GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

BankerFox.A and Win32/Nugel.E

View previous topic View next topic Go down

BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Sat Apr 10, 2010 12:50 am

So, I know not to follow others instructions, but I have run OTL already after ready 1000 posts all stating to do this.

Here is my log:

OTL logfile created on: 4/9/2010 8:28:05 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Mike Smith\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 137.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 84.32 Gb Total Space | 11.79 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive D: | 7.82 Gb Total Space | 0.34 Gb Free Space | 4.33% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SMITH
Current User Name: Mike Smith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/09 20:27:17 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Smith\Desktop\OTL.exe
PRC - [2010/03/31 18:22:38 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 05:46:02 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/10 23:09:04 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/03/01 22:53:04 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 22:53:03 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/18 19:08:44 | 000,856,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/12/18 12:18:32 | 000,065,536 | ---- | M] (Bloomberg L.P.) -- C:\blp\API\Office Tools\Bloomberg.UIServer.exe
PRC - [2009/12/18 12:18:32 | 000,065,536 | ---- | M] (Bloomberg L.P.) -- C:\blp\API\Office Tools\Bloomberg.RtdServer.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/12 20:40:20 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/07 23:30:22 | 000,192,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
PRC - [2009/04/27 18:09:52 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2008/06/04 19:09:56 | 004,994,288 | ---- | M] (Itiva Digital Media) -- C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 15:21:48 | 000,112,200 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2007/04/17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2007/04/03 18:14:13 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/10/21 12:48:08 | 000,483,414 | R--- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe
PRC - [2005/10/20 06:15:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
PRC - [2005/10/20 06:15:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
PRC - [2004/11/24 17:09:40 | 000,266,240 | ---- | M] () -- C:\Program Files\Print Server\PTP\PSDiagnostic.exe
PRC - [2002/12/19 19:17:56 | 000,057,344 | ---- | M] (Thong Nguyen) -- C:\Program Files\PowerMenu\PowerMenu.exe


========== Modules (SafeList) ==========

MOD - [2010/04/09 20:27:17 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Smith\Desktop\OTL.exe
MOD - [2002/12/19 19:16:50 | 000,073,728 | ---- | M] (Thong Nguyen) -- C:\Program Files\PowerMenu\PowerMenuHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/01 22:53:03 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/19 19:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/01/18 19:08:44 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/04/27 18:09:52 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/05/25 15:21:48 | 000,112,200 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2007/04/17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2006/01/13 02:58:14 | 000,278,528 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\hpdj -- (hpdj)
SRV - [2005/10/20 06:15:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe -- (USBDeviceService)


========== Driver Services (SafeList) ==========

DRV - [2010/03/30 18:20:41 | 000,104,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/01/01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/10/14 10:59:38 | 000,022,696 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/09/28 03:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/27 21:53:23 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/01/26 21:31:51 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)
DRV - [2008/07/07 00:03:42 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/07/07 00:03:38 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/08 18:03:24 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/05/25 15:22:30 | 000,083,552 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2007/04/17 14:00:32 | 000,012,992 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/04/05 11:55:14 | 000,046,112 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2006/11/14 16:34:42 | 000,199,040 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/07 09:32:32 | 000,166,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2006/11/07 09:32:32 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2006/11/07 09:32:32 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2006/09/08 18:01:20 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/07/13 14:03:48 | 000,079,328 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqdmserd.sys -- (mqdmserd)
DRV - [2006/07/13 14:03:12 | 000,092,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqdmmdm.sys -- (mqdmmdm)
DRV - [2006/07/13 14:02:40 | 000,009,232 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqdmmdfl.sys -- (mqdmmdfl) Motorola USB Modem (Filter)
DRV - [2006/07/13 13:58:00 | 000,066,656 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqdmbus.sys -- (mqdmbus) Motorola DM Composite Driver (WDM)
DRV - [2006/02/16 18:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/12/17 08:17:56 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/30 02:34:56 | 000,050,560 | ---- | M] (Micro Vision Co.,Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mvc25U870.sys -- (Mvc25U870_VID_1262&PID_25FD)
DRV - [2005/11/22 15:55:00 | 000,506,880 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 19:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/12 21:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/08/21 20:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/21 20:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/21 20:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/08/18 04:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/05 14:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 14:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/04/02 12:02:26 | 000,007,040 | ---- | M] (EnE Technology Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ENECBPTH.sys -- (ENECBPTH)
DRV - [2002/11/26 14:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)
DRV - [2001/08/17 16:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.5.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.496
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.2.0.60
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.5.10
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.0.1
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.5.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.1.9.3
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/17 23:58:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 16:22:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 21:29:13 | 000,000,000 | ---D | M]

[2008/06/06 23:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Extensions
[2010/04/09 20:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions
[2009/12/21 13:42:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/24 12:12:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2007/10/19 22:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{3EB655F8-A508-11DB-8BC6-FD5B55D89593}
[2009/06/05 18:27:36 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/02/23 19:07:14 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/12/18 09:33:48 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2009/07/10 21:44:35 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/01/07 20:50:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/12 19:01:45 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2010/01/29 11:17:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/19 17:54:27 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/02/12 20:02:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2007/10/19 22:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{e8cba685-830c-1283-6314-a6ae605cc9be}
[2010/01/27 10:04:07 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/01/03 11:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\Foxdie@tanjihay.com
[2010/01/03 11:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\foxdie_ext_ocelot@foxdie.us
[2009/10/24 12:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\FoxdieGraphite@tanjihay.com
[2010/03/19 23:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\foxmarks@kei.com
[2010/02/18 20:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\LogMeInClient@logmein.com
[2010/03/28 20:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\sharing@addons.mozilla.org
[2010/01/12 19:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2008/06/18 23:44:36 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\searchplugins\askjeeves.xml
[2008/03/08 18:06:55 | 000,002,920 | ---- | M] () -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\searchplugins\daemon-search.xml
[2009/04/12 20:59:39 | 000,004,378 | ---- | M] () -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\searchplugins\espn-search.xml
[2006/10/30 20:35:00 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\searchplugins\siteadvisor.gif
[2006/10/30 20:35:00 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\searchplugins\siteadvisor.src
[2006/10/30 20:34:57 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\searchplugins\siteadvisor.xml
[2010/04/07 18:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008/01/17 13:17:00 | 002,609,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2007/08/09 13:08:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2007/08/09 13:10:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2008/08/04 18:34:06 | 000,000,712 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Itiva Media Accelerator] C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe (Itiva Digital Media)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe ()
O4 - HKCU..\Run: [odnbtjlm] C:\Documents and Settings\Mike Smith\Local Settings\Application Data\michafbsf\djsabnqtssd.exe File not found
O4 - HKCU..\Run: [PlayOn] C:\Program Files\MediaMall\PlayOn.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Mike Smith\Start Menu\Programs\Startup\PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe (Thong Nguyen)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bloomberg.net ([bba] https in Local intranet)
O15 - HKCU\..Trusted Domains: eatonvance.com ([webmail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} [You must be registered and logged in to see this link.] (iPIX ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} [You must be registered and logged in to see this link.] (Citrix ICA Client)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} [You must be registered and logged in to see this link.] (CTVUAxCtrl Object)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} [You must be registered and logged in to see this link.] (MJPEGRender Control)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} [You must be registered and logged in to see this link.] (WebSlingPlayer)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} [You must be registered and logged in to see this link.] (JuniperSetupControlXP Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [You must be registered and logged in to see this link.] (McFreeScan Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [You must be registered and logged in to see this link.] (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike Smith\My Documents\wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike Smith\My Documents\wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{46ec4aa4-b88d-11dc-93c3-00163642d374}\Shell - "" = AutoRun
O33 - MountPoints2\{46ec4aa4-b88d-11dc-93c3-00163642d374}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46ec4aa4-b88d-11dc-93c3-00163642d374}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7cb7e2ae-62c8-11db-9002-00163642d374}\Shell - "" = AutoRun
O33 - MountPoints2\{7cb7e2ae-62c8-11db-9002-00163642d374}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cb7e2ae-62c8-11db-9002-00163642d374}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d1cd9512-6166-11db-8ff9-00163642d374}\Shell\AutoRun\command - "" = JDSecure\Windows\JDSecure20.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 20:27:15 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike Smith\Desktop\OTL.exe
[2010/04/07 22:40:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/07 22:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Smith\Local Settings\Application Data\michafbsf
[2010/04/02 21:39:58 | 000,309,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmod.dll
[2010/04/02 21:39:58 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax
[2010/04/02 21:39:12 | 000,163,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Wmaudsdk.dll
[2010/04/02 21:39:12 | 000,090,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioFormatSettings3.dll
[2010/04/02 21:39:11 | 002,658,304 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioCompress3.dll
[2010/04/02 21:39:11 | 002,260,992 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoCompress.dll
[2010/04/02 21:39:11 | 001,810,432 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioCompress2.dll
[2010/04/02 21:39:11 | 001,245,184 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTRMFile.dll
[2010/04/02 21:39:11 | 000,991,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoCoreM.dll
[2010/04/02 21:39:11 | 000,614,400 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTMPEGFile.dll
[2010/04/02 21:39:11 | 000,315,392 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2010/04/02 21:39:11 | 000,294,912 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAVIFile.dll
[2010/04/02 21:39:11 | 000,282,624 | ---- | C] (Online Media Technologies Company Ltd.) -- C:\WINDOWS\System32\NCTQuickTimeFile.dll
[2010/04/02 21:39:11 | 000,159,744 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMVFile.dll
[2010/04/02 21:39:11 | 000,139,264 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoFile.dll
[2010/04/02 21:39:10 | 001,843,200 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2010/04/02 21:39:10 | 000,196,608 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2010/04/02 21:39:09 | 000,793,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpcdcs8.exe
[2010/04/02 17:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Smith\Application Data\Fronoh
[2010/04/02 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/02 16:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/02 16:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/02 14:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Smith\My Documents\AnyDVDHD
[2010/04/02 14:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Smith\Local Settings\Application Data\HandBrake
[2010/04/02 14:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Smith\Application Data\HandBrake
[2010/04/02 14:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/04/02 13:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/04/02 13:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010/03/30 18:20:41 | 000,104,768 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/03/19 23:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Smith\Local Settings\Application Data\Geckofx
[2010/03/19 23:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Smith\My Documents\Red Kawa
[2010/03/19 23:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Smith\Application Data\Red Kawa
[2010/03/19 20:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Smith\Application Data\NBC Direct
[2010/03/19 20:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Smith\Application Data\IDM
[2010/03/19 20:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/03/19 20:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NBC Direct
[2010/03/19 20:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\NBC Direct
[2010/03/19 17:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/03/19 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/03/19 09:31:57 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/10 21:15:10 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/02/06 19:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2010/01/31 01:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\DivX
[2010/01/23 23:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/12 17:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/12/12 17:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/12 17:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/09/04 04:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/05/05 10:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/02/23 19:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/01/01 17:05:22 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Mike Smith\mqdmserd.sys
[2009/01/01 17:05:22 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Mike Smith\mqdmwhnt.sys
[2009/01/01 17:05:21 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Mike Smith\mqdmmdm.sys
[2009/01/01 17:05:21 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Mike Smith\mqdmbus.sys
[2009/01/01 17:05:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mike Smith\usbsermptxp.sys
[2009/01/01 17:05:21 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mike Smith\usbsermpt.sys
[2009/01/01 17:05:21 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Mike Smith\mqdmmdfl.sys
[2009/01/01 17:05:21 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Mike Smith\mqdmcmnt.sys
[2009/01/01 17:05:21 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Mike Smith\mqdmcr.sys
[2008/12/22 22:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/02/18 16:38:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/10/24 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/10/10 09:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2006/10/21 14:24:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/09/24 04:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/09 20:40:15 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1048914247-485629046-2360194386-1006UA.job
[2010/04/09 20:28:41 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike Smith\Desktop\exeHelper.com
[2010/04/09 20:27:17 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Smith\Desktop\OTL.exe
[2010/04/09 20:07:43 | 000,036,465 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/04/09 20:07:27 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/09 20:05:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/09 20:05:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/09 20:05:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 20:05:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/09 20:05:20 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/07 22:42:05 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Mike Smith\NTUSER.DAT
[2010/04/07 22:42:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mike Smith\ntuser.ini
[2010/04/07 22:35:32 | 000,157,696 | ---- | M] () -- C:\Documents and Settings\Mike Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/07 21:51:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/07 19:12:19 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/07 18:40:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1048914247-485629046-2360194386-1006Core.job
[2010/04/06 20:32:59 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/06 20:07:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/02 21:56:47 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\SySVtacj.dat
[2010/04/02 21:38:53 | 000,000,071 | ---- | M] () -- C:\WINDOWS\videotoiPodconverter.ini
[2010/04/02 21:36:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\SysVideotoiPod.dat
[2010/04/02 17:02:22 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\msqctp.ini
[2010/04/02 16:27:32 | 000,029,298 | ---- | M] () -- C:\Documents and Settings\Mike Smith\Desktop\godfather 2.jpg
[2010/04/02 13:57:25 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2010/04/02 13:55:14 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Mike Smith\Desktop\Handbrake.lnk
[2010/03/31 20:50:51 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\Mike Smith\Desktop\AUA 2010.xls
[2010/03/30 18:20:41 | 000,104,768 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/03/29 21:54:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/19 09:31:57 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/15 05:10:41 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 05:10:41 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 05:10:40 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/11 06:25:18 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/11 06:23:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/09 20:28:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Desktop\exeHelper.com
[2010/04/02 21:40:07 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySVtacj.dat
[2010/04/02 21:39:12 | 000,070,144 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010/04/02 21:39:12 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\VORBIS.DLL
[2010/04/02 21:39:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\OGG.DLL
[2010/04/02 21:39:12 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\VCEDIT.DLL
[2010/04/02 21:39:12 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2010/04/02 21:39:09 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/04/02 21:39:09 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/04/02 21:38:53 | 000,000,071 | ---- | C] () -- C:\WINDOWS\videotoiPodconverter.ini
[2010/04/02 21:36:00 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysVideotoiPod.dat
[2010/04/02 17:02:22 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\msqctp.ini
[2010/04/02 16:31:02 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/02 16:27:27 | 000,029,298 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Desktop\godfather 2.jpg
[2010/04/02 14:01:35 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/02 13:57:25 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2010/04/02 13:55:14 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Desktop\Handbrake.lnk
[2010/01/31 00:48:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/31 00:48:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/01/26 15:17:39 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Application Data\BBMS_EXCEPTION.txt
[2009/12/09 19:47:32 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/26 21:57:41 | 000,042,857 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SlingSetup.log
[2009/01/26 21:31:52 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/26 21:31:51 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/25 22:31:59 | 000,406,963 | -HS- | C] () -- C:\WINDOWS\System32\knoUDfii.ini2
[2009/01/25 22:31:59 | 000,406,963 | -HS- | C] () -- C:\WINDOWS\System32\knoUDfii.ini
[2009/01/01 17:05:21 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Mike Smith\MCCI_MDM.INF
[2009/01/01 17:05:21 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Mike Smith\USB_MOT_BRIT.INF
[2009/01/01 17:05:21 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Mike Smith\USBMOT2000.INF
[2009/01/01 17:05:21 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Mike Smith\MCCI_BUS.INF
[2009/01/01 17:05:21 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Mike Smith\USBMOT2000XP.INF
[2009/01/01 17:05:21 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Mike Smith\USB_MOT_A1000.INF
[2009/01/01 17:05:21 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Mike Smith\USB_CMCS_2000.INF
[2009/01/01 17:05:21 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Mike Smith\MCCI_SDM.INF
[2009/01/01 17:05:18 | 000,016,098 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Copy of oem40.PNF
[2009/01/01 17:05:18 | 000,009,936 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Copy of oem40.inf
[2009/01/01 17:05:18 | 000,007,848 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Copy of oem39.PNF
[2009/01/01 17:05:18 | 000,007,410 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Copy of oem41.PNF
[2009/01/01 17:05:18 | 000,007,006 | ---- | C] () -- C:\Documents and Settings\Mike Smith\1230843918-(null)
[2009/01/01 17:05:18 | 000,004,500 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Copy of oem41.inf
[2009/01/01 17:05:17 | 000,015,574 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Copy of oem36.PNF
[2009/01/01 17:05:17 | 000,012,746 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Copy of oem34.PNF
[2009/01/01 17:05:17 | 000,012,674 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Copy of oem35.PNF
[2009/01/01 17:05:17 | 000,008,003 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Copy of oem36.inf
[2009/01/01 17:05:17 | 000,005,993 | ---- | C] () -- C:\Documents and Settings\Mike Smith\1230843915-(null)
[2009/01/01 17:05:17 | 000,005,940 | ---- | C] () -- C:\Documents and Settings\Mike Smith\1230843917-(null)
[2009/01/01 17:04:33 | 000,023,861 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Motorola_Driver_Log.txt
[2008/07/13 09:31:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2008/04/20 23:22:35 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2008/04/15 18:13:20 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/04/12 19:01:43 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\Mike Smith\GoToAssistDownloadHelper.exe
[2008/03/08 18:03:23 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/02/09 22:34:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2008/01/30 17:10:46 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/01/19 22:32:28 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/19 22:32:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/19 21:56:19 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/18 12:18:41 | 000,010,891 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/10/09 22:42:36 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/18 20:59:32 | 000,021,435 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Motorola_Driver_Installer_Log.txt
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/05/13 12:07:01 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/05/13 12:07:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/05/13 12:07:01 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/05/13 12:06:55 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/05/13 12:06:55 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/05/13 12:06:55 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/05/13 12:06:54 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2007/05/13 12:06:38 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/03/12 22:51:23 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/19 00:35:29 | 000,002,264 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Application Data\.googlewebacchosts
[2007/01/02 22:23:23 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\rawHyperStorage32.dll
[2007/01/02 22:23:22 | 000,004,434 | ---- | C] () -- C:\WINDOWS\ModusAddin.INI
[2006/11/02 13:28:20 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/10/23 18:45:59 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/23 15:01:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/21 19:50:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/21 17:30:07 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Mike Smith\LuResult.txt
[2006/10/21 15:55:37 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Mike Smith\Local Settings\Application Data\fusioncache.dat
[2006/10/21 15:55:36 | 008,912,896 | -H-- | C] () -- C:\Documents and Settings\Mike Smith\NTUSER.DAT
[2006/10/21 15:55:36 | 000,065,536 | -H-- | C] () -- C:\Documents and Settings\Mike Smith\ntuser.dat.LOG
[2006/10/21 15:55:36 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Mike Smith\ntuser.ini
[2006/10/21 15:54:35 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/10/21 15:54:35 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2005/12/28 13:04:20 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/12/28 12:54:53 | 000,000,374 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/28 12:49:32 | 000,000,056 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/28 12:47:25 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/12/28 12:43:02 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/01 15:02:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 22:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
< End of report >

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Sat Apr 10, 2010 12:52 am

Extras:

OTL Extras logfile created on: 4/9/2010 8:28:05 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Mike Smith\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 137.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 84.32 Gb Total Space | 11.79 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive D: | 7.82 Gb Total Space | 0.34 Gb Free Space | 4.33% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SMITH
Current User Name: Mike Smith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Mike Smith\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Mike Smith\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" = C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator -- (Itiva Digital Media)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\blp\Wintrv\WINTRV.EXE" = C:\blp\Wintrv\WINTRV.EXE:*:Enabled:BLOOMBERG -- (Bloomberg Finance L.P.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145F768F-49D6-4B5A-B7D7-37889E9E41EA}" = Market Axess
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 18
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{37FD2F04-EC91-41AE-B5AB-AFF904BF20EE}" = Mobile Broadband Drivers
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 B3
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5441CBC1-081B-45F1-A5EF-71C3EADF5E9D}" = Motorola Driver Installation
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58C62A8E-E628-4822-A0F2-BBE10329D53F}" = HP User Guides 0009
"{5BDB97E1-465F-4F04-8C40-295AF60386AA}" = Brother HL-2040
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91477C6F-EC7C-4BFC-BBE1-E45908019DED}" = LightScribe 1.4.52.1
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3365448-B694-468D-BBF0-D7A4CCDF955F}" = BlackBerry® Media Sync
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE611335-4674-B66C-401E-2909F719AD5C}" = FlyCast
"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}" = LogMeIn
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21C30F2-521C-4F86-882E-60CDCE615FBD}" = Intel(R) IPP Run-Time Installer 5.3 for Windows* on IA-32
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6553408-952D-49BD-BB68-CCFCE8411322}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8820 smartphone
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E8F728D0-C3F0-42EB-BBC2-C4A38A577CB1}" = Motorola Phone Tools
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FEA0CE81-7FC7-AAAE-FC8C-241A5F8684F0}" = Supercast
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549" = Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"384E0BF4-1E1F-45A6-B60E-42144A3F15CD" = Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
"5658FB14-16A4-4DAE-946B-1457BE31572E" = Boggle Supreme from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"5DE4D54F-AA79-43A4-9C8A-C173E7E2B025" = 5 Card Slingo from Hewlett-Packard Laptops (remove only)
"6E377D95-DF37-4E67-B64B-68C314600BCB" = Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89" = FATE from Hewlett-Packard Laptops (remove only)
"75FFA390FABE1F136DFF357E465361D41DEF5AFA" = Windows Driver Package - MicroVision (Mvc25U870_VID_1262&PID_25FD) Image (11/30/2005 1.0.1.1)
"7948472C-423F-4134-B68F-48D660A05D71" = Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"AOL Instant Messenger" = AOL Instant Messenger
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)
"B0769D17-E72A-4E87-A83F-1F7A3F080008" = Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
"BlackBerry_{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
"Bloomberg Excel Tools" = Bloomberg Excel Tools
"Bloomberg PFM Upload Tool for Microsoft Excel" = Bloomberg PFM Upload Tool for Microsoft Excel
"Bloomberg SFD Data Dictionary" = Bloomberg SFD Data Dictionary
"Bloomberg, V.05.07.09" = Bloomberg, V.05.07.09
"C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"CleanUp!" = CleanUp!
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_qta30a0k" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1" = Supercast
"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
"DED8E2B5-BA9F-448F-84E8-0AEF79876F95" = Snowboard SuperJam
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Photo Slideshow Professional" = DVD Photo Slideshow Pro 7.97
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E90E3AE9-73E4-4E5C-BB0F-673989A808D0" = Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)
"Family Feud" = Family Feud (remove only)
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FLVPlayer" = FLV Player 1.3.3
"FrostWire" = FrostWire 4.17.0
"Google Updater" = Google Updater
"Handbrake" = Handbrake 0.9.4
"HijackThis" = HijackThis 2.0.2
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"iDump" = iDump (Backing up your iPod)
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Itiva Media Accelerator" = Itiva Media Accelerator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup_is1" = MozBackup 1.4.5
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orb" = Winamp Remote
"PeerGuardian_is1" = PeerGuardian 2.0
"PowerMenu" = PowerMenu 1.51
"Print Server Driver" = Print Server Driver
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Stellar Phoenix DMR_is1" = Stellar Phoenix DMR 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.7.4.1 Beta
"UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets
"uTorrent" = µTorrent
"Videora iPod Converter" = Videora iPod Converter 5.04
"VLC media player" = VLC media player 1.0.3
"VZAccess Manager" = VZAccess Manager
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebSlingPlayer ActiveX" = WebSlingPlayer ActiveX
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/9/2010 8:07:12 PM | Computer Name = SMITH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: A connection with the server could not be established

Error - 4/9/2010 8:07:13 PM | Computer Name = SMITH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/9/2010 8:09:32 PM | Computer Name = SMITH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server returned an invalid or unrecognized response

Error - 4/9/2010 8:09:32 PM | Computer Name = SMITH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/9/2010 8:16:13 PM | Computer Name = SMITH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server returned an invalid or unrecognized response

Error - 4/9/2010 8:16:14 PM | Computer Name = SMITH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/9/2010 8:18:59 PM | Computer Name = SMITH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/9/2010 8:18:59 PM | Computer Name = SMITH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/9/2010 8:19:25 PM | Computer Name = SMITH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server returned an invalid or unrecognized response

Error - 4/9/2010 8:19:25 PM | Computer Name = SMITH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

[ System Events ]
Error - 4/7/2010 10:24:44 PM | Computer Name = SMITH | Source = Service Control Manager | ID = 7000
Description = The hpdj service failed to start due to the following error: %%2

Error - 4/7/2010 10:25:07 PM | Computer Name = SMITH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 4/9/2010 8:05:26 PM | Computer Name = SMITH | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 4/9/2010 8:05:34 PM | Computer Name = SMITH | Source = Service Control Manager | ID = 7000
Description = The hpdj service failed to start due to the following error: %%2

Error - 4/9/2010 8:06:25 PM | Computer Name = SMITH | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 4/9/2010 8:15:21 PM | Computer Name = SMITH | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 4/9/2010 8:17:23 PM | Computer Name = SMITH | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 4/9/2010 8:17:55 PM | Computer Name = SMITH | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 4/9/2010 8:18:31 PM | Computer Name = SMITH | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 4/9/2010 8:20:37 PM | Computer Name = SMITH | Source = DCOM | ID = 10010
Description = The server {76DEF3AC-2910-4234-9EE2-C81B2D45833A} did not register
with DCOM within the required timeout.


< End of report >

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by Dr Jay on Sat Apr 10, 2010 6:45 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144805
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Sun Apr 11, 2010 1:17 pm

ComboFix 10-04-10.02 - Mike Smith 04/11/2010 8:56.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.506 [GMT -4:00]
Running from: c:\documents and settings\Mike Smith\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mike Smith\Start Menu\Programs\Startup\PowerMenu.lnk
c:\program files\QUAD Utilities
c:\windows\system32\_000111_.tmp.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\knoUDfii.ini
c:\windows\system32\knoUDfii.ini2
c:\windows\system32\logs
c:\windows\system32\logs\{EC84279B-451B-40ED-88AD-F4D753DCEB43}.log
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\wiaserviv.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-10 13:11 . 2010-04-10 13:11 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-04-10 13:11 . 2010-04-10 13:11 -------- d-----w- c:\program files\dvd43
2010-04-10 04:17 . 2010-04-10 04:17 -------- d-----w- c:\windows\system32\windows media
2010-04-10 04:15 . 2010-04-10 04:15 -------- d-----w- c:\program files\Windows Media Components
2010-04-08 02:40 . 2010-04-08 02:40 -------- d--h--w- c:\windows\PIF
2010-04-08 02:10 . 2010-04-10 00:27 -------- d-----w- c:\documents and settings\Mike Smith\Local Settings\Application Data\michafbsf
2010-04-03 01:40 . 2010-04-03 01:56 5 ----a-w- c:\windows\system32\SySVtacj.dat
2010-04-03 01:36 . 2010-04-03 01:36 1 ----a-w- c:\windows\system32\SysVideotoiPod.dat
2010-04-02 21:02 . 2010-04-02 21:02 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\Fronoh
2010-04-02 20:29 . 2010-04-02 20:29 -------- d-----w- c:\program files\iPod
2010-04-02 20:28 . 2010-04-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 20:15 . 2010-04-02 20:15 -------- d-----w- c:\program files\Bonjour
2010-04-02 20:10 . 2010-04-02 20:10 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-02 20:05 . 2010-04-02 20:05 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-02 18:11 . 2010-04-02 18:11 -------- d-----w- c:\documents and settings\Mike Smith\Local Settings\Application Data\HandBrake
2010-04-02 18:11 . 2010-04-02 18:14 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\HandBrake
2010-04-02 18:01 . 2010-04-02 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-04-02 17:57 . 2010-04-10 13:11 -------- d-----w- c:\program files\SlySoft
2010-04-02 17:55 . 2010-04-02 17:55 -------- d-----w- c:\program files\Handbrake
2010-03-20 03:05 . 2010-03-20 03:05 -------- d-----w- c:\documents and settings\Mike Smith\Local Settings\Application Data\Geckofx
2010-03-20 03:05 . 2010-03-20 03:05 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\Red Kawa
2010-03-20 00:38 . 2010-04-07 01:29 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\NBC Direct
2010-03-20 00:38 . 2010-03-20 00:38 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\IDM
2010-03-20 00:38 . 2010-04-07 21:41 -------- d-----w- c:\program files\Pando Networks
2010-03-20 00:37 . 2010-04-07 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NBC Direct
2010-03-20 00:37 . 2010-04-07 01:29 -------- d---a-w- c:\program files\NBC Direct
2010-03-19 21:55 . 2010-03-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-19 21:55 . 2010-03-19 21:55 -------- d-----w- c:\program files\NOS
2010-03-19 21:54 . 2010-02-19 23:31 31936 ----a-w- c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-03-19 21:54 . 2010-02-19 23:31 29344 ----a-w- c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 12:45 . 2007-04-05 20:55 -------- d-----w- c:\program files\LogMeIn
2010-04-11 12:44 . 2008-04-02 23:51 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\Skype
2010-04-11 12:44 . 2008-01-10 03:24 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\DNA
2010-04-11 04:00 . 2008-01-20 01:56 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\skypePM
2010-04-11 00:17 . 2006-10-23 18:58 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\U3
2010-04-10 23:39 . 2008-07-14 03:03 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\FrostWire
2010-04-10 23:39 . 2009-01-15 01:50 -------- d-----w- c:\program files\Incomplete
2010-04-10 23:39 . 2008-07-14 03:02 -------- d-----w- c:\program files\FrostWire
2010-04-10 23:19 . 2010-02-06 22:03 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\uTorrent
2010-04-10 18:26 . 2008-01-10 03:24 -------- d-----w- c:\program files\DNA
2010-04-10 16:09 . 2006-10-21 19:55 64432 ----a-w- c:\documents and settings\Mike Smith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-10 16:06 . 2009-01-26 23:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 14:57 . 2005-12-28 16:47 -------- d-----w- c:\program files\Quicken
2010-04-10 14:51 . 2009-01-11 05:22 -------- d-----w- c:\program files\FlyCast
2010-04-10 14:28 . 2009-02-16 04:07 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-10 04:52 . 2010-01-16 00:09 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\vlc
2010-04-06 08:45 . 2009-01-17 15:56 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2010-04-03 01:42 . 2010-02-06 22:03 -------- d-----w- c:\program files\uTorrent
2010-04-02 20:30 . 2007-09-06 20:33 -------- d-----w- c:\program files\iTunes
2010-04-02 20:28 . 2007-07-30 00:51 -------- d-----w- c:\program files\Common Files\Apple
2010-04-02 20:21 . 2006-11-04 16:06 -------- d-----w- c:\program files\QuickTime
2010-04-02 20:09 . 2007-09-06 23:09 -------- d-----w- c:\program files\Safari
2010-04-01 09:05 . 2009-04-17 00:46 -------- d-----w- c:\program files\McAfee
2010-03-30 04:46 . 2009-01-26 23:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2009-01-26 23:56 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 02:18 . 2010-01-20 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-03-08 23:07 . 2006-10-21 23:50 -------- d-----r- c:\program files\Skype
2010-03-08 23:07 . 2010-03-08 23:07 -------- d-----w- c:\program files\Common Files\Skype
2010-03-08 23:07 . 2007-01-04 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-07 14:08 . 2006-10-22 00:10 64896 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-27 05:14 . 2010-02-27 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2010-02-25 06:24 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 01:08 . 2010-02-23 01:08 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-22 10:03 . 2008-04-09 15:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-19 00:20 . 2008-04-20 20:37 -------- d-----w- c:\documents and settings\Guest\Application Data\Skype
2010-02-18 22:58 . 2008-04-20 20:38 -------- d-----w- c:\documents and settings\Guest\Application Data\skypePM
2010-02-17 21:20 . 2010-02-23 23:07 114360 ----a-w- c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2010-02-15 15:57 . 2008-11-30 15:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-15 15:57 . 2009-06-05 22:20 38784 ----a-w- c:\documents and settings\Mike Smith\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-02 02:37 . 2010-03-07 14:07 1863680 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\1k2ulhcz.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
2010-02-02 02:34 . 2010-03-07 14:07 2003456 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\1k2ulhcz.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\SBIL2.dll
2010-02-02 02:33 . 2010-03-07 14:07 148992 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\1k2ulhcz.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\DXVAProbe.dll
2010-02-02 02:33 . 2010-03-07 14:07 581632 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\1k2ulhcz.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\SPRemote.dll
2010-02-02 02:33 . 2010-03-07 14:07 292352 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\1k2ulhcz.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\RCDownloader.dll
2010-02-02 02:32 . 2010-03-07 14:07 175616 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\1k2ulhcz.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\CabinetUtils.dll
2010-01-28 11:08 . 2010-01-28 11:08 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1a025657-n\decora-sse.dll
2010-01-28 11:08 . 2010-01-28 11:08 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-756f04ba-n\msvcp71.dll
2010-01-28 11:08 . 2010-01-28 11:08 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-756f04ba-n\jmc.dll
2010-01-28 11:08 . 2010-01-28 11:08 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-756f04ba-n\msvcr71.dll
2010-01-28 11:08 . 2010-01-28 11:08 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1a025657-n\decora-d3d.dll
2010-01-27 13:57 . 2010-01-27 13:57 503808 ----a-w- c:\documents and settings\Mike Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-788904e5-n\msvcp71.dll
2010-01-27 13:57 . 2010-01-27 13:57 499712 ----a-w- c:\documents and settings\Mike Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-788904e5-n\jmc.dll
2010-01-27 13:57 . 2010-01-27 13:57 348160 ----a-w- c:\documents and settings\Mike Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-788904e5-n\msvcr71.dll
2010-01-27 13:57 . 2010-01-27 13:57 61440 ----a-w- c:\documents and settings\Mike Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cbef26d-n\decora-sse.dll
2010-01-27 13:57 . 2010-01-27 13:57 12800 ----a-w- c:\documents and settings\Mike Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cbef26d-n\decora-d3d.dll
2010-01-26 00:55 . 2008-12-23 02:14 256 ----a-w- c:\windows\system32\pool.bin
2010-01-22 17:13 . 2010-02-19 00:47 3858432 ----a-w- c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-01-22 17:13 . 2010-02-10 01:58 3858432 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\1k2ulhcz.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-01-22 16:49 . 2010-02-19 00:47 8520 ----a-w- c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
2010-01-22 16:49 . 2010-02-10 01:58 8520 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\1k2ulhcz.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
2010-01-22 16:49 . 2010-02-19 00:47 70984 ----a-w- c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
2010-01-22 16:49 . 2010-02-10 01:58 70984 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\1k2ulhcz.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
2010-01-22 16:46 . 2010-02-19 00:47 574768 ----a-w- c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
2010-01-22 16:46 . 2010-02-19 00:47 15664 ----a-w- c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
2010-01-22 16:46 . 2010-02-10 01:58 574768 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\1k2ulhcz.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
2010-01-22 16:46 . 2010-02-10 01:58 15664 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\1k2ulhcz.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
2010-01-22 16:46 . 2010-02-19 00:47 83256 ----a-w- c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
2010-01-22 16:46 . 2010-02-10 01:58 83256 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\1k2ulhcz.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-08-09 17:08 . 2007-03-17 17:05 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2007-08-09 17:10 . 2007-03-17 17:05 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2006-10-26 02:31 . 2006-10-26 02:31 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-11 07:06 . 2007-05-11 07:06 40048 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
2008-10-15 06:04 . 2008-10-15 06:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

2005-02-17 03:11 . 2005-02-17 03:11 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

2005-12-28 17:09 . 2005-12-12 19:39 94208 c:\program files\HP\QuickPlay\bak\QPService.exe

2005-12-28 17:10 . 2005-05-18 18:29 233534 c:\program files\HPQ\Default Settings\bak\cpqset.exe

2005-12-28 17:09 . 2005-12-07 18:56 409600 c:\program files\HPQ\Quick Launch Buttons\bak\EabServr.exe

2007-09-05 22:03 . 2007-09-05 22:03 267064 c:\program files\iTunes\bak\iTunesHelper.exe
2010-03-26 05:10 . 2010-03-26 05:10 142120 c:\program files\iTunes\iTunesHelper.exe

2007-08-15 18:06 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

2007-06-12 18:17 . 2007-04-17 18:03 63048 c:\program files\LogMeIn\x86\bak\LogMeInSystray.exe

2005-03-23 23:26 . 2005-03-23 23:26 217088 c:\program files\Microsoft IntelliPoint\bak\point32.exe

2007-05-13 15:44 . 2004-11-24 21:09 266240 c:\program files\Print Server\PTP\bak\PSDiagnostic.exe
2008-07-13 14:42 . 2004-11-24 21:09 266240 c:\program files\Print Server\PTP\PSDiagnostic.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\qttask.exe
2010-03-18 01:53 . 2010-03-18 01:53 421888 c:\program files\QuickTime\QTTask.exe

2005-10-20 14:15 . 2005-10-20 14:15 102400 c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\bak\DetectorApp.exe
2005-10-20 10:15 . 2005-10-20 10:15 102400 c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe

2005-12-28 16:49 . 2005-11-11 07:04 761945 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
2005-12-28 16:49 . 2006-11-14 21:02 815104 c:\program files\Synaptics\SynTP\SynTPEnh.exe

2006-11-21 17:38 . 2006-11-21 17:38 35328 c:\program files\Winamp\bak\winampa.exe
2009-07-01 16:37 . 2009-07-01 16:37 37888 c:\program files\Winamp\winampa.exe

2005-12-28 16:26 . 2005-10-11 18:23 1187840 c:\windows\SMINST\bak\RecGuard.exe

2004-08-04 08:00 . 2004-08-04 08:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-04 08:00 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

2005-11-02 23:22 . 2005-11-02 23:22 77824 c:\windows\system32\bak\hkcmd.exe

2005-11-02 23:26 . 2005-11-02 23:26 118784 c:\windows\system32\bak\igfxpers.exe

2005-11-02 23:25 . 2005-11-02 23:25 98304 c:\windows\system32\bak\igfxtray.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Google Update"="c:\documents and settings\Mike Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-28 133104]
"CLRHost"="c:\blp\API\Office Tools\bbxlcmd.exe" [2009-12-18 102400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
"PlayOn"="c:\program files\MediaMall\PlayOn.exe" [N/A]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"odnbtjlm"="c:\documents and settings\Mike Smith\Local Settings\Application Data\michafbsf\djsabnqtssd.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-22 61952]
"DetectorApp"="c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [2005-10-20 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"PrintServer Diagnostic"="c:\program files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 266240]
"Itiva Media Accelerator"="c:\program files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" [2008-06-04 4994288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-05-10 18:36 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-05-25 19:22 63040 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Mike Smith\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\blp\\Wintrv\\WINTRV.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/26/2009 10:52 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/19/2006 5:06 PM 55024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [6/12/2007 2:17 PM 12992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/16/2009 8:49 PM 93320]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [4/27/2009 6:09 PM 93960]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/8/2008 6:03 PM 716272]
S2 gupdate1c994f0c947351e;Google Update Service (gupdate1c994f0c947351e);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 9:23 AM 133104]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2/6/2010 6:05 PM 14424]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 02:53]

2010-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 13:23]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 13:23]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1048914247-485629046-2360194386-1006Core.job
- c:\documents and settings\Mike Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-28 03:33]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1048914247-485629046-2360194386-1006UA.job
- c:\documents and settings\Mike Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-28 03:33]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-17 16:22]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-17 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: eatonvance.com\webmail
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - [You must be registered and logged in to see this link.]
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Mike Smith\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Mike Smith\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Mike Smith\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Itiva\Itiva Media Accelerator\npima.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdrmv2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\documents and settings\Mike Smith\Local Settings\Application Data\{2853BFD5-3865-45EB-A4E3-967D4A9B969A}\NBCDirectInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-11 09:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\MIKENA~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2010-04-11 09:07:24
ComboFix-quarantined-files.txt 2010-04-11 13:07

Pre-Run: 12,988,706,816 bytes free
Post-Run: 13,943,341,056 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B869452C00DA30A222FFF87DF7FBA378

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Sun Apr 11, 2010 1:18 pm

When I did this I notice and IE icon got dumped on my desktop, and IE became my default browser. I suspect that this is normal.

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by Dr Jay on Sun Apr 11, 2010 6:07 pm

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    killall::

    File::
    c:\documents and settings\Mike Smith\Local Settings\Application Data\michafbsf\djsabnqtssd.exe

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "odnbtjlm"=-

    AWF::
    c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
    c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
    c:\program files\HP\QuickPlay\bak\QPService.exe
    c:\program files\HPQ\Default Settings\bak\cpqset.exe
    c:\program files\HPQ\Quick Launch Buttons\bak\EabServr.exe
    c:\program files\iTunes\bak\iTunesHelper.exe
    c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe
    c:\program files\LogMeIn\x86\bak\LogMeInSystray.exe
    c:\program files\Microsoft IntelliPoint\bak\point32.exe
    c:\program files\Print Server\PTP\bak\PSDiagnostic.exe
    c:\program files\QuickTime\bak\qttask.exe
    c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\bak\DetectorApp.exe
    c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
    c:\program files\Winamp\bak\winampa.exe
    c:\windows\SMINST\bak\RecGuard.exe
    c:\windows\system32\bak\ctfmon.exe
    c:\windows\system32\bak\hkcmd.exe
    c:\windows\system32\bak\igfxpers.exe
    c:\windows\system32\bak\igfxtray.exe

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    Trusted Zone: eatonvance.com\webmail
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {96816368-C1E3-414D-A193-63C3CC921990} - [You must be registered and logged in to see this link.]

    Rootkit::

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144805
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Mon Apr 12, 2010 11:33 am

ComboFix 10-04-11.01 - Mike Smith 04/11/2010 22:36:39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.502 [GMT -4:00]
Running from: c:\documents and settings\Mike Smith\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike Smith\Desktop\CFscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\Mike Smith\Local Settings\Application Data\michafbsf\djsabnqtssd.exe"
.

((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
.

2010-04-10 13:11 . 2010-04-10 13:11 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-04-10 13:11 . 2010-04-10 13:11 -------- d-----w- c:\program files\dvd43
2010-04-10 04:17 . 2010-04-10 04:17 -------- d-----w- c:\windows\system32\windows media
2010-04-10 04:15 . 2010-04-10 04:15 -------- d-----w- c:\program files\Windows Media Components
2010-04-08 02:40 . 2010-04-08 02:40 -------- d--h--w- c:\windows\PIF
2010-04-08 02:10 . 2010-04-10 00:27 -------- d-----w- c:\documents and settings\Mike Smith\Local Settings\Application Data\michafbsf
2010-04-03 01:40 . 2010-04-03 01:56 5 ----a-w- c:\windows\system32\SySVtacj.dat
2010-04-03 01:36 . 2010-04-03 01:36 1 ----a-w- c:\windows\system32\SysVideotoiPod.dat
2010-04-02 21:02 . 2010-04-02 21:02 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\Fronoh
2010-04-02 20:29 . 2010-04-02 20:29 -------- d-----w- c:\program files\iPod
2010-04-02 20:28 . 2010-04-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 20:15 . 2010-04-02 20:15 -------- d-----w- c:\program files\Bonjour
2010-04-02 18:11 . 2010-04-02 18:11 -------- d-----w- c:\documents and settings\Mike Smith\Local Settings\Application Data\HandBrake
2010-04-02 18:11 . 2010-04-02 18:14 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\HandBrake
2010-04-02 18:01 . 2010-04-02 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-04-02 17:57 . 2010-04-10 13:11 -------- d-----w- c:\program files\SlySoft
2010-04-02 17:55 . 2010-04-02 17:55 -------- d-----w- c:\program files\Handbrake
2010-03-20 03:05 . 2010-03-20 03:05 -------- d-----w- c:\documents and settings\Mike Smith\Local Settings\Application Data\Geckofx
2010-03-20 03:05 . 2010-03-20 03:05 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\Red Kawa
2010-03-20 00:38 . 2010-04-07 01:29 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\NBC Direct
2010-03-20 00:38 . 2010-03-20 00:38 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\IDM
2010-03-20 00:38 . 2010-04-07 21:41 -------- d-----w- c:\program files\Pando Networks
2010-03-20 00:37 . 2010-04-07 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NBC Direct
2010-03-20 00:37 . 2010-04-07 01:29 -------- d---a-w- c:\program files\NBC Direct
2010-03-19 21:55 . 2010-03-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-19 21:55 . 2010-03-19 21:55 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 02:52 . 2008-01-10 03:24 -------- d-----w- c:\program files\DNA
2010-04-12 02:52 . 2008-01-10 03:24 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\DNA
2010-04-12 02:50 . 2006-10-21 22:26 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-04-12 02:30 . 2008-04-02 23:51 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\Skype
2010-04-11 22:33 . 2008-01-20 01:56 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\skypePM
2010-04-11 12:45 . 2007-04-05 20:55 -------- d-----w- c:\program files\LogMeIn
2010-04-11 00:17 . 2006-10-23 18:58 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\U3
2010-04-10 23:39 . 2008-07-14 03:03 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\FrostWire
2010-04-10 23:39 . 2009-01-15 01:50 -------- d-----w- c:\program files\Incomplete
2010-04-10 23:39 . 2008-07-14 03:02 -------- d-----w- c:\program files\FrostWire
2010-04-10 23:19 . 2010-02-06 22:03 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\uTorrent
2010-04-10 16:09 . 2006-10-21 19:55 64432 ----a-w- c:\documents and settings\Mike Smith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-10 16:06 . 2009-01-26 23:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 14:57 . 2005-12-28 16:47 -------- d-----w- c:\program files\Quicken
2010-04-10 14:51 . 2009-01-11 05:22 -------- d-----w- c:\program files\FlyCast
2010-04-10 04:52 . 2010-01-16 00:09 -------- d-----w- c:\documents and settings\Mike Smith\Application Data\vlc
2010-04-06 08:45 . 2009-01-17 15:56 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2010-04-03 01:42 . 2010-02-06 22:03 -------- d-----w- c:\program files\uTorrent
2010-04-02 20:30 . 2007-09-06 20:33 -------- d-----w- c:\program files\iTunes
2010-04-02 20:28 . 2007-07-30 00:51 -------- d-----w- c:\program files\Common Files\Apple
2010-04-02 20:21 . 2006-11-04 16:06 -------- d-----w- c:\program files\QuickTime
2010-04-02 20:09 . 2007-09-06 23:09 -------- d-----w- c:\program files\Safari
2010-04-01 09:05 . 2009-04-17 00:46 -------- d-----w- c:\program files\McAfee
2010-03-30 04:46 . 2009-01-26 23:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2009-01-26 23:56 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 02:18 . 2010-01-20 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-03-08 23:07 . 2006-10-21 23:50 -------- d-----r- c:\program files\Skype
2010-03-08 23:07 . 2010-03-08 23:07 -------- d-----w- c:\program files\Common Files\Skype
2010-03-08 23:07 . 2007-01-04 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-07 14:08 . 2006-10-22 00:10 64896 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-27 05:14 . 2010-02-27 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2010-02-25 06:24 . 2004-08-04 08:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-23 01:08 . 2010-02-23 01:08 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-22 10:03 . 2008-04-09 15:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-19 00:20 . 2008-04-20 20:37 -------- d-----w- c:\documents and settings\Guest\Application Data\Skype
2010-02-18 22:58 . 2008-04-20 20:38 -------- d-----w- c:\documents and settings\Guest\Application Data\skypePM
2010-02-15 15:57 . 2008-11-30 15:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-01-26 00:55 . 2008-12-23 02:14 256 ----a-w- c:\windows\system32\pool.bin
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-08-09 17:08 . 2007-03-17 17:05 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2007-08-09 17:10 . 2007-03-17 17:05 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2006-10-26 02:31 . 2006-10-26 02:31 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-12 02:49 . 2010-04-12 02:49 16384 c:\windows\Temp\Perflib_Perfdata_1fc.dat
+ 2005-11-02 23:25 . 2005-11-02 23:25 98304 c:\windows\system32\igfxtray.exe
+ 2005-11-02 23:22 . 2005-11-02 23:22 77824 c:\windows\system32\hkcmd.exe
- 2006-10-21 19:51 . 2010-04-11 11:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-10-21 19:51 . 2010-04-12 01:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-10-21 19:51 . 2010-04-12 01:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-10-21 19:51 . 2010-04-11 11:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-10-21 19:51 . 2010-04-11 11:43 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-04-11 16:18 . 2010-04-12 01:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-11-02 23:26 . 2005-11-02 23:26 118784 c:\windows\system32\igfxpers.exe
+ 2005-12-28 16:26 . 2005-10-11 18:23 1187840 c:\windows\SMINST\RecGuard.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-11 07:06 . 2007-05-11 07:06 40048 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
2008-10-15 06:04 . 2008-10-15 06:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

2007-09-05 22:03 . 2007-09-05 22:03 267064 c:\program files\iTunes\bak\iTunesHelper.exe
2010-03-26 05:10 . 2010-03-26 05:10 142120 c:\program files\iTunes\iTunesHelper.exe

2007-05-13 15:44 . 2004-11-24 21:09 266240 c:\program files\Print Server\PTP\bak\PSDiagnostic.exe
2008-07-13 14:42 . 2004-11-24 21:09 266240 c:\program files\Print Server\PTP\PSDiagnostic.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\qttask.exe
2010-03-18 01:53 . 2010-03-18 01:53 421888 c:\program files\QuickTime\QTTask.exe

2005-10-20 14:15 . 2005-10-20 14:15 102400 c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\bak\DetectorApp.exe
2005-10-20 10:15 . 2005-10-20 10:15 102400 c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe

2005-12-28 16:49 . 2005-11-11 07:04 761945 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
2005-12-28 16:49 . 2006-11-14 21:02 815104 c:\program files\Synaptics\SynTP\SynTPEnh.exe

2006-11-21 17:38 . 2006-11-21 17:38 35328 c:\program files\Winamp\bak\winampa.exe
2009-07-01 16:37 . 2009-07-01 16:37 37888 c:\program files\Winamp\winampa.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Google Update"="c:\documents and settings\Mike Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-28 133104]
"CLRHost"="c:\blp\API\Office Tools\bbxlcmd.exe" [2009-12-18 102400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
"PlayOn"="c:\program files\MediaMall\PlayOn.exe" [N/A]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-22 61952]
"DetectorApp"="c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [2005-10-20 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"PrintServer Diagnostic"="c:\program files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 266240]
"Itiva Media Accelerator"="c:\program files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" [2008-06-04 4994288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-05-10 18:36 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-05-25 19:22 63040 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Mike Smith\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\blp\\Wintrv\\WINTRV.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/26/2009 10:52 PM 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/8/2008 6:03 PM 716272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/19/2006 5:06 PM 55024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [6/12/2007 2:17 PM 12992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/16/2009 8:49 PM 93320]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [4/27/2009 6:09 PM 93960]
S2 gupdate1c994f0c947351e;Google Update Service (gupdate1c994f0c947351e);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 9:23 AM 133104]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2/6/2010 6:05 PM 14424]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 02:53]

2010-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 13:23]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 13:23]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1048914247-485629046-2360194386-1006Core.job
- c:\documents and settings\Mike Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-28 03:33]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1048914247-485629046-2360194386-1006UA.job
- c:\documents and settings\Mike Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-28 03:33]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-17 16:22]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-17 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Mike Smith\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Mike Smith\Application Data\Mozilla\Firefox\Profiles\bx1o7ess.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Mike Smith\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Mike Smith\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Itiva\Itiva Media Accelerator\npima.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdrmv2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-11 22:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spac.sys >>UNKNOWN [0x86D85938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7694f28
\Driver\ACPI -> ACPI.sys @ 0xf73f2cb8
\Driver\atapi -> atapi.sys @ 0xf73adb40
\Driver\iaStor -> iaStor.sys @ 0xf730f7b0
IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf71e0bb0
PacketIndicateHandler -> NDIS.sys @ 0xf71cfa0d
SendHandler -> NDIS.sys @ 0xf71e3b40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\blp\API\Office Tools\Bloomberg.UIServer.exe
c:\blp\API\Office Tools\Bloomberg.RtdServer.exe
c:\progra~1\HPQ\SHARED\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
.
**************************************************************************
.
Completion time: 2010-04-11 23:10:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-12 03:09
ComboFix2.txt 2010-04-11 13:07

Pre-Run: 13,936,144,384 bytes free
Post-Run: 13,910,659,072 bytes free

- - End Of File - - 77E37D67D8C258142D8C8EA5AC40588C

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by Dr Jay on Tue Apr 13, 2010 1:40 am

We need to do some diagnostics.

1. Please download [You must be registered and logged in to see this link.] by noahdfear.
  • Save it to your desktop.
  • Double-click profiles.exe and post its log when you reply


2. Download [You must be registered and logged in to see this link.] by ad13 and save it to your Desktop.
  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


3. In your next reply, please post the following logs for my review:
  • Profiles log (1)
  • Win32kDiag log (2)


Thanks! Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144805
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Thu Apr 22, 2010 4:58 am

I will do this in the morning. Just got back from vacation, sorry!

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by Dr Jay on Thu Apr 22, 2010 5:26 am

ok


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144805
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Thu Apr 22, 2010 1:49 pm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1048914247-485629046-2360194386-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Mike Smith

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1048914247-485629046-2360194386-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1048914247-485629046-2360194386-501
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Guest

SystemRoot REG_SZ C:\WINDOWS

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Thu Apr 22, 2010 1:50 pm

Running from: C:\Documents and Settings\Mike Smith\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Mike Smith\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by Dr Jay on Thu Apr 22, 2010 4:24 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144805
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Tue Apr 27, 2010 12:39 am

I will do this tonight. Thanks!

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by Dr Jay on Tue Apr 27, 2010 1:59 am

ok


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144805
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Tue Apr 27, 2010 10:19 pm

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4041

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/27/2010 10:05:46 AM
mbam-log-2010-04-27 (10-05-46).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 245671
Time elapsed: 1 hour(s), 49 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by Belahzur on Wed Apr 28, 2010 12:17 am

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Sat May 01, 2010 3:18 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3850eddfab08414eb00a16a71ebc004b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-01 03:03:14
# local_time=2010-04-30 11:03:14 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 36996163 36996163 0 0
# compatibility_mode=5121 16776533 100 96 2509728 24677987 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 0 13 103441315 103441316 0 0
# scanned=129902
# found=5
# cleaned=5
# scan_time=13733
C:\Program Files\FrostWire\if i were boy beyonce (new album).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\FrostWire\if i were boy beyonce.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\knoUDfii.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\knoUDfii.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP947\A0189452.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by Dr Jay on Sat May 01, 2010 3:26 am

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144805
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Sun May 02, 2010 6:01 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\mike smith\my documents\my music\itunes\itunes music\jay-z\in my lifetime, vol. 1\12 - rap game_crack game.m4a
scanner sequence 3.AP.11
----- EOF -----

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by Dr Jay on Sun May 02, 2010 6:24 pm

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144805
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Thu May 06, 2010 2:16 am

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
McAfee SecurityCenter
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 18
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
````````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by Dr Jay on Thu May 06, 2010 3:52 am

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==============

See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144805
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Wed May 12, 2010 2:25 am

Done!

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by Dr Jay on Wed May 12, 2010 4:01 am

Good. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144805
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E

Post by ps2baseball on Sat May 15, 2010 1:39 pm

Thanks for all your help!

ps2baseball
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-04-10
OS : Windows XP
Points : 24493
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum