Win32/Nuqel.E help

View previous topic View next topic Go down

Win32/Nuqel.E help

Post by drenee on 30th August 2010, 9:50 pm

I've spent the last two hours online looking through forums trying to find a solution. Every single link that is post for programs that will help either doesn't load the page or once the .exe file is downloaded refuses to run because it is infected.

I tried to run the OTL as requested in the information here, but it will not run either. Am searching for suggestions.

Windows XP. The only browser I can get to run is Firefox. Control Panel will not run. I ran Avast and it found no errors. AVG, Spyware and Adaware will not run.

Just as a side note - this first happened a week ago, I rebooted the computer into safe mode, ran AVG and it found nothing, so rebooted into normal mode and ran AVG and AVast overnight. AVG found 5 trojan viruses and Avast found 14. They all went into quarantine and I didn't have the problem again with the Win32/Nuqel.E until today.



drenee
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-08-30
OS OS : xp
Points Points : 23068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by Belahzur on 1st September 2010, 12:35 am

Hello.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.



Try OTL now, see if it works.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by drenee on 1st September 2010, 1:15 am

OTL ran fine tonight - am attaching the txt file it gave me.

drenee
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-08-30
OS OS : xp
Points Points : 23068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by Belahzur on 1st September 2010, 11:40 pm

No attachment in your post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by drenee on 1st September 2010, 11:45 pm

I am breaking this into two posts, the forum asked me to send it as an attachment last night because it was too big to post:

OTL logfile created on: 8/31/2010 7:59:49 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 37.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 51.17 Gb Free Space | 68.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MEAGAIN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/30 16:41:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2010/07/16 09:11:07 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 09:11:02 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 09:11:02 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 09:10:59 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 09:10:05 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 09:10:04 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/06 23:06:45 | 000,116,024 | ---- | M] (Flock, Inc.) -- C:\Program Files\Flock\flock.exe
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/26 08:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/03/01 12:38:44 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 12:38:42 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/04/12 15:31:34 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/30 16:41:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
MOD - [2010/05/26 08:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/16 09:10:59 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/26 08:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/01 12:38:42 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2010/07/16 09:11:04 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 09:10:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/02 10:23:19 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/26 08:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/04/26 13:50:32 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/07/26 10:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2004/06/10 09:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)
DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 00:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/22 13:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 09:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 09:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/06/30 20:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 10:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

drenee
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-08-30
OS OS : xp
Points Points : 23068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by drenee on 1st September 2010, 11:45 pm


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Customized Web Search"
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: {2104C0F5-952D-443c-AFCD-8F892F991F55}:2.0.0.0
FF - prefs.js..extensions.enabledItems: {fa8cb1bd-1442-439c-8225-b8b16983d9b7}:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.6.6.117
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 08:43:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/05 21:59:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/08/12 06:41:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components [2010/07/30 19:07:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/07/29 08:05:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2010/07/30 19:07:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/07/29 08:05:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/29 08:05:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/29 08:05:58 | 000,000,000 | ---D | M]

[2010/04/12 17:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/04/12 17:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/08/30 16:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions
[2010/02/22 16:05:57 | 000,000,000 | ---D | M] (Charter Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{2104C0F5-952D-443c-AFCD-8F892F991F55}
[2009/04/12 15:59:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/08 06:14:10 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2009/11/08 13:00:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/12 15:28:18 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/08/25 00:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/02/22 16:05:56 | 000,000,000 | ---D | M] (Charter Update) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{fa8cb1bd-1442-439c-8225-b8b16983d9b7}
[2009/04/12 15:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\morningCoffee@shaneliesegang
[2010/06/05 22:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\toolbar@ask.com
[2010/06/08 23:00:34 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\searchplugins\conduit.xml
[2010/08/30 16:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/09/03 11:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 97.81.22.195 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.189,93.188.166.189
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/11 22:04:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Corel Registration.lnk - C:\Program Files\Corel\Graphics9\Register\Remind32.exe - (IntelliQuest Communications, Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Lexmark 1200 Series - hkey= - key= - C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (77982179300212736)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/31 08:05:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/31 08:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/31 08:05:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/31 08:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/31 08:03:28 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/08/31 07:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/31 07:23:02 | 036,317,320 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\7.0.0.543e-sdsetup-Revenue(207).exe
[2010/08/30 17:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\from desktop
[2010/08/30 16:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\avenger
[2010/08/30 16:41:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2010/08/30 16:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\booths
[2010/08/30 15:48:45 | 000,292,352 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Owner\Desktop\STOPzilla_Setup.exe
[2010/08/30 14:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\eflybdhl
[2010/08/25 21:53:52 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/25 21:53:49 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/25 21:53:45 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/25 21:53:40 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/25 21:53:35 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/25 21:53:35 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/25 21:53:35 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/25 21:52:57 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/25 21:52:54 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/25 21:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/25 21:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/25 21:13:40 | 001,870,496 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher(2).exe
[2010/08/25 00:54:47 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\Owner\Desktop\cwshredder.exe
[2010/08/25 00:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2010/08/24 22:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ohjslqgvy
[2010/08/22 11:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\railroad info
[2010/08/21 17:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\last-soundtrack_brown-bear-funk
[2010/08/21 17:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\divide-by-zero_two-turtle-doves
[2010/08/21 17:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\anke-art_acki-preschool
[2010/08/13 08:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\work
[2010/08/10 22:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Walmart MP3 Music Downloads
[2010/08/10 22:09:38 | 000,977,304 | ---- | C] (Walmart.com) -- C:\Documents and Settings\Owner\My Documents\walmart-downloadManager-1.6.4.4.exe
[2010/08/03 20:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo!
[2010/08/03 20:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/02/22 16:00:10 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[2002/04/11 02:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/31 20:01:08 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/08/31 19:44:21 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2010/08/31 19:43:00 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/31 19:13:00 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/31 19:02:05 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1229272821-725345543-1003UA.job
[2010/08/31 18:04:09 | 064,139,718 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/31 08:50:57 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\kmoh.job
[2010/08/31 08:50:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/31 08:50:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/31 08:44:02 | 000,971,782 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avenger.zip
[2010/08/31 08:34:21 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/31 08:33:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/31 08:05:29 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/31 08:03:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/08/31 07:34:05 | 036,317,320 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\7.0.0.543e-sdsetup-Revenue(207).exe
[2010/08/30 20:02:32 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1229272821-725345543-1003Core.job
[2010/08/30 17:04:04 | 001,786,428 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2010/08/30 16:41:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2010/08/30 16:10:26 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe
[2010/08/30 15:48:43 | 000,292,352 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Owner\Desktop\STOPzilla_Setup.exe
[2010/08/30 11:38:03 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/29 17:30:43 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/08/29 17:28:34 | 000,104,362 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\spoon1_do1.jpg
[2010/08/29 14:12:14 | 000,081,983 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\img_0862.jpg
[2010/08/29 14:09:39 | 002,740,930 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\showsigns.cdr
[2010/08/29 14:08:40 | 002,740,906 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Backup_of_showsigns.cdr
[2010/08/26 17:14:12 | 000,055,081 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dragon_01_clip.gif
[2010/08/26 17:12:39 | 000,050,239 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dragon2.psp
[2010/08/26 17:08:43 | 000,567,167 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dragon 1.psp
[2010/08/25 21:53:54 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/25 21:53:36 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/25 21:42:11 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2010/08/25 21:13:26 | 001,870,496 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher(2).exe
[2010/08/25 20:44:59 | 002,205,456 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/25 01:08:23 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\Owner\Desktop\cwshredder.exe
[2010/08/24 23:32:50 | 000,055,808 | RHS- | M] () -- C:\WINDOWS\System32\quartzc.dll
[2010/08/24 20:20:00 | 000,010,457 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Image1.jpg
[2010/08/24 20:19:39 | 000,019,502 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Image1.psp
[2010/08/23 18:24:58 | 000,022,046 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Watermelon-Daisies-Glass-lo-res.jpg
[2010/08/22 08:37:07 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/08/22 08:32:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/22 08:32:08 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to HousecallLauncher.exe.lnk
[2010/08/22 08:27:04 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/21 20:19:12 | 000,100,349 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Lorrainefinal002.jpg
[2010/08/21 17:19:11 | 000,094,816 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\last-soundtrack_brown-bear-funk.zip
[2010/08/21 17:18:17 | 000,020,164 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\anke-art_acki-preschool.zip
[2010/08/21 17:17:49 | 000,019,751 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\divide-by-zero_two-turtle-doves.zip
[2010/08/15 17:44:28 | 001,017,702 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Arab Football ad1.rtf
[2010/08/15 17:40:16 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Arab Football ad1.doc
[2010/08/15 14:50:56 | 000,005,004 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\geocaching(2).loc
[2010/08/15 14:49:36 | 000,005,337 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\geocaching.loc
[2010/08/13 09:08:34 | 004,195,367 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\FileZilla_3.3.4_win32-setup.exe
[2010/08/13 08:46:33 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2010/08/10 23:36:02 | 009,142,464 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\09-Mary,_Did_You_Know-Mary_Did_You_Know-Mark_Lowry.mp3
[2010/08/10 23:34:00 | 007,466,352 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KRogers.mp3
[2010/08/10 22:09:41 | 000,977,304 | ---- | M] (Walmart.com) -- C:\Documents and Settings\Owner\My Documents\walmart-downloadManager-1.6.4.4.exe
[2010/08/04 08:38:35 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Class_Reunion.doc
[2010/08/03 20:29:54 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/03 09:44:39 | 000,002,031 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\westie.gif
[2010/08/03 09:14:11 | 000,630,628 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dawnsparksart.pdf
[2010/08/03 09:13:52 | 006,333,534 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\art.cdr
[2010/08/03 09:12:31 | 006,333,350 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Backup_of_art.cdr
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/31 19:44:22 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2010/08/31 08:05:29 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/30 16:40:17 | 000,971,782 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avenger.zip
[2010/08/30 16:10:21 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe
[2010/08/29 17:28:32 | 000,104,362 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\spoon1_do1.jpg
[2010/08/29 14:12:09 | 000,081,983 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\img_0862.jpg
[2010/08/29 13:55:59 | 002,740,906 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Backup_of_showsigns.cdr
[2010/08/29 13:36:55 | 002,740,930 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\showsigns.cdr
[2010/08/26 17:14:11 | 000,055,081 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dragon_01_clip.gif
[2010/08/26 17:12:39 | 000,050,239 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dragon2.psp
[2010/08/26 17:08:42 | 000,567,167 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dragon 1.psp
[2010/08/25 21:53:54 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/25 21:29:04 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2010/08/25 20:33:58 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/24 23:32:50 | 000,055,808 | RHS- | C] () -- C:\WINDOWS\System32\quartzc.dll
[2010/08/24 23:32:50 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\kmoh.job
[2010/08/24 23:30:55 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/24 23:30:39 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/24 20:20:00 | 000,010,457 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Image1.jpg
[2010/08/24 20:19:38 | 000,019,502 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Image1.psp
[2010/08/23 18:24:57 | 000,022,046 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Watermelon-Daisies-Glass-lo-res.jpg
[2010/08/22 08:37:07 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/08/22 08:32:18 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/22 08:32:08 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to HousecallLauncher.exe.lnk
[2010/08/21 20:19:09 | 000,100,349 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Lorrainefinal002.jpg
[2010/08/21 17:19:11 | 000,094,816 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\last-soundtrack_brown-bear-funk.zip
[2010/08/21 17:18:17 | 000,020,164 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\anke-art_acki-preschool.zip
[2010/08/21 17:17:47 | 000,019,751 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\divide-by-zero_two-turtle-doves.zip
[2010/08/15 17:44:28 | 001,017,702 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Arab Football ad1.rtf
[2010/08/15 17:40:15 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Arab Football ad1.doc
[2010/08/15 14:50:56 | 000,005,004 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\geocaching(2).loc
[2010/08/15 14:49:35 | 000,005,337 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\geocaching.loc
[2010/08/13 09:08:00 | 004,195,367 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\FileZilla_3.3.4_win32-setup.exe
[2010/08/10 23:34:32 | 009,142,464 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\09-Mary,_Did_You_Know-Mary_Did_You_Know-Mark_Lowry.mp3
[2010/08/10 23:33:42 | 007,466,352 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KRogers.mp3
[2010/08/04 08:38:35 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Class_Reunion.doc
[2010/08/03 20:29:54 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/03 09:44:35 | 000,002,031 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\westie.gif
[2010/08/03 09:14:08 | 000,630,628 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dawnsparksart.pdf
[2010/08/03 09:13:48 | 006,333,350 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Backup_of_art.cdr
[2010/08/03 09:12:28 | 006,333,534 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\art.cdr
[2010/05/04 07:12:02 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/04/12 15:30:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/02/22 16:00:10 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2009/11/20 09:55:32 | 001,786,428 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2009/07/19 10:42:03 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/06 07:27:05 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/06/30 23:33:58 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/20 08:09:11 | 000,000,184 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/05/20 08:09:09 | 000,000,514 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/05/20 08:08:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2009/05/20 08:07:57 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2009/04/14 10:41:16 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2009/04/12 16:48:42 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2009/04/12 16:44:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\PFPICK.DLL
[2009/04/12 16:28:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2003/07/08 15:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[1995/10/27 14:06:09 | 000,000,127 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[1995/10/24 13:28:53 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/08/24 23:32:50 | 000,055,808 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\quartzc.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/08/31 08:50:57 | 000,000,306 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\kmoh.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/11 14:52:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/11 14:52:35 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/11 14:52:35 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/09/03 11:27:19 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/09/03 11:29:31 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/09/03 11:34:10 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/09/03 11:39:08 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/09/03 11:39:11 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/09/03 11:49:59 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/09/03 11:49:59 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/09/03 11:50:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/09/03 11:50:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/09/03 11:50:01 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 00:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 00:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 00:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 00:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 00:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\vsdatant.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 08:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/08/25 20:46:27 | 000,000,220 | ---- | M] () -- C:\aaw7boot.log
[2009/04/11 22:04:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/05 21:29:14 | 000,444,334 | ---- | M] () -- C:\Backup_of_giggle.cdr
[2009/04/22 23:08:37 | 000,022,882 | ---- | M] () -- C:\Backup_of_map.cdr
[2010/04/05 07:13:26 | 000,000,304 | RHS- | M] () -- C:\boot.ini
[2009/04/11 22:04:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/10/05 21:34:53 | 000,444,522 | ---- | M] () -- C:\giggle.cdr
[2010/05/11 18:35:22 | 000,021,955 | ---- | M] () -- C:\herring.pdf
[2009/04/12 11:58:06 | 000,000,281 | ---- | M] () -- C:\INSTALL.LOG
[2009/04/11 22:04:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/22 23:09:32 | 000,022,882 | ---- | M] () -- C:\map.cdr
[2009/04/11 22:04:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/10/19 18:18:42 | 000,050,299 | ---- | M] () -- C:\newcardmaybe.pdf
[2009/04/12 10:42:11 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/25 17:55:07 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/31 08:50:10 | 2013,265,920 | -HS- | M] () -- C:\pagefile.sys
[2010/08/31 19:55:02 | 000,000,369 | ---- | M] () -- C:\rkill.log
[2009/05/20 08:20:33 | 000,000,168 | ---- | M] () -- C:\setupfax.log
[2009/11/04 10:15:00 | 000,103,648 | ---- | M] () -- C:\sign.pdf

< %PROGRAMFILES%\*. >
[2009/05/20 08:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 5.0 Sprint
[2009/05/20 08:20:42 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 6.0
[2010/05/04 07:11:51 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2010/05/17 17:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/08/25 21:51:38 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/04/12 15:56:53 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/09/15 20:06:37 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2010/06/05 22:02:07 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2009/11/14 23:34:52 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/07/29 07:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/04/12 00:55:29 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2010/02/22 16:06:36 | 000,000,000 | ---D | M] -- C:\Program Files\chartertoolbar
[2010/07/08 06:13:33 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2010/08/31 08:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/04/11 22:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/07/08 06:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/04/12 16:48:47 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2009/05/20 08:20:17 | 000,000,000 | ---D | M] -- C:\Program Files\FaxTools
[2010/03/02 07:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2010/08/31 17:28:01 | 000,000,000 | ---D | M] -- C:\Program Files\Flock
[2010/05/04 07:10:11 | 000,000,000 | ---D | M] -- C:\Program Files\GPLGS
[2009/04/20 19:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\Hasbro Interactive
[2009/09/15 20:06:35 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/01/25 00:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/29 08:13:13 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/05/09 01:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/07/29 08:14:34 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/04/12 15:54:54 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/04/12 13:32:01 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/05/20 08:08:21 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 1200 Series
[2009/07/06 07:23:30 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/08/31 08:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/25 18:09:07 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/04/12 19:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/04/13 10:03:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/04/11 22:04:28 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/03/10 19:31:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/04/12 16:25:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/03/28 03:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/08/30 16:01:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/10 19:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/04/11 22:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/04/11 22:01:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/12/25 17:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/04/11 23:39:59 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape ISP Dialer
[2010/06/16 20:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/04/11 22:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/12/25 18:16:30 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/08/28 18:17:43 | 000,000,000 | ---D | M] -- C:\Program Files\Paint Shop Pro 5
[2010/07/29 08:05:41 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/04/12 15:31:39 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/04/12 13:42:03 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/12 16:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\SuperOthello
[2009/04/11 22:45:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/04/12 19:00:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/04/12 19:00:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/03/01 16:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/03/01 16:46:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/12/25 17:59:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/04/11 22:01:26 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/04/11 22:04:28 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/08/03 20:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/07/08 18:16:46 | 000,000,000 | ---D | M] -- C:\Program Files\ZC2.10
[2009/04/12 12:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs
[2010/08/24 22:39:09 | 000,000,000 | ---D | M] -- C:\Program Files\ZoneAlarm

< %appdata%\*.* >
[2009/04/11 14:53:53 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2010/01/21 18:40:11 | 000,064,304 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT


< MD5 for: AGP440.SYS >
[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/25 17:42:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/12/25 17:42:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/25 17:42:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/12/25 17:42:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/12/25 17:42:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2009/12/25 17:42:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 00:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 02:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/12/25 17:42:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2009/12/25 17:42:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 01:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-13 22:15:21

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

drenee
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-08-30
OS OS : xp
Points Points : 23068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by Belahzur on 1st September 2010, 11:49 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by drenee on 2nd September 2010, 2:17 am

ComboFix 10-09-01.02 - Owner 09/01/2010 20:30:31.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.455 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-08-31 13:05 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 13:05 . 2010-08-31 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-31 13:05 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 13:05 . 2010-08-31 13:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 12:36 . 2010-08-31 13:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-30 19:19 . 2010-08-30 19:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\eflybdhl
2010-08-26 02:53 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-26 02:53 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-26 02:53 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-26 02:53 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-26 02:53 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-26 02:53 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-26 02:53 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-26 02:52 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-26 02:52 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-26 02:51 . 2010-08-26 02:51 -------- d-----w- c:\program files\Alwil Software
2010-08-26 02:51 . 2010-08-26 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-26 01:33 . 2010-03-01 17:38 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-25 22:13 . 2010-08-25 22:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-25 05:23 . 2010-08-25 05:30 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan
2010-08-25 04:32 . 2010-08-25 04:32 55808 --sha-r- c:\windows\system32\quartzc.dll
2010-08-25 03:51 . 2010-08-26 05:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ohjslqgvy
2010-08-11 03:10 . 2010-08-11 03:10 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Walmart MP3 Music Downloads
2010-08-04 01:35 . 2010-08-04 01:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!
2010-08-04 01:33 . 2010-08-25 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 01:20 . 2010-04-12 22:57 -------- d-----w- c:\program files\Flock
2010-08-30 22:22 . 2009-04-18 13:50 10304896 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-08-30 22:21 . 2010-08-30 22:22 2668544 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2010-08-30 22:04 . 2009-11-20 14:55 1786428 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2010-08-28 23:17 . 2009-04-13 02:59 -------- d-----w- c:\program files\Paint Shop Pro 5
2010-08-28 14:17 . 2009-04-25 15:13 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla
2010-08-26 01:52 . 2009-04-12 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-25 22:18 . 2009-11-15 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-25 03:39 . 2010-07-08 11:13 -------- d-----w- c:\program files\ZoneAlarm
2010-08-23 22:49 . 2010-08-23 22:50 2616320 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2010-08-23 22:49 . 2010-08-23 22:50 444416 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2010-08-21 15:00 . 2010-08-21 20:51 2611712 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2010-08-18 05:48 . 2010-08-18 05:48 452104 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\setup.exe
2010-08-17 17:01 . 2010-08-17 23:49 2605568 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-08-17 17:01 . 2010-08-17 23:49 1878016 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-08-07 14:40 . 2010-08-07 14:43 2589184 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2010-08-07 14:40 . 2010-08-07 14:43 5692416 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2010-08-06 23:09 . 2009-04-12 23:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-08-04 01:34 . 2009-04-12 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-04 01:34 . 2009-04-12 23:23 -------- d-----w- c:\program files\Yahoo!
2010-08-04 01:23 . 2010-08-04 01:23 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-01 17:19 . 2010-08-01 17:18 26641904 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
2010-08-01 17:18 . 2010-08-01 17:18 220272 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-08-01 17:18 . 2010-08-01 17:18 149000 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-08-01 17:18 . 2010-08-01 17:18 13407072 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-08-01 17:18 . 2010-08-01 17:18 79368 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\RUP\vista.exe
2010-08-01 17:17 . 2010-08-01 17:17 73344 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-08-01 17:17 . 2010-08-01 17:17 64000 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-08-01 17:17 . 2010-08-01 17:17 52288 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-08-01 17:17 . 2010-08-01 17:17 122880 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-07-29 13:48 . 2009-04-12 20:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-07-29 13:14 . 2010-07-29 13:11 -------- d-----w- c:\program files\iTunes
2010-07-29 13:14 . 2010-07-29 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-29 13:13 . 2010-07-29 13:13 -------- d-----w- c:\program files\iPod
2010-07-29 13:13 . 2009-04-12 20:56 -------- d-----w- c:\program files\Common Files\Apple
2010-07-29 13:05 . 2009-04-12 20:57 -------- d-----w- c:\program files\QuickTime
2010-07-29 12:45 . 2010-07-29 12:45 -------- d-----w- c:\program files\Bonjour
2010-07-29 12:39 . 2010-07-29 12:39 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-17 22:52 . 2010-07-17 22:53 2510336 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-07-16 14:11 . 2009-04-12 18:26 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 14:11 . 2010-07-16 14:11 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 14:10 . 2009-04-12 18:25 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 11:15 . 2010-07-08 11:15 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint
2010-07-08 11:13 . 2010-07-08 11:13 -------- d-----w- c:\program files\Conduit
2010-07-08 11:13 . 2010-07-08 11:13 -------- d-----w- c:\program files\CheckPoint
2010-07-08 11:13 . 2009-04-12 17:52 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-01 05:43 . 2010-03-06 14:27 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
2010-06-23 18:51 . 2009-04-12 17:52 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 18:51 . 2009-04-12 17:52 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-23 18:51 . 2009-04-12 17:52 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-20 12:16 . 2010-06-20 12:48 2186752 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-06-17 01:49 . 2010-06-17 01:49 29984 ----a-w- c:\documents and settings\Owner\Application Data\Flock\Browser\Profiles\44bnpx1k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-06-14 11:30 . 2010-06-14 11:55 2177536 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-06-10 01:53 . 2010-06-10 01:53 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-06-09 04:00 . 2010-07-08 11:14 52224 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
2010-06-09 04:00 . 2010-07-08 11:14 101376 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
2010-06-06 02:58 . 2010-06-06 02:58 2944904 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZon1.dll" [2010-08-25 2734688]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-08-25 03:39 2734688 ----a-w- c:\program files\ZoneAlarm\tbZon1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZon1.dll" [2010-08-25 2734688]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZon1.dll" [2010-08-25 2734688]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-24 136176]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-06-22 126976]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-12 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 14:11 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Corel Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Corel Registration.lnk
backup=c:\windows\pss\Corel Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 20:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
2006-07-13 05:22 57344 ----a-w- c:\program files\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/12/2009 1:39 PM 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/25/2010 9:53 PM 165456]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/12/2009 1:25 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/12/2009 1:26 PM 243024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/25/2010 9:53 PM 17744]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 9:10 AM 308136]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 8:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 8:35 AM 493032]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:38]

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1229272821-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-24 16:40]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1229272821-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-24 16:40]

2010-09-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 20:23]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-01 21:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(880)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-09-01 21:11:51
ComboFix-quarantined-files.txt 2010-09-02 02:11

Pre-Run: 58,436,046,848 bytes free
Post-Run: 58,642,915,328 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - DD94C8DC6BD798E513C28C708E1CE372

drenee
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-08-30
OS OS : xp
Points Points : 23068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by Belahzur on 2nd September 2010, 11:49 pm

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by drenee on 3rd September 2010, 1:34 am

In case I forgot to say it already: Thank you for your help


ABBYY FineReader 5.0 Sprint
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe PageMaker 6.5
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Collage Creator
Ask Toolbar
avast! Free Antivirus
AVG Free 9.0
Bonjour
Broadcom 440x 10/100 Integrated Controller
Charter Toolbar
Choice Guard
Corel Applications
CutePDF Writer 2.8
Dell ResourceCD
FaxTools
FileZilla Client 3.3.2
Flock (2.6.1)
HiJackThis
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
IrfanView (remove only)
iTunes
Java(TM) 6 Update 13
Lexmark 1200 Series
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage 2000 SR-1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.3)
MSVCRT
Netscape ISP Dialer
Paint Shop Pro 5.01
QuickTime
RealPlayer
Roll
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Spybot - Search & Destroy
SuperOthello
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm
ZoneAlarm Toolbar


drenee
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-08-30
OS OS : xp
Points Points : 23068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by Belahzur on 3rd September 2010, 11:31 pm

Hello.

You are running two antivirus', I see from the uninstall list you have Avast installed, along with AVG. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove AVG to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    AVG Free 9.0
    Java(TM) 6 Update 13
    ZoneAlarm Toolbar

Next,

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by drenee on 4th September 2010, 1:24 am

Thanks. I normally only run avg, but the virus disabled it so I downloaded avast to run while avg was disabled.

-----------
ComboFix 10-09-03.01 - Owner 09/03/2010 20:00:18.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.812 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-09-03 01:29 . 2010-09-03 01:29 -------- d-----w- c:\program files\TrendMicro
2010-08-31 13:05 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 13:05 . 2010-08-31 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-31 13:05 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 13:05 . 2010-08-31 13:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 12:36 . 2010-08-31 13:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-30 19:19 . 2010-08-30 19:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\eflybdhl
2010-08-26 02:53 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-26 02:53 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-26 02:53 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-26 02:53 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-26 02:53 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-26 02:53 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-26 02:53 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-26 02:52 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-26 02:52 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-26 02:51 . 2010-08-26 02:51 -------- d-----w- c:\program files\Alwil Software
2010-08-26 02:51 . 2010-08-26 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-26 01:33 . 2010-03-01 17:38 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-25 22:13 . 2010-08-25 22:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-25 05:23 . 2010-08-25 05:30 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan
2010-08-25 04:32 . 2010-08-25 04:32 55808 --sha-r- c:\windows\system32\quartzc.dll
2010-08-25 03:51 . 2010-08-26 05:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ohjslqgvy
2010-08-11 03:10 . 2010-08-11 03:10 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Walmart MP3 Music Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 00:39 . 2010-04-12 22:57 -------- d-----w- c:\program files\Flock
2010-09-03 01:29 . 2010-09-03 01:29 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-08-30 22:22 . 2009-04-18 13:50 10304896 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-08-30 22:21 . 2010-08-30 22:22 2668544 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2010-08-30 22:04 . 2009-11-20 14:55 1786428 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2010-08-28 23:17 . 2009-04-13 02:59 -------- d-----w- c:\program files\Paint Shop Pro 5
2010-08-28 14:17 . 2009-04-25 15:13 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla
2010-08-26 01:52 . 2009-04-12 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-25 04:41 . 2010-08-04 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-08-23 22:49 . 2010-08-23 22:50 2616320 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2010-08-23 22:49 . 2010-08-23 22:50 444416 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2010-08-21 15:00 . 2010-08-21 20:51 2611712 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2010-08-18 05:48 . 2010-08-18 05:48 452104 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\setup.exe
2010-08-17 17:01 . 2010-08-17 23:49 2605568 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-08-17 17:01 . 2010-08-17 23:49 1878016 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-08-07 14:40 . 2010-08-07 14:43 2589184 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2010-08-07 14:40 . 2010-08-07 14:43 5692416 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2010-08-06 23:09 . 2009-04-12 23:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-08-04 01:34 . 2009-04-12 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-04 01:34 . 2009-04-12 23:23 -------- d-----w- c:\program files\Yahoo!
2010-08-04 01:23 . 2010-08-04 01:23 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-01 17:19 . 2010-08-01 17:18 26641904 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
2010-08-01 17:18 . 2010-08-01 17:18 220272 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-08-01 17:18 . 2010-08-01 17:18 149000 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-08-01 17:18 . 2010-08-01 17:18 13407072 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-08-01 17:18 . 2010-08-01 17:18 79368 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\RUP\vista.exe
2010-08-01 17:17 . 2010-08-01 17:17 73344 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-08-01 17:17 . 2010-08-01 17:17 64000 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-08-01 17:17 . 2010-08-01 17:17 52288 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-08-01 17:17 . 2010-08-01 17:17 122880 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-07-29 13:48 . 2009-04-12 20:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-07-29 13:14 . 2010-07-29 13:11 -------- d-----w- c:\program files\iTunes
2010-07-29 13:14 . 2010-07-29 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-29 13:13 . 2010-07-29 13:13 -------- d-----w- c:\program files\iPod
2010-07-29 13:13 . 2009-04-12 20:56 -------- d-----w- c:\program files\Common Files\Apple
2010-07-29 13:05 . 2009-04-12 20:57 -------- d-----w- c:\program files\QuickTime
2010-07-29 12:45 . 2010-07-29 12:45 -------- d-----w- c:\program files\Bonjour
2010-07-29 12:39 . 2010-07-29 12:39 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-17 22:52 . 2010-07-17 22:53 2510336 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-07-08 11:15 . 2010-07-08 11:15 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint
2010-07-08 11:13 . 2010-07-08 11:13 -------- d-----w- c:\program files\Conduit
2010-07-08 11:13 . 2010-07-08 11:13 -------- d-----w- c:\program files\CheckPoint
2010-07-08 11:13 . 2009-04-12 17:52 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-01 05:43 . 2010-03-06 14:27 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
2010-06-23 18:51 . 2009-04-12 17:52 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 18:51 . 2009-04-12 17:52 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-23 18:51 . 2009-04-12 17:52 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-20 12:16 . 2010-06-20 12:48 2186752 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-06-17 01:49 . 2010-06-17 01:49 29984 ----a-w- c:\documents and settings\Owner\Application Data\Flock\Browser\Profiles\44bnpx1k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-06-14 11:30 . 2010-06-14 11:55 2177536 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-06-10 01:53 . 2010-06-10 01:53 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-06-09 04:00 . 2010-07-08 11:14 52224 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
2010-06-09 04:00 . 2010-07-08 11:14 101376 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-03 01:29 . 2010-09-03 01:29 1093632 c:\windows\Installer\4a65af8.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-24 136176]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-06-22 126976]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-12 198160]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Corel Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Corel Registration.lnk
backup=c:\windows\pss\Corel Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 20:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
2006-07-13 05:22 57344 ----a-w- c:\program files\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/12/2009 1:39 PM 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/25/2010 9:53 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/25/2010 9:53 PM 17744]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:38]

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1229272821-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-24 16:40]

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1229272821-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-24 16:40]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hx03zg8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Charter Browser Updater - c:\windows\system32\javaws.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-03 20:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5840)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-03 20:16:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-04 01:16
ComboFix2.txt 2010-09-02 02:11

Pre-Run: 58,078,908,416 bytes free
Post-Run: 58,046,042,112 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 724B0CCDEFFBC521E4E4BC5FF415A2E0

drenee
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-08-30
OS OS : xp
Points Points : 23068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by Belahzur on 4th September 2010, 4:49 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    c:\documents and settings\Owner\Local Settings\Application Data\eflybdhl
    c:\documents and settings\Owner\Local Settings\Application Data\ohjslqgvy
    c:\windows\Internet Logs\xD*.tmp


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by drenee on 5th September 2010, 4:30 am

Thanks.. sorry to be so long, am doing this around a work schedule.. again, very much appreciate your help and expertise.

========== FILES ==========
c:\documents and settings\Owner\Local Settings\Application Data\eflybdhl folder moved successfully.
c:\documents and settings\Owner\Local Settings\Application Data\ohjslqgvy folder moved successfully.
c:\windows\Internet Logs\xDB1.tmp moved successfully.
c:\windows\Internet Logs\xDB10.tmp moved successfully.
c:\windows\Internet Logs\xDB11.tmp moved successfully.
c:\windows\Internet Logs\xDB12.tmp moved successfully.
c:\windows\Internet Logs\xDB13.tmp moved successfully.
c:\windows\Internet Logs\xDB14.tmp moved successfully.
c:\windows\Internet Logs\xDB15.tmp moved successfully.
c:\windows\Internet Logs\xDB16.tmp moved successfully.
c:\windows\Internet Logs\xDB17.tmp moved successfully.
c:\windows\Internet Logs\xDB18.tmp moved successfully.
c:\windows\Internet Logs\xDB19.tmp moved successfully.
c:\windows\Internet Logs\xDB2.tmp moved successfully.
c:\windows\Internet Logs\xDB3.tmp moved successfully.
c:\windows\Internet Logs\xDB4.tmp moved successfully.
c:\windows\Internet Logs\xDB5.tmp moved successfully.
c:\windows\Internet Logs\xDB6.tmp moved successfully.
c:\windows\Internet Logs\xDB7.tmp moved successfully.
c:\windows\Internet Logs\xDB8.tmp moved successfully.
c:\windows\Internet Logs\xDB9.tmp moved successfully.
c:\windows\Internet Logs\xDBA.tmp moved successfully.
c:\windows\Internet Logs\xDBB.tmp moved successfully.
c:\windows\Internet Logs\xDBC.tmp moved successfully.
c:\windows\Internet Logs\xDBD.tmp moved successfully.
c:\windows\Internet Logs\xDBE.tmp moved successfully.
c:\windows\Internet Logs\xDBF.tmp moved successfully.

OTL by OldTimer - Version 3.2.11.0 log created on 09042010_232927

drenee
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-08-30
OS OS : xp
Points Points : 23068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by Belahzur on 5th September 2010, 8:49 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by drenee on 6th September 2010, 5:09 am

Thank you.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0c922f6a986eaf4095cac84d43f0da0c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-05 10:53:33
# local_time=2010-09-05 05:53:33 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 8234 8234 0 0
# compatibility_mode=1024 16777215 100 0 24543240 24543240 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 4211516 5481810 0 0
# scanned=106301
# found=3
# cleaned=3
# scan_time=6284
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\3\7c890643-4dcaf82c a variant of Java/Rowindal.A trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\59\4708433b-642d789b a variant of Java/Rowindal.A trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\09042010_232927\c_documents and settings\Owner\Local Settings\Application Data\eflybdhl\fniuhm.exe a variant of Win32/Kryptik.GLF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

drenee
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-08-30
OS OS : xp
Points Points : 23068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by Belahzur on 6th September 2010, 8:48 am

Hello.
Looks good, just infected items in the Java cache, see here on how to flush that.

[You must be registered and logged in to see this link.]

Once that is done, let me know how the machine is running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E help

Post by drenee on 6th September 2010, 12:39 pm

Thank you.

There is not a java icon in my control panel. I did a disk cleanup and it removed the temp internet files and other files from the computer. I've rebooted several times and the computer is booting up at about 1/4 of the time it took before. The virus popups have stopped. At this point everything seems to be running great.

Thank you so much for your help in solving this problem. I appreciate that you took the time to help me out.


drenee
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-08-30
OS OS : xp
Points Points : 23068
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum