Bankerfox.a and Win32/Nugel.E

View previous topic View next topic Go down

Solved Bankerfox.a and Win32/Nugel.E

Post by d_day1313 on Mon May 17, 2010 9:05 pm

i was reading some the other posts and i seen that you always say to run the OTl program so i did heres my log

OTL logfile created on: 5/17/2010 4:29:28 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Tony\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 164.63 Gb Free Space | 75.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 6.81 Gb Free Space | 46.49% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TONY-PC
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/17 16:21:54 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
PRC - [2010/05/17 16:00:48 | 000,059,648 | ---- | M] () -- C:\Users\Tony\AppData\Local\asam.exe
PRC - [2010/05/17 05:14:19 | 000,300,800 | ---- | M] () -- C:\Users\Tony\AppData\Local\rfoaphwsj\mwesadftssd.exe
PRC - [2010/03/30 11:43:21 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Tony\Program Files\DNA\btdna.exe
PRC - [2010/03/30 08:14:36 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/12/01 13:38:47 | 003,951,976 | ---- | M] (AOL LLC) -- C:\Program Files\AIM\aim.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/25 17:25:20 | 000,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/03/25 17:25:20 | 000,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/03/25 11:05:48 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/03/24 00:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/03/19 11:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/02/27 16:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\sminst\SftService.exe
PRC - [2009/01/30 01:50:10 | 001,017,648 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/01/30 01:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/09 13:06:32 | 001,735,760 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/01/09 11:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/09 09:22:10 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/01/09 08:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/01/05 18:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 18:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/18 00:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files\Dell Video Chat\DellVideoChat.exe
PRC - [2008/12/15 00:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/15 00:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/15 00:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/03 10:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/09/04 01:29:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/09/04 01:29:10 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/09/04 01:29:10 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 18:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/20 22:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/21 14:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
PRC - [2007/09/14 14:35:04 | 005,730,304 | ---- | M] () -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/05/17 16:21:54 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/06 04:43:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/01 14:21:30 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/03/25 17:25:20 | 000,797,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/03/25 11:05:48 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/03/24 00:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/03/19 11:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Windows\sminst\sftservice.EXE -- (SftService)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Start_Pending] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/09 11:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/09 09:22:10 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/01/09 08:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/01/05 18:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/01/05 18:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/15 00:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/15 00:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/21 14:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 14:35:04 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/26 08:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/03/25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/03/25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/03/25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/03/25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/03/25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/03/19 17:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2009/01/21 02:57:22 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/01/21 02:57:22 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/12/22 05:12:06 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/12/15 00:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/10/23 13:08:54 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/09/04 01:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/01 06:19:40 | 000,304,128 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/09/01 06:15:54 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/06/17 12:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 22:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 22:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://wow-heroes.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 08:13:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 08:13:07 | 000,000,000 | ---D | M]

[2009/05/13 22:24:38 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Mozilla\Extensions
[2010/05/17 16:17:00 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\hip65rwh.default\extensions
[2010/03/06 09:28:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\hip65rwh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/05/15 01:32:39 | 000,001,728 | ---- | M] () -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\hip65rwh.default\searchplugins\aim-search.xml
[2010/02/04 05:49:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 17:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2010/03/30 08:14:36 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O4 - HKCU..\Run: [asam] C:\Users\Tony\AppData\Local\asam.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Tony\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [tgdvgfip] C:\Users\Tony\AppData\Local\rfoaphwsj\mwesadftssd.exe ()
O4 - Startup: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.29.103.15 24.29.103.16
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{3b100ca4-c1e0-11de-bf6d-0023ae2a5f47}\Shell - "" = AutoRun
O33 - MountPoints2\{3b100ca4-c1e0-11de-bf6d-0023ae2a5f47}\Shell\AutoRun\command - "" = G:\HPLauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/17 16:21:42 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2010/05/17 05:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/05/17 05:15:38 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\rfoaphwsj

========== Files - Modified Within 30 Days ==========

[2010/05/17 16:33:49 | 001,835,008 | -HS- | M] () -- C:\Users\Tony\ntuser.dat
[2010/05/17 16:28:21 | 000,035,407 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/05/17 16:26:21 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0D6B3B2C-C11E-48FA-A5C0-559E54552830}.job
[2010/05/17 16:25:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/17 16:25:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/17 16:25:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/17 16:25:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/17 16:25:18 | 3219,509,248 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/17 16:24:15 | 000,524,288 | -HS- | M] () -- C:\Users\Tony\ntuser.dat{42d148a6-61ec-11df-a634-0023ae2a5f47}.TMContainer00000000000000000002.regtrans-ms
[2010/05/17 16:24:15 | 000,524,288 | -HS- | M] () -- C:\Users\Tony\ntuser.dat{42d148a6-61ec-11df-a634-0023ae2a5f47}.TMContainer00000000000000000001.regtrans-ms
[2010/05/17 16:24:15 | 000,065,536 | -HS- | M] () -- C:\Users\Tony\ntuser.dat{42d148a6-61ec-11df-a634-0023ae2a5f47}.TM.blf
[2010/05/17 16:24:10 | 001,146,776 | -H-- | M] () -- C:\Users\Tony\AppData\Local\IconCache.db
[2010/05/17 16:21:54 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2010/05/17 16:12:51 | 000,363,520 | ---- | M] () -- C:\Users\Tony\Desktop\rkill.scr
[2010/05/17 16:12:05 | 000,363,520 | ---- | M] () -- C:\Users\Tony\Desktop\rkill.com
[2010/05/17 16:10:48 | 000,363,520 | ---- | M] () -- C:\Users\Tony\Desktop\rkill.exe
[2010/05/17 16:00:48 | 000,059,648 | ---- | M] () -- C:\Users\Tony\AppData\Local\syssvc.exe
[2010/05/17 16:00:48 | 000,059,648 | ---- | M] () -- C:\Users\Tony\AppData\Local\asam.exe
[2010/05/17 15:52:09 | 000,524,288 | -HS- | M] () -- C:\Users\Tony\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/05/17 15:52:09 | 000,065,536 | -HS- | M] () -- C:\Users\Tony\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/05/16 03:27:00 | 000,000,075 | ---- | M] () -- C:\Users\Tony\jagex_runescape_preferences2.dat
[2010/05/16 03:26:03 | 000,000,039 | ---- | M] () -- C:\Users\Tony\jagex__preferences3.dat
[2010/05/16 03:25:57 | 000,000,042 | ---- | M] () -- C:\Users\Tony\jagex_runescape_preferences.dat
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/03 17:10:51 | 000,280,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/27 02:36:56 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/27 02:36:56 | 000,596,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/27 02:36:56 | 000,101,690 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/05/17 16:12:50 | 000,363,520 | ---- | C] () -- C:\Users\Tony\Desktop\rkill.scr
[2010/05/17 16:12:04 | 000,363,520 | ---- | C] () -- C:\Users\Tony\Desktop\rkill.com
[2010/05/17 16:10:45 | 000,363,520 | ---- | C] () -- C:\Users\Tony\Desktop\rkill.exe
[2010/05/17 16:01:48 | 000,059,648 | ---- | C] () -- C:\Users\Tony\AppData\Local\asam.exe
[2010/05/17 16:00:48 | 000,059,648 | ---- | C] () -- C:\Users\Tony\AppData\Local\syssvc.exe
[2010/05/17 15:56:40 | 000,524,288 | -HS- | C] () -- C:\Users\Tony\ntuser.dat{42d148a6-61ec-11df-a634-0023ae2a5f47}.TMContainer00000000000000000002.regtrans-ms
[2010/05/17 15:56:40 | 000,524,288 | -HS- | C] () -- C:\Users\Tony\ntuser.dat{42d148a6-61ec-11df-a634-0023ae2a5f47}.TMContainer00000000000000000001.regtrans-ms
[2010/05/17 15:56:40 | 000,065,536 | -HS- | C] () -- C:\Users\Tony\ntuser.dat{42d148a6-61ec-11df-a634-0023ae2a5f47}.TM.blf
[2009/11/12 16:17:46 | 000,000,210 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/20 16:51:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/16 17:50:50 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2009/05/06 07:01:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/05/06 04:53:45 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/05/06 04:53:45 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/05/06 04:53:45 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/05/06 04:53:45 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/05/06 04:53:45 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/05/06 04:53:45 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/05/06 04:53:45 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/05/06 04:53:45 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/05/06 04:53:45 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
[2009/05/06 04:53:45 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/05/06 04:53:45 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
[2009/05/06 04:53:45 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/05/06 04:53:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/05/06 04:53:45 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/05/06 04:53:44 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/05/06 04:53:44 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/05/06 04:53:44 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/05/06 04:53:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/06 04:53:44 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/06 04:53:43 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/05/06 04:53:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/05/06 04:53:40 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/05/06 04:53:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >

d_day1313
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-05-17
OS OS : xp
Points Points : 23983
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Bankerfox.a and Win32/Nugel.E

Post by d_day1313 on Mon May 17, 2010 9:10 pm

And here's the Extras.txt

OTL Extras logfile created on: 5/17/2010 4:29:28 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Tony\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 164.63 Gb Free Space | 75.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 6.81 Gb Free Space | 46.49% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TONY-PC
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2CB90C8D-5C50-4D69-89E8-E739FAEEE657}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{4F705995-E656-40E4-B24E-3A30202AC47A}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{5C4CB72E-21DD-44EF-A0ED-24D9C73B1977}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{7798DE66-3AFD-4308-9D6C-1CF06FD23311}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92148F1F-006C-46BE-A46E-25C1201B1D5E}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{BA6E639D-CE98-4CAA-B38D-910713235DC9}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{D5E6F868-629D-4499-B176-0C85BFFD1E43}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6CEB7CD-43F2-49F1-AEE2-41655ACF4671}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0429795A-9E75-4F26-9FA5-AE7016F62FF4}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{088845A0-CCEE-4352-9A90-00EA40609E7D}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{0AC13BEC-E659-42C3-A023-37202CC97971}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0CCD9159-54DD-4826-B9D6-3DB6CDFD5416}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0D8C1488-E1E7-4086-8BA4-73D3108523E5}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{1057B87E-F5F6-4DD7-A2DF-2CA42C94708D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1D841D8D-9218-4A30-9A84-8890C809F211}" = protocol=17 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{1E2CA4C8-0B85-4078-9D37-94CF02063031}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3A443E62-B603-45BB-895D-D5C10C447E4F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3F74F6B0-6EAF-45D9-9B93-DCA3878C542D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{40783BC2-6547-439E-9594-B744D0155E3F}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{517B8A5A-5585-456D-9AE5-6863E1F541CC}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{523E1EB4-813D-4A1F-A7EE-6A87A68588C4}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{5504A087-20BC-42C3-8771-8D8D6CA85B96}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{628E82D0-121E-4FFB-80C5-C7405EE5E6BC}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{6690DEBF-061E-426F-95F3-0029C07C3158}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6A123C82-901C-44C0-8B5A-9B0688F07CDB}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{7AF29D46-0447-4775-8AD3-A77F2D7469D0}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{80C1DD66-0C89-41B9-B69C-67DCDB551362}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{88F1202C-5B4C-4840-99E6-8E63F401F052}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{8C95413B-497A-48CA-8E75-16C4A46A6264}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{8F15E233-E72D-49B7-94D3-BEF0FCD17F67}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{9511D421-567A-41FA-95EC-B1169AE6CB7D}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{99E8DB8F-8D73-410C-862A-0A74CDF493D9}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{9B5C4BE2-299D-4FF5-A68A-9588A08BD74F}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{BE62E3F3-8775-41AF-8D9A-6D7922AEBA62}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BFA96B3A-7133-4913-90D3-2C8207376A1E}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{C412781A-612F-4535-8E20-1090EAC817A3}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{C69D1DEB-57E5-4319-8BC6-843DF89E499F}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{CBB7EB64-7B2C-46B7-9541-6D545CFEE5A5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CCAC1B43-4D6B-426A-995C-1A1D19837BC1}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{CF47B829-75BF-41C3-8E4F-44A9499BA2F3}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D0C26884-5F89-48EA-B07E-3CF9505B4CC6}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{D41961ED-12FC-43D5-A11A-AF75CB511254}" = protocol=6 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{D51C0A5B-7B89-442A-94AF-7E285CD3F1AB}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{D7467BD4-1D58-4330-8720-EA9DAC72D1C1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DC408C28-8281-4314-A1DC-9AC0DF06F03A}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{E55CDD78-ABEE-4451-BD86-767CB4DF2028}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{EA98B6A5-4511-4306-86CC-3358EE92DA48}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{FFB83E00-5938-4842-88F6-F375DBF05481}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{813FF60E-226E-092E-3243-91367F900BE2}" = ccc-utility
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AIM_7" = AIM 7
"Belarc Advisor" = Belarc Advisor 7.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"GoToAssist" = GoToAssist 8.0.0.514
"HyperCam 2" = HyperCam 2
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSC" = McAfee SecurityCenter
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"BitTorrent DNA" = DNA
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2010 4:03:21 AM | Computer Name = Tony-PC | Source = Perflib | ID = 1008
Description =

Error - 5/11/2010 4:03:22 AM | Computer Name = Tony-PC | Source = Perflib | ID = 1008
Description =

Error - 5/11/2010 4:03:23 AM | Computer Name = Tony-PC | Source = Perflib | ID = 1008
Description =

Error - 5/11/2010 4:03:23 AM | Computer Name = Tony-PC | Source = Perflib | ID = 1005
Description =

Error - 5/11/2010 4:03:23 AM | Computer Name = Tony-PC | Source = Perflib | ID = 1018
Description =

Error - 5/11/2010 4:03:25 AM | Computer Name = Tony-PC | Source = Perflib | ID = 1008
Description =

Error - 5/11/2010 5:16:45 AM | Computer Name = Tony-PC | Source = EventSystem | ID = 4609
Description =

Error - 5/11/2010 1:56:19 PM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2010 3:37:08 AM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2010 8:40:52 PM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/17/2010 3:59:27 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/17/2010 4:01:13 PM | Computer Name = Tony-PC | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%825 Loading signature version: 1.81.1622.0 Loading engine version: 1.1.5703.0

Error - 5/17/2010 4:03:28 PM | Computer Name = Tony-PC | Source = DCOM | ID = 10010
Description =

Error - 5/17/2010 4:03:32 PM | Computer Name = Tony-PC | Source = DCOM | ID = 10010
Description =

Error - 5/17/2010 4:07:57 PM | Computer Name = Tony-PC | Source = netbt | ID = 4321
Description = The name "THE-BOYS :0" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.104 did
not allow the name to be claimed by this computer.

Error - 5/17/2010 4:18:00 PM | Computer Name = Tony-PC | Source = netbt | ID = 4321
Description = The name "THE-BOYS :0" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.104 did
not allow the name to be claimed by this computer.

Error - 5/17/2010 4:26:52 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/17/2010 4:26:52 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/17/2010 4:27:11 PM | Computer Name = Tony-PC | Source = netbt | ID = 4321
Description = The name "THE-BOYS :0" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.104 did
not allow the name to be claimed by this computer.

Error - 5/17/2010 4:32:26 PM | Computer Name = Tony-PC | Source = DCOM | ID = 10010
Description =


< End of report >

d_day1313
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-05-17
OS OS : xp
Points Points : 23983
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Bankerfox.a and Win32/Nugel.E

Post by Belahzur on Mon May 17, 2010 9:37 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKCU..\Run: [asam] C:\Users\Tony\AppData\Local\asam.exe ()
    O4 - HKCU..\Run: [tgdvgfip] C:\Users\Tony\AppData\Local\rfoaphwsj\mwesadftssd.exe ()
    [2010/05/17 05:15:38 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\rfoaphwsj
    [2010/05/17 16:01:48 | 000,059,648 | ---- | C] () -- C:\Users\Tony\AppData\Local\asam.exe
    [2010/05/17 16:00:48 | 000,059,648 | ---- | C] () -- C:\Users\Tony\AppData\Local\syssvc.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Bankerfox.a and Win32/Nugel.E

Post by d_day1313 on Mon May 17, 2010 9:56 pm

Thank you it seems to have helped. I havent received any pop ups or anything related to it

d_day1313
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-05-17
OS OS : xp
Points Points : 23983
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Bankerfox.a and Win32/Nugel.E

Post by Belahzur on Tue May 18, 2010 10:22 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum