BankerA.Fox and Win32/Nuqel.E and others

View previous topic View next topic Go down

BankerA.Fox and Win32/Nuqel.E and others

Post by Saulithyia on Sun 11 Jul 2010, 8:55 am

I have a laptop that keeps popping up with a red "alert" window claiming my computer is being attacked. It changes between BankerA.Fox and Win32/Nuqel.E. It also brings up Windows Security Alert stating various files are infected and I need to scan my computer. On top of that, another window pops up saying file trustedinstaller.exe or flashutil9c.exe is infected, and also opens up several IE windows that advertise some pretty unsavory things.

The laptop uses Firefox, which can't even be opened at this point. It's OS is Windows Vista. It has Avast on it as an Antivirus.

Thank you for your help!

Jen

Saulithyia

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Sneakyone on Sun 11 Jul 2010, 9:01 am

Hi, Welcome to GeekPolice.net!

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Saulithyia on Sun 11 Jul 2010, 9:22 am

Ok, I've downloaded it, but I cannot open it, a window keeps popping up saying file otl.exe is infected and asking me to activate antivirus software, which I know is bogus.

Saulithyia

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Sneakyone on Sun 11 Jul 2010, 9:33 am

Hi,

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

======

After this, please run OTL again, use the .scr and .com if needed.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Saulithyia on Sun 11 Jul 2010, 10:34 am

Rkill didn't give me a log?

But OTL worked and gave me 2.

OTL logfile created on: 7/10/2010 6:49:24 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Jen & Bill\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.41 Gb Total Space | 39.86 Gb Free Space | 28.80% Space Free | Partition Type: NTFS
Drive D: | 10.64 Gb Total Space | 4.58 Gb Free Space | 43.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Jen & Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/10 18:19:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jen & Bill\Downloads\OTL.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/21 22:52:15 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/01/23 06:41:58 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2007/01/17 02:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/07/10 18:19:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jen & Bill\Downloads\OTL.exe
MOD - [2009/04/11 02:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/04/11 02:28:23 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
MOD - [2009/04/11 02:28:22 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\NBMapTIP.dll
MOD - [2009/04/11 02:28:20 | 001,160,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
MOD - [2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 05:42:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcint.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/29 16:40:41 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/23 06:41:58 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/03/11 16:18:56 | 000,068,762 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2007/01/30 09:03:36 | 000,205,312 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007/01/17 02:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/02 04:44:30 | 000,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/28 07:08:20 | 002,307,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/17 03:22:02 | 000,181,176 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/07/06 02:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www6.comcast.net/a/"
FF - prefs.js..extensions.enabledItems: {1fbc217a-b88b-11db-8314-0800200c9a66}:3.5.4
FF - prefs.js..keyword.URL: "http://www.bigseekpro.com/search/toolbar/hypercam/{B77E3CD0-0DB9-0C94-FA2A-D3CE68D64162}?q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 22:36:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 22:36:51 | 000,000,000 | ---D | M]

[2009/03/11 00:54:10 | 000,000,000 | ---D | M] -- C:\Users\Jen & Bill\AppData\Roaming\Mozilla\Extensions
[2010/07/09 18:57:20 | 000,000,000 | ---D | M] -- C:\Users\Jen & Bill\AppData\Roaming\Mozilla\Firefox\Profiles\j1md7pym.default\extensions
[2010/04/27 20:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jen & Bill\AppData\Roaming\Mozilla\Firefox\Profiles\j1md7pym.default\extensions\{1fbc217a-b88b-11db-8314-0800200c9a66}
[2010/04/27 20:49:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jen & Bill\AppData\Roaming\Mozilla\Firefox\Profiles\j1md7pym.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/04 14:51:58 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\Jen & Bill\AppData\Roaming\Mozilla\Firefox\Profiles\j1md7pym.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2008/03/03 14:27:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/11 00:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
O4 - HKCU..\Run: [wskinmtn] C:\Users\Jen & Bill\AppData\Local\xrjvletru\npmpjwntssd.exe ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 05:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1accd731-8b05-11dc-a5bf-00c0a8f10f0e}\Shell - "" = AutoRun
O33 - MountPoints2\{1accd731-8b05-11dc-a5bf-00c0a8f10f0e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: >{F1C40DA0-09DD-4FF1-9E21-8ABC779E7DFD} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: ccc-core-static - msiexec /fums {9EB1C655-331C-5034-CCF8-436FA4B4A3DA} /qb

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.JDCT - C:\Windows\System32\jl_jdct.drv (JEILIN Tech.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/07/10 17:05:22 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/07/10 16:40:44 | 000,000,000 | ---D | C] -- C:\Users\Jen & Bill\AppData\Local\xrjvletru
[2010/07/07 19:48:54 | 000,000,000 | ---D | C] -- C:\Users\Jen & Bill\AppData\Roaming\Guitar Pro 6
[2010/07/07 19:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6
[2010/07/07 19:16:14 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010/07/07 19:16:14 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010/07/07 19:16:12 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010/07/07 19:16:12 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010/07/07 19:16:12 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/07/07 19:16:12 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010/07/07 19:16:11 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/07/07 19:16:11 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010/07/07 19:16:11 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/07/07 19:16:11 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010/07/07 19:16:11 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/07/07 19:16:11 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/07/07 19:16:11 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/07/07 19:16:11 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/07/07 19:16:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010/07/07 19:16:10 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010/07/07 19:16:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/07/07 19:16:10 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010/07/07 19:16:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010/07/07 19:16:10 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/07/07 19:16:10 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010/07/07 19:16:09 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010/07/07 19:16:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010/07/07 19:16:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010/07/07 19:16:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010/07/07 19:16:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010/07/06 20:20:30 | 000,000,000 | ---D | C] -- C:\Users\Jen & Bill\AppData\Roaming\Magic Set Editor
[2010/07/02 13:56:10 | 000,000,000 | ---D | C] -- C:\Users\Jen & Bill\Desktop\the invasion 2
[2010/06/29 15:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\WB Games
[2010/06/28 17:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/28 17:52:50 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/28 17:52:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/28 17:52:49 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/23 09:03:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/06/23 09:03:09 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/21 18:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/06/17 20:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\IBM and Crayola
[2010/06/12 14:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/06/12 14:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/06/12 14:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/10 18:42:51 | 003,407,872 | -HS- | M] () -- C:\Users\Jen & Bill\ntuser.dat
[2010/07/10 18:31:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/10 17:30:58 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/10 17:30:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/10 17:30:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/10 17:30:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/10 17:30:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/10 17:29:49 | 000,524,288 | -HS- | M] () -- C:\Users\Jen & Bill\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/10 17:29:49 | 000,065,536 | -HS- | M] () -- C:\Users\Jen & Bill\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/10 17:29:21 | 002,952,804 | -H-- | M] () -- C:\Users\Jen & Bill\AppData\Local\IconCache.db
[2010/07/10 17:21:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/07/09 21:54:34 | 521,847,920 | ---- | M] () -- C:\Users\Jen & Bill\Documents\clip0008.avi
[2010/07/09 21:44:55 | 283,841,554 | ---- | M] () -- C:\Users\Jen & Bill\Documents\clip0007.avi
[2010/07/09 21:23:29 | 000,002,621 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2010/07/07 22:00:36 | 000,000,469 | ---- | M] () -- C:\Users\Jen & Bill\Documents\Water Set.mse-set
[2010/07/07 21:09:09 | 000,000,460 | ---- | M] () -- C:\Users\Jen & Bill\Documents\Water Set.mse-set.bak
[2010/07/07 11:58:07 | 000,305,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/06 21:08:40 | 000,001,629 | ---- | M] () -- C:\Users\Jen & Bill\Documents\Fire Set.mse-set
[2010/07/06 21:03:23 | 000,001,543 | ---- | M] () -- C:\Users\Jen & Bill\Documents\Fire Set.mse-set.bak
[2010/07/06 20:25:13 | 000,075,152 | ---- | M] () -- C:\Users\Jen & Bill\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/29 15:23:19 | 000,001,432 | ---- | M] () -- C:\Users\Jen & Bill\Desktop\background100.gif
[2010/06/29 15:22:43 | 000,000,924 | ---- | M] () -- C:\Users\Jen & Bill\Desktop\background94.gif
[2010/06/29 15:22:00 | 000,000,906 | ---- | M] () -- C:\Users\Jen & Bill\Desktop\background95.gif
[2010/06/29 14:24:22 | 000,025,088 | ---- | M] () -- C:\Users\Jen & Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/28 17:58:22 | 000,715,936 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/28 17:58:22 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/28 17:58:22 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/28 16:32:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/09 21:46:36 | 521,847,920 | ---- | C] () -- C:\Users\Jen & Bill\Documents\clip0008.avi
[2010/07/09 21:36:14 | 283,841,554 | ---- | C] () -- C:\Users\Jen & Bill\Documents\clip0007.avi
[2010/07/07 21:09:08 | 000,000,469 | ---- | C] () -- C:\Users\Jen & Bill\Documents\Water Set.mse-set
[2010/07/07 21:09:08 | 000,000,460 | ---- | C] () -- C:\Users\Jen & Bill\Documents\Water Set.mse-set.bak
[2010/07/06 20:35:21 | 000,001,629 | ---- | C] () -- C:\Users\Jen & Bill\Documents\Fire Set.mse-set
[2010/07/06 20:35:21 | 000,001,543 | ---- | C] () -- C:\Users\Jen & Bill\Documents\Fire Set.mse-set.bak
[2010/06/29 15:23:19 | 000,001,432 | ---- | C] () -- C:\Users\Jen & Bill\Desktop\background100.gif
[2010/06/29 15:22:43 | 000,000,924 | ---- | C] () -- C:\Users\Jen & Bill\Desktop\background94.gif
[2010/06/29 15:21:59 | 000,000,906 | ---- | C] () -- C:\Users\Jen & Bill\Desktop\background95.gif
[2010/04/02 10:32:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/26 14:47:37 | 000,118,784 | ---- | C] () -- C:\Windows\System32\PTTreeIcons.dll
[2010/02/17 19:20:40 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/24 21:15:57 | 000,000,078 | ---- | C] () -- C:\Windows\TONKA.INI
[2009/02/24 21:15:55 | 000,000,039 | ---- | C] () -- C:\Windows\encore_launcher.ini
[2009/01/23 21:16:47 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2007/05/28 14:41:02 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 03:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 02:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 03:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 03:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 03:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 03:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 03:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 03:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 03:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 03:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 03:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 03:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 03:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 03:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 03:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 03:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/05/01 10:13:48 | 002,037,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2006/12/28 06:29:56 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/03/26 14:47:38 | 000,000,035 | ---- | M] () -- C:\aa.txt
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/01/23 06:16:47 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/12/16 23:46:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/10/25 21:28:55 | 000,000,434 | -H-- | M] () -- C:\IPH.PH
[2008/12/16 23:46:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/10 17:30:32 | 2325,102,592 | -HS- | M] () -- C:\pagefile.sys
[2007/05/28 15:17:32 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2010/07/10 18:43:59 | 000,000,226 | ---- | M] () -- C:\rkill.log
[2009/03/11 00:40:58 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2007/05/28 15:20:00 | 000,000,000 | ---D | M] -- C:\Program Files\Acceller
[2007/05/28 15:22:44 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2007/05/28 15:12:20 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/03 16:53:29 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2007/05/28 15:19:36 | 000,000,000 | ---D | M] -- C:\Program Files\AOL 9.0
[2010/05/22 14:15:14 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/03/11 00:38:53 | 000,000,000 | ---D | M] -- C:\Program Files\Aspell
[2007/05/28 15:02:00 | 000,000,000 | ---D | M] -- C:\Program Files\ATi
[2007/05/28 15:03:42 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/06/24 18:20:08 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2009/03/26 19:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\Bullfrog
[2010/06/21 18:55:08 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/05/28 15:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/02/27 21:31:01 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2009/09/14 16:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2007/05/28 15:11:34 | 000,000,000 | ---D | M] -- C:\Program Files\Gateway
[2010/03/02 20:33:53 | 000,000,000 | ---D | M] -- C:\Program Files\Gateway Games
[2010/02/03 16:56:47 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/02/11 20:55:19 | 000,000,000 | ---D | M] -- C:\Program Files\Hasbro Interactive
[2010/06/04 14:51:58 | 000,000,000 | ---D | M] -- C:\Program Files\HyperCam Toolbar
[2010/06/17 20:20:16 | 000,000,000 | ---D | M] -- C:\Program Files\IBM and Crayola
[2010/02/26 19:03:41 | 000,000,000 | ---D | M] -- C:\Program Files\iMesh Applications
[2010/06/24 18:20:08 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/05/21 22:50:49 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/25 13:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\Interplay
[2007/05/28 15:19:29 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/03/26 14:48:16 | 000,000,000 | ---D | M] -- C:\Program Files\JL2005C
[2010/06/24 18:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\LucasArts
[2010/05/11 20:06:05 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/26 14:48:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mars
[2008/01/19 16:31:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/08/08 16:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2009/08/08 16:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/03 12:20:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/07/03 12:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/28 17:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/05/28 15:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2010/04/11 08:19:45 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/06/28 22:36:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/05/28 15:12:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2007/10/25 21:30:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/03/26 14:48:16 | 000,000,000 | ---D | M] -- C:\Program Files\MyDSC2
[2007/11/09 01:32:18 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2007/05/28 15:22:24 | 000,000,000 | ---D | M] -- C:\Program Files\NetZero
[2010/06/04 17:25:25 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2009/03/11 00:27:37 | 000,000,000 | ---D | M] -- C:\Program Files\Pidgin
[2008/01/19 16:25:56 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2010/05/14 17:24:17 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 1.6
[2010/05/22 14:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/05/21 22:52:50 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/05/28 15:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\REALTEK RTL8187 Wireless LAN Driver
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/06/24 18:48:09 | 000,000,000 | ---D | M] -- C:\Program Files\Shockwave.com
[2007/01/23 06:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\SIFXINST
[2007/05/28 15:07:02 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2009/05/19 12:05:07 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/03/26 14:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Star Wars Image Master
[2009/07/12 20:06:23 | 000,000,000 | ---D | M] -- C:\Program Files\StarWarsGalaxies
[2010/07/07 19:17:45 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2007/05/28 15:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2008/11/12 12:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\UI Central
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/02/17 19:20:45 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2007/10/25 21:26:47 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/06/29 15:43:19 | 000,000,000 | ---D | M] -- C:\Program Files\WB Games
[2010/04/11 08:19:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/04/11 08:19:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/04/11 08:19:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/04/11 08:19:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/06/14 10:27:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/04/11 08:19:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/04/11 08:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/04/19 20:39:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/04/11 08:19:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/05/19 14:14:42 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2009/03/11 00:41:07 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2010/06/05 12:28:18 | 000,000,194 | ---- | M] () -- C:\Users\Jen & Bill\AppData\Roaming\dmsettings.xml
[2007/11/18 03:24:26 | 000,000,102 | ---- | M] () -- C:\Users\Jen & Bill\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/25 21:24:59 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/25 21:24:59 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/25 21:24:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2007/10/25 21:40:53 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2007/10/25 21:40:53 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2007/10/25 21:40:53 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-08 14:32:50

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:A1DC9784
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:167A825D
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:53ABB239
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:30079599
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DDAC654B
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:AD7C3EFB
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:80ED6380
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:11926C9B
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:7715B65F
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:54C6AC6C
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:B30C439F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A988B257
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A9171F21
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CF2C9E8E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9C6A9B00
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:66A105B9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9371B810
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:79ED756E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:73828A71
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2C321309
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:A18431D9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:A1066970
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A5227364
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D37AE80B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:38269005
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:0C1D7085
< End of report >


Saulithyia

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Saulithyia on Sun 11 Jul 2010, 10:35 am

2nd one:

OTL Extras logfile created on: 7/10/2010 6:49:24 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Jen & Bill\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.41 Gb Total Space | 39.86 Gb Free Space | 28.80% Space Free | Partition Type: NTFS
Drive D: | 10.64 Gb Total Space | 4.58 Gb Free Space | 43.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Jen & Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2241623534-2856479081-2054934141-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1338506D-33C9-4A17-A83D-6F7610199043}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A031282-CEB5-42F3-8261-2FA6964D8296}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3FD39C2C-97FD-401A-A26D-9271ED83DEAF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{43C440FA-2D8C-4EF5-BD36-3EF393815981}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54219657-79E4-4366-AAA7-B5EE18D2F06F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7193948D-33D3-40BB-9371-E258D7C848AE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D593143-BFC7-45A1-9676-5B3D18828578}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DC5BE2A-234C-4D2C-AEC9-54031DCE9AAB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A857DCEB-4E71-4B03-8C1F-93159EE8239E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ACF574A3-8F92-441A-9459-65C3DD9B0D47}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5F5D498-4053-4FD9-96E8-3CF95B1A6CE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14116A90-E6A5-4DFB-B2EA-48BCAE81A619}" = protocol=6 | dir=out | app=system |
"{156DEA93-C9A3-4CFF-835C-E12559D27E2B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{267D889A-5ACE-42EE-AF37-1DA55E93BC46}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\xcom enforcer\system\xcom.exe |
"{2806DBC1-4F28-4A97-9E3E-CCFA714CCF74}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2925B830-B1C9-401F-9952-69A9398AF305}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{298FFFA4-6DCD-4F91-B8C0-8B41FDDA9910}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{2CFDCBA6-263A-4B8E-A757-B0029F01DB1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2D2B4618-3EB5-4894-A1BA-745EC42D898D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{38ACE887-B370-4043-83F4-C229CF9FFF9F}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{38D3DAA5-10ED-4897-BF1B-8EB83402365A}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{40E3A6F4-2962-4F40-9BE3-27FFB622445F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{44DC57C7-B0E1-4638-900F-FA4FBFAE20CC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{651AE812-00A7-4369-926F-7F84621C855F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A0D987D-C2C6-421A-8CD2-C73DDA1D49B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F229384-BAAE-4BBD-8270-1E7537B99371}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7074963E-1677-4AD7-9CF9-625E3208B2E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{76703F9C-060B-45B6-9640-A476B2ED74AF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{7E28173B-20E5-43BF-8653-F7CB23037704}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{89C01126-7B9C-44DB-BF15-01784275FFD7}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{95F99606-D184-4EF6-8F7F-2C096C7DBE45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC9B1CC1-6413-43D2-8A21-D0482B087410}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\xcom enforcer\system\xcom.exe |
"{AEF58107-4295-443A-AC27-0D88FF527A80}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{AFF2C01B-0F4C-4218-9E82-02EE624DB206}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B54CF802-33B8-4D0C-91F9-4E336FB9DDA1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B794B6EA-928B-4918-903B-B72F4BD81BC1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{C7EBCB2F-9906-42C7-A7EB-FE484FD7CABA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE6BBC41-F0E0-42A4-8B11-090B23FC731B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\xcom apocalypse\dosbox.exe |
"{CFA594AE-6D3F-4C83-A50E-73EBCBF07284}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E34E2E2B-556F-4077-A77C-4FEE4E0EBC07}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{E381B914-483A-4739-AD26-F802B21D1D86}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F41CBA8F-7326-43A2-B547-CCB1DD6C9AFB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\xcom apocalypse\dosbox.exe |
"{F4D698EE-8205-4781-A7FE-C958C8789304}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"TCP Query User{07F2AFE9-6BBD-4B4B-958B-8271C13460A9}C:\program files\gateway games\penguins arena\penguinsarena.exe" = protocol=6 | dir=in | app=c:\program files\gateway games\penguins arena\penguinsarena.exe |
"TCP Query User{19C53F83-7C56-4CA4-A2E4-789104B7A015}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{2BA732C1-9253-41F9-B349-DF4FB7E44102}C:\program files\lucasarts\star wars galactic battlegrounds\game\battlegrounds.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds\game\battlegrounds.exe |
"TCP Query User{37E0D764-94D8-4DAE-9E4E-487D68822B7D}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"TCP Query User{3912AB6C-BAE7-4D75-96EF-11B30A18ECB8}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{3EACEFDA-0DE4-4728-B650-AB202BF0F270}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"TCP Query User{4089DDE6-5BE8-4CEE-9ED1-172C5AD4A932}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{6462B7C6-CFB2-486F-B647-610C5095F568}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{69621C21-9F7E-40AA-A5ED-AD0896249019}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{7D90A543-82F6-4518-9FF9-D530E3B4A5B0}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{802855B5-D45E-4D17-A80D-F69C87471A1C}C:\program files\gateway games\penguins arena\penguinsarena.exe" = protocol=6 | dir=in | app=c:\program files\gateway games\penguins arena\penguinsarena.exe |
"TCP Query User{9630D45B-4B65-456F-95FD-134330AC010D}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{C2F60E0E-A435-401C-AD78-A13FF51EB877}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DC8AF234-82B0-461F-A291-7BB517F5CC84}C:\program files\steam\steamapps\common\xcom enforcer\system\xcom.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\xcom enforcer\system\xcom.exe |
"TCP Query User{F5ACD974-6B5D-4C17-8FAA-CC225A820F0F}C:\program files\lucasarts\star wars galactic battlegrounds\game\battlegrounds.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds\game\battlegrounds.exe |
"TCP Query User{F8993CC4-471E-4359-A5F4-906C0FA5D1AC}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{2269459A-6129-4A2F-889D-B81920E89319}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{52CD3D1A-9511-4262-B0FE-D0E5B1C13C75}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{647908A8-0825-4843-B445-0DAEF474335D}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{68950CD7-47FE-4E64-95EB-77953D88D3C7}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{6F90D689-4561-4A45-8190-7FD436DA68D7}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"UDP Query User{773BECFD-5606-4ADE-ADA3-2A31C2408FF2}C:\program files\lucasarts\star wars galactic battlegrounds\game\battlegrounds.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds\game\battlegrounds.exe |
"UDP Query User{7A901025-150C-484A-B496-48F72FCE8CE5}C:\program files\steam\steamapps\common\xcom enforcer\system\xcom.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\xcom enforcer\system\xcom.exe |
"UDP Query User{8049B1E3-C1CB-4135-A3FC-AA95A64F8145}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{843CF1C2-733E-4F2C-B3A6-A82C791D3098}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{8E16B6FA-07A0-418A-AA8D-2371AE0FCA94}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{9958E076-2E41-418F-B439-274DCEEF6F15}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"UDP Query User{9CDADC45-B789-4F84-ABD0-CA782EF5AE78}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{B982A018-03A7-4917-A5E2-E7C44E141BFF}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{BDA266E7-0EA2-4292-82A5-4ADA514940BE}C:\program files\gateway games\penguins arena\penguinsarena.exe" = protocol=17 | dir=in | app=c:\program files\gateway games\penguins arena\penguinsarena.exe |
"UDP Query User{C3E8AF86-3364-42AC-872F-95D8B2CEEB56}C:\program files\lucasarts\star wars galactic battlegrounds\game\battlegrounds.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds\game\battlegrounds.exe |
"UDP Query User{D4D11932-EBE2-4FDD-B52D-3CE822374264}C:\program files\gateway games\penguins arena\penguinsarena.exe" = protocol=17 | dir=in | app=c:\program files\gateway games\penguins arena\penguinsarena.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK RTL8187 Wireless LAN Driver
"{082D9EBA-BA0C-E6CE-DF60-F450D3B4C427}" = CCC Help Dutch
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{0E55C4CC-6543-63A3-96D9-0BD0E72C0CF5}" = ccc-localization-da
"{0E7D2293-9FAA-1322-0294-ABE2F86AC3F6}" = Catalyst Control Center Localization Czech
"{0ED5203A-41A3-1ED9-A413-23A656011945}" = Catalyst Control Center Core Implementation
"{1011C9E2-B8A8-C5CC-CAA1-CEC7B072389A}" = Catalyst Control Center Localization Arabic
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6 Demo
"{16891F82-D618-EF86-7F38-9FE19874357E}" = Catalyst Control Center Graphics Previews Vista
"{16A9A137-9100-AFB0-E944-05351D0D6154}" = CCC Help Swedish
"{1E6727FE-9FBE-50FA-FCE1-4290F0CB68F2}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26D9EF97-45C1-D508-1EE7-CE4004287255}" = CCC Help Norwegian
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B5CE128-136C-78CB-C612-6D8C51E8C327}" = CCC Help Polish
"{2E302857-945A-0610-D455-88E1BD0B5C44}" = Catalyst Control Center Localization Chinese Traditional
"{2EF1BDD0-02F1-4D2D-1D42-D02D1ABE1522}" = Catalyst Control Center Localization Arabic
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{355845B8-4352-6D7E-2C6B-CACD91297B1C}" = CCC Help Spanish
"{3733D893-EBBF-6A31-EF05-086E66FC3D9E}" = CCC Help English
"{37CC93E9-6560-9FE3-B07B-4883A4BFD8CC}" = Catalyst Control Center Localization Greek
"{37E346C8-E0CE-4BB0-9431-AB184CC1CDFE}" = CCG Maker
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{408A092D-40C9-D97F-8468-44A409C23F32}" = Catalyst Control Center Localization German
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{43B5E32B-6518-E34B-E691-BDDDC8F7099B}" = Catalyst Control Center Localization Arabic
"{4A0AEE30-988F-AE8C-5269-2FD262D68A22}" = ccc-utility
"{4CD72BE1-78B0-A817-D273-9C3257C1927E}" = CCC Help Danish
"{4E139886-91CE-3923-AE4A-70047CD4E6F9}" = CCC Help Korean
"{53298391-2283-737E-426A-47406AF9C9BF}" = CCC Help Chinese Traditional
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56069453-23FA-FB2A-613B-0739874F2664}" = CCC Help French
"{59BB72CD-9519-C50D-DFDF-9454503FD291}" = Catalyst Control Center Localization Finnish
"{5ACDC2AD-8424-491E-53B6-43839CBC6E21}" = Catalyst Control Center Localization Spanish
"{5AECAA2C-2D43-5DE6-5FA7-B17F0C99238D}" = Catalyst Control Center Graphics Full Existing
"{5C758C75-E8A6-3CBD-F78B-36568FD3D588}" = CCC Help Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65FA2ED6-F6A6-B6D1-D342-3DD6FC1CF235}" = CCC Help Japanese
"{68C192DD-3270-615F-8073-CFAEF47C350C}" = CCC Help Czech
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6C317D5D-E09E-CEAB-9900-AC55EEB06381}" = Catalyst Control Center Localization Arabic
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E22AFBF-D6AC-DB16-4EDA-05D79EB8972B}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7EF5E936-F6E3-ED2D-D897-D019F93BFED3}" = Catalyst Control Center Localization Japanese
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{80D1F147-58DE-59DF-959A-2B2DA16304B2}" = CCC Help Finnish
"{827A23C2-5F06-D673-E06A-13C8FE4A6313}" = Catalyst Control Center Localization Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{847D5140-1D9A-AD4D-A383-D8A76AC9FAA6}" = Catalyst Control Center Localization Korean
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9046E7F5-F4C0-E330-C79E-0AE7FBEEE87F}" = Catalyst Control Center Graphics Full New
"{905E2D3F-A433-5A0C-534E-D3812F344003}" = Catalyst Control Center Localization Hungarian
"{91B3BEC8-748B-4912-82ED-29D38E140B2A}" = Linkit_eBay
"{92628887-5BBC-EBE4-4AE4-017FF30C87D1}" = CCC Help Turkish
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9EB1C655-331C-5034-CCF8-436FA4B4A3DA}" = ccc-core-static
"{A202BDBA-753F-41B9-B649-CFB0B45FC03E}" = Star Wars Galactic Battlegrounds
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B036B9C2-FD5D-AC72-A873-9DADFC039142}" = CCC Help Italian
"{B27E389E-7F8B-7F66-2370-D15814FE7946}" = CCC Help Chinese Standard
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C6F6B84A-5905-FBFE-2884-2F9D954B23AA}" = CCC Help Greek
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.2.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4135FD2-8B19-0B8E-A7D3-5102077E8177}" = Skins
"{DA43CFF6-91F4-CD70-4FE6-B0872B0A728B}" = Catalyst Control Center Localization Chinese Standard
"{E213AB89-3ABA-0318-E05E-CD44794E5372}" = Catalyst Control Center Localization Arabic
"{E341A22D-80F7-946D-9131-B03684195564}" = Catalyst Control Center Localization French
"{E4382B39-C869-D696-6A53-E3D677242626}" = CCC Help German
"{E452AE0E-C9AF-CF4A-09A3-A6C110512C8A}" = Catalyst Control Center Localization Arabic
"{E5016937-B03B-17BB-7708-051AB5A92EBC}" = CCC Help Portuguese
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{EF958332-BBFF-75BA-6852-8C2939CE1972}" = CCC Help Hungarian
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F39CAF22-C695-D655-D469-F432AF5A42D2}" = Catalyst Control Center Localization Arabic
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FCD9FF6C-CB0C-BD3A-4A21-8A06B8489CF6}" = Catalyst Control Center Localization Arabic
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Uninstaller" = ATI Uninstaller
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"Burger Shop" = Burger Shop
"CamStudio" = CamStudio
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"Dungeon Keeper II" = Dungeon Keeper 2
"FE1DFAE4-5EA6-42DC-AAF6-D870FEF0E558" = Super Mario Bros. X
"Game Maker 8.0" = Game Maker 8.0
"Google Chrome" = Google Chrome
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Magic Set Editor 2_is1" = Magic Set Editor 2 - 0.3.8 beta
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"My Tribe" = My Tribe
"Mystery of Shark Island™" = Mystery of Shark Island™
"Neverland" = Neverland
"Orchard" = Orchard
"Pidgin" = Pidgin
"RealPlayer 12.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Shopmania" = Shopmania
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Speed Racer - The Great Plan" = Speed Racer - The Great Plan
"SpongeBob(TM) Obstacle Odyssey" = SpongeBob(TM) Obstacle Odyssey
"StarWars" = Star Wars Image Master
"Steam App 7650" = X-COM: Terror from the Deep
"Steam App 7660" = X-COM: Apocalypse
"Steam App 7760" = X-COM: UFO Defense
"Steam App 7770" = X-COM: Enforcer
"Supercow" = Supercow
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vehicle Voyages" = Vehicle Voyages
"ViewpointMediaPlayer" = Viewpoint Media Player
"Westward® III: Gold Rush" = Westward® III: Gold Rush
"WildTangent gateway Master Uninstall" = Gateway Games
"World of Warcraft" = World of Warcraft
"WT079516" = Deer Drive
"WT085946" = Where's Waldo The Fantastic Journey
"ZC2.10w" = Zelda Classic 2.10w
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Jen & Bill
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2010 4:24:56 PM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/2/2010 4:24:56 PM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/2/2010 4:24:56 PM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/2/2010 4:24:56 PM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/2/2010 4:24:57 PM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/2/2010 4:24:58 PM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/2/2010 4:24:58 PM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/2/2010 4:24:58 PM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/2/2010 4:24:58 PM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/2/2010 4:24:58 PM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 11/22/2007 12:10:25 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/27/2007 12:57:22 AM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/27/2007 2:47:55 AM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/3/2007 4:43:27 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 7/6/2010 6:50:15 AM | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =

Error - 7/6/2010 11:19:51 PM | Computer Name = Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 7/6/2010 11:19:54 PM | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =

Error - 7/7/2010 3:11:02 PM | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =

Error - 7/7/2010 5:17:30 PM | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:15:34 PM on 7/7/2010 was unexpected.

Error - 7/7/2010 10:43:38 PM | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =

Error - 7/8/2010 9:45:30 PM | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =

Error - 7/9/2010 11:10:23 PM | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =

Error - 7/10/2010 3:17:29 PM | Computer Name = Laptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 7/10/2010 5:29:22 PM | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =


< End of report >

Saulithyia

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Sneakyone on Sun 11 Jul 2010, 10:54 am

Hi,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    O4 - HKLM..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe File not found
    O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
    O4 - HKCU..\Run: [] File not found
    O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
    O4 - HKCU..\Run: [wskinmtn] C:\Users\Jen & Bill\AppData\Local\xrjvletru\npmpjwntssd.exe ()

    :files
    C:\Users\Jen & Bill\AppData\Local\xrjvletru

    :commands
    [emptytemp]
    [resethosts]
    [reboot]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If this fix becomes unresponsive, please move on to ComboFix.

========

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Saulithyia on Sun 11 Jul 2010, 11:10 am

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BigFix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NapsterShell deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wskinmtn deleted successfully.
C:\Users\Jen & Bill\AppData\Local\xrjvletru\npmpjwntssd.exe moved successfully.
========== FILES ==========
C:\Users\Jen & Bill\AppData\Local\xrjvletru folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jen & Bill
->Temp folder emptied: 177464678 bytes
->Temporary Internet Files folder emptied: 121628361 bytes
->Java cache emptied: 14013356 bytes
->FireFox cache emptied: 41960356 bytes
->Google Chrome cache emptied: 6140239 bytes
->Flash cache emptied: 2776578 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7563675587 bytes
RecycleBin emptied: 786459 bytes

Total Files Cleaned = 7,561.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07102010_200032

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Saulithyia

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Sneakyone on Sun 11 Jul 2010, 11:29 am

Hi,

Please run ComboFix, the instructions are in the same post as the OTL fix.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Saulithyia on Sun 11 Jul 2010, 12:03 pm

ComboFix 10-07-10.01 - Jen & Bill 07/10/2010 20:42:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1060 [GMT -4:00]
Running from: c:\users\Jen & Bill\Downloads\commy.exe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\HyperCam Toolbar\tbHElper.dll
c:\programdata\Windows
c:\users\Jen & Bill\AppData\Local\syssvc.exe
c:\windows\system32\Ijl11.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-11 00:00 . 2010-07-11 00:00 -------- d-----w- C:\_OTL
2010-07-10 21:05 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-07 23:48 . 2010-07-07 23:48 -------- d-----w- c:\users\Jen & Bill\AppData\Roaming\Guitar Pro 6
2010-07-07 23:48 . 2010-07-07 23:48 -------- d-----w- c:\programdata\Guitar Pro 6
2010-07-07 00:20 . 2010-07-07 01:08 -------- d-----w- c:\users\Jen & Bill\AppData\Roaming\Magic Set Editor
2010-07-07 00:08 . 2010-07-07 00:08 2238 ----a-r- c:\users\Jen & Bill\AppData\Roaming\Microsoft\Installer\{37E346C8-E0CE-4BB0-9431-AB184CC1CDFE}\_78a021c4.exe
2010-07-07 00:08 . 2010-07-07 00:08 2238 ----a-r- c:\users\Jen & Bill\AppData\Roaming\Microsoft\Installer\{37E346C8-E0CE-4BB0-9431-AB184CC1CDFE}\_5ffc7ddb.exe
2010-06-29 19:43 . 2010-06-29 19:43 -------- d-----w- c:\program files\WB Games
2010-06-28 21:54 . 2010-06-28 21:54 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 21:52 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-28 21:52 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-28 21:52 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-28 21:52 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-28 21:52 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 13:03 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 13:03 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 22:55 . 2010-06-21 22:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-20 03:57 . 2010-06-20 03:57 2157 ----a-w- c:\users\Jen & Bill\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-06-20 03:57 . 2010-06-20 03:57 2095 ----a-w- c:\users\Jen & Bill\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
2010-06-18 00:20 . 2010-06-18 00:20 -------- d-----w- c:\program files\IBM and Crayola
2010-06-12 18:18 . 2010-06-24 22:43 -------- d-----w- c:\programdata\Norton
2010-06-12 18:18 . 2010-06-24 22:43 -------- d-----w- c:\programdata\Symantec
2010-06-12 18:18 . 2010-06-12 18:18 -------- d-----w- c:\programdata\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 00:50 . 2010-06-04 18:51 -------- d-----w- c:\program files\HyperCam Toolbar
2010-07-07 23:17 . 2009-01-20 01:31 -------- d-----w- c:\program files\Steam
2010-07-07 21:12 . 2009-01-20 01:31 -------- d-----w- c:\program files\Common Files\Steam
2010-07-07 00:25 . 2007-10-26 01:10 75152 ----a-w- c:\users\Jen & Bill\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-03 16:46 . 2007-05-28 19:16 -------- d-----w- c:\program files\Microsoft Works
2010-07-03 16:20 . 2009-10-21 17:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-29 19:27 . 2008-05-07 02:46 2319072 ----a-w- c:\programdata\WildTangent\Gateway Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2010-06-28 20:57 . 2010-02-03 20:54 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-02-03 20:55 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-02-03 20:55 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-02-03 20:55 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-02-03 20:55 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-02-03 20:55 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 20:27 . 2010-02-04 00:46 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-06-24 22:48 . 2008-03-03 19:27 -------- d-----w- c:\program files\Shockwave.com
2010-06-24 22:39 . 2009-01-11 02:52 -------- d-----w- c:\program files\LucasArts
2010-06-24 22:20 . 2007-05-28 19:24 -------- d-----w- c:\program files\BigFix
2010-06-24 22:20 . 2007-05-28 19:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-20 04:38 . 2009-03-11 04:29 -------- d-----w- c:\users\Jen & Bill\AppData\Roaming\.purple
2010-06-14 14:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 23:26 . 2007-11-04 18:47 -------- d-----w- c:\users\Jen & Bill\AppData\Roaming\U3
2010-06-04 21:25 . 2010-03-01 16:32 -------- d-----w- c:\program files\Paint.NET
2010-05-26 17:06 . 2010-06-08 22:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-08 22:16 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-25 14:30 . 2010-05-25 14:30 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-22 18:17 . 2010-05-22 18:17 -------- d-----w- c:\users\Jen & Bill\AppData\Roaming\Apple Computer
2010-05-22 18:17 . 2010-05-22 18:16 -------- d-----w- c:\program files\QuickTime
2010-05-22 18:16 . 2010-05-22 18:16 -------- d-----w- c:\programdata\Apple Computer
2010-05-22 18:15 . 2010-05-22 18:15 -------- d-----w- c:\program files\Common Files\Apple
2010-05-22 18:15 . 2010-05-22 18:15 -------- d-----w- c:\program files\Apple Software Update
2010-05-22 18:15 . 2010-05-22 18:15 -------- d-----w- c:\programdata\Apple
2010-05-22 02:53 . 2010-05-22 02:53 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-22 02:53 . 2010-05-22 02:53 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-22 02:53 . 2010-05-22 02:53 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-22 02:53 . 2010-05-22 02:53 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-22 02:53 . 2010-05-22 02:53 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-22 02:53 . 2010-05-22 02:53 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-22 02:53 . 2010-05-22 02:53 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-22 02:53 . 2010-05-22 02:53 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-22 02:53 . 2010-05-22 02:53 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-22 02:53 . 2010-05-22 02:52 -------- d-----w- c:\program files\Common Files\Real
2010-05-22 02:52 . 2010-05-22 02:52 -------- d-----w- c:\program files\Real
2010-05-22 02:52 . 2010-05-22 02:52 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-21 18:14 . 2010-01-09 01:08 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-14 21:24 . 2010-05-14 21:24 8854 ----a-r- c:\users\Jen & Bill\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-05-14 21:24 . 2010-05-14 21:24 40960 ----a-r- c:\users\Jen & Bill\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-05-14 21:24 . 2010-05-14 21:24 40960 ----a-r- c:\users\Jen & Bill\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-05-14 21:24 . 2010-05-14 21:24 -------- d-----w- c:\program files\Project64 1.6
2010-05-04 19:15 . 2010-06-08 22:16 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-08 22:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-03 14:33 . 2010-06-04 18:51 1072536 ----a-w- c:\program files\HyCam2.exe
2010-05-03 14:30 . 2010-06-04 18:51 132096 ----a-w- c:\program files\CamRes2.dll
2010-05-01 14:13 . 2010-06-08 22:15 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-12 00:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-12 00:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 20:18 . 2010-06-04 18:51 44032 ----a-w- c:\program files\MClick2.dll
2010-04-26 20:05 . 2010-06-04 18:51 78248 ----a-w- c:\program files\UnHyCam2.exe
2010-04-26 14:08 . 2010-06-04 18:51 5784 ----a-w- c:\program files\HyCam2.tlb
2010-04-23 14:13 . 2010-05-30 00:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 00:39 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-16 16:43 . 2010-06-23 13:03 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 13:03 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 13:03 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 13:03 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-03-12 16:55 . 2010-06-04 18:51 115216 ----a-w- c:\program files\HyCam2.chm
2008-05-23 15:08 . 2010-06-04 18:51 3271 ----a-w- c:\program files\agreement.txt
2006-07-09 09:13 . 2010-06-04 18:51 82 ----a-w- c:\program files\HomePage.url
2004-05-05 16:57 . 2010-06-04 18:51 2018 ----a-w- c:\program files\readme.txt
1999-06-24 15:49 . 2010-06-04 18:51 421 ----a-w- c:\program files\8-44100u.wav
1999-06-24 15:49 . 2010-06-04 18:51 587 ----a-w- c:\program files\8-44100d.wav
1999-06-24 15:47 . 2010-06-04 18:51 225 ----a-w- c:\program files\8-22050u.wav
1999-06-24 15:47 . 2010-06-04 18:51 317 ----a-w- c:\program files\8-22050d.wav
1999-06-24 15:46 . 2010-06-04 18:51 135 ----a-w- c:\program files\8-11025u.wav
1999-06-24 15:46 . 2010-06-04 18:51 183 ----a-w- c:\program files\8-11025d.wav
1999-06-24 15:44 . 2010-06-04 18:51 127 ----a-w- c:\program files\8-8000u.wav
1999-06-24 15:43 . 2010-06-04 18:51 151 ----a-w- c:\program files\8-8000d.wav
1999-06-24 15:41 . 2010-06-04 18:51 220 ----a-w- c:\program files\16-8000u.wav
1999-06-24 15:40 . 2010-06-04 18:51 260 ----a-w- c:\program files\16-8000d.wav
1999-06-24 15:38 . 2010-06-04 18:51 956 ----a-w- c:\program files\16-44100u.wav
1999-06-24 15:37 . 2010-06-04 18:51 1186 ----a-w- c:\program files\16-44100d.wav
1999-06-24 15:34 . 2010-06-04 18:51 442 ----a-w- c:\program files\16-22050u.wav
1999-06-24 15:34 . 2010-06-04 18:51 652 ----a-w- c:\program files\16-22050d.wav
1999-06-24 14:54 . 2010-06-04 18:51 340 ----a-w- c:\program files\16-11025d.wav
1999-06-24 14:50 . 2010-06-04 18:51 326 ----a-w- c:\program files\16-11025u.wav
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-22 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):40,88,34,98,72,d9,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2241623534-2856479081-2054934141-1000]
"EnableNotificationsRef"=dword:00000003

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-01-30 205312]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 20:55]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 20:55]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jen & Bill\AppData\Roaming\Mozilla\Firefox\Profiles\j1md7pym.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Jen & Bill\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

ActiveSetup-ccc-core-static - msiexec
AddRemove-FE1DFAE4-5EA6-42DC-AAF6-D870FEF0E558 - c:\users\Jen & Bill\Desktop\Mario SMBX\uninstall.exe
AddRemove-{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1 - c:\users\Jen & Bill\Desktop\Danny's Folder\Mario SMBX\SMBX\unins000.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2241623534-2856479081-2054934141-1000\Software\SecuROM\License information*]
"datasecu"=hex:1b,26,6e,30,b1,89,90,21,ba,0c,77,15,1a,0c,5f,96,45,5e,b2,8e,60,
ee,76,9f,87,91,5e,73,7c,a9,9b,a7,f4,ce,06,c8,17,7f,d0,bc,5b,23,2b,22,20,b3,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-07-10 20:56:29
ComboFix-quarantined-files.txt 2010-07-11 00:56

Pre-Run: 50,477,002,752 bytes free
Post-Run: 51,101,761,536 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - CEDF09B8C2FA2D4DA8E28A4709032107

Saulithyia

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Sneakyone on Sun 11 Jul 2010, 12:10 pm

Hi,

You have or had what has been identified as a flash drive infection.

Please download Flash_Disinfector from HERE

  • First, download it to your desktop.
  • Now double click it to run it and will tell it you what to do when you open it.
  • It will temporarily kill explorer.exe and your desktop will go blank.
  • Let Flash_Disinfector do it's job and it will restart explorer.exe for you.
  • It will make a dummy autorun.inf in the root of every drive.
  • You can now delete Flash_Disinfector.exe.


=========

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Saulithyia on Sun 11 Jul 2010, 12:30 pm

Downloaded the Flash Disinfector, but it won't open.

Saulithyia

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Sneakyone on Sun 11 Jul 2010, 12:32 pm

Hi,

Please go ahead with Malwarebytes then.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Saulithyia on Sun 11 Jul 2010, 3:10 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4301

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

7/10/2010 11:48:56 PM
mbam-log-2010-07-10 (23-48-56).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 390668
Time elapsed: 2 hour(s), 3 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\HyperCam Toolbar\somoto.dll (Adware.EcoBar) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Jen & Bill\AppData\Local\syssvc.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Jen & Bill\AppData\Local\wniatodnm\nxtowvrtssd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\07102010_200032\C_Users\Jen & Bill\AppData\Local\xrjvletru\npmpjwntssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Saulithyia

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Sneakyone on Sun 11 Jul 2010, 3:43 pm

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Saulithyia on Mon 12 Jul 2010, 4:01 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Saulithyia

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Sneakyone on Mon 12 Jul 2010, 4:42 am

Hi,

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


=====

Update Programs
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

======

Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun XP or Vista/7

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

10. Always keep your Java and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit [You must be registered and logged in to see this link.]

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Saulithyia on Mon 12 Jul 2010, 7:01 am

Thank you! Everything seems to be in clean, working order!

Saulithyia

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Sneakyone on Mon 12 Jul 2010, 7:06 am

You're Welcome, glad I could help.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: BankerA.Fox and Win32/Nuqel.E and others

Post by Sponsored content Today at 4:16 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum