massive infection: backdoor.win32, bankerfox.a,nuqel and much more

View previous topic View next topic Go down

massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 6th May 2010, 4:53 pm

Hi, I need help. I found out that my computer was infected. I have 34 infected registry. Is there any way that I can delete them? Do I need to post log of my computer? plss....HELP
I dont how to start so I'm asking for your professional advice. Let me think

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by Belahzur on 6th May 2010, 9:17 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 7th May 2010, 3:34 am

OTL logfile created on: 5/6/2010 4:31:18 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\sevilleja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.49 Gb Total Space | 140.04 Gb Free Space | 43.03% Space Free | Partition Type: NTFS
Drive D: | 9.86 Gb Total Space | 1.33 Gb Free Space | 13.51% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 327.52 Gb Free Space | 97.67% Space Free | Partition Type: NTFS
Drive F: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 1.89 Gb Total Space | 0.37 Gb Free Space | 19.68% Space Free | Partition Type: FAT

Computer Name: AIKIEAIKO
Current User Name: sevilleja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/06 16:21:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\sevilleja\Desktop\OTL.exe
PRC - [2010/04/19 17:00:05 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/19 17:00:02 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/14 11:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 11:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/30 09:49:49 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/04 22:39:29 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/04 22:39:23 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/04 22:38:47 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/04 22:38:46 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/04 22:38:43 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009/12/26 01:40:54 | 002,935,480 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/05/20 15:11:40 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/07/22 15:58:07 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/06/12 17:57:18 | 000,991,584 | ---- | M] (Vendio Services, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe
PRC - [2008/06/01 15:52:50 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/01/19 02:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/12 19:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/12 19:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/05/06 16:21:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\sevilleja\Desktop\OTL.exe
MOD - [2010/03/04 22:39:29 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj02.dll
MOD - [2008/01/19 02:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/02 09:40:15 | 000,390,952 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/14 11:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 11:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 11:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/04 22:39:23 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/04 22:38:47 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/12 19:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/05/29 10:19:08 | 000,198,240 | ---- | M] () [Disabled | Stopped] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/04/19 17:00:02 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/14 11:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 11:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 11:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 11:31:23 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/04/14 11:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/04 22:39:29 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/04 22:38:46 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/04 22:38:44 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/01/06 21:29:57 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/07 14:16:16 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/11 12:38:14 | 002,324,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/03 22:20:16 | 001,426,304 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2008/08/23 00:35:00 | 007,475,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/26 15:26:44 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 15:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/04/28 21:27:32 | 000,018,912 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC) Litex Media Virtual Audio Cabel (WDM)
DRV - [2008/02/26 09:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/12/25 14:28:42 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/12/25 14:28:42 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/12/25 14:28:42 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/18 13:18:52 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HP\DVDPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/20 14:12:34 | 000,012,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2007/08/03 05:44:00 | 000,091,648 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/07/12 11:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/02/06 15:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2007/02/06 15:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.1.0014
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Yahoo"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p="


FF - HKLM\software\mozilla\FireFox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/19 22:04:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\FireFox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/11/19 10:42:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\FireFox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/25 08:44:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 08:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/05 08:54:17 | 000,000,000 | ---D | M]

[2008/10/18 13:54:54 | 000,000,000 | ---D | M] -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Extensions
[2010/05/05 20:25:55 | 000,000,000 | ---D | M] -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions
[2010/02/28 20:53:49 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/06/25 21:24:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/28 20:53:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/28 20:53:45 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/22 14:27:53 | 000,000,000 | ---D | M] (SignupShield) -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}
[2008/12/22 14:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}-trash
[2010/02/28 20:53:47 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/01/07 01:09:00 | 000,000,000 | ---D | M] -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\DTToolbar@toolbarnet.com
[2009/11/15 00:34:03 | 000,000,000 | ---D | M] -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\firefox@tvunetworks.com
[2009/08/04 08:21:38 | 000,000,000 | ---D | M] -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\searchrecs@veoh.com
[2010/01/06 21:45:06 | 000,002,055 | ---- | M] () -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\searchplugins\daemon-search.xml
[2009/08/31 23:50:47 | 000,003,915 | ---- | M] () -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\searchplugins\sweetim.xml
[2009/04/05 19:23:37 | 000,001,196 | ---- | M] () -- C:\Users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\searchplugins\winamp-search.xml
[2010/01/06 17:42:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/11 16:44:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/26 01:40:54 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2009/06/03 14:23:30 | 000,307,517 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [kmbhtfix] C:\Users\sevilleja\AppData\Local\omymwwslr\uosvmbwtssd.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\sevilleja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll File not found
O9 - Extra Button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 97.64.168.12 97.64.179.251
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\sevilleja\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\sevilleja\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/25 15:18:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/06/14 10:26:38 | 000,000,024 | RHS- | M] () - M:\autorun.txt -- [ FAT ]
O33 - MountPoints2\{0b7b05b8-23a1-11de-abd3-001e8c976d6c}\Shell - "" = AutoRun
O33 - MountPoints2\{0b7b05b8-23a1-11de-abd3-001e8c976d6c}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\{31462b02-fbc0-11de-8917-001e8c976d6c}\Shell - "" = AutoRun
O33 - MountPoints2\{31462b02-fbc0-11de-8917-001e8c976d6c}\Shell\AutoRun\command - "" = M:\Borderlands.exe -- File not found
O33 - MountPoints2\{4391753b-b993-11dd-ab57-001e8c976d6c}\Shell - "" = AutoRun
O33 - MountPoints2\{4391753b-b993-11dd-ab57-001e8c976d6c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: ("autocheck autochk *") - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 7th May 2010, 3:35 am

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/04/18 20:48:20 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - File not found
MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\KbdStub.exe ()
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MsConfig - StartUpReg: Uniblue RegistryBooster 2009 - hkey= - key= - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe File not found
MsConfig - StartUpReg: Weather - hkey= - key= - C:\Program Files\AWS\WeatherBug\Weather.exe File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/06 16:30:05 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\sevilleja\Desktop\OTL.exe
[2010/05/05 20:54:55 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/05 20:54:54 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/05 20:54:53 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/05 20:54:51 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/05 20:54:48 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/05 20:54:38 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/05 20:54:38 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/05 20:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/05/05 20:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/05 17:15:10 | 000,000,000 | ---D | C] -- C:\Users\sevilleja\AppData\Local\omymwwslr
[2010/05/03 18:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/26 17:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/04/25 19:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2010/04/16 09:32:52 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/04/14 15:35:39 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 15:35:38 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 15:35:37 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 15:35:35 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/14 15:35:35 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm

========== Files - Modified Within 30 Days ==========

[2010/05/06 16:34:28 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/06 16:34:28 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/06 16:34:28 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/06 16:33:44 | 059,653,055 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/06 16:32:34 | 008,126,464 | -HS- | M] () -- C:\Users\sevilleja\NTUSER.DAT
[2010/05/06 16:30:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/06 16:29:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/06 16:27:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/06 16:27:39 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/06 16:27:39 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/06 16:27:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/06 16:27:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010/05/06 16:26:05 | 000,524,288 | -HS- | M] () -- C:\Users\sevilleja\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/06 16:26:05 | 000,065,536 | -HS- | M] () -- C:\Users\sevilleja\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/06 16:21:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\sevilleja\Desktop\OTL.exe
[2010/05/06 02:50:53 | 000,000,000 | ---- | M] () -- C:\Users\sevilleja\AppData\Local\prvlcl.dat
[2010/05/05 23:17:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 21:56:37 | 000,292,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/05 21:48:39 | 000,052,736 | ---- | M] () -- C:\Users\sevilleja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 20:54:55 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/05/05 20:54:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/04 22:57:58 | 000,014,742 | ---- | M] () -- C:\Users\sevilleja\AppData\Roaming\wklnhst.dat
[2010/05/04 18:00:00 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/05/03 18:59:46 | 000,001,400 | ---- | M] () -- C:\Users\sevilleja\Desktop\DivX Movies.lnk
[2010/05/03 18:59:29 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/05/03 18:59:02 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/05/03 07:13:50 | 000,645,120 | ---- | M] () -- C:\Users\sevilleja\Desktop\projectniaiko.doc
[2010/05/02 15:18:52 | 000,139,327 | ---- | M] () -- C:\Windows\hpoins15.dat
[2010/05/02 15:15:01 | 000,000,202 | ---- | M] () -- C:\Windows\win.ini
[2010/05/02 00:33:01 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/04/30 09:53:51 | 000,645,120 | ---- | M] () -- C:\Users\sevilleja\Desktop\AIKOMICROBIO - Copy.doc
[2010/04/29 23:24:43 | 000,649,216 | ---- | M] () -- C:\Users\sevilleja\Desktop\AIKOMICROBIO.wps
[2010/04/29 23:24:43 | 000,649,216 | ---- | M] () -- C:\Users\sevilleja\Desktop\AIKOMICROBIO - Copy.wps
[2010/04/29 16:30:54 | 000,106,584 | ---- | M] () -- C:\Users\sevilleja\Desktop\friedegg.jpg
[2010/04/29 16:30:52 | 000,120,765 | ---- | M] () -- C:\Users\sevilleja\Desktop\electronmicrograph.jpg
[2010/04/28 20:17:34 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/04/26 17:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/04/25 19:44:24 | 000,001,719 | ---- | M] () -- C:\Users\sevilleja\Desktop\DVD Decrypter.lnk
[2010/04/19 17:00:02 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/16 08:27:47 | 000,524,288 | -HS- | M] () -- C:\Users\sevilleja\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/14 11:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/04/14 11:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/04/14 11:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/04/14 11:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/04/14 11:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/04/14 11:31:23 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/04/14 11:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/12 09:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\rpc.job
[2010/04/11 08:50:50 | 000,001,947 | ---- | M] () -- C:\Users\sevilleja\Desktop\Windows Live Messenger .lnk

========== Files Created - No Company Name ==========

[2010/05/05 20:54:55 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/05/03 18:59:29 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/05/03 18:59:02 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/05/03 07:13:45 | 000,645,120 | ---- | C] () -- C:\Users\sevilleja\Desktop\projectniaiko.doc
[2010/04/30 09:53:42 | 000,645,120 | ---- | C] () -- C:\Users\sevilleja\Desktop\AIKOMICROBIO - Copy.doc
[2010/04/30 09:53:16 | 000,649,216 | ---- | C] () -- C:\Users\sevilleja\Desktop\AIKOMICROBIO - Copy.wps
[2010/04/29 16:30:36 | 000,106,584 | ---- | C] () -- C:\Users\sevilleja\Desktop\friedegg.jpg
[2010/04/29 16:30:10 | 000,120,765 | ---- | C] () -- C:\Users\sevilleja\Desktop\electronmicrograph.jpg
[2010/04/27 22:24:43 | 000,649,216 | ---- | C] () -- C:\Users\sevilleja\Desktop\AIKOMICROBIO.wps
[2010/04/25 19:44:24 | 000,001,719 | ---- | C] () -- C:\Users\sevilleja\Desktop\DVD Decrypter.lnk
[2010/04/25 19:43:30 | 000,899,414 | ---- | C] () -- C:\Users\sevilleja\Desktop\SetupDVDDecrypter_3.5.4.0.exe
[2010/04/11 08:50:50 | 000,001,947 | ---- | C] () -- C:\Users\sevilleja\Desktop\Windows Live Messenger .lnk
[2010/04/09 08:03:15 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/31 21:42:26 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/31 21:42:26 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/06 21:29:57 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/07/13 22:54:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/03 14:19:05 | 000,000,211 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/24 15:11:16 | 000,428,904 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2009/04/24 15:08:45 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2008/10/11 21:02:57 | 000,000,009 | -H-- | C] () -- C:\Windows\System32\wxmmin.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/03 15:30:10 | 000,000,022 | ---- | C] () -- C:\Windows\pspvc_path.ini
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/05/20 05:02:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/05/17 13:11:32 | 000,000,048 | ---- | C] () -- C:\Windows\INSTALL.INI
[2007/12/25 15:07:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/12/25 14:54:26 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/12/25 14:54:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/01/06 21:29:57 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 02:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 01:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 02:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2005/01/04 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2006/11/02 02:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2009/08/14 08:27:17 | 002,036,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2007/10/18 07:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2007/12/25 15:18:31 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/12/25 14:28:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/06/02 11:34:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/06/02 11:34:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/06 16:27:26 | 3534,307,328 | -HS- | M] () -- C:\pagefile.sys
[2008/04/18 19:28:43 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2008/06/01 01:23:35 | 000,000,158 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2009/11/28 00:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/01/10 18:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2010/05/05 20:54:30 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/04/01 16:41:52 | 000,000,000 | ---D | M] -- C:\Program Files\Any Video Converter
[2008/09/16 15:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/12/10 14:44:47 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/03/23 23:40:19 | 000,000,000 | ---D | M] -- C:\Program Files\Avi2Dvd
[2010/01/31 21:40:47 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2008/11/10 23:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2007/12/25 15:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2009/05/12 11:40:06 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/10/13 17:28:06 | 000,000,000 | ---D | M] -- C:\Program Files\Boonty
[2008/10/13 17:29:38 | 000,000,000 | ---D | M] -- C:\Program Files\BoontyGames
[2010/01/10 15:40:13 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/12/25 14:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/08/20 21:29:35 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/02/13 13:37:09 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2010/01/06 21:45:07 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Toolbar
[2009/10/04 18:13:56 | 000,000,000 | ---D | M] -- C:\Program Files\danny_kay1710
[2008/08/20 14:17:15 | 000,000,000 | ---D | M] -- C:\Program Files\DietMP3
[2010/05/03 18:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/04/25 19:44:26 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2009/01/21 22:32:31 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2007/12/25 15:27:25 | 000,000,000 | ---D | M] -- C:\Program Files\earthlink totalaccess
[2008/11/05 10:43:55 | 000,000,000 | ---D | M] -- C:\Program Files\Free Audio Pack
[2008/10/13 17:27:43 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2010/03/28 14:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2010/03/08 16:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/03/14 14:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2007/12/25 15:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/01/31 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/03/29 16:33:50 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2008/09/24 13:57:33 | 000,000,000 | ---D | M] -- C:\Program Files\ImTOO
[2010/01/10 15:15:46 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/12/25 15:05:47 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/04/01 07:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/05/12 11:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/04/01 16:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\iSofter
[2009/05/12 11:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/01/06 17:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/12/25 15:17:51 | 000,000,000 | ---D | M] -- C:\Program Files\LightScribeTemplateLabeler
[2009/06/02 19:16:28 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2008/09/29 19:42:45 | 000,000,000 | ---D | M] -- C:\Program Files\MessengerData WMP Plugin
[2009/10/16 18:41:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2007/12/25 15:21:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/20 08:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/07/14 09:20:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/03/10 12:40:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/05 08:54:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/07/29 23:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/07/17 08:45:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2008/03/15 12:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/11/06 23:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Multiply
[2007/12/25 15:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2008/10/13 17:29:38 | 000,000,000 | ---D | M] -- C:\Program Files\My Downloaded Games
[2008/11/05 10:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\My.Freeze.com Toolbar with NetAssistant
[2008/07/17 12:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\MySpace
[2008/03/29 18:12:23 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2007/12/25 15:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/11/27 20:17:02 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2007/12/25 15:36:46 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2009/11/12 08:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2008/05/20 17:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2008/07/01 14:02:24 | 000,000,000 | ---D | M] -- C:\Program Files\PQDVD
[2009/02/09 11:05:38 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/12/25 15:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2008/07/02 23:00:51 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/04/22 21:30:21 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2008/11/05 10:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\Search Settings
[2009/10/25 15:54:23 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/06 16:30:57 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/10/04 15:08:55 | 000,000,000 | ---D | M] -- C:\Program Files\SweetIM
[2010/01/06 17:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2008/04/11 10:14:14 | 000,000,000 | ---D | M] -- C:\Program Files\Trymedia
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/12/12 15:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2008/08/05 14:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/04/26 15:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\Webcam Video Capture
[2009/05/26 16:06:12 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009/07/13 23:37:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/07/13 23:37:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/07/13 23:36:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/13 23:37:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/10/16 18:41:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/10/16 18:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/07/17 08:46:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2010/04/15 02:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/28 08:41:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/13 23:37:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/18 09:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/13 23:37:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/10/13 14:42:22 | 000,000,000 | ---D | M] -- C:\Program Files\winLAME
[2008/06/26 17:10:24 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/05/28 09:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\WMA-MP3.com
[2010/01/31 21:42:26 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2009/12/29 00:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2008/10/13 17:27:25 | 000,000,000 | ---D | M] -- C:\Program Files\Zumie

< %appdata%\*.* >
[2010/05/04 22:57:58 | 000,014,742 | ---- | M] () -- C:\Users\sevilleja\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/15 12:03:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/15 12:03:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2007/12/25 14:28:42 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\System32\drivers\atapi.sys
[2007/12/25 14:28:42 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4db4e301\atapi.sys
[2007/12/25 14:28:42 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20693_none_db7d35eb3dc727cc\atapi.sys
[2008/03/15 12:03:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/03/15 12:03:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 02:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 02:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/07/12 11:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\hp\DRIVERS\Intel_RAID\iastor.sys
[2007/07/12 19:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/07/12 11:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007/07/12 11:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007/07/12 11:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
[2007/07/12 19:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2007/12/25 14:32:57 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2007/12/25 14:32:57 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2007/12/25 14:32:57 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/19 00:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/19 00:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 03:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-28 03:27:52

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B209483E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C39E55C5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:41A00CF0
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A1D3FEF0
< End of report >

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 7th May 2010, 3:37 am

cOTL Extras logfile created on: 5/6/2010 4:31:18 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\sevilleja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.49 Gb Total Space | 140.04 Gb Free Space | 43.03% Space Free | Partition Type: NTFS
Drive D: | 9.86 Gb Total Space | 1.33 Gb Free Space | 13.51% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 327.52 Gb Free Space | 97.67% Space Free | Partition Type: NTFS
Drive F: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 1.89 Gb Total Space | 0.37 Gb Free Space | 19.68% Space Free | Partition Type: FAT

Computer Name: AIKIEAIKO
Current User Name: sevilleja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30781113-BD58-4B60-A390-952C8E659B7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3EA1A4C7-2A7E-416F-81D8-1EEBAED63E55}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5596DE5E-9812-4D65-B13E-2274AF255F3C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8B019A8B-7841-4FD5-8715-FFF9217AD79E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{96C61789-4B29-421C-86BA-2B30BFECF6EA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A69CF162-69A2-413E-B7EB-D1FEDC997A65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEFB48D5-9749-404A-8878-8597D70D032B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C60945B1-5FF1-4057-A33A-FA451785B802}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F345899C-8A92-47A7-A86E-CC1BBA93DCD6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F79D84FB-7BE5-45AB-A349-A175AF7F2190}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035435FE-F1D4-44D0-B15A-872F5AB49948}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{047FFA40-EE5A-4662-94D1-B2A690FF54AF}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{07060A56-A930-4693-ABBA-5725CE1106C8}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{08A861A0-0D8A-4A66-B8FD-4028863F38D3}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{08A86B2B-9983-47DB-9300-ABBBF1F968E6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\srcds.exe |
"{0DD3BFF1-E577-4244-BD97-59875F07F565}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{123263CD-B43E-4262-A391-D101C30D71D5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1B9CB315-E1AE-4A72-82DF-777094458BA6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1D63C2F2-12B2-4815-9C17-F00D79AAB957}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1EC50A24-C751-4049-B42C-CFF018ADD9A1}" = protocol=17 | dir=in | app=c:\program files\iolo\system mechanic professional 7\personal firewall\iolofw.exe |
"{1F4E542E-5F2C-4D8E-A5C1-02152A23193F}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{232CB917-1FDF-4338-986D-AC9EAB03EABF}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{23DA1BA7-38AE-4BB7-A6F1-2AB390EDCE4D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{314E4DA1-3C23-4A33-A9B1-53C5590FBBE1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33C8A145-0700-41D7-AB82-E91C6628CD87}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3B30944B-BE6C-4137-B8C8-CC2EC1F69FB3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3F7B9A30-8B00-471B-BE9D-0A3EAE80B37C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46C2413E-EFBA-404A-A968-8D43C08C3BE1}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{4A59770C-92C0-4A17-8E4D-05187FB1E5B0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4AE212D8-0E39-4D44-9454-398027C092F4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{504578F2-8E63-4E75-9E54-8000AC4DD9D4}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{51305362-2DB4-40CE-9D15-73D626EFDFB1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{69DA39B6-1A8A-423E-BB06-F9D1C8F86610}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{7681966D-CA2C-47F5-BD2E-9AEE8864237B}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{77690A19-7C85-44A4-AD91-34F4AE7D2997}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"{7876F3A8-AB64-42F1-A839-504ACDCC214F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{799E8BE7-20A2-43BC-B6EB-307EE7B41500}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{7FF5CFE1-A970-48C8-AC30-EC72BE2A5A2F}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{82CCD691-DF89-46E1-90D3-71EAB5262BD2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{85B0C948-09D2-4FFF-9D62-079A4D07C39E}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{957E6D5B-7999-48EF-BF33-8A41B0DCB1EE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{991FE3F2-E773-47A0-8EBE-609356806B04}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B975451E-10F5-4C3A-9D58-9F178BE11163}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{BFDBAEE3-1691-4116-A131-9AE5E7583E23}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C0B39621-C15B-4F4F-9180-4B481ECE4CBB}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C266EC2A-28A1-4FD3-B161-A2B8A20E4FED}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C953F769-6069-4F9E-9C6D-EBD5E1C1A515}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{D3BD9C46-9950-47E1-8C51-4C55488480C5}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{D5EC8667-CCD5-42BE-A22D-9BCDC019220D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D8FE52A9-1549-4C7F-917A-A801F1779633}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DBFB52A9-9DFE-4776-9142-BD6CB35B25FB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DC416B0C-FB72-4B4B-AEBE-BC6093F3B726}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{DC524E8D-DAA7-4999-8D1C-6A3E99050366}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{DE663C45-611B-4926-9370-E4330D480149}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{E23570A4-7B07-47DF-A1BE-A51693189CE4}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{E293206E-7845-466F-B911-9A52F28A137B}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E6A76093-A879-475A-AF34-7D8C3DCB9449}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{E8CE3B30-6A60-49C7-AA16-90DE4B7FACE3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\srcds.exe |
"{EB455CE2-057E-461F-A6B3-89D4D8E8EAE3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{F65355A0-2855-4EB8-B791-75B15AAC8502}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F974C3F3-10E1-4F5F-B1DB-4A633D001AD2}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{FDC53FFC-3784-4CFC-BF5C-23DB54C3E6D7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FDD5DE0F-C582-4891-A982-432D09C1270F}" = protocol=6 | dir=in | app=c:\program files\iolo\system mechanic professional 7\personal firewall\iolofw.exe |
"TCP Query User{064DE936-796A-4A2C-8194-99F1A2FF6BDF}C:\program files\pspdisp\bin\app\pspdisp.exe" = protocol=6 | dir=in | app=c:\program files\pspdisp\bin\app\pspdisp.exe |
"TCP Query User{1BAAECFD-7A2D-4CF8-A47C-2F0B85004B48}C:\program files\pspdisp\bin\app\pspdisp.exe" = protocol=6 | dir=in | app=c:\program files\pspdisp\bin\app\pspdisp.exe |
"TCP Query User{1D997743-556B-435A-8D1E-B77FA39DC177}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{2B878507-4366-4E22-9554-2EA908B7E380}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"TCP Query User{5AC23E32-9B83-4CB6-91B3-0B2DEB81805D}C:\users\sevilleja\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=6 | dir=in | app=c:\users\sevilleja\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe |
"TCP Query User{5CC03FB3-D4AA-4326-AC5E-22BF5E8C3F55}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{65EBC66A-319A-4C3B-BE48-4C9EF3CDA056}C:\users\sevilleja\desktop\24139_gates\gates.exe" = protocol=6 | dir=in | app=c:\users\sevilleja\desktop\24139_gates\gates.exe |
"TCP Query User{8CA2CD4E-789D-4B43-8B2C-01571EB08CA1}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{A21A4AEA-8CE4-4AF5-BAEE-49D7B57C16B0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A637D369-D6F7-4F47-93C5-1AE34AB107A8}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A7C307A1-C185-4C14-8800-1232362E4AD9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B5C676C0-D0A9-4572-B7DC-162EBA37F337}C:\program files\popcap games\zuma deluxe\zuma.exe" = protocol=6 | dir=in | app=c:\program files\popcap games\zuma deluxe\zuma.exe |
"TCP Query User{C83DDD05-FEEE-4CB3-8320-DDE6998BC586}C:\program files\steam\steamapps\bo0r02\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\bo0r02\counter-strike\hl.exe |
"TCP Query User{D678A3A9-98D9-4188-92B5-B2417714BA24}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DEFE6DDD-AA6A-4C19-8D96-AA12F6E29720}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{DFD22FD5-EA3E-40DB-BDB5-6851769C1583}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{FC5D5D2D-5E3F-4A4A-BCA2-AB2E60B3AE3D}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{0D3F7D41-4850-4F64-BA3E-F8F9E7BB773E}C:\users\sevilleja\desktop\24139_gates\gates.exe" = protocol=17 | dir=in | app=c:\users\sevilleja\desktop\24139_gates\gates.exe |
"UDP Query User{10347DC1-069B-4454-A5A5-70A07821ACCB}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{2326678E-A134-4DB6-8189-4A2D80D7CFC6}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{247A50AE-FF76-417D-8972-629F18EC5EFA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{37FC9A0A-87F8-4B84-B8F3-FCB77B29DE4A}C:\program files\pspdisp\bin\app\pspdisp.exe" = protocol=17 | dir=in | app=c:\program files\pspdisp\bin\app\pspdisp.exe |
"UDP Query User{4E44CC1B-BBF9-41CE-81CC-2380B4C4FB64}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{6D3DEE50-C5B2-41E5-806A-4A4C7710CDEE}C:\program files\steam\steamapps\bo0r02\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\bo0r02\counter-strike\hl.exe |
"UDP Query User{6F036482-FF3D-4B78-8577-E70598FFA7E4}C:\users\sevilleja\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=17 | dir=in | app=c:\users\sevilleja\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe |
"UDP Query User{75B613E1-63B5-4812-A1CF-6A77701F68D8}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{9B3F9CA9-BF38-410A-BD89-2E90DFB72D61}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9F92B395-3EBB-4D17-820D-E5CA5DBC67F0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A5E6A126-7EF1-490A-A690-3961E09F9FD6}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{BE976B34-D6E9-42E2-9923-F2876516B311}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{CCB05771-DE1C-485B-BA3B-A796C5B722FF}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{E3A6492E-22AC-4E76-B59D-B6E8B0D30A1E}C:\program files\pspdisp\bin\app\pspdisp.exe" = protocol=17 | dir=in | app=c:\program files\pspdisp\bin\app\pspdisp.exe |
"UDP Query User{EB8EA6A4-6EC7-44E0-93B4-E672337D7752}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F2F40438-3F43-4B10-8C5C-15FFBCC4907E}C:\program files\popcap games\zuma deluxe\zuma.exe" = protocol=17 | dir=in | app=c:\program files\popcap games\zuma deluxe\zuma.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06283453-7826-2168-5324-689421793582}" = MessengerData WMP Plugin
"{062BFFA1-0CCC-400B-B840-F162328D8C00}" = winLAME prerelease4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0F0A0506-9A9C-406a-999D-0D5A92EBC14B}" = HP Photosmart Appliance Printer Driver Software 9.0
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play HD DVD
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5E730665-26CF-4cd5-BBDC-D005665B01F6}" = ps_app_npi_software
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C0B3A39-6602-4E52-9561-01C24E7BDFC0}" = muvee autoProducer 6.1
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C23587D9-1415-4042-9B3D-43118A4334C7}_is1" = BoontyBox 2.1
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF911E7B-1B9D-4e1c-8534-60E70FA45BC1}" = ps_app_npi_software_req
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}" = SweetIM for Messenger 2.7
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 2.7.2
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG 9.0
"AviSynth" = AviSynth 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Combat Arms" = Combat Arms
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Picasa 3" = Picasa 3
"Steam App 10" = Counter-Strike
"Steam App 510" = Left 4 Dead Dedicated Server
"Steam App 590" = Left 4 Dead 2 Demo
"Veoh Web Player Beta" = Veoh Web Player
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2010 6:16:42 PM | Computer Name = aikieaiko | Source = Windows Search Service | ID = 3013
Description =

Error - 5/5/2010 9:17:12 PM | Computer Name = aikieaiko | Source = MsiInstaller | ID = 11706
Description =

Error - 5/5/2010 9:55:21 PM | Computer Name = aikieaiko | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/5/2010 9:55:21 PM | Computer Name = aikieaiko | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/5/2010 10:40:16 PM | Computer Name = aikieaiko | Source = EventSystem | ID = 4609
Description =

Error - 5/5/2010 10:59:30 PM | Computer Name = aikieaiko | Source = MsiInstaller | ID = 11706
Description =

Error - 5/6/2010 12:53:08 AM | Computer Name = aikieaiko | Source = EventSystem | ID = 4609
Description =

Error - 5/6/2010 3:51:09 AM | Computer Name = aikieaiko | Source = Windows Search Service | ID = 3013
Description =

Error - 5/6/2010 3:51:09 AM | Computer Name = aikieaiko | Source = Windows Search Service | ID = 3013
Description =

Error - 5/6/2010 5:19:15 PM | Computer Name = aikieaiko | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 5/6/2010 5:19:17 PM | Computer Name = aikieaiko | Source = DCOM | ID = 10005
Description =

Error - 5/6/2010 5:19:17 PM | Computer Name = aikieaiko | Source = DCOM | ID = 10005
Description =

Error - 5/6/2010 5:19:19 PM | Computer Name = aikieaiko | Source = Service Control Manager | ID = 7001
Description =

Error - 5/6/2010 5:19:19 PM | Computer Name = aikieaiko | Source = Service Control Manager | ID = 7001
Description =

Error - 5/6/2010 5:19:50 PM | Computer Name = aikieaiko | Source = Service Control Manager | ID = 7001
Description =

Error - 5/6/2010 5:19:53 PM | Computer Name = aikieaiko | Source = DCOM | ID = 10005
Description =

Error - 5/6/2010 5:19:53 PM | Computer Name = aikieaiko | Source = DCOM | ID = 10005
Description =

Error - 5/6/2010 5:19:54 PM | Computer Name = aikieaiko | Source = Service Control Manager | ID = 7001
Description =

Error - 5/6/2010 5:27:37 PM | Computer Name = aikieaiko | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.5 for the Network Card with network
address 001644954AF3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/6/2010 5:28:55 PM | Computer Name = aikieaiko | Source = Service Control Manager | ID = 7026
Description =


< End of report >

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by Belahzur on 7th May 2010, 5:01 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [kmbhtfix] C:\Users\sevilleja\AppData\Local\omymwwslr\uosvmbwtssd.exe File not found
    [2010/05/05 17:15:10 | 000,000,000 | ---D | C] -- C:\Users\sevilleja\AppData\Local\omymwwslr



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 8th May 2010, 3:21 am

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D0523BB4-21E7-11DD-9AB7-415B56D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0523BB4-21E7-11DD-9AB7-415B56D89593}\ deleted successfully.
File C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kmbhtfix deleted successfully.
C:\Users\sevilleja\AppData\Local\omymwwslr folder moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05072010_221916

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 8th May 2010, 6:22 pm

Is my computer fixed now or do I need to do something else? by the way, Is there any software that manages updates? thanks

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by Belahzur on 8th May 2010, 11:22 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 12th May 2010, 7:40 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4094

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/12/2010 2:12:15 PM
mbam-log-2010-05-12 (14-12-15).txt

Scan type: Quick scan
Objects scanned: 132123
Time elapsed: 27 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 55
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\smartshopper.hbax (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.hbax.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.hbinfoband (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.hbinfoband.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebutton (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebutton.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebuttona (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebuttona.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebuttonb (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebuttonb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.smrtshprctl (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.smrtshprctl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{08aa0598-6a23-4364-9bf4-6d5f57f42993} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b0e8c398-dabe-4ce1-b4d9-ed43b64923f5} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c7f127df-8877-4e1e-a196-fbbecbc5bc6d} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{064c57b4-b9ec-425f-b9b3-bceffeea74d9} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0755e4f0-3f92-4a67-ad14-e9f287f76fbc} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2260d608-c844-435d-90fd-dc16cfa577f2} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bceb373d-a35a-4200-bd43-8586cd9dfae7} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2615f050-9c18-4267-b711-8e3687dc0145} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ca295d63-514a-4ed0-9b5f-640890f2366b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cb0d9d8c-535e-4352-ba8f-65c3c8676612} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{137e6e5e-a205-4657-a49f-1ab865787089} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ba1c226-ec1b-4471-a65f-d0688ac6ee3a} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2ba1c226-ec1b-4471-a65f-d0688ac6ee3a} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\sevilleja\Favorites\mp3 download.url (Rogue.Link) -> Quarantined and deleted successfully.

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 12th May 2010, 7:41 pm

bump

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by Belahzur on 12th May 2010, 10:21 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 12th May 2010, 10:43 pm

I have a license on my avg.T he link only teaches how to disable the free version only. Is there any way I can do it?

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 12th May 2010, 11:17 pm

ComboFix 10-05-12.01 - sevilleja 05/12/2010 17:51:15.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.2212 [GMT -5:00]
Running from: c:\users\sevilleja\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Zumie
c:\users\Public\wrar371.exe
c:\users\sevilleja\AppData\Roaming\Microsoft\Windows\Recent\DSC05353.JPG
c:\users\sevilleja\AppData\Roaming\Microsoft\Windows\Recent\[You must be registered and logged in to see this link.]
c:\windows\system32\%appdata%
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-12 23:02 . 2010-05-12 23:05 -------- d-----w- c:\users\sevilleja\AppData\Local\temp
2010-05-12 23:02 . 2010-05-12 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-12 22:46 . 2010-05-12 22:46 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-05-12 22:38 . 2010-05-12 22:39 -------- d-----w- C:\32788R22FWJFW
2010-05-12 19:43 . 2010-05-12 20:04 -------- d-----w- c:\users\sevilleja\AppData\Roaming\CBS Interactive
2010-05-12 18:37 . 2010-05-12 18:37 -------- d-----w- c:\users\sevilleja\AppData\Roaming\Malwarebytes
2010-05-12 18:37 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-12 18:37 . 2010-05-12 18:37 -------- d-----w- c:\programdata\Malwarebytes
2010-05-12 18:37 . 2010-05-12 18:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 18:37 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 18:32 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-08 03:19 . 2010-05-08 03:19 -------- d-----w- C:\_OTL
2010-05-06 01:54 . 2010-05-06 01:54 -------- d-----w- c:\programdata\Alwil Software
2010-05-06 01:54 . 2010-05-06 01:54 -------- d-----w- c:\program files\Alwil Software
2010-05-03 23:42 . 2010-05-03 23:59 -------- d-----w- c:\programdata\DivX
2010-04-26 00:44 . 2010-04-26 00:44 -------- d-----w- c:\program files\DVD Decrypter
2010-04-14 20:35 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 20:35 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 20:35 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 20:35 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 20:35 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 20:35 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 20:35 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 20:35 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 20:35 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 20:34 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 20:34 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 23:04 . 2008-05-16 18:32 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-12 21:50 . 2008-11-08 06:52 0 ----a-w- c:\users\sevilleja\AppData\Local\prvlcl.dat
2010-05-12 19:23 . 2009-11-30 04:52 -------- d-----w- c:\program files\Steam
2010-05-12 19:20 . 2009-11-30 04:52 -------- d-----w- c:\program files\Common Files\Steam
2010-05-12 19:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 18:27 . 2008-07-22 20:58 -------- d-----w- c:\programdata\Google Updater
2010-05-08 03:19 . 2008-10-13 22:27 -------- d-----w- c:\program files\My.Freeze.com Toolbar with NetAssistant
2010-05-05 03:57 . 2008-03-13 13:06 14742 ----a-w- c:\users\sevilleja\AppData\Roaming\wklnhst.dat
2010-05-03 23:58 . 2010-05-03 23:58 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-03 23:58 . 2010-05-03 23:58 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-03 23:58 . 2010-05-03 23:58 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-03 23:58 . 2010-05-03 23:58 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-03 23:58 . 2009-05-03 18:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-03 23:58 . 2010-05-03 23:58 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-05-03 23:42 . 2010-05-03 23:42 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-03 23:42 . 2010-05-03 23:59 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-03 23:42 . 2010-05-03 23:59 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-02 20:18 . 2008-05-13 21:53 139327 ----a-w- c:\windows\hpoins15.dat
2010-04-26 20:57 . 2010-04-04 12:56 -------- d-----w- c:\program files\Webcam Video Capture
2010-04-19 22:00 . 2010-04-19 22:00 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-19 22:00 . 2008-10-29 21:43 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-19 21:58 . 2010-04-19 21:58 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-14 21:20 . 2008-03-18 05:32 -------- d-----w- c:\programdata\Yahoo! Companion
2010-04-02 17:25 . 2008-11-09 02:00 -------- d-----w- c:\users\sevilleja\AppData\Roaming\Any Video Converter
2010-03-28 19:32 . 2010-01-18 04:58 -------- d-----w- c:\program files\Full Tilt Poker
2010-03-24 04:40 . 2010-02-01 02:39 -------- d-----w- c:\program files\Avi2Dvd
2010-03-19 16:38 . 2010-02-22 22:16 50354 ----a-w- c:\users\sevilleja\AppData\Roaming\Facebook\uninstall.exe
2010-03-19 16:38 . 2010-02-22 22:16 -------- d-----w- c:\users\sevilleja\AppData\Roaming\Facebook
2010-03-15 22:28 . 2008-05-19 04:12 -------- d-----w- c:\users\sevilleja\AppData\Roaming\Image Zone Express
2010-03-08 21:00 . 2010-05-03 23:59 530625 ----a-w- c:\programdata\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-03-08 20:59 . 2010-05-03 23:59 530625 ----a-w- c:\programdata\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\sevilleja\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-03-05 03:39 . 2010-03-05 03:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 03:39 . 2008-03-14 19:38 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 03:38 . 2008-10-29 21:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 03:38 . 2008-10-29 21:43 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-25 01:17 . 2008-03-13 03:13 73144 ----a-w- c:\users\sevilleja\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 20:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 20:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 20:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 20:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 14:56 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 14:56 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 14:56 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2007-12-25 19:33 . 2007-12-25 19:28 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-12-26 2935480]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-13 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-23 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-23 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

c:\users\sevilleja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 21:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-08 03:17 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d5,00,e8,61,81,04,ca,01

R2 gupdate1cabf024a0c4494;Google Update Service (gupdate1cabf024a0c4494);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2007-02-06 16512]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2009-06-07 28672]
R3 LTXMD_VAC;Litex Media Virtual Audio Cabel (WDM);c:\windows\system32\drivers\lmvac.sys [2008-04-29 18912]
R4 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-07 691696]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-05 216200]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-19 242896]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\DVDPlay\000.fcl [2007-12-18 39408]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-05 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-05 308064]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-12-04 1426304]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-05-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-20 22:04]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 20:59]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 20:59]

2010-05-12 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-05-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\sevilleja\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\sevilleja\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\sevilleja\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-My HP Game Console - c:\program files\HP Games\My HP Game Console\Uninstall.exe
AddRemove-WT026592 - c:\program files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT026598 - c:\program files\HP Games\7 Wonders of the Ancient World\Uninstall.exe
AddRemove-WT026599 - c:\program files\HP Games\Blasterball 2 Revolution\Uninstall.exe
AddRemove-WT026600 - c:\program files\HP Games\Blasterball 3\Uninstall.exe
AddRemove-WT026615 - c:\program files\HP Games\Crystal Maze\Uninstall.exe
AddRemove-WT026617 - c:\program files\HP Games\FATE\Uninstall.exe
AddRemove-WT026621 - c:\program files\HP Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT026647 - c:\program files\HP Games\Fish Tycoon\Uninstall.exe
AddRemove-WT026649 - c:\program files\HP Games\Jewel Quest Solitaire\Uninstall.exe
AddRemove-WT026652 - c:\program files\HP Games\Mah Jong Quest\Uninstall.exe
AddRemove-WT026654 - c:\program files\HP Games\Peggle\Uninstall.exe
AddRemove-WT026655 - c:\program files\HP Games\Penguins!\Uninstall.exe
AddRemove-WT026656 - c:\program files\HP Games\Polar Bowler\Uninstall.exe
AddRemove-WT026657 - c:\program files\HP Games\Polar Golfer\Uninstall.exe
AddRemove-WT026658 - c:\program files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe
AddRemove-WT026659 - c:\program files\HP Games\Super Granny\Uninstall.exe
AddRemove-WT026678 - c:\program files\HP Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT026689 - c:\program files\HP Games\Insaniquarium Deluxe\Uninstall.exe
AddRemove-WT026691 - c:\program files\HP Games\Otto's Magic Blocks\Uninstall.exe
AddRemove-WT026728 - c:\program files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe
AddRemove-WT026729 - c:\program files\HP Games\Virtual Villagers - A New Home\Uninstall.exe
AddRemove-WT026730 - c:\program files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe
AddRemove-WT026781 - c:\program files\HP Games\Tradewinds\Uninstall.exe
AddRemove-WT026807 - c:\program files\HP Games\Slingo Deluxe\Uninstall.exe
AddRemove-WT026813 - c:\program files\HP Games\Shooting Stars Pool\Uninstall.exe
AddRemove-WT026814 - c:\program files\HP Games\Ricochet Lost Worlds\Uninstall.exe
AddRemove-WT026836 - c:\program files\HP Games\Jewel Quest\Uninstall.exe
AddRemove-WT026837 - c:\program files\HP Games\Diner Dash\Uninstall.exe
AddRemove-WT027261 - c:\program files\HP Games\Magic Academy\Uninstall.exe
AddRemove-WT041600 - c:\program files\HP Games\Magus - In Search of Adventure\Uninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-12 18:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys spbm.sys hal.dll >>UNKNOWN [0x85D7B938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8af9ed24
\Driver\ACPI -> acpi.sys @ 0x807b7d68
\Driver\iaStor -> iastor.sys @ 0x82eb98e0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\DVDPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-127681080-1363697337-3790791423-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AAA017C-794A-C6A5-D861-652D3D880C5D}*]
"daedegpf"=hex:64,62,64,66,6c,66,6d,61,66,64,68,69,6a,6d,68,6d,68,65,6c,61,6d,
67,69,68,6b,69,62,69,66,62,62,6d,66,6f,64,61,62,6e,64,61,00,00
"iapfjgcgflkmigjamd"=hex:6a,61,6c,6f,68,6e,6d,67,65,64,6a,6e,67,69,61,68,64,63,
69,69,00,00
"hajfpecfcffejanf"=hex:6a,61,6c,6f,63,6e,70,66,6a,62,67,63,65,62,6d,6e,6d,61,
66,6a,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(11192)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-05-12 18:14:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-12 23:14

Pre-Run: 175,107,399,680 bytes free
Post-Run: 175,357,534,208 bytes free

- - End Of File - - B78F75961DF5D1B72150BFB5F504C9F3

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by Belahzur on 13th May 2010, 10:08 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.1
    Java(TM) 6 Update 17
    Search Settings 1.2

  • Click on the Uninstall/Change button at the top.




  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:5555

    RegNull::
    [HKEY_USERS\S-1-5-21-127681080-1363697337-3790791423-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AAA017C-794A-C6A5-D861-652D3D880C5D}*]

    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    MBR::
    Reboot::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 14th May 2010, 4:21 am

ComboFix 10-05-13.03 - sevilleja 05/13/2010 22:49:56.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1904 [GMT -5:00]
Running from: c:\users\sevilleja\Desktop\ComboFix.exe
Command switches used :: c:\users\sevilleja\Desktop\CFscript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))))
.

2010-05-14 03:57 . 2010-05-14 04:02 -------- d-----w- c:\users\sevilleja\AppData\Local\temp
2010-05-14 03:57 . 2010-05-14 03:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-05-14 03:57 . 2010-05-14 03:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-14 03:57 . 2010-05-14 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-12 22:46 . 2010-05-12 22:46 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-05-12 19:43 . 2010-05-12 20:04 -------- d-----w- c:\users\sevilleja\AppData\Roaming\CBS Interactive
2010-05-12 18:37 . 2010-05-12 18:37 -------- d-----w- c:\users\sevilleja\AppData\Roaming\Malwarebytes
2010-05-12 18:37 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-12 18:37 . 2010-05-12 18:37 -------- d-----w- c:\programdata\Malwarebytes
2010-05-12 18:37 . 2010-05-12 18:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 18:37 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 18:32 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-08 03:19 . 2010-05-08 03:19 -------- d-----w- C:\_OTL
2010-05-06 01:54 . 2010-05-06 01:54 -------- d-----w- c:\programdata\Alwil Software
2010-05-06 01:54 . 2010-05-06 01:54 -------- d-----w- c:\program files\Alwil Software
2010-05-03 23:58 . 2010-05-03 23:58 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-03 23:58 . 2010-05-03 23:58 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-03 23:58 . 2010-05-03 23:58 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-03 23:58 . 2010-05-03 23:58 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-03 23:58 . 2010-05-03 23:58 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-05-03 23:42 . 2010-05-03 23:42 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-03 23:42 . 2010-05-03 23:59 -------- d-----w- c:\programdata\DivX
2010-04-26 00:44 . 2010-04-26 00:44 -------- d-----w- c:\program files\DVD Decrypter
2010-04-19 22:00 . 2010-04-19 22:00 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-19 21:58 . 2010-04-19 21:58 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-14 20:35 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 20:35 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 20:35 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 20:35 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 20:35 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 20:35 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 20:35 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 20:35 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 20:35 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 20:34 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 20:34 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 03:58 . 2008-05-16 18:32 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-14 03:17 . 2007-12-25 20:19 -------- d-----w- c:\program files\Java
2010-05-14 03:16 . 2008-04-05 18:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-13 21:11 . 2008-07-22 20:58 -------- d-----w- c:\programdata\Google Updater
2010-05-13 16:51 . 2008-11-08 06:52 0 ----a-w- c:\users\sevilleja\AppData\Local\prvlcl.dat
2010-05-12 19:23 . 2009-11-30 04:52 -------- d-----w- c:\program files\Steam
2010-05-12 19:20 . 2009-11-30 04:52 -------- d-----w- c:\program files\Common Files\Steam
2010-05-12 19:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-08 03:19 . 2008-10-13 22:27 -------- d-----w- c:\program files\My.Freeze.com Toolbar with NetAssistant
2010-05-05 03:57 . 2008-03-13 13:06 14742 ----a-w- c:\users\sevilleja\AppData\Roaming\wklnhst.dat
2010-05-03 23:58 . 2009-05-03 18:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-03 23:42 . 2010-05-03 23:59 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-03 23:42 . 2010-05-03 23:59 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-02 20:18 . 2008-05-13 21:53 139327 ----a-w- c:\windows\hpoins15.dat
2010-04-26 20:57 . 2010-04-04 12:56 -------- d-----w- c:\program files\Webcam Video Capture
2010-04-19 22:00 . 2008-10-29 21:43 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-14 21:20 . 2008-03-18 05:32 -------- d-----w- c:\programdata\Yahoo! Companion
2010-04-02 17:25 . 2008-11-09 02:00 -------- d-----w- c:\users\sevilleja\AppData\Roaming\Any Video Converter
2010-03-28 19:32 . 2010-01-18 04:58 -------- d-----w- c:\program files\Full Tilt Poker
2010-03-24 04:40 . 2010-02-01 02:39 -------- d-----w- c:\program files\Avi2Dvd
2010-03-19 16:38 . 2010-02-22 22:16 50354 ----a-w- c:\users\sevilleja\AppData\Roaming\Facebook\uninstall.exe
2010-03-19 16:38 . 2010-02-22 22:16 -------- d-----w- c:\users\sevilleja\AppData\Roaming\Facebook
2010-03-15 22:28 . 2008-05-19 04:12 -------- d-----w- c:\users\sevilleja\AppData\Roaming\Image Zone Express
2010-03-08 21:00 . 2010-05-03 23:59 530625 ----a-w- c:\programdata\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-03-08 20:59 . 2010-05-03 23:59 530625 ----a-w- c:\programdata\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\sevilleja\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-03-05 03:39 . 2010-03-05 03:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 03:39 . 2008-03-14 19:38 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 03:38 . 2008-10-29 21:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 03:38 . 2008-10-29 21:43 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-25 01:17 . 2008-03-13 03:13 73144 ----a-w- c:\users\sevilleja\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 20:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 20:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 20:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 20:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 14:56 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 14:56 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 14:56 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2007-12-25 19:33 . 2007-12-25 19:28 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-12-26 2935480]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-13 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-23 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-23 92704]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]

c:\users\sevilleja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 21:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-08 03:17 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d5,00,e8,61,81,04,ca,01

R2 gupdate1cabf024a0c4494;Google Update Service (gupdate1cabf024a0c4494);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2007-02-06 16512]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2009-06-07 28672]
R3 LTXMD_VAC;Litex Media Virtual Audio Cabel (WDM);c:\windows\system32\drivers\lmvac.sys [2008-04-29 18912]
R4 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-07 691696]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-05 216200]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-19 242896]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\DVDPlay\000.fcl [2007-12-18 39408]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-05 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-05 308064]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-12-04 1426304]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-05-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-20 22:04]

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 20:59]

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 20:59]

2010-05-12 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-05-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\sevilleja\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\sevilleja\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\sevilleja\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\sevilleja\AppData\Roaming\Mozilla\Firefox\Profiles\r1oabfm9.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-13 23:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

LVPrcSrv.exe [3732]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys spfu.sys hal.dll >>UNKNOWN [0x85D7B938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8af9dd24
\Driver\ACPI -> acpi.sys @ 0x807b3d68
\Driver\iaStor -> iastor.sys @ 0x82eb28e0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\DVDPlay\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6232)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-05-13 23:09:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-14 04:09
ComboFix2.txt 2010-05-12 23:14

Pre-Run: 174,680,895,488 bytes free
Post-Run: 174,524,006,400 bytes free

- - End Of File - - 48F580C9F9FD7D6996C407ED34EF26E2

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by Belahzur on 14th May 2010, 9:34 am

Hello.

To disable CD Emulation programs using DeFogger please perform these steps:
  1. Please download [You must be registered and logged in to see this link.] to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.


Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 15th May 2010, 5:14 am

belazhur the cd emulation is still there. It is still asking me for the cd for the solution?

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 15th May 2010, 5:49 pm

I tried running gmer in safe mode, normal mode and it didnt work. I tried renaming it , It didnt work. Is there any other possible way?

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 15th May 2010, 5:50 pm

bump

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by Belahzur on 15th May 2010, 9:19 pm


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 16th May 2010, 3:16 am

my avg detected that this file is infected with trojan?

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by Belahzur on 16th May 2010, 7:42 pm

Annoyed or Unimpress AVG sucks on detection rate, ignore the warning, disable AVG if needed.

See [You must be registered and logged in to see this link.] for how to disable your AV.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 18th May 2010, 3:20 am

22:19:02:221 6824 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
22:19:02:221 6824 ================================================================================
22:19:02:221 6824 SystemInfo:

22:19:02:221 6824 OS Version: 6.0.6002 ServicePack: 2.0
22:19:02:221 6824 Product type: Workstation
22:19:02:221 6824 ComputerName: AIKIEAIKO
22:19:02:222 6824 UserName: sevilleja
22:19:02:222 6824 Windows directory: C:\Windows
22:19:02:222 6824 Processor architecture: Intel x86
22:19:02:222 6824 Number of processors: 4
22:19:02:222 6824 Page size: 0x1000
22:19:02:223 6824 Boot type: Normal boot
22:19:02:223 6824 ================================================================================
22:19:02:228 6824 UnloadDriverW: NtUnloadDriver error 2
22:19:02:228 6824 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2
22:19:22:093 6824 wfopen_ex: Trying to open file C:\Windows\system32\config\system
22:19:22:093 6824 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:19:22:093 6824 wfopen_ex: Trying to KLMD file open
22:19:22:093 6824 wfopen_ex: File opened ok (Flags 2)
22:19:22:100 6824 wfopen_ex: Trying to open file C:\Windows\system32\config\software
22:19:22:100 6824 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:19:22:100 6824 wfopen_ex: Trying to KLMD file open
22:19:22:100 6824 wfopen_ex: File opened ok (Flags 2)
22:19:22:100 6824 KLAVA engine initialized
22:19:22:379 6824 Initialize success
22:19:22:380 6824
22:19:22:380 6824 Scanning Services ...
22:19:23:174 6824 Raw services enum returned 446 services
22:19:23:183 6824
22:19:23:183 6824 Scanning Drivers ...
22:19:23:310 6824 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:19:23:338 6824 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:19:23:370 6824 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:19:23:397 6824 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:19:23:416 6824 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:19:23:459 6824 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
22:19:23:483 6824 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:19:23:512 6824 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:19:23:543 6824 aliide (9df16e31daa1591c538222eae00e07eb) C:\Windows\system32\drivers\aliide.sys
22:19:23:563 6824 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:19:23:583 6824 amdide (260c91345de01c3dfd364ee970a92b02) C:\Windows\system32\drivers\amdide.sys
22:19:23:604 6824 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:19:23:617 6824 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:19:23:650 6824 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:19:23:669 6824 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:19:23:716 6824 ASPI (54ab078660e536da72b21a27f56b035b) C:\Windows\System32\DRIVERS\ASPI32.sys
22:19:23:726 6824 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\Windows\system32\drivers\ASPI32.sys
22:19:23:758 6824 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:19:23:788 6824 atapi (b3f2c79318b9bbe87b2c51033682d912) C:\Windows\system32\drivers\atapi.sys
22:19:23:824 6824 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\Windows\System32\Drivers\avgldx86.sys
22:19:23:878 6824 AvgMfx86 (f9caeec3ff1545991f490264429724c5) C:\Windows\System32\Drivers\avgmfx86.sys
22:19:23:917 6824 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
22:19:23:970 6824 AvgTdiX (cf9ac576490bb6c547cd16ef0b782358) C:\Windows\System32\Drivers\avgtdix.sys
22:19:23:999 6824 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:19:24:033 6824 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
22:19:24:056 6824 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:19:24:072 6824 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:19:24:108 6824 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:19:24:134 6824 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:19:24:157 6824 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:19:24:176 6824 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:19:24:197 6824 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:19:24:406 6824 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:19:24:455 6824 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:19:24:482 6824 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
22:19:24:523 6824 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:19:24:547 6824 cmdide (55a247b547fb9da28bc492dee643ecdf) C:\Windows\system32\drivers\cmdide.sys
22:19:24:562 6824 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
22:19:24:582 6824 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:19:24:611 6824 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:19:24:644 6824 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
22:19:24:694 6824 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:19:24:736 6824 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
22:19:24:777 6824 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:19:24:793 6824 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
22:19:24:820 6824 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:19:24:868 6824 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
22:19:24:927 6824 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:19:24:968 6824 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:19:25:003 6824 ElRawDisk (dc8fcbd7e98fe7be4e7ca9780835fab7) C:\Windows\system32\drivers\elrawdsk.sys
22:19:25:028 6824 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:19:25:067 6824 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:19:25:086 6824 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:19:25:110 6824 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:19:25:139 6824 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:19:25:173 6824 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:19:25:187 6824 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:19:25:225 6824 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:19:25:252 6824 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:19:25:275 6824 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:19:25:303 6824 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
22:19:25:361 6824 HCW85BDA (09139afcf7697461059eec49a8fe66a2) C:\Windows\system32\drivers\HCW85BDA.sys
22:19:25:448 6824 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:19:25:501 6824 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:19:25:553 6824 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:19:25:577 6824 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
22:19:25:630 6824 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:19:25:650 6824 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:19:25:704 6824 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
22:19:25:831 6824 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
22:19:25:898 6824 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:19:25:927 6824 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:19:25:952 6824 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:19:25:989 6824 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
22:19:26:017 6824 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:19:26:041 6824 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:19:26:114 6824 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
22:19:26:284 6824 intelide (1fdf294ecca2addf84e8271d75abddb4) C:\Windows\system32\drivers\intelide.sys
22:19:26:317 6824 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:19:26:347 6824 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:19:26:387 6824 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:19:26:418 6824 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:19:26:451 6824 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:19:26:489 6824 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:19:26:519 6824 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:19:26:545 6824 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:19:26:560 6824 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:19:26:591 6824 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:19:26:644 6824 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:19:26:697 6824 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:19:26:763 6824 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\Windows\system32\DRIVERS\libusb0.sys
22:19:26:789 6824 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:19:26:832 6824 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:19:26:856 6824 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:19:26:873 6824 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:19:26:908 6824 LTXMD_VAC (6cfcdb3b89079747c80403f2deb822c5) C:\Windows\system32\drivers\lmvac.sys
22:19:26:934 6824 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:19:26:961 6824 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\Windows\system32\Drivers\LVPr2Mon.sys
22:19:26:999 6824 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys
22:19:27:057 6824 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys
22:19:27:177 6824 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\Windows\system32\DRIVERS\lvuvc.sys
22:19:27:348 6824 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:19:27:380 6824 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:19:27:406 6824 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:19:27:430 6824 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:19:27:455 6824 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:19:27:472 6824 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:19:27:503 6824 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:19:27:525 6824 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:19:27:558 6824 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:19:27:581 6824 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:19:27:614 6824 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:19:27:670 6824 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:19:27:687 6824 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:19:27:707 6824 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:19:27:738 6824 msahci (60ec6885a269e13d5daaa0efe060127a) C:\Windows\system32\drivers\msahci.sys
22:19:27:758 6824 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:19:27:790 6824 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:19:27:807 6824 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:19:27:828 6824 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:19:27:867 6824 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:19:27:885 6824 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:19:27:939 6824 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:19:27:966 6824 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:19:27:999 6824 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:19:28:035 6824 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:19:28:077 6824 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:19:28:124 6824 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:19:28:187 6824 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:19:28:216 6824 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:19:28:251 6824 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:19:28:280 6824 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:19:28:305 6824 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:19:28:350 6824 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:19:28:389 6824 netr73 (271ac1312ef1dde187793183abbfa8d0) C:\Windows\system32\DRIVERS\netr73.sys
22:19:28:434 6824 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:19:28:472 6824 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:19:28:534 6824 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:19:28:588 6824 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:19:28:685 6824 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:19:28:720 6824 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
22:19:28:745 6824 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:19:28:927 6824 nvlddmkm (57d3a8241b13a34ded58db36331223ee) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:19:29:171 6824 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:19:29:207 6824 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:19:29:226 6824 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:19:29:293 6824 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:19:29:321 6824 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:19:29:357 6824 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:19:29:376 6824 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:19:29:414 6824 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:19:29:447 6824 pciide (64b8e559d285c7ef599edf6428e1366f) C:\Windows\system32\drivers\pciide.sys
22:19:29:467 6824 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:19:29:512 6824 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:19:29:577 6824 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:19:29:616 6824 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:19:29:654 6824 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:19:29:682 6824 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
22:19:29:772 6824 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:19:29:847 6824 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:19:29:889 6824 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:19:29:914 6824 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:19:29:940 6824 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:19:29:974 6824 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:19:30:014 6824 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:19:30:112 6824 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:19:30:137 6824 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:19:30:166 6824 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
22:19:30:179 6824 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:19:30:215 6824 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:19:30:244 6824 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:19:30:275 6824 RTL8169 (3d2b6520699d1dcd5a13f9e7cad62199) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:19:30:297 6824 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:19:30:317 6824 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:19:30:342 6824 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:19:30:365 6824 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:19:30:389 6824 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:19:30:414 6824 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
22:19:30:431 6824 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
22:19:30:446 6824 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
22:19:30:468 6824 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:19:30:489 6824 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:19:30:507 6824 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:19:30:539 6824 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:19:30:581 6824 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:19:30:601 6824 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:19:30:644 6824 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
22:19:30:725 6824 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
22:19:30:763 6824 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
22:19:30:815 6824 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
22:19:30:837 6824 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
22:19:30:850 6824 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:19:30:872 6824 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:19:30:901 6824 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:19:30:919 6824 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:19:30:989 6824 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
22:19:31:098 6824 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
22:19:31:148 6824 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:19:31:178 6824 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:19:31:199 6824 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:19:31:236 6824 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:19:31:272 6824 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:19:31:304 6824 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:19:31:338 6824 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:19:31:400 6824 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:19:31:425 6824 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:19:31:461 6824 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:19:31:486 6824 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:19:31:511 6824 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:19:31:539 6824 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:19:31:560 6824 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:19:31:590 6824 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:19:31:626 6824 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\Windows\system32\Drivers\usbaapl.sys
22:19:31:674 6824 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
22:19:31:701 6824 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:19:31:735 6824 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
22:19:31:786 6824 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:19:31:806 6824 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:19:31:833 6824 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:19:31:862 6824 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:19:31:894 6824 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:19:31:945 6824 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:19:31:965 6824 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:19:31:992 6824 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:19:32:019 6824 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:19:32:043 6824 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:19:32:066 6824 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:19:32:088 6824 viaide (61acdd65bc5d6e4936297610506281d7) C:\Windows\system32\drivers\viaide.sys
22:19:32:114 6824 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:19:32:160 6824 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:19:32:201 6824 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:19:32:232 6824 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:19:32:255 6824 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:19:32:280 6824 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:19:32:284 6824 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:19:32:310 6824 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:19:32:351 6824 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:19:32:391 6824 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:19:32:430 6824 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:19:32:466 6824 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:19:32:493 6824 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:19:32:520 6824 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:19:32:548 6824 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
22:19:32:618 6824 {22D78859-9CE9-4B77-BF18-AC83E81A9263} (8903c6979ea677a9af3d36e0d3709203) C:\Program Files\HP\DVDPlay\000.fcl
22:19:32:619 6824
22:19:32:620 6824 Completed
22:19:32:620 6824
22:19:32:620 6824 Results:
22:19:32:620 6824 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:19:32:621 6824 File objects infected / cured / cured on reboot: 0 / 0 / 0
22:19:32:621 6824
22:19:32:621 6824 fclose_ex: Trying to close file C:\Windows\system32\config\system
22:19:32:622 6824 fclose_ex: Trying to close file C:\Windows\system32\config\software
22:19:32:623 6824 KLMD(ARK) unloaded successfully

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by Belahzur on 18th May 2010, 10:15 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 18th May 2010, 11:11 pm

thanks belazhur.....
are we done or we need to do more?
so far my pc is running great.
You mention that avg sucks, which alternative should I download?(free of course)
by the way,I have a pop up that is asking for solution cd? how do I disable that?
thanks again...
(how do I delete my post here)?

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by Belahzur on 19th May 2010, 10:48 pm

Hello.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 20th May 2010, 5:04 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e624640380c1f64fa13614c83d1f1992
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-20 03:04:28
# local_time=2010-05-19 10:04:28 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 280533 280533 0 0
# compatibility_mode=1029 16777213 100 100 0 13755906 0 0
# compatibility_mode=3073 16777213 80 92 0 10112061 0 0
# compatibility_mode=5892 16776574 100 100 0 110920531 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=217574
# found=2
# cleaned=2
# scan_time=11664
C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\sevilleja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6e49cf76-2eddc8e2 a variant of Java/TrojanDownloader.Agent.NAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by Belahzur on 20th May 2010, 10:36 pm

Hello.
This should be fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by rastah12 on 21st May 2010, 5:08 pm

thanks belazhur....

rastah12
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-05-06
OS OS : vista
Points Points : 24434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: massive infection: backdoor.win32, bankerfox.a,nuqel and much more

Post by Belahzur on 21st May 2010, 9:58 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum