 20:37:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/10 20:10:16 | 000,524,288 | -HS- | M] () -- C:\Users\chrisf\ntuser.dat{9064d1f9-2b29-11df-a289-0019d1486c13}.TMContainer00000000000000000001.regtrans-ms
[2010/03/10 20:10:16 | 000,065,536 | -HS- | M] () -- C:\Users\chrisf\ntuser.dat{9064d1f9-2b29-11df-a289-0019d1486c13}.TM.blf
[2010/03/10 18:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/08 22:20:02 | 000,524,288 | -HS- | M] () -- C:\Users\chrisf\ntuser.dat{9064d1f9-2b29-11df-a289-0019d1486c13}.TMContainer00000000000000000002.regtrans-ms
[2010/03/08 21:04:19 | 000,524,288 | -HS- | M] () -- C:\Users\chrisf\ntuser.dat{324711f9-84a8-11de-b5d4-0019d1486c13}.TMContainer00000000000000000001.regtrans-ms
[2010/03/08 21:04:19 | 000,065,536 | -HS- | M] () -- C:\Users\chrisf\ntuser.dat{324711f9-84a8-11de-b5d4-0019d1486c13}.TM.blf
[2010/03/08 16:12:48 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/03 16:12:39 | 000,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/02/27 16:41:10 | 000,057,856 | ---- | M] () -- C:\Users\chrisf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/24 03:20:20 | 000,090,448 | ---- | M] () -- C:\Users\chrisf\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 03:19:46 | 000,338,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/10 03:25:26 | 000,000,680 | ---- | M] () -- C:\Users\chrisf\AppData\Local\d3d9caps.dat
[2010/02/10 03:05:39 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/10 20:53:35 | 000,044,544 | RHS- | C] () -- C:\Windows\System32\vkkffaq0kq.exe
[2010/03/10 20:53:35 | 000,044,544 | RHS- | C] () -- C:\Windows\System32\qf9a0vq0kqk.exe
[2010/03/10 20:53:34 | 000,044,544 | RHS- | C] () -- C:\Windows\System32\qq1qkkfv.exe
[2010/03/10 20:08:56 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/10 20:08:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/10 20:08:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/10 20:08:56 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/10 20:08:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/08 21:12:35 | 000,524,288 | -HS- | C] () -- C:\Users\chrisf\ntuser.dat{9064d1f9-2b29-11df-a289-0019d1486c13}.TMContainer00000000000000000002.regtrans-ms
[2010/03/08 21:12:35 | 000,524,288 | -HS- | C] () -- C:\Users\chrisf\ntuser.dat{9064d1f9-2b29-11df-a289-0019d1486c13}.TMContainer00000000000000000001.regtrans-ms
[2010/03/08 21:12:35 | 000,065,536 | -HS- | C] () -- C:\Users\chrisf\ntuser.dat{9064d1f9-2b29-11df-a289-0019d1486c13}.TM.blf
[2010/02/10 03:25:26 | 000,000,680 | ---- | C] () -- C:\Users\chrisf\AppData\Local\d3d9caps.dat
[2009/11/05 20:29:18 | 000,076,407 | ---- | C] () -- C:\Users\chrisf\AppData\Roaming\Smiley.ico
[2009/10/23 14:55:35 | 000,000,000 | ---- | C] () -- C:\Users\chrisf\AppData\Local\Xrowoha.bin
[2009/10/23 14:55:34 | 000,000,120 | ---- | C] () -- C:\Users\chrisf\AppData\Local\Nnozu.dat
[2009/08/06 19:26:33 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/12/10 15:21:07 | 000,027,711 | ---- | C] () -- C:\Users\chrisf\AppData\Roaming\UserTile.png
[2008/09/25 11:55:30 | 000,048,640 | ---- | C] () -- C:\Users\chrisf\AppData\Local\wicilod1.dll
[2008/05/05 13:43:58 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/12/13 03:25:36 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/09/14 21:08:31 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2007/09/14 21:08:31 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2007/09/14 21:04:26 | 000,000,060 | -H-- | C] () -- C:\Windows\System32\lxdirwrd.ini
[2007/09/14 21:04:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2007/09/14 20:57:31 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007/05/07 14:09:23 | 000,006,346 | ---- | C] () -- C:\Users\chrisf\AppData\Roaming\wklnhst.dat
[2007/04/25 05:12:07 | 000,057,856 | ---- | C] () -- C:\Users\chrisf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/04 22:23:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2007/02/09 12:07:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007/01/31 14:15:43 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007/01/23 17:40:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006/12/16 13:15:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/31 23:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2006/05/03 21:40:42 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
[2003/01/17 23:34:40 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:061FEEDF
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4DBBB4EA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BF2E2F0E
< End of report >

remimousy
Beginner
Beginner

Status :
Online
Offline


Posts Posts : 2
Joined Joined : 2010-03-09
OS OS : Windows Vista

View user profile

Back to top Go down

Re: Bankerfox. I've already followed the OTL and am posting my info for help..

Post by Dr Jay on Thu Mar 11, 2010 6:16 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :otl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q="
    FF - prefs.js..browser.search.order.1: "Fast Browser Search"
    FF - prefs.js..browser.search.order.2: "Fast Browser Search"
    FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
    FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=13&tid={ADDC3473-4B31-4542-1631-D14CD5D6D96D}&q="
    FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010/03/08 23:11:16 | 000,000,000 | ---D | M]
    [2009/06/30 14:58:36 | 000,000,000 | ---D | M] (My Web Tattoo (Fast Browser Search)) -- C:\Users\chrisf\AppData\Roaming\mozilla\Firefox\Profiles\s9nnejdk.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
    [2009/04/21 22:51:11 | 000,000,681 | ---- | M] () -- C:\Users\chrisf\AppData\Roaming\Mozilla\FireFox\Profiles\s9nnejdk.default\searchplugins\ask.xml
    [2009/12/03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Users\chrisf\AppData\Roaming\Mozilla\FireFox\Profiles\s9nnejdk.default\searchplugins\BearShareWebSearch.xml
    [2009/05/15 17:33:48 | 000,005,407 | ---- | M] () -- C:\Users\chrisf\AppData\Roaming\Mozilla\FireFox\Profiles\s9nnejdk.default\searchplugins\fast-browser-search.xml
    [2009/09/23 11:50:35 | 000,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    [2009/12/03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
    [2009/12/28 04:40:53 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
    [2009/12/28 04:40:53 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
    O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
    O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O4 - HKCU..\Run: [aaq0v] C:\Windows\System32\qqlqlqagqa.exe File not found
    O4 - HKCU..\Run: [afvava] C:\Windows\System32\q1fqqllql.exe File not found
    O4 - HKCU..\Run: [allffl] C:\Windows\System32\llqa5a3fvl.exe File not found
    O4 - HKCU..\Run: [alqaql] C:\Windows\System32\qvfaq6ll.exe File not found
    O4 - HKCU..\Run: [alv1v] C:\Windows\System32\lv1gaagaq6.exe File not found
    O4 - HKCU..\Run: [aqqvqff] C:\Windows\System32\82fl48l.exe File not found
    O4 - HKCU..\Run: [avv1f] C:\Windows\System32\appfavavav6.exe File not found
    O4 - HKCU..\Run: [cmxrmm] C:\Windows\System32\m0rcxrrm3.exe File not found
    O4 - HKCU..\Run: [faf6v] C:\Windows\System32\v2ql5qal1.exe File not found
    O4 - HKCU..\Run: [faqqq03] C:\Windows\System32\akqa0qva.exe File not found
    O4 - HKCU..\Run: [ffaalv] C:\Windows\System32\aqq3lfvv2.exe File not found
    O4 - HKCU..\Run: [ffafpp5] C:\Windows\System32\p8ka1pfp5fp.exe File not found
    O4 - HKCU..\Run: [ffvllf] C:\Windows\System32\ql1lv0qv.exe File not found
    O4 - HKCU..\Run: [flvqf] C:\Windows\System32\lvf8aq1fvf5.exe File not found
    O4 - HKCU..\Run: [flvqvf] C:\Windows\System32\alv1faafaq6.exe File not found
    O4 - HKCU..\Run: [fvakva] C:\Windows\System32\vqkkq6kkfkf.exe File not found
    O4 - HKCU..\Run: [gaqlgv0] C:\Windows\System32\qvqvg4g6g.exe File not found
    O4 - HKCU..\Run: [ggvvq] C:\Windows\System32\1aqvqll.exe File not found
    O4 - HKCU..\Run: [glqla6v] C:\Windows\System32\5qal1qa.exe File not found
    O4 - HKCU..\Run: [gmwg4g] C:\Windows\System32\00b3gmg.exe File not found
    O4 - HKCU..\Run: [jncontmon] C:\Windows\System32\ssjitsys32.exe File not found
    O4 - HKCU..\Run: [kaafp] C:\Windows\System32\vfkvpkkp.exe File not found
    O4 - HKCU..\Run: [kavqqv] C:\Windows\System32\aa7akva0.exe File not found
    O4 - HKCU..\Run: [kkffv] C:\Windows\System32\pvpvfaavv.exe File not found
    O4 - HKCU..\Run: [laal48] C:\Windows\System32\f9q31lfv.exe File not found
    O4 - HKCU..\Run: [lal6q] C:\Windows\System32\fq1fflff.exe File not found
    O4 - HKCU..\Run: [llfvv] C:\Windows\System32\qqffafqa0vv.exe File not found
    O4 - HKCU..\Run: [lvqv9] C:\Windows\System32\q1ll1fl7vv9.exe File not found
    O4 - HKCU..\Run: [mhxxr] C:\Windows\System32\cxxhrmr8mm.exe File not found
    O4 - HKCU..\Run: [mmgg0m] C:\Windows\System32\g0mbg6w7.exe File not found
    O4 - HKCU..\Run: [mndpro32] C:\Windows\System32\primndd.exe File not found
    O4 - HKCU..\Run: [mwmwwbm] C:\Windows\System32\b70mbg6w7g.exe File not found
    O4 - HKCU..\Run: [ncstatsc] C:\Windows\System32\lsnccq.exe File not found
    O4 - HKCU..\Run: [paaappk] C:\Windows\System32\afafpaapf.exe File not found
    O4 - HKCU..\Run: [pqezlr32] C:\Windows\System32\eyclcm.exe File not found
    O4 - HKCU..\Run: [prodcmmp] C:\Windows\System32\ikddmch.exe File not found
    O4 - HKCU..\Run: [qallffl] C:\Windows\System32\qfvvqlavq.exe File not found
    O4 - HKCU..\Run: [qavvqa] C:\Windows\System32\afaqavqql.exe File not found
    O4 - HKCU..\Run: [qffaav] C:\Windows\System32\qq1qkkfv.exe ()
    O4 - HKCU..\Run: [qisdrmss] C:\Windows\System32\qodesnaq.exe File not found
    O4 - HKCU..\Run: [qlfflvv] C:\Windows\System32\faafavflav2.exe File not found
    O4 - HKCU..\Run: [qlgg1l] C:\Windows\System32\gaagaqqll.exe File not found
    O4 - HKCU..\Run: [qqffl] C:\Windows\System32\qffa5afvq6a.exe File not found
    O4 - HKCU..\Run: [qqvaf] C:\Windows\System32\llvalv3qqff.exe File not found
    O4 - HKCU..\Run: [qqvfa1] C:\Windows\System32\afl71vqv.exe File not found
    O4 - HKCU..\Run: [qvgqlql] C:\Windows\System32\llqlaav5g.exe File not found
    O4 - HKCU..\Run: [qvqkqqq] C:\Windows\System32\qkkffk216.exe File not found
    O4 - HKCU..\Run: [qvqvfqq] C:\Windows\System32\fq5fvaqq3.exe File not found
    O4 - HKCU..\Run: [tddydti] C:\Windows\System32\ttyttitto.exe File not found
    O4 - HKCU..\Run: [udccndw2] C:\Windows\System32\psiomcp.exe File not found
    O4 - HKCU..\Run: [vfvql] C:\Windows\System32\alq2llqla.exe File not found
    O4 - HKCU..\Run: [vgqql] C:\Windows\System32\llqglglvq.exe File not found
    O4 - HKCU..\Run: [Vhagidopumama] C:\Users\chrisf\AppData\Local\ofedahem.DLL File not found
    O4 - HKCU..\Run: [vlaq5f] C:\Windows\System32\llaafaq6v4.exe File not found
    O4 - HKCU..\Run: [vllqv] C:\Windows\System32\v7lfvvlqlq.exe File not found
    O4 - HKCU..\Run: [vqffa] C:\Windows\System32\vkkffaq0kq.exe ()
    O4 - HKCU..\Run: [vqqqqv] C:\Windows\System32\lv4ga0av6.exe File not found
    O4 - HKCU..\Run: [vqqvf8] C:\Windows\System32\vqlall5qlf9.exe File not found
    O4 - HKCU..\Run: [vqqvlq] C:\Windows\System32\fvv2q0qqf.exe File not found
    O4 - HKCU..\Run: [vqvvl] C:\Windows\System32\flqlav2f.exe File not found
    O4 - HKCU..\Run: [vvqf1v] C:\Windows\System32\qf9a0vq0kqk.exe ()
    O4 - HKCU..\Run: [wbwwmwr] C:\Windows\System32\bm882b5ww6b.exe File not found
    O4 - HKCU..\Run: [whncsufm] C:\Users\chrisf\AppData\Local\mtfkvp\ncuesftav.exe ()
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~2\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()
    O33 - MountPoints2\{43550ce8-cce3-11dd-8f43-0019d1486c13}\Shell\AutoRun\command - "" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe -- [2010/01/12 03:24:32 | 017,758,136 | ---- | M] (MusicLab, LLC)

    :folders
    C:\Users\chrisf\AppData\Local\mtfkvp
    C:\ProgramData\361BF

    :files
    C:\Windows\System32\qq1qkkfv.exe
    C:\Windows\System32\vkkffaq0kq.exe
    C:\Windows\System32\qf9a0vq0kqk.exe


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===========

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here along with the OTL log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline


Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Bankerfox. I've already followed the OTL and am posting my info for help..

Post by remimousy on Thu Mar 11, 2010 9:35 pm

Error: Unable to interpret <# :otl> in the current context!
Error: Unable to interpret ~[Filtered]~ in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret <[2009/06/30 14:58:36 | 000,000,000 | ---D | M] (My Web Tattoo (Fast Browser Search)) -- C:\Users\chrisf\AppData\Roaming\mozilla\Firefox\Profiles\s9nnejdk.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}> in the current context!
Error: Unable to interpret <[2009/04/21 22:51:11 | 000,000,681 | ---- | M] () -- C:\Users\chrisf\AppData\Roaming\Mozilla\FireFox\Profiles\s9nnejdk.default\searchplugins\ask.xml> in the current context!
Error: Unable to interpret <[2009/12/03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Users\chrisf\AppData\Roaming\Mozilla\FireFox\Profiles\s9nnejdk.default\searchplugins\BearShareWebSearch.xml> in the current context!
Error: Unable to interpret <[2009/05/15 17:33:48 | 000,005,407 | ---- | M] () -- C:\Users\chrisf\AppData\Roaming\Mozilla\FireFox\Profiles\s9nnejdk.default\searchplugins\fast-browser-search.xml> in the current context!
Error: Unable to interpret <[2009/09/23 11:50:35 | 000,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll> in the current context!
Error: Unable to interpret <[2009/12/03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml> in the current context!
Error: Unable to interpret <[2009/12/28 04:40:53 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png> in the current context!
Error: Unable to interpret <[2009/12/28 04:40:53 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml> in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret <:folders> in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
========== FILES ==========
File\Folder C:\Windows\System32\qq1qkkfv.exe not found.
File\Folder C:\Windows\System32\vkkffaq0kq.exe not found.
File\Folder C:\Windows\System32\qf9a0vq0kqk.exe not found.
Invalid Switch: Fixes" window (under the light green bar) and choose Paste.
File\Folder # Click the red Run Fix button. not found.
File\Folder # A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. not found.
File\Folder # Close OTL.exe not found.

OTL by OldTimer - Version 3.1.36.1 log created on 03112010_153413


Oh my gosh!! Thank you so much!!!! It worked. Big Grin

remimousy
Beginner
Beginner

Status :
Online
Offline


Posts Posts : 2
Joined Joined : 2010-03-09
OS OS : Windows Vista

View user profile

Back to top Go down

Re: Bankerfox. I've already followed the OTL and am posting my info for help..

Post by Dr Jay on Thu Mar 11, 2010 9:58 pm

That did not work. Stupid OTL.

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline


Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum