Banker fox

View previous topic View next topic Go down

Banker fox

Post by Shaun6994 on Sun 04 Jul 2010, 12:11 pm

Hey there I seem to keep getting a pop up saying I'm getting attacked by bankerfox.a. I know it's spyware but how do I remove? I can't access any Internet. Thanks

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Crush on Mon 05 Jul 2010, 3:34 am

Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


If you follow these instructions, everything should go smoothly .

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click , then click Preferences. Make sure Always notify me of replies is set to Yes


With that out of the way:

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.
=====

Download OTL to your Desktop


  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    Code:
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time


Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Banker fox

Post by Shaun6994 on Mon 05 Jul 2010, 11:08 am

OTL logfile created on: 7/4/2010 6:46:45 PM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 666 1527 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.01 Gb Total Space | 4.16 Gb Free Space | 21.87% Space Free | Partition Type: NTFS
Drive D: | 35.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 298.01 Gb Total Space | 297.05 Gb Free Space | 99.68% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMANDA-3524341E
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/04 18:43:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/04 18:43:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/08/23 08:56:26 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/08/07 15:38:30 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)


========== Driver Services (SafeList) ==========

DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/23 08:57:10 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/23 08:57:10 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/05/17 18:15:18 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/08/01 06:10:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/06/09 15:10:58 | 000,023,040 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005/05/27 04:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 04:38:00 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 04:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/25 06:30:12 | 002,352,448 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/12 18:45:52 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/04 07:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 F1 F1 20 D2 1B CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ajkaormx] C:\Documents and Settings\Amanda Martin\Local Settings\Application Data\qpjokeqad\nsrkxurtssd.exe File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} [You must be registered and logged in to see this link.] (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/27 19:01:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/02/05 17:05:44 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/04 18:43:49 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/04 18:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/07/04 18:39:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/07/04 18:39:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/07/04 18:38:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/07/04 18:38:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/07/04 18:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/07/04 18:38:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/07/04 18:38:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/07/04 18:38:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/07/04 18:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/07/04 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/07/04 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/07/04 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/07/04 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/07/04 18:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2010/07/03 23:31:42 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/07/03 23:31:41 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/07/03 23:31:41 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/07/03 23:31:07 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/07/03 23:30:42 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/03 23:30:42 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/07/03 23:30:06 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/07/03 23:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/03 23:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/03 23:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/07/03 21:51:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/03 21:51:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/03 21:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/03 21:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/21 22:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/21 22:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/21 22:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/21 22:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/16 11:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/13 14:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/13 14:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/13 14:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/13 14:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/19 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/04 18:48:20 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/04 18:43:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/04 18:43:09 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr
[2010/07/04 18:42:45 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2010/07/04 18:41:18 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/07/04 18:38:45 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/04 18:38:16 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/04 18:36:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/04 18:34:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/04 18:19:12 | 061,649,149 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/04 17:36:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/04 13:19:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/04 12:36:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/03 23:30:22 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/03 21:51:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/03 21:29:40 | 000,244,486 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/30 11:44:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/23 03:06:38 | 000,531,002 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:06:38 | 000,462,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:06:38 | 000,078,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 22:58:10 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/21 22:48:50 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/14 17:31:02 | 000,005,538 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/06/13 14:58:47 | 000,021,396 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/13 14:26:20 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/12 21:50:45 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 17:22:12 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/10 03:56:02 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 03:37:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 17:47:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/05 07:48:07 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/10 00:35:02 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/04 18:43:09 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr
[2010/07/04 18:42:45 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2010/07/04 18:41:18 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/07/04 18:38:16 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/04 18:38:15 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/04 18:38:15 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MySpaceIM.lnk
[2010/07/04 18:38:12 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/04 18:38:12 | 000,290,816 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
[2010/07/03 23:31:42 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/07/03 23:31:42 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/07/03 23:31:42 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/07/03 23:31:42 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/07/03 23:31:41 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/07/03 23:31:07 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/07/03 23:30:42 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/07/03 23:30:42 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/07/03 23:30:22 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/03 23:30:06 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/07/03 21:51:25 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/21 22:35:38 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/21 22:22:18 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/13 17:05:30 | 000,005,538 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/06/13 14:58:47 | 000,021,396 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/13 14:26:20 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/13 14:23:11 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/12 17:22:12 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 17:22:12 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/10 00:35:02 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/29 17:25:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/10/29 17:25:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/04/06 15:33:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/31 20:04:41 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/31 19:55:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/30 19:16:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/03/30 19:16:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/03/30 19:13:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2006/03/27 19:32:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2006/03/27 19:26:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2006/03/27 19:26:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2006/03/27 19:26:53 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2006/03/27 19:13:52 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/07/08 05:57:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/07/08 05:57:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/07/08 05:57:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/07/08 05:57:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/07/08 05:57:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/07/08 05:57:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/08/21 17:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/02/23 13:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCITHBLVXG
[2008/10/27 10:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/10/27 10:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2010/02/03 12:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/02/03 12:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/01/30 00:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2010/07/04 18:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/13 14:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-23 08:10:20


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/09 20:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/09 20:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/09 20:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/09 20:34:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 07:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 07:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 05:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2004/08/04 07:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 07:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 07:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 07:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 07:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2004/08/04 07:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 07:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 07:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 07:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 07:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E3FBF9D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE73B0FE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Crush on Mon 05 Jul 2010, 11:21 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [ajkaormx] C:\Documents and Settings\Amanda Martin\Local Settings\Application Data\qpjokeqad\nsrkxurtssd.exe File not found

    :Files
    C:\Documents and Settings\Amanda Martin\Local Settings\Application Data\qpjokeqad

    :Commands
    [emptytemp]
    [emptyflash]
    [purity]



  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=======

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Banker fox

Post by Shaun6994 on Mon 05 Jul 2010, 12:42 pm

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ajkaormx deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Amanda Martin\Local Settings\Application Data\qpjokeqad not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1614532 bytes
->Temporary Internet Files folder emptied: 4913599 bytes
->Flash cache emptied: 633 bytes

User: All Users

User: Amanda Martin

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Guest
->Temp folder emptied: 63937655 bytes
->Temporary Internet Files folder emptied: 3336450 bytes
->Java cache emptied: 47983041 bytes
->Flash cache emptied: 23972 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 312794 bytes
->Flash cache emptied: 401 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 721799 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 3526325 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105115614 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 51635316 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 272.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Amanda Martin

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.7.1 log created on 07042010_201803

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2303.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2323.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF23A2.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF23C2.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UJ4FUHQD\like[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8VDRER48\banker-fox-t22492[1].htm moved successfully.
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\CAMJ8TUZ.1250830666&ga_sid=1250830666&ga_hid=293031250&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\CAU391F7.1250830640&ga_sid=1250830640&ga_hid=787807625&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\click2,VaUDABDCCQAjGCoAAAAAALgLDAAAAAAAAgAmaA8AAAAAAP8AAAAFFYyuAQAAAAAA6hcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;dcopt=rcl;mtfIFPath=nofile;ord=1250819063 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\click2,VaUDABPCCQCIzSQAAAAAAEgMCgAAAAAAAgAZcwYAAAAAAP8AAAAGAYyuAQAAAAAAQVcOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250834153 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\click2,VaUDABPCCQCnzyYAAAAAAACZDAAAAAAAAgBSaQYAAAAAAP8AAAAGCoyuAQAAAAAA5dURAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250865242 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\WD0D2DG7\sid=1250806186&ga_hid=1239676682&ga_fc=1&u_tz=-300&u_his=9&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&biw=1135&bih=699&eid=36814002&fu=0&ifi=1&dtd=109 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\CA4KCJ9F.1250828647&ga_sid=1250828647&ga_hid=1232396494&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\CAU3SL2J.1250806210&ga_sid=1250806210&ga_hid=2121581190&ga_fc=0&u_tz=-300&u_his=11&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\CAYJC1YZ.1250828462&ga_sid=1250828462&ga_hid=788281634&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\CAYLU78V.1250830687&ga_sid=1250830687&ga_hid=217881234&ga_fc=0&u_tz=-300&u_his=9&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UBMFOZ05\ZE2.1250828686&ga_sid=1250828686&ga_hid=1694104760&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&eid=36814001&fu=0&ifi=1&dtd=32 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CA8S3NGX.1250806186&ga_sid=1250806186&ga_hid=1061774283&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=157 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CACL2R0L.1250829473&ga_sid=1250829473&ga_hid=1627657733&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CAMBPG6L.1250828462&ga_sid=1250828462&ga_hid=838882809&ga_fc=1&u_tz=-300&u_his=5&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CAU4UEOT.1250806222&ga_sid=1250806222&ga_hid=1832474563&ga_fc=0&u_tz=-300&u_his=11&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\CAZSMETV.1250806492&ga_sid=1250806492&ga_hid=733086799&ga_fc=0&u_tz=-300&u_his=18&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\click2,VaUDAA3CCQCkkCwAAAAAANMLDAAAAAAAAgGqaAoAAAAAAP8AAAAFGJJ-BgAAAAAADRgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwJAIAAAAAAAIAAgAAAAAAJK9CO[1].htm not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5QRCDQV\click2,VaUDABPCCQBuihkAAAAAADceCwAAAAAAAgBGaQYAAAAAAP8AAAAGCoyuAQAAAAAAZtkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250865227 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CA41EV0P.1250806485&ga_sid=1250806485&ga_hid=1426896901&ga_fc=0&u_tz=-300&u_his=0&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CA6RKTE7.1250830640&ga_sid=1250830640&ga_hid=1232742146&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CA8K8LAV.1250806501&ga_sid=1250806501&ga_hid=1596915356&ga_fc=0&u_tz=-300&u_his=18&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CANN08LR.1250806447&ga_sid=1250806447&ga_hid=696511805&ga_fc=0&u_tz=-300&u_his=17&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CASDYNCT.1250809299&ga_sid=1250809299&ga_hid=1525839612&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\CAX9RWI5.1250830668&ga_sid=1250830668&ga_hid=1833542710&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\click2,VaUDABPCCQAn5iEAAAAAAGCrCQAAAAAAAgBCaAYAAAAAAP8AAAAFFYyuAQAAAAAAkNMNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[1].php%3Fen%3Dcp1252,;ord=1250819119 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\click2,VaUDABPCCQBTJyoAAAAAAIzjCgAAAAAAAABuaQYAAAAAAA0AAgAGCoyuAQAAAAAABlMOAAAAAAC8hw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250865289 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\derboard%26rnd%3D417897132%26puid%3D49288996%26neg%3D0%26ega%3D23%26ged%3D0%3A0%3AODNhNTdiMmI5OWQzNDFkZgUyBtBZ5yDC9hL3L-dzIMA09qichZfgF8iGIAD5Z36imIN4hd3H3o_-xESXcpumtw1EZ_qaVX&r=0 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFIRITAR\_sid=1250828864&ga_hid=1586885045&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&biw=1135&bih=699&eid=36814002&fu=0&ifi=1&dtd=63 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\CA2LA7CT.1250829120&ga_sid=1250829120&ga_hid=495624659&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\CA9XPZK8.1250809230&ga_sid=1250809230&ga_hid=756719191&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\CAAT6ZMF.1250830684&ga_sid=1250830684&ga_hid=36561804&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=32 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\CAYEZQ82.1250830928&ga_sid=1250830928&ga_hid=1504369483&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\click2,VaUDABLCCQDJkCwAAAAAANMLDAAAAAAAAgElcyEAAAAAAP8AAAAGAYyuAQAAAAAADRgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwJAIAAAAAAAIAAgAAAAAA2ZmIO[1].htm not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\click2,VaUDABPCCQAn5iEAAAAAAGCrCQAAAAAAAgA-aAYAAAAAAP8AAAAFFYyuAQAAAAAAkNMNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250819116 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRANINCF\click2,VaUDABPCCQBTJyoAAAAAAIzjCgAAAAAAAgCOaAYAAAAAAP8AAAAFFYyuAQAAAAAABlMOAAAAAAC8hw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250819258 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\93FZP5CM\CA0KKLZM.1250828864&ga_sid=1250828864&ga_hid=665954124&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\93FZP5CM\CAL6MTLN.1250829473&ga_sid=1250829473&ga_hid=2107507751&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\93FZP5CM\click2,VaUDABPCCQAErSUAAAAAABSQDAAAAAAAAADNcgYAAAAAAAAAAgAFGIyuAQAAAAAA1MgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250829938 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\865.1250809230&ga_sid=1250809230&ga_hid=1980109597&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&eid=36815003&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\a_sid=1250828462&ga_hid=360527956&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&biw=1135&bih=699&eid=36814002&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CA416BGT.1250806423&ga_sid=1250806423&ga_hid=1514695532&ga_fc=0&u_tz=-300&u_his=14&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CATP83DC.1250830705&ga_sid=1250830705&ga_hid=2048132438&ga_fc=0&u_tz=-300&u_his=10&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CAXWCN9E.1250806404&ga_sid=1250806404&ga_hid=1366164476&ga_fc=0&u_tz=-300&u_his=13&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CAY1AR67.1250830675&ga_sid=1250830675&ga_hid=569875764&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=15 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\CAY7016F.1250828662&ga_sid=1250828662&ga_hid=1957131009&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BD3UMJ9\click2,VaUDABDCCQAjGCoAAAAAALgLDAAAAAAAAgAqaA8AAAAAAP8AAAAFFYyuAQAAAAAA6hcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;dcopt=rcl;mtfIFPath=nofile;ord=1250819089 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CA5QDAQI.1250806429&ga_sid=1250806429&ga_hid=1000345660&ga_fc=0&u_tz=-300&u_his=15&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CA8P8L43.1250828864&ga_sid=1250828864&ga_hid=1460223133&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=16 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CA8T67KL.1250828614&ga_sid=1250828614&ga_hid=251382505&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CAVQ332A.1250806401&ga_sid=1250806401&ga_hid=638914665&ga_fc=0&u_tz=-300&u_his=12&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=47 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\CAX3KV5F.1250828653&ga_sid=1250828653&ga_hid=1350487902&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=864&u_w=1152&u_ah=834&u_aw=1152&u_cd=32&u_nplug=0&u_nmime=0&fu=0&ifi=1&dtd=31 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\click2,VaUDABDCCQAjGCoAAAAAALgLDAAAAAAAAAA2aA8AAAAAAAEAAgAFFYyuAQAAAAAA6hcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;dcopt=rcl;mtfIFPath=nofile;ord=1250819109 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\click2,VaUDABPCCQAErSUAAAAAABSQDAAAAAAAAADVcgYAAAAAAAQABAAFGIyuAQAAAAAA1MgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250830045 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\click2,VaUDABPCCQAErSUAAAAAABSQDAAAAAAAAgDBcgYAAAAAAP8AAAAFGIyuAQAAAAAA1MgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250829932 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\07C34DAZ\click2,VaUDABPCCQBuihkAAAAAADceCwAAAAAAAgBCaQYAAAAAAP8AAAAGCoyuAQAAAAAAZtkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[2].php%3Fen%3Dcp1252,;ord=1250865224 not found!

Registry entries deleted on Reboot...

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Crush on Mon 05 Jul 2010, 1:26 pm

Hi,

Do you have the combofix log?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Banker fox

Post by Shaun6994 on Tue 06 Jul 2010, 12:57 am

didnt have one .

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Crush on Tue 06 Jul 2010, 12:59 am

Hi shaun,

Is there a log located at c:\combofix.txt?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Banker fox

Post by Shaun6994 on Tue 06 Jul 2010, 3:32 am

ComboFix 10-07-04.02 - Administrator 07/04/2010 21:00:57.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1779 [GMT -5:00]
Running from: c:\documents and settings\Administrator\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ybeeg.bak1
c:\windows\system32\ybeeg.bak2
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-05 01:39 . 2010-07-05 01:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-07-05 01:18 . 2010-07-05 01:18 -------- d-----w- C:\_OTL
2010-07-05 00:25 . 2010-07-05 00:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-04 23:39 . 2010-07-04 23:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-04 23:39 . 2010-07-04 23:39 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-04 23:34 . 2010-07-04 23:34 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-07-04 23:34 . 2010-07-04 23:34 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-04 23:33 . 2010-07-04 23:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-07-04 04:31 . 2010-01-27 18:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-04 04:31 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-04 04:31 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-07-04 04:31 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-04 04:31 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-04 04:31 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-04 04:31 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-04 04:30 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-04 04:30 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-04 04:30 . 2010-04-08 19:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-04 04:29 . 2010-07-04 04:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-04 04:29 . 2010-07-05 01:35 -------- d-----w- c:\program files\Spyware Doctor
2010-07-04 04:29 . 2010-07-04 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-04 02:51 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 02:51 . 2010-07-04 02:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-04 02:51 . 2010-07-04 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-04 02:51 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 23:00 . 2010-07-03 23:00 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2010-06-22 03:33 . 2010-06-22 03:33 -------- d-----w- c:\program files\iPod
2010-06-22 03:32 . 2010-06-22 03:35 -------- d-----w- c:\program files\iTunes
2010-06-22 03:27 . 2010-06-22 03:27 -------- d-----w- c:\program files\Bonjour
2010-06-22 03:23 . 2010-06-22 03:23 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-22 03:21 . 2010-06-22 03:22 -------- d-----w- c:\program files\Safari
2010-06-22 03:20 . 2010-06-22 03:20 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 13:00 . 2010-06-29 20:07 27630760 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-06-16 16:44 . 2010-06-16 16:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-06-15 17:31 . 2010-06-15 00:23 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-13 19:58 . 2010-06-13 19:58 21396 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-13 19:31 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-13 19:31 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-13 19:28 . 2010-06-13 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-13 19:23 . 2010-06-13 19:23 -------- d-----w- c:\program files\Apple Software Update
2010-06-13 19:22 . 2010-04-20 01:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-06-13 19:22 . 2010-04-20 01:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-06-13 19:21 . 2010-06-22 03:33 -------- d-----w- c:\program files\Common Files\Apple
2010-06-13 19:21 . 2010-06-15 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-10 03:16 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 01:35 . 2009-01-21 20:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-04 00:30 . 2009-05-17 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-22 16:12 . 2006-03-31 00:14 -------- d-----w- c:\program files\Lx_cats
2010-06-15 17:31 . 2007-01-07 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-13 19:26 . 2008-10-12 22:10 -------- d-----w- c:\program files\QuickTime
2010-06-13 19:24 . 2008-10-12 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-05 23:44 . 2009-03-27 01:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 19:02 . 2007-09-30 15:06 -------- d-----w- c:\documents and settings\Guest\Application Data\FaxCtr
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-10 05:34 . 2006-06-04 03:56 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 77824]
"AlcWzrd"="ALCWZRD.EXE" [2005-01-24 2750976]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-05 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-15 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 13:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/3/2010 11:30 PM 218592]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/17/2009 6:15 PM 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/17/2009 6:15 PM 335240]
.
Contents of the 'Scheduled Tasks' folder

2010-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 22:45]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 22:47]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 22:47]
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-04 21:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-492894223-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7b,68,9b,30,3c,62,4b,85,e2,ff,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7b,68,9b,30,3c,62,4b,85,e2,ff,\
.
Completion time: 2010-07-04 21:14:36
ComboFix-quarantined-files.txt 2010-07-05 02:14

Pre-Run: 4,684,902,400 bytes free
Post-Run: 4,648,443,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BAAE4A077B132C259FC1A13A676BA1AD

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Crush on Tue 06 Jul 2010, 3:45 am

How are things running now?

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Banker fox

Post by Shaun6994 on Tue 06 Jul 2010, 4:00 am

I don't know yet because I have to boot the computer in safe mode in order to use it

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Crush on Tue 06 Jul 2010, 4:04 am

Normal Mode does not work currently?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Banker fox

Post by Shaun6994 on Tue 06 Jul 2010, 4:46 am

It boots up but the Internet don't work. Plus so many things won't work

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Crush on Tue 06 Jul 2010, 4:50 am

Hi shaun,

Please do this in normal mode if you can

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log in your reply

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Banker fox

Post by Shaun6994 on Tue 06 Jul 2010, 8:38 am

wont work. but i already have it downloaded on my computer.i downloaded it first.

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Shaun6994 on Tue 06 Jul 2010, 10:17 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4273

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/5/2010 5:41:33 PM
mbam-log-2010-07-05 (17-41-33).txt

Scan type: Quick scan
Objects scanned: 156071
Time elapsed: 14 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ajkaormx (Rogue.AntivirusSuite.Gen) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Amanda Martin\Local Settings\Temp\svchost.exe (Trojan.Agent) -> No action taken.

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Crush on Tue 06 Jul 2010, 11:51 am

Hi again,

Those infections show as No Action Taken. Have you removed them by clicking Remove Selected?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Banker fox

Post by Shaun6994 on Tue 06 Jul 2010, 11:55 am

Yes I have. But now it will not connect to the Internet .

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Crush on Tue 06 Jul 2010, 11:56 am

Hi,

Can you please post a fresh combofix log?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Banker fox

Post by Shaun6994 on Tue 06 Jul 2010, 12:03 pm

Ok I'll try

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Crush on Tue 06 Jul 2010, 12:04 pm

Ok. Looking forward to the results

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Banker fox

Post by Shaun6994 on Tue 06 Jul 2010, 1:43 pm

ComboFix 10-07-04.02 - Administrator 07/04/2010 21:00:57.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1779 [GMT -5:00]
Running from: c:\documents and settings\Administrator\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ybeeg.bak1
c:\windows\system32\ybeeg.bak2
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-05 01:39 . 2010-07-05 01:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-07-05 01:18 . 2010-07-05 01:18 -------- d-----w- C:\_OTL
2010-07-05 00:25 . 2010-07-05 00:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-04 23:39 . 2010-07-04 23:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-04 23:39 . 2010-07-04 23:39 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-04 23:34 . 2010-07-04 23:34 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-07-04 23:34 . 2010-07-04 23:34 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-04 23:33 . 2010-07-04 23:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-07-04 04:31 . 2010-01-27 18:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-04 04:31 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-04 04:31 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-07-04 04:31 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-04 04:31 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-04 04:31 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-04 04:31 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-04 04:30 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-04 04:30 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-04 04:30 . 2010-04-08 19:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-04 04:29 . 2010-07-04 04:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-04 04:29 . 2010-07-05 01:35 -------- d-----w- c:\program files\Spyware Doctor
2010-07-04 04:29 . 2010-07-04 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-04 02:51 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 02:51 . 2010-07-04 02:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-04 02:51 . 2010-07-04 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-04 02:51 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 23:00 . 2010-07-03 23:00 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2010-06-22 03:33 . 2010-06-22 03:33 -------- d-----w- c:\program files\iPod
2010-06-22 03:32 . 2010-06-22 03:35 -------- d-----w- c:\program files\iTunes
2010-06-22 03:27 . 2010-06-22 03:27 -------- d-----w- c:\program files\Bonjour
2010-06-22 03:23 . 2010-06-22 03:23 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-22 03:21 . 2010-06-22 03:22 -------- d-----w- c:\program files\Safari
2010-06-22 03:20 . 2010-06-22 03:20 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 13:00 . 2010-06-29 20:07 27630760 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-06-16 16:44 . 2010-06-16 16:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-06-15 17:31 . 2010-06-15 00:23 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-13 19:58 . 2010-06-13 19:58 21396 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-13 19:31 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-13 19:31 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-13 19:28 . 2010-06-13 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-13 19:23 . 2010-06-13 19:23 -------- d-----w- c:\program files\Apple Software Update
2010-06-13 19:22 . 2010-04-20 01:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-06-13 19:22 . 2010-04-20 01:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-06-13 19:21 . 2010-06-22 03:33 -------- d-----w- c:\program files\Common Files\Apple
2010-06-13 19:21 . 2010-06-15 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-10 03:16 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 01:35 . 2009-01-21 20:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-04 00:30 . 2009-05-17 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-22 16:12 . 2006-03-31 00:14 -------- d-----w- c:\program files\Lx_cats
2010-06-15 17:31 . 2007-01-07 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-13 19:26 . 2008-10-12 22:10 -------- d-----w- c:\program files\QuickTime
2010-06-13 19:24 . 2008-10-12 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-05 23:44 . 2009-03-27 01:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 19:02 . 2007-09-30 15:06 -------- d-----w- c:\documents and settings\Guest\Application Data\FaxCtr
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-10 05:34 . 2006-06-04 03:56 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 77824]
"AlcWzrd"="ALCWZRD.EXE" [2005-01-24 2750976]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-05 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-15 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 13:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/3/2010 11:30 PM 218592]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/17/2009 6:15 PM 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/17/2009 6:15 PM 335240]
.
Contents of the 'Scheduled Tasks' folder

2010-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 22:45]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 22:47]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 22:47]
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-04 21:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-492894223-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7b,68,9b,30,3c,62,4b,85,e2,ff,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7b,68,9b,30,3c,62,4b,85,e2,ff,\
.
Completion time: 2010-07-04 21:14:36
ComboFix-quarantined-files.txt 2010-07-05 02:14

Pre-Run: 4,684,902,400 bytes free
Post-Run: 4,648,443,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BAAE4A077B132C259FC1A13A676BA1AD

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Crush on Wed 07 Jul 2010, 1:49 am

Any change?

There is nothing in the log that suggests Maware is the cause of the internet disconnect

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Banker fox

Post by Shaun6994 on Wed 07 Jul 2010, 5:59 am

I got it fixed thanks so much.

Shaun6994

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2010-07-04
Operating System : Windows xp

View user profile

Back to top Go down

Re: Banker fox

Post by Crush on Wed 07 Jul 2010, 1:07 pm

Congratulations!! Your PC is all clean!

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

Cleaning

Now that your PC is free of malware, it is important to clean up your PC. There are several good free cleaners available. You should make sure to clean up your temp files regularly, at least once a week.

ATF Cleaner
CCleaner

Defragmenting Your Hard Disk

Over time your PC can become fragmented, Windows comes with a defragmenting utility, however, it is very slow, and there are other options available.

To use the defragmenter included with Windows either go to Start/Run and type dfrg.msc, hit enter; or
right-click My Computer, choose Manage, Storage, Disk Defragmenter.

In the Defragmenter utility, select your main partition/HD, generally C:\ and select analyze . The analysis report will tell you whether or not your disk needs to be defragmented, if it does, click defragment. Be patient, this can take a long time.

Repeat for multiple partitions/hard disks.

System Restore Cleanup Instructions

If you are using Windows ME or XP then it is good to disable and re-enable system restore to make sure there are no infected files left in a restore point. (All restore points will be deleted that way)
You can find instructions on how to disable and re-enable system restore here:

Windows ME System Restore Guide

Windows XP System Restore Guide

Reading Tip:
Computer Health
Keep Your System Updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately, if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update

Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

1. Go to Start > Control Panel > Automatic Updates
2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
2. Never open emails from unknown senders.
3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These are called hoaxes. The email addresses used in the hoaxes can be easily spoofed. Check the antivirus vendor websites to be sure.
4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many security exploits on websites are directed to users of Internet Explorer and Firefox.

If you use Firefox, try the No-script Add On - which, by default, disables all scripts on all websites. If you trust the website, you can manually allow scripts to work.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft Article to learn how to backup. Follow This Article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. Examples of these can be found at
Bleeping Computer

Avoid P2P

I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Prevent A Re-infection

1. Winpatrol

Winpatrol is a heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features Here

You can get a Free Copy of Winpatrol or use the Plus Version for more features.

You can read Win Patrol FAQ if you run into problems.

2. Hosts File

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:
MVPS Hosts File
Blue Tack’s Hosts File
Blue Tack’s Hosts Manager

3. Spybot Search and Destroy

Spybot Search & Destroy is another program for scanning spyware and adware. You are strongly encouraged to run a scan at least once per week.

Spybot Search & Destroy can be downloaded from here.

If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

4. SiteHound Toolbar

SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spyware or other questionable content. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

====

Stand Up and Be Counted ---> Malware Complaints<--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
============================================================
See [You must be registered and logged in to see this link.] for more info about malware and prevention.
Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site.
Before the thread is archived, do you have any more questions?

Happy surfing and stay clean!

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Banker fox

Post by Sponsored content Today at 11:17 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum