Bankerfox.a

View previous topic View next topic Go down

Bankerfox.a

Post by Spif on 1st April 2010, 1:46 pm

Below is the Hijack This report. The malware keeps telling me that I have infections and trying to get me to buy their protection. I tried your program Anti-Malware program, and it did not catch the problem. Please help me kill these annoying pop-ups!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:48 AM, on 4/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll
O2 - BHO: 351631 helper - {6A26574A-DD6D-4382-8C76-0DF06C478D3A} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus" 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [bqwckgtl] C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\xunefl\aqxfsftav.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10441 bytes

Spif
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-01
OS OS : Windows XP
Points Points : 24528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Dr Jay on 1st April 2010, 2:56 pm

Hi

Fix IE

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
  • Now click on the Connections tab and then the Lan Settings button
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.





RKill by Grinler

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
This only kills the active infection, the actual infection will not be gone.




OTL

Download [You must be registered and logged in to see this link.] to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time



Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

OTL.Txt

Post by Spif on 2nd April 2010, 1:13 am

OTL logfile created on: 4/1/2010 7:30:29 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 240.00 Mb Available Physical Memory | 25.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2880 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.94 Gb Total Space | 79.13 Gb Free Space | 75.40% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.70 Gb Free Space | 68.82% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-40FB942B5D
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/01 19:29:35 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\OTL.exe
PRC - [2010/02/20 15:58:30 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/14 07:49:44 | 000,703,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2008/07/29 14:57:56 | 001,398,024 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/02/26 14:19:46 | 000,648,456 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2008/02/16 00:07:52 | 000,333,064 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/08/04 04:19:56 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/11/05 09:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2010/04/01 19:29:35 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\OTL.exe
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/11/05 09:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/10 14:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Logical Disk Manager (dmserver) ) Logical Disk Manager (dmserver)
SRV - [2009/04/14 07:49:44 | 000,703,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/02/26 14:19:46 | 000,648,456 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2008/02/16 00:07:52 | 000,333,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/08/04 04:23:57 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/05/22 01:02:26 | 000,225,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/05/22 01:00:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/05/22 00:45:58 | 001,220,120 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/02 16:00:12 | 000,052,752 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/04/02 16:00:08 | 000,052,624 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/02 16:00:00 | 000,142,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/02/16 00:07:54 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/10/12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/06 15:49:00 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/08/04 04:19:58 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/21 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/19 08:41:00 | 000,241,280 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/04/28 08:37:50 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/20 05:46:42 | 000,350,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/04/20 05:45:48 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/01/25 17:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/01/25 17:26:32 | 000,200,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/01/25 17:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 19:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 19:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/11/05 09:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/04 09:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 09:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/05/07 20:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/17 21:25:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 15:58:39 | 000,000,000 | ---D | M]

[2008/12/16 23:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Application Data\Mozilla\Extensions
[2010/03/31 10:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Application Data\Mozilla\Firefox\Profiles\87s77d5w.default\extensions
[2009/08/08 19:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Application Data\Mozilla\Firefox\Profiles\87s77d5w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/19 16:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Application Data\Mozilla\Firefox\Profiles\87s77d5w.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/02/19 16:21:57 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Application Data\Mozilla\Firefox\Profiles\87s77d5w.default\searchplugins\aim-search.xml
[2010/03/31 10:48:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/02/04 01:25:53 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2008/09/18 00:32:53 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (351631 Class) - {6A26574A-DD6D-4382-8C76-0DF06C478D3A} - File not found
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe File not found
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [bqwckgtl] C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\xunefl\aqxfsftav.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 3.1\resources\en-us\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} [You must be registered and logged in to see this link.] (compid Class)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/18 12:27:12 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5409933b-29c3-11de-a014-00e0b8b617be}\Shell\AutoRun\command - "" = F:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{5409933b-29c3-11de-a014-00e0b8b617be}\Shell\Flip Video for PC\command - "" = F:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{f54b058d-1f83-11dd-9f36-00e0b8b617be}\Shell - "" = AutoRun
O33 - MountPoints2\{f54b058d-1f83-11dd-9f36-00e0b8b617be}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f54b058d-1f83-11dd-9f36-00e0b8b617be}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/23 03:59:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "PrismXL"
MsConfig - StartUpReg: Cleanup - hkey= - key= - C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Temp\20069418215_mcappins.exe (McAfee, Inc)
MsConfig - StartUpReg: msci - hkey= - key= - C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Temp\20069418213_mcinfo.exe (McAfee, Inc)
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54046532718034944)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/01 19:29:33 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\OTL.exe
[2010/04/01 19:28:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/01 02:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Application Data\Malwarebytes
[2010/04/01 02:45:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/01 02:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/01 02:45:33 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/01 02:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/01 02:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\Malwarebytes_Anti-Malware_1.43
[2010/03/30 19:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/03/28 22:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\xunefl
[2010/03/17 20:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/16 00:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\wordpress-2.9.2
[2010/03/08 00:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\Portfolio
[2009/12/10 00:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/05/01 08:53:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/11/23 04:04:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[28 C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\*.tmp files -> C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/01 19:29:35 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\OTL.exe
[2010/04/01 19:28:27 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\rkill.pif
[2010/04/01 03:06:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/01 03:06:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/01 03:06:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/01 03:05:59 | 1004,851,200 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/01 03:04:10 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\NTUSER.DAT
[2010/04/01 03:03:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\ntuser.ini
[2010/04/01 03:03:48 | 008,581,740 | -H-- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\IconCache.db
[2010/04/01 02:45:41 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 02:42:14 | 008,707,254 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\Malwarebytes_Anti-Malware_1.43.zip
[2010/04/01 00:57:13 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\Microsoft Office Word 2003.lnk
[2010/03/31 23:38:32 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/31 10:49:21 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\Plan.doc
[2010/03/30 19:32:40 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 00:55:44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\Thanks.doc
[2010/03/28 22:09:59 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 22:09:59 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 22:09:58 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 10:27:38 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\Notes.doc
[2010/03/17 00:18:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/03/16 14:32:47 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\Young Marriage-Eddie.doc
[2010/03/16 14:20:46 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\Shelter.Intake.jan-dec2009.xls
[2010/03/16 00:10:58 | 002,516,356 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\wordpress-2.9.2.zip
[2010/03/15 02:01:54 | 000,000,740 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/11 07:38:54 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/03/11 07:38:54 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/03/11 07:38:54 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/03/11 07:38:53 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/03/11 07:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/03/11 07:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/03/11 07:38:53 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/03/11 07:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/03/11 07:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/11 07:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/03/11 07:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/03/11 07:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/03/11 07:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/03/11 07:38:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/03/11 07:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/03/11 07:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/11 07:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/03/11 07:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/03/11 07:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/11 07:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/03/11 07:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/03/11 07:38:52 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/11 07:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/03/11 07:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/03/11 07:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/03/11 07:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/03/11 07:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/03/11 07:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/03/11 07:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/03/11 07:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/03/11 07:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/03/11 07:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/03/11 07:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/03/11 07:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/03/11 07:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/03/11 07:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/03/11 07:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/03/11 07:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/03/11 07:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/03/11 07:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/03/11 07:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/03/11 07:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/03/11 07:38:51 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/03/11 07:38:51 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/03/11 07:38:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/03/11 07:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/03/11 07:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/03/10 08:18:46 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010/03/10 08:18:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2010/03/10 08:18:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/03/10 08:18:20 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/03/10 08:18:20 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/03/10 07:38:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/10 06:35:03 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\New York Trip Info.doc
[2010/03/08 00:57:03 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\FeedstockPR.doc
[2010/03/04 00:03:56 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\Shelter Information.doc
[2010/03/03 11:05:50 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\David Lapp.doc
[28 C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\*.tmp files -> C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/01 19:28:27 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\rkill.pif
[2010/04/01 02:45:41 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 02:40:47 | 008,707,254 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\Malwarebytes_Anti-Malware_1.43.zip
[2010/03/31 10:24:55 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\Plan.doc
[2010/03/30 00:55:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\Thanks.doc
[2010/03/17 10:27:37 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\Notes.doc
[2010/03/17 00:18:37 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/03/17 00:18:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/03/16 14:20:46 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\Shelter.Intake.jan-dec2009.xls
[2010/03/16 08:58:24 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\Young Marriage-Eddie.doc
[2010/03/16 00:10:26 | 002,516,356 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop\wordpress-2.9.2.zip
[2010/03/15 22:43:26 | 000,048,242 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\read0600win_ENUadbe0040.pdf
[2010/03/10 06:35:02 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\New York Trip Info.doc
[2010/03/08 00:57:02 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\FeedstockPR.doc
[2010/03/03 23:36:20 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\Shelter Information.doc
[2010/03/03 10:33:11 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\My Documents\David Lapp.doc
[2010/01/30 18:59:51 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/08/25 19:41:55 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/08/25 19:41:52 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/09/18 01:30:47 | 000,142,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/09/18 01:30:47 | 000,052,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2008/09/18 01:30:47 | 000,052,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/11/01 18:43:07 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/01 18:43:07 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/09/17 02:26:12 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/15 19:39:02 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\fusioncache.dat
[2006/09/15 01:20:36 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/15 01:00:34 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/04 18:18:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/04 04:26:21 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/08/04 04:09:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/23 06:14:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/23 02:13:49 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/23 02:13:49 | 000,000,517 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 13:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/25 23:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/04/02 16:00:12 | 000,052,752 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tmactmon.sys
[2009/04/02 16:00:00 | 000,142,864 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tmcomm.sys
[2009/04/02 16:00:08 | 000,052,624 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tmevtmgr.sys

< %systemroot%\System32\config\*.sav >
[2005/11/22 19:48:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/11/22 19:48:04 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/11/22 19:48:04 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2009/04/18 12:27:12 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/08/04 04:29:43 | 000,000,167 | ---- | M] () -- C:\bcmwl5.log
[2008/09/12 16:18:15 | 000,000,057 | ---- | M] () -- C:\BIOSID.TXT
[2006/09/04 18:14:01 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2005/11/23 04:00:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/01 03:05:59 | 1004,851,200 | -HS- | M] () -- C:\hiberfil.sys
[2005/11/23 04:00:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/19 16:21:34 | 000,004,350 | -H-- | M] () -- C:\IPH.PH
[2005/11/23 04:00:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/25 17:42:52 | 000,001,048 | ---- | M] () -- C:\net_save.dna
[2004/08/10 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/15 08:25:25 | 000,250,032 | ---- | M] () -- C:\ntldr
[2010/04/01 03:05:58 | 3019,898,880 | -HS- | M] () -- C:\pagefile.sys
[2010/04/01 19:28:51 | 000,000,385 | ---- | M] () -- C:\rkill.log
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2006/08/04 04:16:31 | 000,000,191 | ---- | M] () -- C:\touchpad.log
[2009/09/16 13:19:32 | 000,022,444 | ---- | M] () -- C:\VETlog.dmp
[2009/09/16 13:19:32 | 000,001,205 | ---- | M] () -- C:\VETlog.txt

< %PROGRAMFILES%\*. >
[2009/04/18 12:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\3ivx
[2006/08/04 04:17:17 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/02/19 16:21:08 | 000,000,000 | ---D | M] -- C:\Program Files\AIM Toolbar
[2009/02/19 16:21:33 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2006/09/15 01:08:02 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2006/09/15 01:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2006/08/04 04:23:31 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2006/09/04 18:19:54 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2009/08/25 19:41:44 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2010/02/04 01:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\Celebrity Toolbar
[2007/11/13 18:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\CLEA
[2009/08/25 17:52:33 | 000,000,000 | ---D | M] -- C:\Program Files\Comcast
[2009/08/25 17:41:24 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/11/23 03:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/08/04 04:00:28 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2006/08/04 04:06:11 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2006/09/15 00:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2006/08/04 04:26:21 | 000,000,000 | ---D | M] -- C:\Program Files\gtw_logo
[2006/09/15 01:29:23 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2006/09/15 01:31:39 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/04/18 12:26:53 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/03/31 01:09:41 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/11/01 02:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2006/11/01 02:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/08/25 18:24:40 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/09/21 17:05:10 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/04/01 02:45:42 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/08/04 04:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2006/08/04 04:28:52 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2008/09/15 08:32:57 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/09/04 19:14:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/05/10 03:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/08/04 04:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Digital Image 2006
[2005/11/23 04:00:56 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2006/08/04 04:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2009/04/14 15:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/09/04 19:13:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/15 09:39:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/09/04 19:11:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/10 07:38:21 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/01 19:20:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/06 22:20:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/04/14 15:00:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/11/23 03:54:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/08/04 04:20:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2005/11/23 03:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/10/16 03:02:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/06 22:15:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/04/18 12:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2006/10/18 22:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Napster
[2008/09/15 08:26:19 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2005/11/23 03:58:08 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/12 11:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/07/13 03:11:21 | 000,000,000 | ---D | M] -- C:\Program Files\PCFriendly
[2006/09/04 19:02:42 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2006/11/01 02:11:34 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/08/04 04:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/06 22:20:19 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/08/25 17:42:02 | 000,000,000 | ---D | M] -- C:\Program Files\support.com
[2006/08/04 04:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2007/09/19 12:46:37 | 000,000,000 | ---D | M] -- C:\Program Files\TAV15.1
[2008/12/05 00:45:55 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2005/11/23 04:05:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/01/15 20:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/12/10 00:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/12/10 00:36:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/15 08:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/11/23 03:55:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/11/23 03:58:14 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/11/23 04:00:57 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/26 20:01:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/04 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/04 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/26 20:01:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/10 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-31 06:09:58
< End of report >

Spif
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-01
OS OS : Windows XP
Points Points : 24528
# Likes # Likes : 0

View user profile

Back to top Go down

Extras.Txt

Post by Spif on 2nd April 2010, 1:14 am

OTL Extras logfile created on: 4/1/2010 7:30:29 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Owner.YOUR-40FB942B5D\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 240.00 Mb Available Physical Memory | 25.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2880 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.94 Gb Total Space | 79.13 Gb Free Space | 75.40% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.70 Gb Free Space | 68.82% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-40FB942B5D
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1154683145\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1154683145\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\1158300370\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1158300370\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1158300370\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1158300370\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\tinyproxy\tinyproxy.exe" = C:\Program Files\tinyproxy\tinyproxy.exe:*:Enabled:tinyproxy -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro AntiVirus
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Celebrity Toolbar" = Celebrity Toolbar
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_0300107B" = Soft Data Fax Modem with SmartCP
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"gtw_logo" = gtw_logo
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"LimeWire" = LimeWire 4.12.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"RealPlayer 6.0" = RealPlayer Basic
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2010 4:56:00 PM | Computer Name = YOUR-40FB942B5D | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/12/2010 3:06:45 AM | Computer Name = YOUR-40FB942B5D | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/25/2010 10:22:37 PM | Computer Name = YOUR-40FB942B5D | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 6.0.4.2, faulting module
quicktime.qts, version 7.0.4.80, fault address 0x0006ed33.

Error - 1/28/2010 11:00:25 AM | Computer Name = YOUR-40FB942B5D | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 6.0.4.2, faulting module
quicktime.qts, version 7.0.4.80, fault address 0x0006ef94.

[ System Events ]
Error - 3/25/2010 9:59:36 PM | Computer Name = YOUR-40FB942B5D | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 3/26/2010 11:12:16 AM | Computer Name = YOUR-40FB942B5D | Source = PlugPlayManager | ID = 12
Description = The device 'RAS Async Adapter' (SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac)
disappeared from the system without first being prepared for removal.


< End of report >

Spif
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-01
OS OS : Windows XP
Points Points : 24528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Dr Jay on 2nd April 2010, 4:38 am

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.

==

I see you are running LimeWire, a P2P application. I suggest to read the following, and then decided whether you want to keep it or not: [You must be registered and logged in to see this link.]

==

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :otl
    O2 - BHO: (351631 Class) - {6A26574A-DD6D-4382-8C76-0DF06C478D3A} - File not found
    O4 - HKCU..\Run: [bqwckgtl] C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\xunefl\aqxfsftav.exe ()
    O33 - MountPoints2\{5409933b-29c3-11de-a014-00e0b8b617be}\Shell\AutoRun\command - "" = F:\system\viewer\FlipVideoforPC.exe -- File not found
    O33 - MountPoints2\{5409933b-29c3-11de-a014-00e0b8b617be}\Shell\Flip Video for PC\command - "" = F:\system\viewer\FlipVideoforPC.exe -- File not found
    O33 - MountPoints2\{f54b058d-1f83-11dd-9f36-00e0b8b617be}\Shell - "" = AutoRun
    O33 - MountPoints2\{f54b058d-1f83-11dd-9f36-00e0b8b617be}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f54b058d-1f83-11dd-9f36-00e0b8b617be}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

    :reg

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer" = http=127.0.0.1
    [IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer" = http=127.0.0.1

    :commands
    [purity]
    [emptyflash]
    [emptytemp]
    [reboot]


  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


==

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply, along with the OTL fix log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

OTL Log

Post by Spif on 3rd April 2010, 5:13 pm

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A26574A-DD6D-4382-8C76-0DF06C478D3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A26574A-DD6D-4382-8C76-0DF06C478D3A}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\bqwckgtl deleted successfully.
C:\Documents and Settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\xunefl\aqxfsftav.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5409933b-29c3-11de-a014-00e0b8b617be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5409933b-29c3-11de-a014-00e0b8b617be}\ not found.
File F:\system\viewer\FlipVideoforPC.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5409933b-29c3-11de-a014-00e0b8b617be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5409933b-29c3-11de-a014-00e0b8b617be}\ not found.
File F:\system\viewer\FlipVideoforPC.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f54b058d-1f83-11dd-9f36-00e0b8b617be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f54b058d-1f83-11dd-9f36-00e0b8b617be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f54b058d-1f83-11dd-9f36-00e0b8b617be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f54b058d-1f83-11dd-9f36-00e0b8b617be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f54b058d-1f83-11dd-9f36-00e0b8b617be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f54b058d-1f83-11dd-9f36-00e0b8b617be}\ not found.
File F:\LaunchU3.exe not found.
========== REGISTRY ==========
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer" = http|127.0.0.1 /E : value set successfully!
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer" = http|127.0.0.1 /E :invalid edit format. No such root key.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner

User: Owner.YOUR-40FB942B5D
->Flash cache emptied: 2382104 bytes

Total Flash Files Cleaned = 2.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 18738643 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Owner.YOUR-40FB942B5D
->Temp folder emptied: 784350436 bytes
->Temporary Internet Files folder emptied: 83612454 bytes
->Java cache emptied: 70094699 bytes
->FireFox cache emptied: 5811631 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 6372881 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47549070 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23943596 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 10535055 bytes

Total Files Cleaned = 1,003.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 04022010_105710

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Spif
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-01
OS OS : Windows XP
Points Points : 24528
# Likes # Likes : 0

View user profile

Back to top Go down

ComboFix Log

Post by Spif on 3rd April 2010, 5:14 pm

ComboFix 10-04-02.01 - Owner 04/03/2010 12:01:46.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.508 [GMT -5:00]
Running from: c:\documents and settings\Owner.YOUR-40FB942B5D\My Documents\Downloads\commy.exe
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\AppPatch\AcAdProc.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LOGICAL_DISK_MANAGER_(DMSERVER)_
-------\Service_Logical Disk Manager (dmserver)


((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-02 15:57 . 2010-04-02 15:57 -------- d-----w- C:\_OTL
2010-04-02 00:28 . 2010-04-02 00:28 -------- d--h--w- c:\windows\PIF
2010-04-01 07:45 . 2010-04-01 07:45 -------- d-----w- c:\documents and settings\Owner.YOUR-40FB942B5D\Application Data\Malwarebytes
2010-04-01 07:45 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 07:45 . 2010-04-01 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-01 07:45 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 07:45 . 2010-04-01 07:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-31 00:32 . 2010-03-31 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2010-03-29 03:06 . 2010-04-02 15:58 -------- d-----w- c:\documents and settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\xunefl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 14:30 . 2006-08-04 09:16 -------- d-----w- c:\program files\Java
2010-04-02 14:26 . 2010-02-04 06:25 -------- d-----w- c:\program files\Celebrity Toolbar
2010-03-27 01:20 . 2007-10-21 07:39 -------- d-----w- c:\documents and settings\Owner.YOUR-40FB942B5D\Application Data\Move Networks
2010-03-11 12:38 . 2005-11-23 07:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-09-15 06:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-09-15 06:34 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-24 06:20 . 2010-02-24 06:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-24 06:20 . 2010-02-24 06:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-08-04 26112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-01 155648]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 00:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PrismXL"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [9/18/2008 1:30 AM 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/16/2008 12:07 AM 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/15/2007 8:22 PM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/4/2006 2:57 AM 200576]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [9/18/2008 1:30 AM 648456]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [11/22/2005 7:52 PM 69692]
.
Contents of the 'Scheduled Tasks' folder

2006-09-04 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-09-15 19:00]

2006-09-04 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-09-15 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.YOUR-40FB942B5D\Application Data\Mozilla\Firefox\Profiles\87s77d5w.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Owner.YOUR-40FB942B5D\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner.YOUR-40FB942B5D\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-Trend Micro AntiVirus 2007 - c:\program files\Trend Micro\AntiVirus 2007\tavui.exe
MSConfigStartUp-Cleanup - c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\20069418215_mcappins.exe
MSConfigStartUp-msci - c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\20069418213_mcinfo.exe
AddRemove-mIRC - c:\windows\temp\spoolsv\spoolsv.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-03 12:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-03 12:10:17
ComboFix-quarantined-files.txt 2010-04-03 17:10

Pre-Run: 85,878,599,680 bytes free
Post-Run: 85,831,876,608 bytes free

- - End Of File - - DA5D33BB2DB567824E905B4F5CA15ADA

Spif
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-01
OS OS : Windows XP
Points Points : 24528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Dr Jay on 3rd April 2010, 6:01 pm

Hello. That removed a lot of it.

1. ComboFix re-run
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    killall::

    Folder::
    c:\documents and settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\xunefl

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

2. Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

3. Post logs

Make sure to post these logs for my review:
  • ComboFix log
  • ESET Scan log

Also, let me know how your computer is running.

Thanks! Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Spif on 17th April 2010, 4:28 am

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=356ce1d7e0f6a8479d7e3339d5d00f75
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-17 01:50:56
# local_time=2010-04-16 08:50:56 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=514 16776533 100 97 0 107135775 0 0
# compatibility_mode=8192 67108863 100 0 1041991 1041991 0 0
# scanned=72330
# found=0
# cleaned=0
# scan_time=14774

Spif
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-01
OS OS : Windows XP
Points Points : 24528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Dr Jay on 17th April 2010, 4:29 am

How is your computer running right now?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

ComboFix Log

Post by Spif on 17th April 2010, 4:33 am

ComboFix 10-04-03.01 - Owner 04/03/2010 14:50:35.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.465 [GMT -5:00]
Running from: c:\documents and settings\Owner.YOUR-40FB942B5D\My Documents\Downloads\commy.exe
Command switches used :: c:\documents and settings\Owner.YOUR-40FB942B5D\Desktop\CFscript.txt
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.YOUR-40FB942B5D\Local Settings\Application Data\xunefl

.
((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-02 15:57 . 2010-04-02 15:57 -------- d-----w- C:\_OTL
2010-04-02 00:28 . 2010-04-02 00:28 -------- d--h--w- c:\windows\PIF
2010-04-01 07:45 . 2010-04-01 07:45 -------- d-----w- c:\documents and settings\Owner.YOUR-40FB942B5D\Application Data\Malwarebytes
2010-04-01 07:45 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 07:45 . 2010-04-01 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-01 07:45 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 07:45 . 2010-04-01 07:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-31 00:32 . 2010-03-31 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 14:30 . 2006-08-04 09:16 -------- d-----w- c:\program files\Java
2010-04-02 14:26 . 2010-02-04 06:25 -------- d-----w- c:\program files\Celebrity Toolbar
2010-03-27 01:20 . 2007-10-21 07:39 -------- d-----w- c:\documents and settings\Owner.YOUR-40FB942B5D\Application Data\Move Networks
2010-03-11 12:38 . 2005-11-23 07:12 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-09-15 06:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-09-15 06:34 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-24 06:20 . 2010-02-24 06:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-24 06:20 . 2010-02-24 06:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-08-04 26112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-01 155648]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 00:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PrismXL"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [9/18/2008 1:30 AM 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/16/2008 12:07 AM 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/15/2007 8:22 PM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/4/2006 2:57 AM 200576]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [9/18/2008 1:30 AM 648456]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [11/22/2005 7:52 PM 69692]
.
Contents of the 'Scheduled Tasks' folder

2006-09-04 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-09-15 19:00]

2006-09-04 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-09-15 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.YOUR-40FB942B5D\Application Data\Mozilla\Firefox\Profiles\87s77d5w.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Owner.YOUR-40FB942B5D\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner.YOUR-40FB942B5D\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-03 15:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Trend Micro\Internet Security\UfUpdUi.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-03 15:09:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-03 20:09
ComboFix2.txt 2010-04-03 17:10

Pre-Run: 85,833,453,568 bytes free
Post-Run: 85,630,967,808 bytes free

- - End Of File - - 73FD1D8EFBA4E5FC328346AFF725649E


My computer is running fine and all the pop-ups are gone! Thanks for your help! Sorry this took so long the online scan was taking a long time and my computer tends to overheat.

Spif
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-01
OS OS : Windows XP
Points Points : 24528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Dr Jay on 17th April 2010, 5:57 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Spif on 10th May 2011, 3:15 am

I apologize, I haven't been using this computer, and I haven't been able to complete the scan because my computer was over-heating. But, I was finally able to get it to work.

--
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=356ce1d7e0f6a8479d7e3339d5d00f75
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-17 01:50:56
# local_time=2010-04-16 08:50:56 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=514 16776533 100 97 0 107135775 0 0
# compatibility_mode=8192 67108863 100 0 1041991 1041991 0 0
# scanned=72330
# found=0
# cleaned=0
# scan_time=14774
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=356ce1d7e0f6a8479d7e3339d5d00f75
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-18 07:15:49
# local_time=2010-04-18 02:15:49 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=514 16776533 100 97 0 107242076 0 0
# compatibility_mode=8192 67108863 100 0 1148292 1148292 0 0
# scanned=72586
# found=0
# cleaned=0
# scan_time=14368
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=356ce1d7e0f6a8479d7e3339d5d00f75
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2011-05-10 01:25:01
# local_time=2011-05-09 08:25:01 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=514 16776533 100 97 0 140672089 0 0
# compatibility_mode=8192 67108863 100 0 34578305 34578305 0 0
# scanned=998
# found=0
# cleaned=0
# scan_time=104
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=356ce1d7e0f6a8479d7e3339d5d00f75
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2011-05-10 02:43:21
# local_time=2011-05-09 09:43:21 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=514 16776533 100 97 0 140672373 0 0
# compatibility_mode=8192 67108863 100 0 34578589 34578589 0 0
# scanned=74691
# found=0
# cleaned=0
# scan_time=4528

Spif
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-01
OS OS : Windows XP
Points Points : 24528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Dr Jay on 10th May 2011, 7:00 am

What other issues are happening?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum