Banker.Fox.A and malware

View previous topic View next topic Go down

Banker.Fox.A and malware

Post by Shauneendh on Sat Apr 17, 2010 10:35 am

Hi There, I hope someone can help me please? - My son's computer seems to be infected by something called Banker fox.A. I found a tool on that said it could remove it, downloaded it onto a USB Key and ran it on his computer - it found it but then wanted me to connect to the internet to remove it (and presumably pay for it!) but he has no internet connection either. Can you help me please? - Thank you, Shauneen Humphreys

Shauneendh
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-04-17
OS OS : Windows XP
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Belahzur on Sat Apr 17, 2010 12:35 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Shauneendh on Sat Apr 17, 2010 1:37 pm

Wow thank you what a fast reply - I was not sure what to expect. There is no internet pon My sons computer so I have had to transfer everything to/frpm his computer with a USB Key. Here is the otl.txt.
OTL logfile created on: 17/04/2010 14:03:48 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Sam\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.93 Gb Total Space | 59.82 Gb Free Space | 56.48% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 5.26 Gb Free Space | 70.63% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMACER
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/17 13:59:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
PRC - [2010/04/17 10:53:30 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Sam\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010/04/01 12:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/04 21:01:49 | 000,823,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
PRC - [2010/02/04 21:01:47 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 21:01:57 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/01 14:27:14 | 000,176,128 | ---- | M] (Nurago GmbH ) -- C:\Program Files\Gacela\Nurago-Updater.exe
PRC - [2009/04/01 14:26:44 | 000,102,400 | ---- | M] (nurago GmbH) -- C:\Program Files\Gacela\Nurago-Reporting.exe
PRC - [2009/03/18 01:03:02 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/02/05 21:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/05 21:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/05 21:08:26 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 21:06:04 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/05 21:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/01/21 12:20:18 | 000,165,888 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2008/12/03 18:38:24 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/06/12 17:57:18 | 000,991,584 | ---- | M] (Vendio Services, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/29 11:41:16 | 000,737,280 | ---- | M] (ADS Corp.) -- C:\Program Files\ION\EZ VHS Converter\MediaTVMonitor.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/17 18:59:44 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/07/12 12:36:40 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2007/07/11 15:07:46 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/07/04 12:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/05/28 16:56:16 | 000,342,528 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/03/21 21:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 21:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/03/02 12:25:08 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2007/03/01 19:21:52 | 000,024,576 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/10/15 20:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe


========== Modules (SafeList) ==========

MOD - [2010/04/17 13:59:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
MOD - [2008/04/14 01:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/14 01:11:56 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2007/05/28 16:55:16 | 000,024,064 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2007/05/28 16:54:22 | 000,077,824 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\ShowErrMsg.dll
MOD - [2007/05/28 16:54:18 | 000,167,936 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
MOD - [2007/02/05 09:29:04 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll
MOD - [2007/01/09 06:17:44 | 000,502,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2007/01/04 16:04:52 | 000,199,168 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\CryptoAPI.dll
MOD - [2006/02/22 12:19:46 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc71u.dll
MOD - [2005/10/11 14:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2004/10/15 19:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll
MOD - [2003/03/18 20:44:38 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71ENU.DLL
MOD - [2003/02/21 12:42:20 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirScheduler)
SRV - [2010/03/22 15:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/04 21:01:47 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/01 14:27:14 | 000,176,128 | ---- | M] (Nurago GmbH ) [Auto | Running] -- C:\Program Files\Gacela\Nurago-Updater.exe -- (Nurago-Update-Service)
SRV - [2009/04/01 14:26:44 | 000,102,400 | ---- | M] (nurago GmbH) [Auto | Running] -- C:\Program Files\Gacela\Nurago-Reporting.exe -- (Nurago-Reporting-Service)
SRV - [2009/03/18 01:03:02 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/02/05 21:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 21:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 21:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 21:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/03/21 21:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/01 19:21:52 | 000,024,576 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/04/14 18:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2006/04/14 18:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/14 11:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2004/10/15 20:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/23 13:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/05 21:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/02/05 21:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/02/05 21:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 21:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 21:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/02/05 21:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/01/21 12:42:56 | 006,278,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/04 07:34:08 | 000,122,024 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008/06/04 07:34:08 | 000,090,408 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008/06/04 07:34:06 | 000,111,784 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008/06/04 07:34:06 | 000,015,016 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/05/08 15:58:58 | 000,277,888 | R--- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\0140_ION.sys -- (VCR2PC)
DRV - [2008/04/13 19:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/23 07:05:32 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/12/10 18:59:36 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/12/10 18:59:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2007/12/10 18:59:34 | 000,014,120 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2007/09/21 05:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/07 20:16:08 | 000,215,904 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/31 05:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/28 16:55:20 | 000,060,416 | ---- | M] (HiTRUST) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007/05/28 16:54:40 | 000,012,800 | ---- | M] (HiTRUST) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psdfilter.sys -- (psdfilter)
DRV - [2007/05/04 20:26:12 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/05/02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/03/21 20:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/16 23:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/22 19:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 19:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 19:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/08/29 03:30:04 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2006/01/20 22:42:38 | 000,017,408 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2005/01/13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/10/15 19:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 19:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 19:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 19:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 19:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 19:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2004/06/28 12:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 B2 97 18 28 DB CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/03 18:38:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/03 14:35:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\gacela2_2@nurago.com: C:\Program Files\Gacela\ [2010/04/17 13:59:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/28 19:08:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/28 19:08:01 | 000,000,000 | ---D | M]

[2009/09/13 19:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Mozilla\Extensions
[2009/01/18 16:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/09/13 19:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/01/10 18:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\rhcnqdo6.default\extensions
[2008/12/15 04:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\rhcnqdo6.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/01/10 18:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\rhcnqdo6.default\extensions\ChoiceGuard@Microsoft
[2009/04/12 00:29:56 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\rhcnqdo6.default\searchplugins\ask.xml
[2009/04/12 00:30:04 | 000,001,659 | ---- | M] () -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\rhcnqdo6.default\searchplugins\live-search.xml
[2008/12/07 15:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/03 17:09:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/03 17:08:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/12/03 23:10:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2008/12/03 17:08:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/12/03 23:08:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
[2006/10/11 09:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 09:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 09:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 09:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 09:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll

O1 HOSTS File: ([2004/08/05 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Gacela) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Gacela\Gacela2.dll (nurago GmbH)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (DealioBHO Class) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll (Vendio Services, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Gacela) - {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files\Gacela\Gacela2.dll (nurago GmbH)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (Vendio Services, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [au] C:\Program Files\Dealio\DealioAU.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StarteLock] C:\Acer\Empowering Technology\eLock\Service\startelock.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [iptkhdvy] C:\Documents and Settings\Sam\Local Settings\Application Data\kvmxqsenc\cbfrihvtssd.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EZ VHS Converter Monitor.lnk = C:\Program Files\ION\EZ VHS Converter\MediaTVMonitor.exe (ADS Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Über Gacela - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Gacela\Gacela2.dll (nurago GmbH)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (Vendio Services, Inc.)
O9 - Extra 'Tools' menuitem : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (Vendio Services, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} [You must be registered and logged in to see this link.] (Bebo Uploader Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} [You must be registered and logged in to see this link.] (ActiveScan 2.0 Installer Class)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} [You must be registered and logged in to see this link.] (CopyGuardCtrl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} [You must be registered and logged in to see this link.] (Keynote Connector Launcher 2)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} [You must be registered and logged in to see this link.] (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [You must be registered and logged in to see this link.] (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sam\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sam\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/17 14:03:23 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2010/04/17 12:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/17 12:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\SUPERAntiSpyware.com
[2010/04/17 12:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/16 23:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Nurago-Reporting-Service-Spool
[2010/04/16 22:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\Threat Expert
[2010/04/16 22:09:47 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/04/16 22:09:47 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/04/16 22:09:47 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/04/16 22:09:27 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/04/16 22:09:18 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/04/16 22:09:18 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/04/16 22:09:00 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/16 22:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/16 22:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/16 22:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/16 22:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/15 19:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\kvmxqsenc
[2010/04/13 22:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\xye-win32-0.9.1
[2010/04/13 17:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\The Jcwd
[2010/04/13 17:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\AKye
[2010/04/05 00:09:51 | 001,956,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Sam\Desktop\install_flash_player_ax.exe
[2010/03/30 19:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\Malwarebytes
[2010/03/30 19:15:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 19:15:55 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/30 19:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/30 19:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/18 17:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\mt pics
[2010/02/06 16:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Zynga
[2010/01/29 00:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2009/08/15 17:23:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/15 17:23:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/13 13:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/03/19 01:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/03/11 17:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/03/10 21:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/01/16 19:22:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Sam\Application Data\pcouffin.sys
[2008/11/15 16:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/11/09 01:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/05 05:26:40 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2008/11/04 14:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/17 14:12:03 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/17 14:12:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/04/17 14:12:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/04/17 14:11:59 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/04/17 14:11:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/04/17 14:00:40 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/17 13:59:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/17 13:59:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2010/04/17 13:58:42 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/17 13:58:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/17 13:58:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/17 13:57:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/17 13:57:26 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/17 13:55:58 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Sam\NTUSER.DAT
[2010/04/17 13:55:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sam\ntuser.ini
[2010/04/17 13:39:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/17 12:57:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/17 10:56:46 | 000,494,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/17 10:56:46 | 000,092,668 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/17 10:56:44 | 000,598,052 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/16 22:09:09 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/15 00:27:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 22:45:26 | 001,929,329 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\xye-win32-0.9.1.zip
[2010/04/13 22:34:42 | 000,001,471 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\Amazing Kye.lnk
[2010/04/11 17:15:07 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 15:17:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/05 00:09:56 | 001,956,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Sam\Desktop\install_flash_player_ax.exe
[2010/04/02 22:42:42 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/30 20:17:02 | 000,013,550 | -HS- | M] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\TA45p2
[2010/03/30 20:17:02 | 000,013,550 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\TA45p2
[2010/03/30 19:16:01 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 17:57:19 | 000,765,952 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\Angel - Closing Credits.mp3
[2010/03/18 20:20:51 | 000,008,144 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Contacts for whitefluffypolarbears (hotmail).ctt
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/17 12:57:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/16 22:13:31 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/16 22:09:47 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/04/16 22:09:47 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/16 22:09:47 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/04/16 22:09:47 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/04/16 22:09:47 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/04/16 22:09:27 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/04/16 22:09:18 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/04/16 22:09:18 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/04/16 22:09:09 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/16 22:09:00 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/04/13 22:45:16 | 001,929,329 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\xye-win32-0.9.1.zip
[2010/04/13 22:34:42 | 000,001,471 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\Amazing Kye.lnk
[2010/04/13 17:11:32 | 000,083,968 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2010/04/11 17:15:38 | 000,888,003 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\SDC10330.JPG
[2010/03/30 19:16:01 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/29 21:06:11 | 000,013,550 | -HS- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\TA45p2
[2010/03/29 21:06:11 | 000,013,550 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\TA45p2
[2010/03/26 17:57:09 | 000,765,952 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\Angel - Closing Credits.mp3
[2010/03/18 20:20:51 | 000,008,144 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Contacts for whitefluffypolarbears (hotmail).ctt
[2010/03/18 18:02:23 | 001,417,350 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\DSC00063.JPG
[2010/03/18 18:01:39 | 001,573,017 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\DSC00104.JPG
[2010/03/18 18:01:06 | 001,283,410 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\DSC00065.JPG
[2010/02/27 13:46:38 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2010/01/13 16:25:58 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/01/03 13:35:12 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/15 18:21:20 | 000,006,549 | ---- | C] () -- C:\Documents and Settings\Sam\_GEAREXT.WO_IDENT.TXT
[2009/10/24 23:04:52 | 000,188,368 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/14 16:50:46 | 000,005,493 | -HS- | C] () -- C:\Documents and Settings\Sam\Application Data\78d0d9cf654C.manifest
[2009/08/14 16:50:46 | 000,002,467 | -HS- | C] () -- C:\Documents and Settings\Sam\Application Data\78d0d9cf654P.manifest
[2009/08/14 16:50:46 | 000,000,565 | -HS- | C] () -- C:\Documents and Settings\Sam\Application Data\78d0d9cf654O.manifest
[2009/08/10 18:14:02 | 000,005,493 | -HS- | C] () -- C:\Documents and Settings\Sam\Application Data\0200000032fa04fd654C.manifest
[2009/08/10 18:14:02 | 000,002,467 | -HS- | C] () -- C:\Documents and Settings\Sam\Application Data\0200000032fa04fd654P.manifest
[2009/08/10 18:14:02 | 000,000,565 | -HS- | C] () -- C:\Documents and Settings\Sam\Application Data\0200000032fa04fd654O.manifest
[2009/08/10 18:14:02 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Sam\Application Data\0200000032fa04fd654S.manifest
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/06 12:42:19 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/04/30 23:19:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iSnooker.INI
[2009/01/16 20:42:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\lZJoYI4Nl0eqQ3j+wCKUIry3uRhdsW1Q.trl
[2009/01/16 19:22:40 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\pcouffin.log
[2009/01/16 19:22:34 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\inst.exe
[2009/01/16 19:22:34 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\pcouffin.cat
[2009/01/16 19:22:34 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\pcouffin.inf
[2008/12/25 19:58:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\VendorCmdRW.dll
[2008/12/25 19:58:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/12/03 17:12:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/07 12:44:44 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2008/11/07 12:44:44 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2008/11/07 12:44:43 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008/11/05 05:30:00 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2008/11/05 05:28:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NATTraversal.dll
[2008/11/05 05:26:40 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2008/11/05 05:26:16 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\fusioncache.dat
[2008/11/05 05:22:43 | 004,718,592 | ---- | C] () -- C:\Documents and Settings\Sam\NTUSER.DAT
[2008/11/05 05:22:43 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Sam\ntuser.dat.LOG
[2008/11/05 05:22:43 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Sam\ntuser.ini
[2008/11/05 05:21:18 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2008/11/05 05:21:18 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2008/11/04 19:33:49 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/25 16:46:33 | 000,000,039 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini
[2008/03/23 08:23:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/23 07:06:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008/03/23 07:05:32 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/03/23 07:05:32 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/03/23 07:05:32 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/06/06 01:24:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2007/06/06 00:48:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/28 16:56:14 | 001,411,584 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2007/05/28 16:55:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2007/05/28 16:54:32 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2007/01/04 16:10:22 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2006/09/28 15:55:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006/09/26 15:01:40 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/08/29 03:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2006/03/10 23:18:16 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2004/10/15 19:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/08/05 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/11/25 00:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003/11/25 00:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

I will send the extras.txt next as you were correct it needs two posts.

Shauneendh
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-04-17
OS OS : Windows XP
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Shauneendh on Sat Apr 17, 2010 1:38 pm

Here is the extras.txt

OTL Extras logfile created on: 17/04/2010 14:03:48 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Sam\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.93 Gb Total Space | 59.82 Gb Free Space | 56.48% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 5.26 Gb Free Space | 70.63% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMACER
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.js [@ = JSFile] -- C:\WINDOWS\System32\Cscript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\Cscript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\Cscript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\Cscript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\Cscript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\Cscript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\Cscript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\Cscript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\Cscript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\Cscript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Ares Vista\AresVista.exe" = C:\Program Files\Ares Vista\AresVista.exe:*:Enabled:Ares Vista -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009 -- (Sports Interactive)
"C:\Program Files\ION\EZ VHS Converter\MediaTV.exe" = C:\Program Files\ION\EZ VHS Converter\MediaTV.exe:LocalSubNet:Enabled:ION MediaTV -- (ADS Corp.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04E364F1-4582-4567-A6C8-C7FBBCC86C91}" = ION EZ VHS Converter
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 11
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}" = Paragon Partition Manager 8.5 Special Edition
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5F0545E7-3F0F-4730-AF70-26E61DBDF263}" = Gacela
"{6105648C-0C3C-481D-8C11-1F4952D6FB53}" = Dealio Toolbar 3.4
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1" = Moyea FLV to Video Converter Pro 2 version: 2.0.7.15
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BB42C935-456E-4A6C-B357-FDEE7A59FE21}" = exPressit SE
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAC0B889-5359-4FDC-893A-2B8EF6B71B6F}" = SIM MAX
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazing Kye" = Amazing Kye
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"AVS Audio Editor_is1" = AVS Audio Editor version 4.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EsetOnlineScanner" = ESET Online Scanner
"ExpressBurn" = Express Burn
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0528
"Football Manager 2009" = Football Manager 2009
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.1
"Free Audio Converter_is1" = Free Audio Converter version 1.1
"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.2
"Free FLV Converter_is1" = Free FLV Converter V 6.21.0
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.4088
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KeynoteConnector" = Keynote Connector
"LimeWire" = LimeWire 5.2.13
"LManager" = Launch Manager
"Magic DVD Copier_is1" = Magic DVD Copier Version 4.9.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pixillion" = Pixillion Image Converter
"PROHYBRIDR" = 2007 Microsoft Office system
"PROPLUS" = Microsoft Office Professional Plus 2007
"QuickTime 3.0" = QuickTime 3.0
"RealPlayer 6.0" = RealPlayer
"Romeo Lite_is1" = Romeo Lite 2.3.2
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Jcwd" = The Jcwd 2.0 (remove only)
"The X-Files" = The X-Files
"TomTom HOME" = TomTom HOME 2.6.1.1549
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 3 Free 3.73
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Copy Express" = Xilisoft DVD Copy Express
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"Zynga Toolbar" = Zynga Toolbar

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 07/11/2009 19:10:16 | Computer Name = SAMACER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.]
failed, 0000A413.

[ Application Events ]
Error - 12/04/2010 18:59:27 | Computer Name = SAMACER | Source = MSSQL$MSSMLBIZ | ID = 17190
Description = FallBack certificate initialization failed with error code: 1.

Error - 13/04/2010 17:09:17 | Computer Name = SAMACER | Source = Application Error | ID = 1000
Description = Faulting application SynTPEnh.exe, version 10.0.15.0, faulting module
SynTPEnh.exe, version 10.0.15.0, fault address 0x000289dc.

Error - 14/04/2010 12:38:21 | Computer Name = SAMACER | Source = Application Error | ID = 1000
Description = Faulting application SynTPEnh.exe, version 10.0.15.0, faulting module
SynTPEnh.exe, version 10.0.15.0, fault address 0x000289dc.

Error - 14/04/2010 15:04:31 | Computer Name = SAMACER | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 15/04/2010 14:22:47 | Computer Name = SAMACER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module gacela2.dll, version 1.0.0.1, fault address 0x00023520.

Error - 15/04/2010 16:28:27 | Computer Name = SAMACER | Source = ESENT | ID = 485
Description = wlcomm (1604) An attempt to delete the file "C:\Documents and Settings\Sam\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{4f6477d1-fa1a-4d84-b495-953ad2d7556e}\DBStore\LogFiles\edb00184.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 16/04/2010 16:06:37 | Computer Name = SAMACER | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office Professional Hybrid 2007 -- Error 1719.The
Windows Installer Service could not be accessed. This can occur if you are running
Windows in safe mode, or if the Windows Installer is not correctly installed. Contact
your support personnel for assistance.

Error - 16/04/2010 16:06:37 | Computer Name = SAMACER | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Hybrid 2007 - Update 'Update
for Outlook 2007 Junk Email Filter (kb981433)' could not be installed. Error code
1603. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: [You must be registered and logged in to see this link.]

Error - 16/04/2010 16:09:12 | Computer Name = SAMACER | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office Professional Hybrid 2007 -- Error 1719.The
Windows Installer Service could not be accessed. This can occur if you are running
Windows in safe mode, or if the Windows Installer is not correctly installed. Contact
your support personnel for assistance.

Error - 16/04/2010 16:09:12 | Computer Name = SAMACER | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Hybrid 2007 - Update 'Security
Update for Microsoft Office Publisher 2007 (KB980470)' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues with
installing software packages. Use the following link for instructions on turning
on logging support: [You must be registered and logged in to see this link.]

[ OSession Events ]
Error - 14/04/2009 12:09:49 | Computer Name = SAMACER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17/04/2010 04:47:54 | Computer Name = SAMACER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 001FE2B0DF1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 17/04/2010 04:48:14 | Computer Name = SAMACER | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Personal - Free Antivirus Scheduler service failed
to start due to the following error: %%3

Error - 17/04/2010 04:48:14 | Computer Name = SAMACER | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Personal - Free Antivirus Guard service failed to
start due to the following error: %%3

Error - 17/04/2010 04:48:19 | Computer Name = SAMACER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb ssmdrv

Error - 17/04/2010 05:51:48 | Computer Name = SAMACER | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Personal - Free Antivirus Scheduler service failed
to start due to the following error: %%3

Error - 17/04/2010 05:51:48 | Computer Name = SAMACER | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Personal - Free Antivirus Guard service failed to
start due to the following error: %%3

Error - 17/04/2010 05:51:54 | Computer Name = SAMACER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb ssmdrv

Error - 17/04/2010 08:58:52 | Computer Name = SAMACER | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Personal - Free Antivirus Scheduler service failed
to start due to the following error: %%3

Error - 17/04/2010 08:58:52 | Computer Name = SAMACER | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Personal - Free Antivirus Guard service failed to
start due to the following error: %%3

Error - 17/04/2010 08:59:02 | Computer Name = SAMACER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb ssmdrv


< End of report >

Shauneendh
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-04-17
OS OS : Windows XP
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Belahzur on Sat Apr 17, 2010 7:23 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    FF - prefs.js..browser.search.order.1: "Ask"
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKCU..\Run: [iptkhdvy] C:\Documents and Settings\Sam\Local Settings\Application Data\kvmxqsenc\cbfrihvtssd.exe File not found



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Shauneendh on Sat Apr 17, 2010 7:52 pm

Hi There Belhazur,
I have done that - it seemed to do it and at the very bottom of the OTL box I have a message saying 'Processing Complete!' but I did not get a fix log in notepad appear, neither is there anything on the desktop. Can you tell me what I should do now please? Thank you Shauneen.

Shauneendh
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-04-17
OS OS : Windows XP
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Belahzur on Sat Apr 17, 2010 8:54 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Shauneendh on Sat Apr 17, 2010 11:00 pm

Thank you - Just a couple of things that you should know before I post the log.
1. I was trying to disinfect this myself before I was recommended to contact you and I have already run this software and it did find a couple of things that I removed but it did not solve the problem. However I will uninstall it from my Sons computer and follow your instructions and download the version from here.
2. As he has no internet access I will have to save the file to a key and then install on his machine so it probably will not be able to pick up any updates. Having just told you that I now have a message that says it HAS updated! From version 3930 to version 4003.
3. I am in the UK - I don't know where you are but just to let you know that it is after midnight here so I am off to bed when I have posted this so if you reply to this there may be a delay in my answer.

Here is the log mbam produced.
Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4003

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/04/2010 23:54:19
mbam-log-2010-04-17 (23-54-19).txt

Scan type: Quick scan
Objects scanned: 116905
Time elapsed: 9 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Shauneendh
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-04-17
OS OS : Windows XP
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Belahzur on Sat Apr 17, 2010 11:18 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Shauneendh on Sun Apr 18, 2010 9:22 am

Hi Belahzur,
I have done that but encountered a problem on the way. I disabled his avast anti virus biu I got a message to say that Avira antivir was still running. This is what he used to used before Avast. There was nothing in the system tray, nothing in Task Manager processes and when I checked he did not seem to have the program installed. I searched on Antivir and avira and also checked add/remove programs but there was nothing there. I asked it to continue I got a second message to say that it avira antivir scanner was still active but I could run at my own risk. I took a copy of the messages but I could not copy and paste them in here and I cannot see that I can send as an attachment, but I have them if you need them and can tell me how to send thenm to you.

Here is the combo-fix log.

ComboFix 10-04-17.02 - Sam 18/04/2010 9:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.334 [GMT 1:00]
Running from: d:\sam's problem\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 100417-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sam\Application Data\0200000032fa04fd654C.manifest
c:\documents and settings\Sam\Application Data\0200000032fa04fd654O.manifest
c:\documents and settings\Sam\Application Data\0200000032fa04fd654P.manifest
c:\documents and settings\Sam\Application Data\0200000032fa04fd654S.manifest
c:\documents and settings\Sam\Application Data\Desktopicon
c:\documents and settings\Sam\Application Data\Desktopicon\config.ini
c:\documents and settings\Sam\Application Data\inst.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\windows\jestertb.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-17 22:38 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 22:38 . 2010-04-17 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-17 22:38 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 19:41 . 2010-04-17 19:41 -------- d-----w- C:\_OTL
2010-04-17 11:58 . 2010-04-17 11:58 52224 ----a-w- c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-17 11:58 . 2010-04-17 11:58 117760 ----a-w- c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-17 11:58 . 2010-04-17 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-17 11:57 . 2010-04-17 11:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-17 11:57 . 2010-04-17 11:57 -------- d-----w- c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com
2010-04-16 21:46 . 2010-04-16 21:46 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Threat Expert
2010-04-16 21:09 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-16 21:09 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-16 21:09 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-16 21:09 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-16 21:09 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-16 21:09 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-04-16 21:09 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-16 21:09 . 2010-03-10 10:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-16 21:09 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-16 21:09 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-16 21:08 . 2010-04-16 21:41 -------- d-----w- c:\program files\Spyware Doctor
2010-04-16 21:08 . 2010-04-16 21:08 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-16 21:08 . 2010-04-16 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-16 21:08 . 2010-04-16 21:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-04-16 21:07 . 2010-04-18 08:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-16 21:07 . 2010-04-16 21:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-15 18:01 . 2010-04-16 21:00 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\kvmxqsenc
2010-04-13 16:21 . 2010-04-13 16:21 -------- d-----w- c:\program files\The Jcwd
2010-04-13 16:11 . 2000-05-16 10:40 83968 ----a-w- c:\windows\UnGins.exe
2010-04-13 16:11 . 2010-04-13 21:34 -------- d-----w- c:\program files\AKye
2010-03-30 18:16 . 2010-03-30 18:16 -------- d-----w- c:\documents and settings\Sam\Application Data\Malwarebytes
2010-03-30 18:15 . 2010-03-30 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\3388\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\3388\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\3388\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\3388\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 08:18 . 2010-01-03 15:32 -------- d-----w- c:\documents and settings\Sam\Application Data\HPAppData
2010-04-18 07:53 . 2009-07-10 18:53 -------- d-----w- c:\program files\Gacela
2010-04-17 23:07 . 2008-03-23 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-17 21:00 . 2008-12-01 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-17 19:44 . 2008-11-04 13:55 -------- d-----w- c:\program files\Google
2010-04-17 11:56 . 2008-11-04 13:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-17 09:46 . 2008-11-04 14:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-17 09:46 . 2008-11-04 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-14 16:38 . 2010-03-08 19:16 439816 ----a-w- c:\documents and settings\Sam\Application Data\Real\Update\setup3.10\setup.exe
2010-04-12 22:57 . 2008-03-23 06:26 -------- d-----w- c:\program files\Microsoft SQL Server
2010-04-12 21:36 . 2008-11-11 00:38 -------- d-----w- c:\documents and settings\Sam\Application Data\LimeWire
2010-04-06 13:49 . 2010-01-19 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-27 19:02 . 2008-03-23 06:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-16 15:50 . 2009-11-16 13:20 79488 ----a-w- c:\documents and settings\Sam\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2004-08-05 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 20:01 . 2009-09-21 12:46 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2010-02-28 18:08 . 2008-12-20 18:43 -------- d-----w- c:\program files\QuickTime
2010-02-27 12:42 . 2010-02-27 12:42 -------- d-----w- c:\program files\Fox
2010-02-25 06:24 . 2007-12-07 01:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-05 04:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 17:26 . 2008-11-05 04:30 -------- d-----w- c:\program files\Launch Manager
2010-02-16 14:08 . 2007-02-28 09:53 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2007-02-28 09:16 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-06 10:35 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-05 04:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-05 04:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 20:01 . 2009-06-20 12:46 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2010-02-04 20:01 . 2009-06-20 12:46 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2010-02-04 20:01 . 2009-06-20 12:46 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2010-01-29 19:58 . 2009-12-03 19:51 75308 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-27 20:02 . 2009-06-20 12:46 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2010-01-27 20:02 . 2009-06-20 12:46 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2010-01-27 20:02 . 2009-06-06 13:13 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2010-01-27 20:02 . 2009-02-21 14:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 20:02 . 2009-10-25 14:01 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll
2010-01-27 20:02 . 2009-06-20 12:46 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2010-01-27 20:02 . 2009-06-06 13:13 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2010-01-27 20:02 . 2009-06-20 12:46 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Savapibridge.dll
2010-01-27 20:02 . 2009-06-20 12:46 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2010-01-27 20:02 . 2009-06-06 13:13 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2010-01-27 20:02 . 2009-06-20 12:46 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2010-01-27 20:02 . 2009-06-06 13:13 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2010-01-27 20:01 . 2009-06-20 12:46 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2010-01-27 20:01 . 2009-06-20 12:46 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2010-01-27 20:01 . 2009-06-20 12:46 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2010-01-19 19:40 . 2010-01-19 19:40 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2006-10-11 08:04 . 2008-12-03 16:08 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-12-03 16:08 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-12-03 16:08 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-12-03 16:08 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-12-03 16:08 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-04 2349592]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-04 11:59 2349592 ----a-w- c:\program files\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-04 2349592]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-04 2349592]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-04 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"StarteLock"="c:\acer\Empowering Technology\eLock\Service\startelock.exe" [2008-04-30 24576]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-03 185872]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-11-5 45056]
EZ VHS Converter Monitor.lnk - c:\program files\ION\EZ VHS Converter\MediaTVMonitor.exe [2008-12-25 737280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sam^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-03-18 00:03 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [07/11/2008 12:44 38448]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/02/2009 14:47 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [14/12/2008 12:10 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [16/04/2010 22:09 217032]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17/08/2009 21:54 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/08/2009 21:54 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [16/04/2010 22:09 112592]
R2 Nurago-Reporting-Service;Nurago-Reporting-Service;c:\program files\Gacela\Nurago-Reporting.exe [01/04/2009 13:26 102400]
R2 Nurago-Update-Service;Nurago-Update-Service;c:\program files\Gacela\Nurago-Updater.exe [01/04/2009 13:27 176128]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [18/03/2009 01:03 92008]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
S2 gupdate1c9a1c113683008;Google Update Service (gupdate1c9a1c113683008);c:\program files\Google\Update\GoogleUpdate.exe [10/03/2009 21:44 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1181328]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [12/07/2009 22:52 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [12/07/2009 22:56 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [12/07/2009 22:56 122024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [12/07/2009 23:09 111784]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [16/04/2010 22:08 366840]
S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\0140_ION.sys [25/12/2008 19:58 277888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-04 18:26]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 20:44]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 20:44]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\rhcnqdo6.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\extensions\toolbar@dealio.com\components\DealioFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-18 09:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2622691187-3930871694-1860969691-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,46,32,ec,41,3e,c3,07,14,f1,49,44,fe,b4,8c,09,2b,21,40,4c,eb,2b,ee,
4d,fa,40,d1,db,59,cd,0d,cb,db,5a,7a,33,24,ed,90,c3,85,8f,7d,ae,52,d5,6f,6d,\
"??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2

[HKEY_USERS\S-1-5-21-2622691187-3930871694-1860969691-1008\Software\SecuROM\License information*]
"datasecu"=hex:b9,ce,7e,13,81,dd,be,24,9f,ec,ce,c6,95,7a,78,92,c9,7f,81,05,9c,
1f,aa,1f,fc,4f,7d,1d,8a,f5,a7,13,aa,f9,57,de,76,51,48,25,8e,94,b9,29,67,54,\
"rkeysecu"=hex:8f,82,27,2c,f0,1a,6a,7d,ee,8c,0e,e4,ff,c7,55,6b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(836)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-04-18 09:59:16
ComboFix-quarantined-files.txt 2010-04-18 08:59

Pre-Run: 64,383,901,696 bytes free
Post-Run: 64,422,604,800 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\Minint="Microsoft Windows 2003 Professional (on Volume 1)"

- - End Of File - - 4E6024FBA16CBF6A1611C5CE304B2DB9

Shauneendh
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-04-17
OS OS : Windows XP
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Belahzur on Sun Apr 18, 2010 5:02 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

You are also running two antivirus', I see from the uninstall list you have Avast installed, along with Avira. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Symantec to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    Java(TM) 6 Update 11
    LimeWire 5.2.13

Completely uninstall Avira

Download the Avira [You must be registered and logged in to see this link.]

Extract the tool and run it.



  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Registry::
    [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
    [-HKLM\~\startupfolder\C:^Documents and Settings^Sam^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Shauneendh on Sun Apr 18, 2010 6:36 pm

Ok Belahzur! all done BUT
SIX PROBLEMS!!
1. I know he USED to have Avira and then changed it to Avast but Avra does not exist anywhere on his computer that I can see.
2. I am not quite sure what you mean when you say he is running Symantec? As far as I am aware he has never had this.
3. I have deleted the three items as you requested from Add/Remove Programs.
4. I ran the Avira uninstallation program but there was a message when I ran it but it flashed up so quickly I could not read it all properly. - I THINK it said that it could not run because something was open - but there was NOTHING else open.
5. I dragged the CFscript onto Combofix - I then got a mesage to say that there was a newer edition of Combofix did I want to update. As I had just updated it by adding the CFScrpt, I did not know if the update would undo the CFscript - so I said no. - If this was wrong please let me know and I will have to do it again!
6. When the Combofix ran with the CFscript added to it I again got the message about Avira still running - (which it wasn't!) I repeat - he hasn't got it ANYWHERE on his computer. Your uninstallation package thinks it is running but I cannot find it on Processes in Taskbar, or doing a 'search' of his C Drive or in Add/Remove Programs.

Here is the 2nd Combo-fix log

ComboFix 10-04-17.02 - Sam 18/04/2010 19:21:35.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.346 [GMT 1:00]
Running from: c:\documents and settings\Sam\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Sam\Desktop\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 100418-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-17 22:38 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 22:38 . 2010-04-17 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-17 22:38 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 19:41 . 2010-04-17 19:41 -------- d-----w- C:\_OTL
2010-04-17 11:58 . 2010-04-17 11:58 52224 ----a-w- c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-17 11:58 . 2010-04-17 11:58 117760 ----a-w- c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-17 11:58 . 2010-04-17 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-17 11:57 . 2010-04-17 11:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-17 11:57 . 2010-04-17 11:57 -------- d-----w- c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com
2010-04-16 21:46 . 2010-04-16 21:46 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Threat Expert
2010-04-16 21:09 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-16 21:09 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-16 21:09 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-16 21:09 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-16 21:09 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-16 21:09 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-04-16 21:09 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-16 21:09 . 2010-03-10 10:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-16 21:09 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-16 21:09 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-16 21:08 . 2010-04-16 21:41 -------- d-----w- c:\program files\Spyware Doctor
2010-04-16 21:08 . 2010-04-16 21:08 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-16 21:08 . 2010-04-16 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-16 21:08 . 2010-04-16 21:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-04-16 21:07 . 2010-04-18 08:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-16 21:07 . 2010-04-16 21:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-15 18:01 . 2010-04-16 21:00 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\kvmxqsenc
2010-04-13 16:21 . 2010-04-13 16:21 -------- d-----w- c:\program files\The Jcwd
2010-04-13 16:11 . 2000-05-16 10:40 83968 ----a-w- c:\windows\UnGins.exe
2010-04-13 16:11 . 2010-04-13 21:34 -------- d-----w- c:\program files\AKye
2010-03-30 18:16 . 2010-03-30 18:16 -------- d-----w- c:\documents and settings\Sam\Application Data\Malwarebytes
2010-03-30 18:15 . 2010-03-30 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\3388\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\3388\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\3388\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\3388\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 18:13 . 2008-11-11 00:32 -------- d-----w- c:\program files\LimeWire
2010-04-18 17:54 . 2009-07-10 18:53 -------- d-----w- c:\program files\Gacela
2010-04-18 08:18 . 2010-01-03 15:32 -------- d-----w- c:\documents and settings\Sam\Application Data\HPAppData
2010-04-17 23:07 . 2008-03-23 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-17 21:00 . 2008-12-01 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-17 19:44 . 2008-11-04 13:55 -------- d-----w- c:\program files\Google
2010-04-17 11:56 . 2008-11-04 13:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-17 09:46 . 2008-11-04 14:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-17 09:46 . 2008-11-04 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-14 16:38 . 2010-03-08 19:16 439816 ----a-w- c:\documents and settings\Sam\Application Data\Real\Update\setup3.10\setup.exe
2010-04-12 22:57 . 2008-03-23 06:26 -------- d-----w- c:\program files\Microsoft SQL Server
2010-04-12 21:36 . 2008-11-11 00:38 -------- d-----w- c:\documents and settings\Sam\Application Data\LimeWire
2010-04-06 13:49 . 2010-01-19 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-27 19:02 . 2008-03-23 06:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-16 15:50 . 2009-11-16 13:20 79488 ----a-w- c:\documents and settings\Sam\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2004-08-05 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 20:01 . 2009-09-21 12:46 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2010-02-28 18:08 . 2008-12-20 18:43 -------- d-----w- c:\program files\QuickTime
2010-02-27 12:42 . 2010-02-27 12:42 -------- d-----w- c:\program files\Fox
2010-02-25 06:24 . 2007-12-07 01:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-05 04:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 17:26 . 2008-11-05 04:30 -------- d-----w- c:\program files\Launch Manager
2010-02-16 14:08 . 2007-02-28 09:53 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2007-02-28 09:16 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-06 10:35 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-05 04:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-05 04:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 20:01 . 2009-06-20 12:46 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2010-02-04 20:01 . 2009-06-20 12:46 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2010-02-04 20:01 . 2009-06-20 12:46 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2010-01-29 19:58 . 2009-12-03 19:51 75308 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-27 20:02 . 2009-06-20 12:46 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2010-01-27 20:02 . 2009-06-20 12:46 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2010-01-27 20:02 . 2009-06-06 13:13 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2010-01-27 20:02 . 2009-02-21 14:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 20:02 . 2009-10-25 14:01 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll
2010-01-27 20:02 . 2009-06-20 12:46 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2010-01-27 20:02 . 2009-06-06 13:13 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2010-01-27 20:02 . 2009-06-20 12:46 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Savapibridge.dll
2010-01-27 20:02 . 2009-06-20 12:46 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2010-01-27 20:02 . 2009-06-06 13:13 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2010-01-27 20:02 . 2009-06-20 12:46 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2010-01-27 20:02 . 2009-06-06 13:13 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2010-01-27 20:01 . 2009-06-20 12:46 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2010-01-27 20:01 . 2009-06-20 12:46 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2010-01-27 20:01 . 2009-06-20 12:46 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2010-01-19 19:40 . 2010-01-19 19:40 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2006-10-11 08:04 . 2008-12-03 16:08 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-12-03 16:08 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-12-03 16:08 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-12-03 16:08 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-12-03 16:08 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-04 2349592]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-04 11:59 2349592 ----a-w- c:\program files\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-04 2349592]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-04 2349592]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-04 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"StarteLock"="c:\acer\Empowering Technology\eLock\Service\startelock.exe" [2008-04-30 24576]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-03 185872]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-08-09 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-11-5 45056]
EZ VHS Converter Monitor.lnk - c:\program files\ION\EZ VHS Converter\MediaTVMonitor.exe [2008-12-25 737280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-03-18 00:03 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [07/11/2008 12:44 38448]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/02/2009 14:47 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [14/12/2008 12:10 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [16/04/2010 22:09 217032]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17/08/2009 21:54 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/08/2009 21:54 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [16/04/2010 22:09 112592]
R2 Nurago-Reporting-Service;Nurago-Reporting-Service;c:\program files\Gacela\Nurago-Reporting.exe [01/04/2009 13:26 102400]
R2 Nurago-Update-Service;Nurago-Update-Service;c:\program files\Gacela\Nurago-Updater.exe [01/04/2009 13:27 176128]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [18/03/2009 01:03 92008]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
S2 gupdate1c9a1c113683008;Google Update Service (gupdate1c9a1c113683008);c:\program files\Google\Update\GoogleUpdate.exe [10/03/2009 21:44 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1181328]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [12/07/2009 22:52 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [12/07/2009 22:56 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [12/07/2009 22:56 122024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [12/07/2009 23:09 111784]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [16/04/2010 22:08 366840]
S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\0140_ION.sys [25/12/2008 19:58 277888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-04 18:26]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 20:44]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 20:44]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\rhcnqdo6.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\extensions\toolbar@dealio.com\components\DealioFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-18 19:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2622691187-3930871694-1860969691-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,46,32,ec,41,3e,c3,07,14,f1,49,44,fe,b4,8c,09,2b,21,40,4c,eb,2b,ee,
4d,fa,40,d1,db,59,cd,0d,cb,db,5a,7a,33,24,ed,90,c3,85,8f,7d,ae,52,d5,6f,6d,\
"??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2

[HKEY_USERS\S-1-5-21-2622691187-3930871694-1860969691-1008\Software\SecuROM\License information*]
"datasecu"=hex:b9,ce,7e,13,81,dd,be,24,9f,ec,ce,c6,95,7a,78,92,c9,7f,81,05,9c,
1f,aa,1f,fc,4f,7d,1d,8a,f5,a7,13,aa,f9,57,de,76,51,48,25,8e,94,b9,29,67,54,\
"rkeysecu"=hex:8f,82,27,2c,f0,1a,6a,7d,ee,8c,0e,e4,ff,c7,55,6b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(836)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2296)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MFC71U.DLL
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-18 19:30:59
ComboFix-quarantined-files.txt 2010-04-18 18:30
ComboFix2.txt 2010-04-18 08:59

Pre-Run: 64,538,722,304 bytes free
Post-Run: 64,487,149,568 bytes free

- - End Of File - - EAD278DEBA4CF81736883086C162FF63

Shauneendh
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-04-17
OS OS : Windows XP
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Belahzur on Sun Apr 18, 2010 6:41 pm

Hello.

LMBO or ROFL LMBO or ROFL Ignore the Symantec bit, forgot to change that, bad edit on my part. Avira still shows in the log, so we'll have to get rid of it the hard way, because there's still an old trace left in the registry.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Folder::
    c:\program files\LimeWire
    c:\documents and settings\Sam\Application Data\LimeWire

    SecCenter::
    {AD166499-45F9-482A-A743-FDD3350758C7}

    DDS::
    uInternet Settings,ProxyOverride =
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Shauneendh on Sun Apr 18, 2010 7:46 pm

Ok - thats all done.
Combofix came up with a message to say that it had deleted 2 items in Limewire - then I took my eyes off it for a minute and then I heard it re-booting! - It came back ok with Combofix still running and said it was producing log report - but Avast, Sygate and Super anti spyware all started up again when it re-booted along with MSN Messenger so I just shut them all down again as soon as possible.
Here is the log......sending in two parts as it's too big!

Part 1
ComboFix 10-04-17.02 - Sam 18/04/2010 20:06:37.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.274 [GMT 1:00]
Running from: c:\documents and settings\Sam\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Sam\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 100418-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sam\Application Data\LimeWire
c:\documents and settings\Sam\Application Data\LimeWire\.AppSpecialShare\Nip.Tuck.S05E01.DSR.XviD-NoTV.srt.torrent.bak
c:\documents and settings\Sam\Application Data\LimeWire\active.mojito
c:\documents and settings\Sam\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Sam\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Sam\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Sam\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Sam\Application Data\LimeWire\downloads.dat
c:\documents and settings\Sam\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Sam\Application Data\LimeWire\filters.props
c:\documents and settings\Sam\Application Data\LimeWire\gnutella.net
c:\documents and settings\Sam\Application Data\LimeWire\installation.props
c:\documents and settings\Sam\Application Data\LimeWire\library.dat
c:\documents and settings\Sam\Application Data\LimeWire\library5.dat
c:\documents and settings\Sam\Application Data\LimeWire\limewire.props
c:\documents and settings\Sam\Application Data\LimeWire\lock
c:\documents and settings\Sam\Application Data\LimeWire\mojito.props
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\Cache\280E3FA7d01
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\Cache\AE98BDEDd01
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\Cache\F9D3E29Fd01
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Sam\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Sam\Application Data\LimeWire\passive.mojito
c:\documents and settings\Sam\Application Data\LimeWire\player.props
c:\documents and settings\Sam\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Sam\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Sam\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Sam\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Sam\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Sam\Application Data\LimeWire\questions.props
c:\documents and settings\Sam\Application Data\LimeWire\responses.cache
c:\documents and settings\Sam\Application Data\LimeWire\simpp.xml
c:\documents and settings\Sam\Application Data\LimeWire\spam.dat
c:\documents and settings\Sam\Application Data\LimeWire\tables.props
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Sam\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Sam\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Sam\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Sam\Application Data\LimeWire\version.xml
c:\documents and settings\Sam\Application Data\LimeWire\versions.props
c:\documents and settings\Sam\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Sam\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Sam\Application Data\LimeWire\xml\data\video.sxml2
c:\documents and settings\Sam\Application Data\LimeWire\xml\data\video.sxml3
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid3336.log
c:\program files\LimeWire\hs_err_pid804.log

Shauneendh
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-04-17
OS OS : Windows XP
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Shauneendh on Sun Apr 18, 2010 7:46 pm

Part 2

.
((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-17 22:38 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 22:38 . 2010-04-17 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-17 22:38 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 19:41 . 2010-04-17 19:41 -------- d-----w- C:\_OTL
2010-04-17 11:58 . 2010-04-17 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-17 11:57 . 2010-04-17 11:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-17 11:57 . 2010-04-17 11:57 -------- d-----w- c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com
2010-04-16 21:46 . 2010-04-16 21:46 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Threat Expert
2010-04-16 21:09 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-16 21:09 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-16 21:09 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-16 21:09 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-16 21:09 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-16 21:09 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-04-16 21:09 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-16 21:09 . 2010-03-10 10:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-16 21:09 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-16 21:09 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-16 21:08 . 2010-04-16 21:41 -------- d-----w- c:\program files\Spyware Doctor
2010-04-16 21:08 . 2010-04-16 21:08 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-16 21:08 . 2010-04-16 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-16 21:08 . 2010-04-16 21:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-04-16 21:07 . 2010-04-18 19:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-16 21:07 . 2010-04-16 21:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-15 18:01 . 2010-04-16 21:00 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\kvmxqsenc
2010-04-13 16:21 . 2010-04-13 16:21 -------- d-----w- c:\program files\The Jcwd
2010-04-13 16:11 . 2000-05-16 10:40 83968 ----a-w- c:\windows\UnGins.exe
2010-04-13 16:11 . 2010-04-13 21:34 -------- d-----w- c:\program files\AKye
2010-03-30 18:16 . 2010-03-30 18:16 -------- d-----w- c:\documents and settings\Sam\Application Data\Malwarebytes
2010-03-30 18:15 . 2010-03-30 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 19:17 . 2009-07-10 18:53 -------- d-----w- c:\program files\Gacela
2010-04-18 08:18 . 2010-01-03 15:32 -------- d-----w- c:\documents and settings\Sam\Application Data\HPAppData
2010-04-17 23:07 . 2008-03-23 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-17 21:00 . 2008-12-01 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-17 19:44 . 2008-11-04 13:55 -------- d-----w- c:\program files\Google
2010-04-17 11:56 . 2008-11-04 13:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-17 09:46 . 2008-11-04 14:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-17 09:46 . 2008-11-04 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-12 22:57 . 2008-03-23 06:26 -------- d-----w- c:\program files\Microsoft SQL Server
2010-04-06 13:49 . 2010-01-19 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-27 19:02 . 2008-03-23 06:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 06:15 . 2004-08-05 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-28 18:08 . 2008-12-20 18:43 -------- d-----w- c:\program files\QuickTime
2010-02-27 12:42 . 2010-02-27 12:42 -------- d-----w- c:\program files\Fox
2010-02-25 06:24 . 2007-12-07 01:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-05 04:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 17:26 . 2008-11-05 04:30 -------- d-----w- c:\program files\Launch Manager
2010-02-16 14:08 . 2007-02-28 09:53 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2007-02-28 09:16 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-06 10:35 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-05 04:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-05 04:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 19:58 . 2009-12-03 19:51 75308 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-27 20:02 . 2009-02-21 14:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2006-10-11 08:04 . 2008-12-03 16:08 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-12-03 16:08 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-12-03 16:08 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-12-03 16:08 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-12-03 16:08 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-04 2349592]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-04 11:59 2349592 ----a-w- c:\program files\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-04 2349592]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-04 2349592]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-04 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"StarteLock"="c:\acer\Empowering Technology\eLock\Service\startelock.exe" [2008-04-30 24576]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-03 185872]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-08-09 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-11-5 45056]
EZ VHS Converter Monitor.lnk - c:\program files\ION\EZ VHS Converter\MediaTVMonitor.exe [2008-12-25 737280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-03-18 00:03 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [07/11/2008 12:44 38448]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/02/2009 14:47 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [14/12/2008 12:10 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [16/04/2010 22:09 217032]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17/08/2009 21:54 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/08/2009 21:54 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [16/04/2010 22:09 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1181328]
R2 Nurago-Reporting-Service;Nurago-Reporting-Service;c:\program files\Gacela\Nurago-Reporting.exe [01/04/2009 13:26 102400]
R2 Nurago-Update-Service;Nurago-Update-Service;c:\program files\Gacela\Nurago-Updater.exe [01/04/2009 13:27 176128]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [18/03/2009 01:03 92008]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
S2 gupdate1c9a1c113683008;Google Update Service (gupdate1c9a1c113683008);c:\program files\Google\Update\GoogleUpdate.exe [10/03/2009 21:44 133104]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [12/07/2009 22:52 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [12/07/2009 22:56 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [12/07/2009 22:56 122024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [12/07/2009 23:09 111784]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [16/04/2010 22:08 366840]
S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\0140_ION.sys [25/12/2008 19:58 277888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:01]

2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-04 18:26]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 20:44]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 20:44]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\rhcnqdo6.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\extensions\toolbar@dealio.com\components\DealioFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-18 20:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2622691187-3930871694-1860969691-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,46,32,ec,41,3e,c3,07,14,f1,49,44,fe,b4,8c,09,2b,21,40,4c,eb,2b,ee,
4d,fa,40,d1,db,59,cd,0d,cb,db,5a,7a,33,24,ed,90,c3,85,8f,7d,ae,52,d5,6f,6d,\
"??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2

[HKEY_USERS\S-1-5-21-2622691187-3930871694-1860969691-1008\Software\SecuROM\License information*]
"datasecu"=hex:b9,ce,7e,13,81,dd,be,24,9f,ec,ce,c6,95,7a,78,92,c9,7f,81,05,9c,
1f,aa,1f,fc,4f,7d,1d,8a,f5,a7,13,aa,f9,57,de,76,51,48,25,8e,94,b9,29,67,54,\
"rkeysecu"=hex:8f,82,27,2c,f0,1a,6a,7d,ee,8c,0e,e4,ff,c7,55,6b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(844)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3608)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MFC71U.DLL
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\RTHDCPL.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\Sam\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-04-18 20:35:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-18 19:35
ComboFix2.txt 2010-04-18 18:31
ComboFix3.txt 2010-04-18 08:59

Pre-Run: 64,507,502,592 bytes free
Post-Run: 64,416,346,112 bytes free

- - End Of File - - 42A735040E9D5B5984BADDB71092F0A8

Shauneendh
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-04-17
OS OS : Windows XP
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Belahzur on Sun Apr 18, 2010 10:24 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Shauneendh on Sun Apr 18, 2010 10:31 pm

Hi Belahzur, Just to let you know I am off to bed now and have to go to work tomorrow so there might be a bit of a delay in my response tomorrow. I get home at 1900 hours BST so will carry on from there - providing you have left me some instructions of course! :-)

Shauneendh
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-04-17
OS OS : Windows XP
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Belahzur on Sun Apr 18, 2010 10:37 pm

Okay, I'll leave you with these:

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Shauneendh on Mon Apr 19, 2010 9:01 pm

Hi Belahzur!
Well everything looks Abssolutely fine!
Thank you SO much.
One small thing... When I ran the Combofix uninstall I got the message again about antivir still being Actve??
Didn't you say we would have to do that the hard way?

Not Regedit??

Here is the ESET Log


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=bd12f52d4f8a3440816a2ec3244c2000
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-19 08:50:29
# local_time=2010-04-19 09:50:29 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 16775141 100 98 1666 207988062 0 0
# compatibility_mode=1028 16777214 0 15 21165955 21349607 0 0
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 308 308 0 0
# scanned=107931
# found=1
# cleaned=1
# scan_time=6926
C:\Program Files\DVDVideoSoft\Free Video to DVD Converter\eBay_shortcuts_1045.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C


So if you can let me know about the Antivir thing - I think we are done??

Shauneendh
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-04-17
OS OS : Windows XP
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Belahzur on Tue Apr 20, 2010 12:16 pm

Hmm, weird, Combofix removed Avira from the SC.

Anyhow, this looks good now, hows the machine running?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Banker.Fox.A and malware

Post by Shauneendh on Tue Apr 20, 2010 12:39 pm

It is absoluetely fine!!
Thank you very much for all your help - it is very much appreciated.
He has just bought a copy of Spyware Doctor with Anti-virus!!

Shauneendh
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-04-17
OS OS : Windows XP
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum