Need help to remove BankerFox.A and Win32/Nuqel.E

View previous topic View next topic Go down

Need help to remove BankerFox.A and Win32/Nuqel.E

Post by cynlj on 8th May 2010, 4:01 am

I read through some the threads here to try to get rid of this, but I noticed that the solutions given are for the specific users only.

I have the same symptoms as others. Several pop-up windows claiming infected programs & the need to buy the spyware software online. I've run Malwarebytes' Anti-Malware, SpyBot Search & Destroy & ClamWin (as a suggestion from a friend) and all three finish the scans with "no immediate threats".


Any help is greatly appreciated.

Thanks!


*I will post my OTL copy asap

cynlj
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-08
Gender Gender : Female
OS OS : Vista
Points Points : 24178
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by chiaz on 8th May 2010, 4:20 am

Hi cynlj,

I will wait for you to post your OTL log, we'll take it from there. Smile

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-16
Gender Gender : Male
OS OS : Vista
Points Points : 26553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by cynlj on 8th May 2010, 6:06 am

Thanks! Smile

Here is my OTL info. One of the other symptoms is that a simple task such as this has taken me far longer than it should have due to having to constantly restart my computer because it says that even my notebook program is infected.

I do already notice that I only have an OTL.Txt file - I've searched for the Extras.Txt, but there is no file found. Not sure if this is okay or not.

Here we go!
----------------------------------------

OTL logfile created on: 5/7/2010 10:22:34 PM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 233.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.69 Gb Total Space | 97.43 Gb Free Space | 68.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/07 22:20:41 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2010/05/07 22:20:40 | 000,062,760 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2010/05/07 21:12:50 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/05/07 10:41:09 | 000,268,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\exjpclxjo\kgiuriatssd.exe
PRC - [2010/04/13 20:14:24 | 000,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2010/03/09 08:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/29 22:43:38 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008/05/29 22:43:36 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/04/01 11:49:42 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 00:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2006/11/28 10:58:40 | 000,546,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2006/11/27 21:15:30 | 000,465,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2006/11/24 18:58:38 | 000,919,672 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/11/24 11:36:54 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/11/24 11:36:54 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2006/11/14 11:46:24 | 000,411,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2006/11/14 11:39:03 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2006/11/13 18:43:36 | 000,472,632 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
PRC - [2006/11/13 06:32:52 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/11/13 06:32:52 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/11/13 06:32:49 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2006/11/11 16:35:36 | 000,043,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2006/10/17 02:43:22 | 000,960,032 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2006/09/26 15:48:36 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2006/09/26 15:46:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006/08/23 13:43:08 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe


========== Modules (SafeList) ==========

MOD - [2010/05/07 21:12:50 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/19 00:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$VAIO_VEDB) SQL Server (VAIO_VEDB)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/24 11:36:54 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/11/13 17:31:22 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/10/24 10:32:08 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/10/11 18:36:02 | 000,741,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006/10/11 15:52:44 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2006/10/11 15:52:44 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/10/09 11:02:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2006/10/09 11:02:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/10/04 19:25:00 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/10/04 19:15:30 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/04 19:06:58 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/09/26 15:48:36 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2006/09/26 15:46:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2006/09/21 10:53:16 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2006/09/16 21:08:00 | 000,071,184 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/08/28 21:38:04 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/08/23 13:43:08 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/15 12:52:00 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/01 16:25:30 | 000,158,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/02/01 16:25:28 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/02/01 16:25:28 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2006/12/13 20:35:15 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/30 19:13:46 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/11/30 19:13:46 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/11/28 18:58:06 | 000,072,704 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2006/11/28 18:58:06 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2006/11/27 06:09:09 | 000,645,120 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/21 14:57:36 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2006/11/20 11:57:47 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2006/11/20 11:57:47 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2006/11/20 11:57:47 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2006/11/14 11:38:59 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/13 20:07:45 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/13 20:07:41 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/13 20:07:38 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/13 20:07:38 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/13 06:32:52 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/10 14:50:53 | 000,227,328 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/11/10 14:43:38 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/08 06:00:13 | 000,030,976 | R--- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/11/06 01:09:26 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/28 01:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2006/10/18 12:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/10/18 11:43:18 | 000,124,256 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/05 17:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Rock'n'Roll Radio Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2337199&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://by102w.bay102.mail.live.com/mail/TodayLight.aspx?&n=596071042&gs=true"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.0.307.0\firefox\firefoxtoolbar\extensions [2010/02/12 13:15:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\Hotbar@Hotbar.com: C:\Program Files\Hotbar\bin\11.0.117.0\firefox\extensions
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/04 14:11:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 10:03:50 | 000,000,000 | ---D | M]

[2008/09/12 11:23:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/05/07 12:17:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeey37hr.default\extensions
[2009/04/24 13:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeey37hr.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/10/22 09:49:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeey37hr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/26 11:25:09 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeey37hr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/02/12 13:44:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeey37hr.default\extensions\browserhighlighter@ebay.com
[2009/10/06 17:26:10 | 000,000,896 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeey37hr.default\searchplugins\conduit.xml
[2008/09/15 12:53:43 | 000,001,196 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeey37hr.default\searchplugins\winamp-search.xml
[2009/12/03 12:01:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/02 15:53:08 | 000,070,448 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll

O1 HOSTS File: ([2010/05/07 11:32:34 | 000,304,259 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 10481 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe File not found
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOSecurity] C:\Program Files\Sony\VAIO Security Center\VSC.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [brdoevma] C:\Users\Owner\AppData\Local\exjpclxjo\kgiuriatssd.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} [You must be registered and logged in to see this link.] (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} [You must be registered and logged in to see this link.] (Pearson MathXL Player)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b63aaeb9-48ec-11dc-b840-001a800a6b52}\Shell\AutoRun\command - "" = F:\JDSecure\Windows\JDSecure20.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2010/05/06 14:18:54 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


Last edited by cynlj on 8th May 2010, 6:07 am; edited 1 time in total

cynlj
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-08
Gender Gender : Female
OS OS : Vista
Points Points : 24178
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by cynlj on 8th May 2010, 6:06 am

and the rest
-------------------------

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/07 21:12:03 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/05/07 14:23:43 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/05/07 14:23:43 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/05/07 14:23:27 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/05/07 14:23:21 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/05/07 14:23:07 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/05/07 14:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/05/07 14:22:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PC Tools
[2010/05/07 14:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/05/07 14:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/07 14:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/05/07 10:42:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\exjpclxjo
[2010/05/07 03:04:36 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/05/07 03:04:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/05/07 03:04:35 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/05/07 03:04:35 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/05/07 03:04:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/05/07 03:04:35 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/05/07 03:04:35 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/05/07 03:04:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/05/07 03:04:35 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/05/07 03:04:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/05/07 03:04:34 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/05/07 03:04:34 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/05/07 03:04:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/05/07 03:04:34 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/05/07 03:04:34 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/05/07 03:04:34 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/05/07 03:04:34 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/05/07 03:04:34 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/05/07 03:04:33 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/05/07 03:04:33 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/05/07 03:04:33 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/05/07 03:04:32 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/05/07 03:04:32 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/05/07 03:04:32 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/05/06 18:30:28 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010/05/06 18:20:50 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/05/06 18:20:50 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/05/06 18:20:50 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/05/06 18:15:48 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/05/06 18:15:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/05/06 18:15:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/05/06 14:17:09 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2010/05/04 14:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/04/16 11:55:46 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/16 11:55:45 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/16 11:55:05 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/16 11:54:15 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/16 11:54:15 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm

========== Files - Modified Within 30 Days ==========

[2010/05/07 22:28:26 | 005,767,168 | -HS- | M] () -- C:\Users\Owner\ntuser.dat
[2010/05/07 22:20:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/07 22:20:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/07 22:20:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/07 22:20:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/07 22:20:09 | 1061,367,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/07 22:19:10 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/07 22:19:10 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/07 22:18:52 | 002,210,641 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/05/07 21:12:50 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/05/07 20:30:16 | 352,012,296 | ---- | M] () -- C:\Users\Owner\Desktop\BACKUP_REGISTRY_7May2010PT2.reg
[2010/05/07 15:31:43 | 000,337,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/07 15:16:49 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/05/07 14:35:51 | 352,362,076 | ---- | M] () -- C:\Users\Owner\Desktop\BACKUP_REGISTRY_7May2010.reg
[2010/05/07 14:23:13 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/05/07 11:32:34 | 000,304,259 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/07 03:32:52 | 000,769,450 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/07 03:32:52 | 000,651,038 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/07 03:32:52 | 000,122,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/06 14:33:15 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/05/06 13:48:10 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2010/05/06 13:47:44 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2010/05/04 22:58:31 | 000,026,043 | ---- | M] () -- C:\Users\Owner\Desktop\pos494finalpaper2010.odt
[2010/05/04 14:26:53 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ClamWin Antivirus.lnk
[2010/05/04 14:12:46 | 000,304,259 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100507-113234.backup
[2010/05/03 12:05:01 | 000,173,962 | ---- | M] () -- C:\Users\Owner\Desktop\angel2.jpg
[2010/05/03 12:01:57 | 000,024,999 | ---- | M] () -- C:\Users\Owner\Desktop\angel1.jpg
[2010/05/02 22:08:41 | 006,020,096 | ---- | M] () -- C:\Users\Owner\Desktop\pos494pp2.ppt
[2010/05/02 21:32:19 | 000,089,600 | ---- | M] () -- C:\Users\Owner\Desktop\pos360FINALpaper2010.doc
[2010/05/01 14:09:19 | 000,010,705 | ---- | M] () -- C:\Users\Owner\Desktop\mermaid2.jpg
[2010/04/30 16:30:29 | 000,039,257 | ---- | M] () -- C:\Users\Owner\Desktop\me+ggpa.jpg
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys

========== Files Created - No Company Name ==========

[2010/05/07 20:26:02 | 352,012,296 | ---- | C] () -- C:\Users\Owner\Desktop\BACKUP_REGISTRY_7May2010PT2.reg
[2010/05/07 15:30:34 | 1061,367,808 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/07 14:33:28 | 352,362,076 | ---- | C] () -- C:\Users\Owner\Desktop\BACKUP_REGISTRY_7May2010.reg
[2010/05/07 14:23:43 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/05/07 14:23:27 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/05/07 14:23:26 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/05/07 14:23:13 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/05/07 14:23:07 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/05/07 03:04:36 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/07 03:04:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/05/07 03:04:34 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/05/04 22:58:31 | 000,026,043 | ---- | C] () -- C:\Users\Owner\Desktop\pos494finalpaper2010.odt
[2010/05/03 12:05:00 | 000,173,962 | ---- | C] () -- C:\Users\Owner\Desktop\angel2.jpg
[2010/05/03 12:01:16 | 000,024,999 | ---- | C] () -- C:\Users\Owner\Desktop\angel1.jpg
[2010/05/02 22:04:38 | 006,020,096 | ---- | C] () -- C:\Users\Owner\Desktop\pos494pp2.ppt
[2010/05/02 21:31:15 | 000,089,600 | ---- | C] () -- C:\Users\Owner\Desktop\pos360FINALpaper2010.doc
[2010/05/01 14:09:15 | 000,010,705 | ---- | C] () -- C:\Users\Owner\Desktop\mermaid2.jpg
[2010/04/30 16:30:18 | 000,039,257 | ---- | C] () -- C:\Users\Owner\Desktop\me+ggpa.jpg
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2007/06/13 13:46:06 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/06/13 13:42:35 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2006/12/18 23:35:57 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2006/12/18 21:59:52 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/12/18 21:59:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/12/18 21:59:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/12/18 21:59:51 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/30 19:13:32 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/11/30 19:13:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/30 19:12:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 00:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/19 00:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/19 00:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 00:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 00:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/01/19 00:42:58 | 000,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 00:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 00:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 00:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 00:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 00:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 00:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 00:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 00:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 00:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 00:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 00:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 00:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 00:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 00:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2009/08/14 06:53:16 | 002,035,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2006/11/13 20:07:45 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 00:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/12/18 21:33:17 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/07 22:20:09 | 1061,367,808 | -HS- | M] () -- C:\hiberfil.sys
[2007/06/13 12:59:08 | 000,000,344 | -H-- | M] () -- C:\IPH.PH
[2010/05/07 22:20:05 | 1377,247,232 | -HS- | M] () -- C:\pagefile.sys
[2009/04/06 11:16:26 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2009/04/06 11:16:26 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2008/10/19 21:49:01 | 001,265,421 | ---- | M] () -- C:\saida.txt
[2007/08/31 15:20:55 | 000,916,862 | ---- | M] () -- C:\TB.log
[2007/06/13 13:53:56 | 000,390,428 | ---- | M] () -- C:\vcredist_x86.log

< %PROGRAMFILES%\*. >
[2007/06/13 13:19:11 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2008/12/07 10:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/08/10 15:26:56 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2006/12/18 22:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint
[2009/09/25 07:44:40 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/04/06 11:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2008/09/17 12:14:14 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/04/13 13:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2009/09/25 07:49:51 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/05/04 14:26:53 | 000,000,000 | ---D | M] -- C:\Program Files\ClamWin
[2006/12/18 23:17:48 | 000,000,000 | ---D | M] -- C:\Program Files\CNN Pipeline
[2010/05/07 14:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/12/18 22:02:25 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2007/06/13 13:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2006/12/18 23:18:34 | 000,000,000 | ---D | M] -- C:\Program Files\Gametap
[2009/04/06 11:19:21 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/04/06 11:35:47 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/12/18 22:58:42 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/05/06 14:19:15 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/06/13 13:55:27 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2007/06/13 13:35:37 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2009/09/25 07:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/09/25 07:56:00 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/12/03 11:58:57 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/04/05 12:13:34 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/18 11:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/08/14 12:17:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2007/08/16 18:01:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2007/06/13 13:17:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/10/17 10:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/03/18 11:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2009/12/12 15:39:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/06/13 13:17:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2006/12/18 23:18:55 | 000,000,000 | ---D | M] -- C:\Program Files\MobiTV
[2010/05/06 14:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/03 10:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/06/13 13:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/08/12 17:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
[2007/06/13 12:59:02 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/09/08 17:59:52 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.4
[2009/09/08 01:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2009/09/25 07:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/08/12 17:54:52 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/10/19 21:43:58 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2007/06/13 13:39:45 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/02/12 13:15:47 | 000,000,000 | ---D | M] -- C:\Program Files\ShopperReports3
[2006/12/18 21:41:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2009/11/06 18:23:17 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2007/06/13 13:56:45 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2007/06/13 13:50:43 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2007/06/13 13:02:42 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Picture Games
[2009/04/05 22:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/07 14:23:43 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/11/06 18:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\tbh
[2006/11/02 06:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/08/12 17:04:03 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2010/02/12 13:24:03 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/04/26 11:37:44 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/05/06 14:19:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/05/06 14:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/05/06 14:19:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/05/06 14:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/03/18 11:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/18 11:22:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/05/06 14:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/05/06 14:19:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/05/06 14:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/05/06 14:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< %appdata%\*.* >


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/01 20:58:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/01 20:58:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/03/01 20:58:34 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/10 23:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 00:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/19 00:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 00:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 02:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 00:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 00:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2007/08/10 15:51:34 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2007/08/10 15:51:34 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2007/08/10 15:51:34 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/18 22:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/18 22:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/18 22:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 21:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 01:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-07 10:06:25

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

cynlj
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-08
Gender Gender : Female
OS OS : Vista
Points Points : 24178
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by chiaz on 8th May 2010, 6:26 am

A few things before we start....
1. Please Read All Instructions Carefully.
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you.
4. If you have to go away for an extended period of time, let me know.
5. Please continue to respond until I give you the "All Clear".
(Just because you can't see a problem doesn't mean it isn't there)



Please run OTL.exe.

  • Copy the text in red below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying



    :otl
    [2010/05/07 10:42:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\exjpclxjo
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DFC5A2B2



  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


===================

Next, download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply, along with the OTL fix log.

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-16
Gender Gender : Male
OS OS : Vista
Points Points : 26553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by cynlj on 8th May 2010, 7:39 am

Okay, here is the OTL.txt

========== OTL ==========
Folder C:\Users\Owner\AppData\Local\exjpclxjo\ not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05072010_235849


I ran the commy.exe, but in the log, there was no information.

However, the pop-ups have stopped :smile2:

cynlj
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-08
Gender Gender : Female
OS OS : Vista
Points Points : 24178
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by chiaz on 8th May 2010, 8:09 am

I ran the commy.exe, but in the log, there was no information.
How can that be? Can you elaborate?

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-16
Gender Gender : Male
OS OS : Vista
Points Points : 26553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by cynlj on 8th May 2010, 8:31 pm

Nevermind. Now I have the log file. I just wasn't patient enough I suppose. Smile

-------------------------

ComboFix 10-05-07.07 - Owner 05/08/2010 13:06:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.395 [GMT -7:00]
Running from: c:\users\Owner\Desktop\commy.exe
Command switches used :: /stepdel
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {9596F8E6-38C3-4C51-80B9-8C94D2E25B07}
SP: Spy Sweeper *enabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Trend Micro AntiVirus *enabled* (Updated) {7241C815-3D0F-4059-9AF4-BF225B1D78B9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\HotbarSA
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\users\Owner\AppData\Roaming\Hotbar
c:\program files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
c:\programdata\HotbarSA\HotbarSA.dat
c:\programdata\HotbarSA\HotbarSA_hpk.dat
c:\programdata\HotbarSA\HotbarSA_kyf_update.dat
c:\programdata\HotbarSA\HotbarSAAbout.mht
c:\programdata\HotbarSA\HotbarSAau.dat
c:\programdata\HotbarSA\HotbarSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk
c:\programdata\pswi_preloaded.exe
c:\users\Owner\AppData\Roaming\Hotbar\Weather\history
c:\users\Owner\AppData\Roaming\Hotbar\Weather\Weather_XML\Default
c:\users\Owner\AppData\Roaming\Hotbar\Weather\Weather_XML\Genera1
c:\users\Owner\AppData\Roaming\Hotbar\Weather\Weather_XML\General
c:\users\Owner\AppData\Roaming\Hotbar\Weather\WeatherDPA\Links
c:\users\Owner\AppData\Roaming\Hotbar\Weather\WeatherDPA\radar-big.jpg
c:\users\Owner\AppData\Roaming\Hotbar\Weather\WeatherDPA\radar-small
c:\users\Owner\AppData\Roaming\Hotbar\Weather\WeatherDPA\satellite-big.jpg
c:\users\Owner\AppData\Roaming\Hotbar\Weather\WeatherDPA\satellite-small
c:\users\Owner\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\Display
c:\users\Owner\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\Loading
c:\users\Owner\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\screen2
c:\users\Owner\AppData\Roaming\Hotbar\Weather\WeatherDPA\WeatherPreferences
c:\users\Owner\AppData\Roaming\Hotbar\Weather\WeatherStartup.xml

.
((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-08 20:16 . 2010-05-08 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-08 07:17 . 2010-05-08 07:19 -------- d-----w- C:\commy
2010-05-08 06:40 . 2010-05-08 06:40 -------- d-----w- C:\_OTL
2010-05-07 01:30 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2010-05-07 01:30 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-05-07 01:20 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2010-05-07 01:20 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2010-05-07 01:20 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2010-05-07 01:20 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2010-05-07 01:20 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2010-05-07 01:15 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2010-05-07 01:15 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2010-05-07 01:15 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2010-05-07 01:15 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2010-05-07 01:15 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-05-07 01:15 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2010-05-07 01:15 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-05-06 21:17 . 2010-05-06 21:17 -------- d-----w- C:\PerfLogs
2010-05-06 20:14 . 2010-05-06 20:14 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-04 21:39 . 2010-05-04 21:39 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-16 18:55 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-16 18:55 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-16 18:55 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-16 18:55 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-16 18:55 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-16 18:55 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-16 18:54 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-16 18:54 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-16 18:54 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-16 18:54 . 2008-01-19 05:55 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-16 18:42 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-16 18:42 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 19:18 . 2008-09-09 01:06 -------- d-----w- c:\users\Owner\AppData\Roaming\OpenOffice.org2
2010-05-07 22:16 . 2009-12-03 18:53 1356 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat
2010-05-06 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-06 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-06 21:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-06 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-06 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-06 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-06 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-06 21:17 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-06 20:48 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-06 20:47 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-04 22:08 . 2008-09-09 01:07 1 ----a-w- c:\users\Owner\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-05-04 21:26 . 2009-04-06 06:23 -------- d-----w- c:\program files\ClamWin
2010-05-04 10:08 . 2007-06-13 20:15 -------- d-----w- c:\programdata\Microsoft Help
2010-05-04 07:57 . 2009-11-07 01:28 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2010-05-04 07:04 . 2009-11-07 01:30 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2010-05-02 22:36 . 2007-08-10 22:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Sony Corporation
2010-03-29 00:33 . 2007-08-15 05:28 -------- d-----w- c:\users\Owner\AppData\Roaming\Corel
2010-03-09 16:28 . 2010-04-01 00:06 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-04-01 00:05 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-04-01 00:05 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-01 03:07 . 2007-08-10 22:19 81680 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 17:16 . 2009-10-03 17:20 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:39 . 2010-04-02 18:21 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-04-02 18:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-04-02 18:20 411136 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Windows Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-11-14 472632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-14 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-14 81920]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2006-11-28 2150400]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 411768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-14 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-14 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-14 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-04-14 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-05-08 492840]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-10-17 960032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 18:36 73728 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 rjkivu;rjkivu;c:\windows\system32\drivers\gvapwqu.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2006-10-12 741376]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2006-10-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-10-11 1089536]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-11-29 72704]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-11-29 43904]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-11-08 30976]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-11-10 227328]

.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {433E24F8-0410-4C0A-985B-F70F804BA56D} = 66.174.92.14 69.78.96.14
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeey37hr.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-brdoevma - c:\users\Owner\AppData\Local\exjpclxjo\kgiuriatssd.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire\Corel PhotoDownloader.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-08 13:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-08 13:21:49
ComboFix-quarantined-files.txt 2010-05-08 20:21

Pre-Run: 103,796,273,152 bytes free
Post-Run: 103,789,268,992 bytes free

- - End Of File - - DE6A044657368CF9717F79C50CE1FDEF

cynlj
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-08
Gender Gender : Female
OS OS : Vista
Points Points : 24178
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by chiaz on 9th May 2010, 1:54 pm

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the codebox below into it:

Code:

Driver::
rjkivu
Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your new reply.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-16
Gender Gender : Male
OS OS : Vista
Points Points : 26553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by cynlj on 9th May 2010, 8:47 pm

Here's the log:
---------------------------
ComboFix 10-05-08.02 - Owner 05/09/2010 13:09:31.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.392 [GMT -7:00]
Running from: c:\users\Owner\Desktop\commy.exe
Command switches used :: c:\users\Owner\Desktop\CFscript.txt
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {9596F8E6-38C3-4C51-80B9-8C94D2E25B07}
SP: Spy Sweeper *enabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Trend Micro AntiVirus *enabled* (Updated) {7241C815-3D0F-4059-9AF4-BF225B1D78B9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_rjkivu


((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.

2010-05-09 20:20 . 2010-05-09 20:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-09 20:20 . 2010-05-09 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-08 20:03 . 2010-05-08 20:21 -------- d-----w- C:\commy1631c
2010-05-08 07:17 . 2010-05-08 07:19 -------- d-----w- C:\commy
2010-05-08 06:40 . 2010-05-08 06:40 -------- d-----w- C:\_OTL
2010-05-07 01:30 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2010-05-07 01:30 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-05-07 01:20 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2010-05-07 01:20 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2010-05-07 01:20 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2010-05-07 01:20 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2010-05-07 01:20 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2010-05-07 01:15 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2010-05-07 01:15 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2010-05-07 01:15 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2010-05-07 01:15 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2010-05-07 01:15 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-05-07 01:15 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2010-05-07 01:15 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-05-06 21:17 . 2010-05-06 21:17 -------- d-----w- C:\PerfLogs
2010-05-04 21:39 . 2010-05-04 21:39 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-16 18:55 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-16 18:55 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-16 18:55 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-16 18:55 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-16 18:55 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-16 18:55 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-16 18:54 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-16 18:54 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-16 18:54 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-16 18:54 . 2008-01-19 05:55 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-16 18:42 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-16 18:42 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 20:28 . 2008-09-09 01:06 -------- d-----w- c:\users\Owner\AppData\Roaming\OpenOffice.org2
2010-05-07 22:16 . 2009-12-03 18:53 1356 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat
2010-05-06 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-06 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-06 21:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-06 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-06 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-06 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-06 21:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-06 20:48 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-06 20:47 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 20:14 . 2010-05-06 20:14 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-04 22:08 . 2008-09-09 01:07 1 ----a-w- c:\users\Owner\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-05-04 21:26 . 2009-04-06 06:23 -------- d-----w- c:\program files\ClamWin
2010-05-04 10:08 . 2007-06-13 20:15 -------- d-----w- c:\programdata\Microsoft Help
2010-05-04 07:57 . 2009-11-07 01:28 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2010-05-04 07:04 . 2009-11-07 01:30 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2010-05-02 22:36 . 2007-08-10 22:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Sony Corporation
2010-03-29 00:33 . 2007-08-15 05:28 -------- d-----w- c:\users\Owner\AppData\Roaming\Corel
2010-03-09 16:28 . 2010-04-01 00:06 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-04-01 00:05 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-04-01 00:05 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-01 03:07 . 2007-08-10 22:19 81680 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 17:16 . 2009-10-03 17:20 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:39 . 2010-04-02 18:21 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-04-02 18:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-04-02 18:20 411136 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Windows Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-11-14 472632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-14 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-14 81920]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2006-11-28 2150400]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 411768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-14 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-14 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-14 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-04-14 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-05-09 492840]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-10-17 960032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 18:36 73728 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2006-10-12 741376]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2006-10-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-10-11 1089536]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-11-29 72704]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-11-29 43904]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-11-08 30976]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-11-10 227328]

.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {D3EACDD9-3672-4FDA-96DE-A1843CB50F30} = 66.174.92.14 69.78.96.14
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeey37hr.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\system32\conime.exe
c:\program files\Sony\SonicStage\SSAAD.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-09 13:36:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-09 20:36
ComboFix2.txt 2010-05-08 20:21

Pre-Run: 103,721,226,240 bytes free
Post-Run: 103,361,040,384 bytes free

- - End Of File - - 648ACECCDD1C7694DA08A5D07A79B0F3

cynlj
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-08
Gender Gender : Female
OS OS : Vista
Points Points : 24178
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by chiaz on 11th May 2010, 7:35 am

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


=======================

Next, run a free online scan with [You must be registered and logged in to see this link.].
Note: You will need to use Internet Explorer for this scan
    .
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-16
Gender Gender : Male
OS OS : Vista
Points Points : 26553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by cynlj on 11th May 2010, 9:31 pm

log.txt from EsetOnlineScanner
--------------------------

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

cynlj
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-08
Gender Gender : Female
OS OS : Vista
Points Points : 24178
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by chiaz on 12th May 2010, 1:35 pm

Looks good to me. How's your PC running at this point in time?

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-16
Gender Gender : Male
OS OS : Vista
Points Points : 26553
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by cynlj on 17th May 2010, 3:38 am

Much better! I really appreciate your help getting rid of this problem, chiaz. Thanks again!! Smile

cynlj
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-08
Gender Gender : Female
OS OS : Vista
Points Points : 24178
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help to remove BankerFox.A and Win32/Nuqel.E

Post by chiaz on 17th May 2010, 8:53 am

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hide System files and folders, and reset System Restore.



You should be all good to go now. Smile

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-16
Gender Gender : Male
OS OS : Vista
Points Points : 26553
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum