Win32/nuqel.e & BankerFox.A Please Help!!!

View previous topic View next topic Go down

Win32/nuqel.e & BankerFox.A Please Help!!!

Post by jrstevens0321 on 9th May 2010, 10:36 pm

Have no clue how I obtained these but I have them nonetheless. I will do whatever it takes to get rid of these. I am using and alternate laptop to post because the virus had disabled my internet so I am not able to download anything. I do have a flashdrive and an alternate computer if anything is needed. Please help I really need to get this computer going. Thanks in advance.

Update: 6:15 - After restarting the computer I was able to get taskmanager to start running before the program blocked it. Ad-Aware also detected the problem. I kept deleting processes until finally I got the the popups to stop. I was then able to use Ad-Aware and remove what it had found. Next I am in the process of running spybot, which has found 2 other problems so far and is only about 25% through. However my internet explorer will not work. I have internet connection because I can use it for other stuff just not internet explorer. Any further guidance is greatly appreciated.

jrstevens0321
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-05-09
OS OS : Vista
Points Points : 24208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by Belahzur on 9th May 2010, 11:43 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

OTL.txt

Post by jrstevens0321 on 10th May 2010, 1:51 am

OTL logfile created on: 5/9/2010 8:42:53 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Josh\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.68 Gb Total Space | 32.57 Gb Free Space | 31.42% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOSH-LAPTOP
Current User Name: Josh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/09 20:42:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/04 12:30:26 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 06:30:27 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/10 00:41:52 | 002,788,152 | ---- | M] ([You must be registered and logged in to see this link.] -- C:\Program Files\BitComet\BitComet.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/03 08:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/07/02 13:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2006/11/02 04:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2010/05/09 20:42:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 02:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/04 12:30:26 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/03 18:04:42 | 001,685,024 | ---- | M] (南京纳加软件有限公司) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 02:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/23 07:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/11/20 15:20:36 | 000,103,808 | ---- | M] (TechFaith Wireless Technology Limited.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tfusbser.sys -- (qcusbser)
DRV - [2008/07/22 08:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/19 00:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/19 00:49:39 | 000,521,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/21 14:49:47 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/02/21 14:49:47 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/02/21 14:49:47 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2007/01/06 00:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
DRV - [2006/12/13 19:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.10
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.6.8.107
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&type=&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/30 21:11:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/07 22:38:05 | 000,000,000 | ---D | M]

[2009/09/03 23:49:56 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2009/06/17 00:23:44 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/05/07 22:55:01 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\yddtsj2l.default\extensions
[2009/09/03 23:53:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\yddtsj2l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/24 11:15:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\yddtsj2l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/28 20:27:00 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\yddtsj2l.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/05/07 22:52:57 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\yddtsj2l.default\extensions\toolbar@ask.com
[2010/01/27 20:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/17 03:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Magellan CmTray] C:\Program Files\Content Manager\CmTray.exe (Mitac Digital Corporation.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [tgxqmwho] C:\Users\Josh\AppData\Local\yycsyfqso\raopdrytssd.exe File not found
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: convergysworkathome.com ([www] * in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] (SpinTop DRM Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} [You must be registered and logged in to see this link.] (QOLCheck Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [You must be registered and logged in to see this link.] (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} [You must be registered and logged in to see this link.] (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} [You must be registered and logged in to see this link.] (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} [You must be registered and logged in to see this link.] (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [You must be registered and logged in to see this link.] (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Josh\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Josh\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ac86c8f-050c-11df-a647-001d0939c1b5}\Shell - "" = AutoRun
O33 - MountPoints2\{2ac86c8f-050c-11df-a647-001d0939c1b5}\Shell\AutoRun\command - "" = D:\install.EXE id= ver=1.0.0.0 -- File not found
O33 - MountPoints2\{2fa1cb40-cf6c-11de-9f3f-001d0939c1b5}\Shell - "" = AutoRun
O33 - MountPoints2\{2fa1cb40-cf6c-11de-9f3f-001d0939c1b5}\Shell\AutoRun\command - "" = E:\Launcher.exe -- File not found
O33 - MountPoints2\{69fcabf5-927c-11de-9fe6-001d0939c1b5}\Shell - "" = AutoRun
O33 - MountPoints2\{69fcabf5-927c-11de-9fe6-001d0939c1b5}\Shell\AutoRun\command - "" = E:\seamlessKeyLauncher.exe -- File not found
O33 - MountPoints2\{69fcabfc-927c-11de-9fe6-001d0939c1b5}\Shell - "" = AutoRun
O33 - MountPoints2\{69fcabfc-927c-11de-9fe6-001d0939c1b5}\Shell\AutoRun\command - "" = E:\seamlessKeyLauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/09 20:42:25 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2010/05/09 17:01:09 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\Agent.OMZ.Fix.exe
[2010/05/09 17:01:08 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe
[2010/05/09 17:01:08 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe
[2010/05/09 17:01:08 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe
[2010/05/09 17:01:08 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe
[2010/05/09 17:01:08 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe
[2010/05/09 17:01:08 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe
[2010/05/09 17:01:08 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe
[2010/05/09 17:01:08 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe
[2010/05/09 17:01:08 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe
[2010/05/09 17:01:08 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe
[2010/05/09 15:42:33 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\yycsyfqso
[2010/05/08 21:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2010/05/08 01:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/08 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/08 01:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/07 22:53:55 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\AskToolbar
[2010/05/07 22:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/13 13:06:24 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/13 13:06:24 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/13 13:06:21 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/13 13:06:08 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/13 13:06:08 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/11 01:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\FitnessApps
[2010/04/10 22:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo

========== Files - Modified Within 30 Days ==========

[2010/05/09 20:42:44 | 006,815,744 | -HS- | M] () -- C:\Users\Josh\NTUSER.DAT
[2010/05/09 20:42:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2010/05/09 20:05:07 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/09 20:05:06 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/05/09 20:05:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/05/09 20:05:04 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/05/09 20:05:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/05/09 20:01:43 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/09 20:01:43 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/09 20:01:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/09 20:01:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/09 20:01:29 | 2011,172,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/09 19:57:58 | 000,524,288 | -HS- | M] () -- C:\Users\Josh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/09 19:57:58 | 000,065,536 | -HS- | M] () -- C:\Users\Josh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/09 19:57:41 | 001,832,893 | -H-- | M] () -- C:\Users\Josh\AppData\Local\IconCache.db
[2010/05/09 17:20:06 | 000,247,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/09 17:01:17 | 000,004,610 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/05/08 23:26:24 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0D0B1192-55BA-412A-8820-471B8F62EA91}.job
[2010/05/08 01:17:34 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/07 22:49:21 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2010/05/07 22:46:19 | 000,001,700 | ---- | M] () -- C:\Users\Josh\Desktop\LimeWire 5.5.8.lnk
[2010/05/07 22:38:05 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/13 00:16:36 | 000,041,306 | ---- | M] () -- C:\Users\Josh\Desktop\BUDGET.pdf
[2010/04/11 20:28:30 | 000,010,752 | ---- | M] () -- C:\Users\Josh\Documents\workout.doc
[2010/04/10 22:22:16 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Leawo Free MP4 Converter.lnk
[2010/04/10 22:19:35 | 000,030,720 | ---- | M] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/05/09 17:19:38 | 2011,172,864 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/09 17:01:17 | 000,004,610 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/05/09 17:01:08 | 000,075,776 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2010/05/09 17:01:08 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2010/05/09 17:01:08 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2010/05/09 16:37:41 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/08 01:33:47 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/05/08 01:33:46 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/05/08 01:33:46 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/05/08 01:33:44 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/05/08 01:17:34 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/07 22:46:19 | 000,001,700 | ---- | C] () -- C:\Users\Josh\Desktop\LimeWire 5.5.8.lnk
[2010/04/13 00:14:02 | 000,041,306 | ---- | C] () -- C:\Users\Josh\Desktop\BUDGET.pdf
[2010/04/10 22:22:16 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Leawo Free MP4 Converter.lnk
[2010/04/10 21:16:22 | 000,010,752 | ---- | C] () -- C:\Users\Josh\Documents\workout.doc
[2010/02/12 18:07:51 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/02 08:38:28 | 000,000,094 | ---- | C] () -- C:\Windows\awshkwv.ini
[2009/06/27 12:12:55 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Video to DVD.INI
[2009/06/20 20:22:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/10 13:45:24 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/06/10 13:45:24 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/06/03 03:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/08/06 18:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:9D742B1A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C
< End of report >

jrstevens0321
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-05-09
OS OS : Vista
Points Points : 24208
# Likes # Likes : 0

View user profile

Back to top Go down

Extras.txt

Post by jrstevens0321 on 10th May 2010, 1:52 am

OTL Extras logfile created on: 5/9/2010 8:42:53 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Josh\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.68 Gb Total Space | 32.57 Gb Free Space | 31.42% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOSH-LAPTOP
Current User Name: Josh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [- Browse with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browse" "%1" (Giorgio Tani)
Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03995962-5466-4B21-BB98-4582E7BA1382}" = rport=139 | protocol=6 | dir=out | app=system |
"{0581A0F0-A468-4EC6-ABB1-FD5DC90BCAC8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E1E1F84-8A58-42A9-B663-918EE93EBC09}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F06E073-9922-4349-8D80-1ACA6D2B22C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B132DD1-5A2D-468A-B102-B4BA57C8DD6D}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E277101-84E5-4D46-89DD-5AC48D1BECA1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{21B19B27-7759-41F8-A455-83AB54D2BF76}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{24CF0D8D-FC78-4EF7-A5AF-7D5695306050}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2682E0A6-6893-438A-AEFE-2E2E12E7E505}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{277C687B-AD91-430A-A633-CF9E004230C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28C83B32-D109-43C1-BCA6-83AFB1CD13E9}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2D12517F-07B7-4B5F-85DE-1ED267C6976E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2D22CC01-E425-443B-8C81-37FBA7C3470F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30E7DBB2-933D-462F-806B-34BE3C4DE964}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3220696D-923E-482B-9F8C-FF660FD51871}" = lport=138 | protocol=17 | dir=in | app=system |
"{451E2390-7645-45B0-9429-108131FDE565}" = lport=3390 | protocol=6 | dir=in | app=system |
"{4AAE132C-0B71-4EB7-9A86-353058C0DBFC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5FBD6198-76C2-49EF-8629-03570FB52CCE}" = lport=445 | protocol=6 | dir=in | app=system |
"{60838DA3-9B31-4C0D-8114-5B87074794B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71B6143E-36EE-4213-B1EF-6FDC1509046F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{852934F5-E5BF-4966-9707-DE94FB5D3388}" = lport=10244 | protocol=6 | dir=in | app=system |
"{86253906-2142-44EC-B254-2C0C6C625A51}" = lport=10244 | protocol=6 | dir=in | app=system |
"{90AAAF11-1FF1-4F36-AE5F-DB468263765A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{96A82FEF-10FD-4AA5-AA22-63ECBECE15DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98277809-700B-41D3-B6D5-B6297DEC04CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98AE9C01-1B89-49E1-9F6A-0DBB403C193B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99BA7934-7A18-4216-8ED1-931182E2969A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AB9C03D7-8F7C-40B8-AD79-C9FCF41D329F}" = lport=139 | protocol=6 | dir=in | app=system |
"{ADA65C9F-02F8-4E8C-9C81-DEFEE40A4987}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B1CE5DAB-2256-4B17-B2E0-0ECAAD62586E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B214732C-8099-4C1E-B9AA-492784BC0C18}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA3C266D-4D0E-4763-851C-955669CB5062}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C6B7F7F3-A668-4465-A009-C1C03BC5482C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D28E68EC-D473-448C-B902-401681324C49}" = rport=137 | protocol=17 | dir=out | app=system |
"{D2E114DE-9F00-4D83-B178-87B11AF300E5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D3E231F2-37DA-4578-B21D-09F2C334C30F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DC66E16B-4FDB-4694-8244-AE9EAF464D3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DCA9F982-48FB-4806-B08C-0BE645F1952A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDCE597A-50AC-476E-A5F1-C8717EF10D61}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EE764B0D-D389-48AE-886D-3A66D4C15BC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F7CAF7C6-D07F-42F8-9982-75912039E6FC}" = lport=137 | protocol=17 | dir=in | app=system |
"{F8D99C43-D6A4-4DF4-8864-A5B1338B0DCF}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FAC6BD5F-3CFB-40AC-86CC-2B9699D3B21C}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01612EB3-17BC-4CB8-8B50-9931B0E9AEBC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{06E77A28-152A-4E67-B0DD-2D4D9E3FC5CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{09694DBC-93CC-405B-84F5-5C4DEF409DF6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0A5AB778-27B0-4099-86E5-FAC382EBD09C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C676F28-E6C4-4EBD-805B-CF6A429F852A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10DFE75E-61A4-4DB8-BEE8-583B06268C5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10F72D05-8CFD-4C75-B897-5D255D721B56}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1450CDF0-FE84-4EA1-8B41-90D77F67E62A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C215780-FF93-45D6-AD7F-F39D64D7999C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{304383AA-F1CA-4F44-9F09-45519CAF2604}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{321AE73F-F915-4CFC-B11F-B088525D2336}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3A32CB32-605C-476B-85FE-D1FC931DE6FE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3D530031-B7DE-47E9-A8C3-775752C22270}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4DF4D838-414B-48C9-811D-9F1963F2D918}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6252F653-F21C-4829-8021-826750DF7DB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F7A0542-1E7B-4280-A223-70EA5E956D06}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{70C3826E-ACA4-47B9-81CC-9DB573892F3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7905E623-A85A-497C-A414-50B109FEF2E5}" = protocol=6 | dir=out | app=system |
"{7C8664FC-9C18-47BD-86A0-BB282A39023D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8921A514-675F-4839-891D-0E5EB6828D95}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{952E1B9D-2927-46C2-B294-D2A8E5044797}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{954AA69C-8E18-4CD0-AF6B-9F11BEECB074}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{A6874F4A-A3BE-4EBB-AF88-1A5CB0B96EC0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA19A1B1-6938-4E0B-9E7F-71D4E8069A28}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{C3A5F290-9E17-46AC-8D8E-75312CDDCD64}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{C6EC18DC-93BB-4898-B80A-D517FF30A9AE}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C76BCC1D-00C0-47C1-A554-B894FAFA03AC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CC0BE366-84AA-466A-8514-B7FAB6A9A633}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE02736C-9CA9-4485-8006-8B4537264476}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0221C20-1511-4822-9656-DFF8D58B7343}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D2B8006B-1FF1-4BC3-B5F4-C1ADF62A3F3D}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D9D952C1-53B8-42C6-8CAB-173F63A78D48}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DAB9D722-0A45-4BEE-B2A3-F7F32DCA2EF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2246119-439B-4909-AA1A-4A087C948C2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2EC76E0-B4C5-4D94-A17C-CBA17169537F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EF2F327D-F4F9-416A-AC8E-66DD6CDF7230}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{FD5900E1-6ADC-437B-BB55-80E9517516F7}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{FEEB4DEE-5876-4238-923F-67845D66F698}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"TCP Query User{3004B7E5-9BC9-48F8-9281-C351BBD2D644}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A3D00D95-51B2-4A86-A2F6-160EC0A6FB81}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{A7BC0E30-3DD5-4DCC-8436-1EC2E4797668}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{B21295ED-7C50-4814-BE36-21BF36EDC60A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D9538A55-F955-45A0-AC23-AD14675A3118}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{DF6E38C2-2A0D-466B-AD08-E22592AFA16B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0BBFFD93-5BEF-436A-B683-E2F28C49CFD8}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{15B6FDAF-68D6-48E1-8FD5-A5E7499B5B9E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{30AC126E-37BA-4E01-BB2B-7B407395FCA1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{45707112-94DF-4A4A-AE3B-FA1023617D29}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{70A60BB0-CDC8-4405-A7B8-C5574EEDE054}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{73118661-BCFD-4DAD-BEFA-659260FB7602}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14021E77-2FC1-4972-8C51-08808CD62838}_is1" = Leawo Free MP4 Converter version 2.3.0.8
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.6.3
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AD9C3298-BB14-766D-3217-A4129C6BE401}" = Elf Bowling 7 - The Last Insult
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D69F6DA9-46CF-3EFD-DC4B-9E38F75F5B10}" = Super Collapse 3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"BitComet" = BitComet 1.16
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Elf Bowling 7 - The Last Insult" = Elf Bowling 7 - The Last Insult (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic)
"LimeWire" = LimeWire 5.5.8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MpcStar" = MpcStar 4.4
"SpeedFan" = SpeedFan (remove only)
"StreamTorrent 1.0" = StreamTorrent 1.0
"Super Collapse 3" = Super Collapse 3 (remove only)
"TVAnts 1.0" = TVAnts 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/27/2009 12:13:45 PM | Computer Name = Josh-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\101KZ812\101_0714.JPG failed, 0000045D.

Error - 11/27/2009 12:13:48 PM | Computer Name = Josh-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\101KZ812\101_0714.JPG failed, 0000045D.

Error - 11/27/2009 12:13:53 PM | Computer Name = Josh-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\101KZ812\101_0714.JPG failed, 0000045D.

Error - 11/27/2009 12:13:59 PM | Computer Name = Josh-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\101KZ812\101_0714.JPG failed, 0000045D.

Error - 11/27/2009 12:14:05 PM | Computer Name = Josh-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\101KZ812\101_0714.JPG failed, 0000045D.

Error - 11/27/2009 12:14:06 PM | Computer Name = Josh-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\101KZ812\101_0715.JPG failed, 0000045D.

Error - 11/27/2009 12:14:08 PM | Computer Name = Josh-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\101KZ812\101_0715.JPG failed, 0000045D.

Error - 11/27/2009 12:14:14 PM | Computer Name = Josh-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\101KZ812\101_0715.JPG failed, 0000045D.

Error - 6/20/2008 4:10:27 AM | Computer Name = Josh-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.]
failed, 00000084.

Error - 6/20/2008 4:25:14 AM | Computer Name = Josh-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.]
failed, 00000084.

[ Application Events ]
Error - 5/9/2010 3:19:16 PM | Computer Name = Josh-Laptop | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/9/2010 3:19:16 PM | Computer Name = Josh-Laptop | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/9/2010 3:19:16 PM | Computer Name = Josh-Laptop | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/9/2010 5:33:19 PM | Computer Name = Josh-Laptop | Source = EventSystem | ID = 4621
Description =

Error - 5/9/2010 5:41:19 PM | Computer Name = Josh-Laptop | Source = EventSystem | ID = 4621
Description =

Error - 5/9/2010 5:44:15 PM | Computer Name = Josh-Laptop | Source = Application Error | ID = 1000
Description = Faulting application wmpnetwk.exe, version 11.0.6001.7000, time stamp
0x47919370, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00066796, process id 0x5ac, application
start time 0x01caefc0b6961808.

Error - 5/9/2010 5:49:07 PM | Computer Name = Josh-Laptop | Source = LoadPerf | ID = 3002
Description =

Error - 5/9/2010 5:56:51 PM | Computer Name = Josh-Laptop | Source = EventSystem | ID = 4609
Description =

Error - 5/9/2010 6:28:47 PM | Computer Name = Josh-Laptop | Source = LoadPerf | ID = 3002
Description =

Error - 5/9/2010 8:57:54 PM | Computer Name = Josh-Laptop | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 7/9/2009 12:03:50 AM | Computer Name = Josh-Laptop | Source = Mcx2Svc | ID = 301
Description =

Error - 7/9/2009 12:05:42 AM | Computer Name = Josh-Laptop | Source = Mcx2Dvcs | ID = 405
Description =

[ System Events ]
Error - 8/28/2009 3:33:51 PM | Computer Name = Josh-Laptop | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{57EE2FD4-AED8-489E-987C-6F686165DC27}
because another computer on the network has the same name. The server could not
start.

Error - 8/31/2009 2:03:13 AM | Computer Name = Josh-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 8/31/2009 2:03:13 AM | Computer Name = Josh-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 8/31/2009 11:42:43 AM | Computer Name = Josh-Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 8/31/2009 11:43:02 AM | Computer Name = Josh-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 9/3/2009 3:27:04 AM | Computer Name = Josh-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 9/4/2009 12:29:07 AM | Computer Name = Josh-Laptop | Source = DCOM | ID = 10016
Description =

Error - 9/4/2009 12:30:37 AM | Computer Name = Josh-Laptop | Source = DCOM | ID = 10016
Description =

Error - 9/5/2009 7:34:09 PM | Computer Name = Josh-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 9/6/2009 4:13:05 PM | Computer Name = Josh-Laptop | Source = Service Control Manager | ID = 7030
Description =


< End of report >

jrstevens0321
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-05-09
OS OS : Vista
Points Points : 24208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by jrstevens0321 on 10th May 2010, 1:24 pm

Update: The only problems I am having now is that I cannot use internet explorer however I do have internet connection. There is also some malware that spybot picks up but won't let me take it off because it says that I am not the administrator, however that is the only login on the pc.

Update 4:15 pm cst: I have discovered that I am able to use firefox and go anywhere I need to. I am still only having the problems with IE and the malware found by spybot. I go to work wednesday and will be gone for a week without internet access. So any instructions posted during this time I will have to wait until I come back home to do. Thanks in advance for your help because this has really gotten the best of me.

jrstevens0321
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-05-09
OS OS : Vista
Points Points : 24208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by Belahzur on 10th May 2010, 9:38 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKCU..\Run: [tgxqmwho] C:\Users\Josh\AppData\Local\yycsyfqso\raopdrytssd.exe File not found
    [2010/05/09 15:42:33 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\yycsyfqso



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by jrstevens0321 on 10th May 2010, 10:45 pm

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tgxqmwho deleted successfully.
C:\Users\Josh\AppData\Local\yycsyfqso folder moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05102010_174440

jrstevens0321
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-05-09
OS OS : Vista
Points Points : 24208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by Belahzur on 11th May 2010, 7:33 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by jrstevens0321 on 11th May 2010, 7:50 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4090

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/11/2010 2:49:38 PM
mbam-log-2010-05-11 (14-49-38).txt

Scan type: Quick scan
Objects scanned: 130418
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

jrstevens0321
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-05-09
OS OS : Vista
Points Points : 24208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by Belahzur on 11th May 2010, 7:54 pm

Hello.

I see that you are running Limewire and BitComet.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    BitComet 1.16
    Java(TM) 6 Update 18
    Java(TM) SE Runtime Environment 6
    LimeWire 5.5.8

  • Click on the Uninstall/Change button at the top.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by jrstevens0321 on 11th May 2010, 8:04 pm

Here is the problem as I posted before I cannot use Internet Explorer. It will not pull up any sites. I am able to use Firefox but that is it. Suggestions?

jrstevens0321
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-05-09
OS OS : Vista
Points Points : 24208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by jrstevens0321 on 11th May 2010, 9:04 pm

I tried downloading it and running it but it keeps saying it cannot update is proxy configured. I know nothing about the proxy and have never messed with it. My internet has always just been directly connected.

jrstevens0321
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-05-09
OS OS : Vista
Points Points : 24208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by Belahzur on 12th May 2010, 10:25 pm

Hello.
Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Try now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by jrstevens0321 on 19th May 2010, 2:33 pm

Well after doing this in internet explorer it began working like it was supposed to. I was then able to run the scanner, it found and fixed 13 infected files and here is what the log showed:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

jrstevens0321
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-05-09
OS OS : Vista
Points Points : 24208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by Belahzur on 19th May 2010, 10:33 pm

Hello.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by jrstevens0321 on 19th May 2010, 11:07 pm

The machine seems to be running fine now and no problems with my internet explorer. Thanks for all your help.

jrstevens0321
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-05-09
OS OS : Vista
Points Points : 24208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.e & BankerFox.A Please Help!!!

Post by Belahzur on 20th May 2010, 10:45 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum