Bankerfox.a

View previous topic View next topic Go down

Bankerfox.a

Post by Broken on 10th May 2009, 6:12 am

Okay so I've done the Hijackthis crap now what ones do I check? Evil or enraged

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:00 AM, on 5/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\sysguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivirsystem.com
O1 - Hosts: 94.232.248.66 [You must be registered and logged in to see this link.]
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: BHO - {BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11903 bytes
Evil or enraged

Broken
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-05-10
OS OS : XP
Points Points : 27707
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Belahzur on 10th May 2009, 11:32 am

Hello.

I strongly recommend you to remove Ask from your computer because it's:

  • Promoting its toolbars on sites targeted to kids.
  • Promoting its toolbars through ads that appear to be part of other companies' sites.
  • Promoting its toolbars through other companies' spyware.
  • Installing without any disclosure whatsoever and without any consent whatsoever.
  • Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See [You must be registered and logged in to see this link.] for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Ask Toolbar
Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: ::1 localhost
    O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
    O1 - Hosts: 94.232.248.66 antivirsystem.com
    O1 - Hosts: 94.232.248.66 [You must be registered and logged in to see this link.]
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BHO - {BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} - C:\WINDOWS\system32\iehelper.dll (file missing)
    O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
    O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Broken on 10th May 2009, 2:17 pm

Thank you so much I stayed up all night trying to get this out.
It worked Smile

Broken
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-05-10
OS OS : XP
Points Points : 27707
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Belahzur on 10th May 2009, 2:26 pm

Hello.
I doubt it's gone, there is still something to be removed.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Broken on 11th May 2009, 12:11 pm

I have to make another post because it is to long.
Part 1

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 8:00:56.42 on Mon 05/11/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1406.602 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Bar = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] c:\program files\norton internet security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: []
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [_AntiSpyware] c:\program files\mcafee\mcafee antispyware\MssCli.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: McAfee AntiSpyware Shell Extension: {f2a0229a-c4ca-4789-b606-973d24dcdd1c} - c:\program files\mcafee\mcafee antispyware\MssShell.dll

Broken
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-05-10
OS OS : XP
Points Points : 27707
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Broken on 11th May 2009, 12:12 pm

Part 2-(it goes with part 1 of the DDS.txt)
================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\47yhxv55.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-10 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-10 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-10 298776]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-27 234616]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984]
R2 McAfeeAntiSpyware;McAfee AntiSpyware Real-Time Scanner;c:\program files\mcafee\mcafee antispyware\Msssrv.exe [2004-10-19 90112]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-8-30 176768]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-23 49808]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040811.020\NAVENG.SYS [2009-4-13 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040811.020\NAVEX15.SYS [2009-4-13 617288]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-23 335504]
S2 SBService;scriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-8-30 66688]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-5-9 1527900]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2009-4-13 249856]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-23 197864]

=============== Created Last 30 ================

2009-05-10 11:03 --d-h--- c:\windows\PIF
2009-05-10 10:16 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-05-10 10:16 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-10 10:16 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 10:16 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-10 10:16 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-10 02:00 --d----- c:\program files\Trend Micro
2009-05-10 01:43 --d-h--- C:\$AVG8.VAULT$
2009-05-10 01:36 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-10 01:36 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-10 01:36 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-10 01:36 --d----- c:\windows\system32\drivers\Avg
2009-05-10 01:36 --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2009-05-10 01:36 --d----- c:\program files\AVG
2009-05-10 01:36 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-09 18:44 23,392 a------- c:\windows\system32\nscompat.tlb
2009-05-09 18:44 16,832 a------- c:\windows\system32\amcompat.tlb
2009-05-09 16:01 1,197,294 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-05-09 16:01 764,868 -c------ c:\windows\system32\dllcache\apph_sp.sdb
2009-05-09 16:01 217,118 -c------ c:\windows\system32\dllcache\apphelp.sdb
2009-05-09 16:01 --d----- c:\program files\Windows Media Connect 2
2009-05-09 15:59 --d----- c:\windows\system32\LogFiles
2009-05-09 15:58 23,856 a------- c:\windows\system32\spupdsvc.exe
2009-05-09 14:14 28 a------- c:\windows\Robota.INI
2009-05-09 14:14 --d----- c:\docume~1\owner\applic~1\MAGIX
2009-05-09 14:13 309,616 a------- c:\windows\system32\wmv8dmod.dll
2009-05-09 14:13 245,760 a------- c:\windows\system32\mp4sds32.ax
2009-05-09 14:13 420,240 a------- c:\windows\system32\mpg4c32.dll
2009-05-09 13:45 --d----- c:\docume~1\alluse~1\applic~1\MAGIX
2009-05-09 13:45 120,200 a------- c:\windows\system32\DLLDEV32i.dll
2009-05-09 13:45 --d----- c:\program files\MAGIX
2009-05-09 13:44 5,937 a------- c:\windows\mgxoschk.ini
2009-05-09 13:44 700,416 a------- c:\windows\system32\mgxoschk.dll
2009-05-09 13:44 --d----- c:\windows\system32\MAGIX
2009-04-22 13:34 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-22 13:17 --d----- c:\program files\EA GAMES
2009-04-22 13:17 445,504 a----r-- c:\windows\system32\vp6vfw.dll
2009-04-19 21:12 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-19 21:12 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-14 21:20 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-14 21:20 1,409 a------- c:\windows\QTFont.for
2009-04-14 21:20 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-14 21:19 --d----- c:\docume~1\alluse~1\applic~1\Corel
2009-04-14 21:18 --d----- c:\program files\Corel
2009-04-14 21:18 --d----- c:\program files\common files\Corel
2009-04-14 15:44 49 a------- c:\windows\NeroDigital.ini
2009-04-13 14:12 --d----- c:\docume~1\owner\applic~1\FrostWire
2009-04-13 14:03 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-13 14:02 --d----- c:\program files\FrostWire
2009-04-13 14:02 --d----- c:\program files\AskBarDis
2009-04-13 13:32 --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2009-04-13 13:29 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-04-13 13:29 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-04-13 13:29 271,704 a----r-- c:\windows\system32\hpzids01.dll
2009-04-13 13:29 117,760 a------- c:\windows\system32\hpzll5mu.dll
2009-04-13 13:29 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-04-13 13:29 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-13 13:29 729,088 a----r-- c:\windows\system32\hpowiax7.dll
2009-04-13 13:29 581,632 a----r-- c:\windows\system32\hpotscl6.dll
2009-04-13 13:29 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2009-04-13 13:29 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-04-13 13:29 303,104 a----r-- c:\windows\system32\hpovst15.dll
2009-04-13 13:29 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-13 13:26 --d----- c:\program files\common files\Hewlett-Packard
2009-04-13 13:26 --d----- c:\program files\common files\HP
2009-04-13 13:25 --d----- c:\program files\HP
2009-04-13 13:23 157,454 a------- c:\windows\hpoins27.dat
2009-04-13 13:23 932 -------- c:\windows\hpomdl27.dat
2009-04-13 12:37 32,592 a------- c:\windows\system32\msonpmon.dll
2009-04-13 02:43 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-13 02:22 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-13 02:20 0 a------- c:\windows\system32\Gateway_T6410__CRX5610011430.MRK
2009-04-13 02:20 333 a------- c:\windows\system32\$ncsp$.inf
2009-04-13 02:15 --d----- c:\program files\McAfee
2009-04-13 02:15 --d----- c:\program files\common files\McAfee
2009-04-13 02:15 --d----- c:\docume~1\owner\applic~1\McAfee
2009-04-13 02:15 --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2009-04-13 02:15 --d----- c:\program files\McAfee.com
2009-04-13 02:14 54,272 ac------ c:\windows\system32\dllcache\swmidi.sys
2009-04-13 02:14 --d----- c:\docume~1\alluse~1\applic~1\Napster
2009-04-13 02:14 --d----- c:\program files\Napster
2009-04-13 02:14 --d----- c:\program files\MSN Encarta Plus
2009-04-13 02:13 --d----- c:\program files\Microsoft Money 2005
2009-04-13 02:12 --d----- c:\program files\ATI Technologies
2009-04-13 02:11 20,480 a------- c:\windows\system32\Marker32.exe
2009-04-13 02:11 2,238 a------- c:\windows\system32\32-aol.ico
2009-04-13 02:11 1,406 a------- c:\windows\system32\16-aol.ico
2009-04-13 02:11 471,300 a------- c:\windows\wallpe.exe
2009-04-13 02:11 30,056 a------- c:\windows\system32\oemlogo.bmp
2009-04-13 02:10 --d----- c:\windows\system32\ReinstallBackups
2009-04-13 02:10 376 a------- c:\windows\ODBC.INI
2009-04-13 02:10 24,816 a------- c:\windows\system32\mdimon.dll
2009-04-13 02:10 --d----- c:\program files\Microsoft ActiveSync
2009-04-13 02:10 --d----- c:\windows\SHELLNEW
2009-04-13 02:09 3,126 a------- c:\windows\emachines_32.bmp
2009-04-13 02:09 18,000 a------- c:\windows\BigFixClientOverride.dll
2009-04-13 02:09 --d----- c:\program files\BigFix
2009-04-13 02:09 57,344 a------- c:\windows\system32\NeroBurnRights.cpl
2009-04-13 02:09 53,248 a------- c:\windows\system32\NeroCo.dll
2009-04-13 02:09 1,658,880 -------- c:\windows\UNNeroBurnRights.exe
2009-04-13 02:09 23,512 -------- c:\windows\UNNeroBurnRights.cfg
2009-04-13 02:08 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-04-13 02:08 569,344 a------- c:\windows\system32\imagr5.dll
2009-04-13 02:08 544,768 a------- c:\windows\system32\imagx5.dll
2009-04-13 02:08 283,920 a------- c:\windows\system32\ImagXpr5.dll
2009-04-13 02:08 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-04-13 02:08 38,912 a------- c:\windows\system32\picn20.dll
2009-04-13 02:07 --d----- c:\program files\Digital Media Reader
2009-04-13 02:07 --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-04-13 02:07 --d----- c:\program files\AOL Companion
2009-04-13 02:07 --d----- c:\program files\Pure Networks
2009-04-13 02:07 --d----- c:\program files\Learn2.com
2009-04-13 02:07 --d----- c:\program files\Viewpoint
2009-04-13 02:07 --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-04-13 02:07 --d----- c:\program files\AOL Toolbar
2009-04-13 02:05 --d----- c:\windows\system32\QuickTime
2009-04-13 02:05 --d----- c:\program files\common files\Nullsoft
2009-04-13 02:05 8,552 a------- c:\windows\system32\drivers\asctrm.sys
2009-04-13 02:05 --d----- C:\My Music
2009-04-13 02:05 24,576 a------- c:\windows\system32\prefscpl.cpl
2009-04-13 02:05 --d----- c:\program files\common files\Real
2009-04-13 02:05 1,044,480 a------- c:\windows\system32\roboex32.dll
2009-04-13 02:05 153,088 a------- c:\windows\system32\jgdwmie.dll
2009-04-13 02:05 54,784 a------- c:\windows\system32\Inetwh32.dll
2009-04-13 02:05 29,184 a------- c:\windows\system32\popup.ocx
2009-04-13 02:04 225,280 a------- c:\windows\system32\AOLDial.dll
2009-04-13 02:04 33,588 a------- c:\windows\system32\drivers\wanatw4.sys
2009-04-13 02:04 --d----- c:\program files\common files\aolshare
2009-04-13 02:04 --d----- c:\program files\America Online 9.0
2009-04-13 02:04 869 a---h--- C:\IPH.PH
2009-04-13 02:02 --d----- c:\program files\common files\AOL
2009-04-13 01:54 --d----- c:\program files\Norton Internet Security
2009-04-13 01:53 104,144 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-13 01:53 83,168 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-13 01:53 --d----- c:\program files\Symantec
2009-04-13 01:53 --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-04-13 01:53 --d----- c:\program files\common files\Symantec Shared
2009-04-13 01:51 --d----- c:\program files\common files\New Boundary
2009-04-13 01:51 --d----- c:\docume~1\alluse~1\applic~1\Prism Deploy
2009-04-13 01:48 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-04-13 01:48 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-13 01:48 24,960 a------- c:\windows\system32\drivers\hidparse.sys
2009-04-13 01:48 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-04-13 01:48 36,224 a------- c:\windows\system32\drivers\hidclass.sys
2009-04-13 01:48 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-04-13 01:48 4,736 a------- c:\windows\system32\drivers\usbd.sys
2009-04-13 01:47 61,056 a------- c:\windows\system32\drivers\ohci1394.sys
2009-04-13 01:47 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-04-13 01:47 53,248 a------- c:\windows\system32\drivers\1394bus.sys
2009-04-13 01:47 26,624 a------- c:\windows\system32\drivers\usbehci.sys
2009-04-13 01:47 7,168 a------- c:\windows\system32\hccoin.dll
2009-04-13 01:47 142,976 a------- c:\windows\system32\drivers\usbport.sys
2009-04-13 01:47 57,600 a------- c:\windows\system32\drivers\usbhub.sys
2009-04-13 01:47 17,024 a------- c:\windows\system32\drivers\usbohci.sys
2009-04-13 01:47 74,240 a------- c:\windows\system32\usbui.dll
2009-04-13 00:45 60 a------- c:\windows\system32\SYSDRV.DAT
2009-04-13 00:45 --d----- c:\windows\creator
2009-04-13 00:45 70,144 a------- c:\windows\system32\drivers\Rtlnicxp.sys
2009-04-13 00:45 --d----- c:\windows\SMINST
2009-04-13 00:44 --d--r-- C:\Program Files
2009-04-13 00:44 --d--r-- c:\documents and settings\all users\Documents
2009-04-13 00:44 --d--r-- c:\windows\Offline Web Pages
2009-04-13 00:43 -cdshr-- c:\windows\system32\dllcache
2009-04-12 23:54 --d----- c:\program files\MessengerPlus! 3
2009-04-12 23:22 --d----- c:\documents and settings\owner\Tracing
2009-04-12 23:15 --d----- c:\program files\common files\Windows Live
2009-04-12 23:13 --ds---- c:\documents and settings\owner\UserData
2009-04-12 23:12 --d----- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2009-04-12 23:09 --d----- c:\documents and settings\owner\Contacts
2009-04-12 23:06 --d----- c:\program files\Messenger Plus! Live
2009-04-12 23:06 268 a---h--- C:\sqmdata00.sqm
2009-04-12 23:06 244 a---h--- C:\sqmnoopt00.sqm
2009-04-12 23:03 --d----- c:\program files\MSN Messenger

==================== Find3M ====================

2009-04-14 01:53 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 8:01:21.50 ===============

Broken
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-05-10
OS OS : XP
Points Points : 27707
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Belahzur on 11th May 2009, 12:53 pm

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Broken on 11th May 2009, 3:01 pm

Here you go:

32 Bit HP CIO Components Installer
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar
AOL You've Got Pictures Screensaver
Ask Toolbar
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free 8.5
BigFix
CC_ccProxyExt
ccCommon
ccPxyCore
Corel Paint Shop Pro Photo XI
Digital Media Reader
Firebird SQL Server - MAGIX Edition
FrostWire 4.17.2
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee AntiSpyware
McAfee SecurityCenter
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2005
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.10)
MSN
MSRedist
MSVCRT
Napster
Napster Burn Engine
Nero BurnRights
Nero OEM
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Recovery Software Suite eMachines
Segoe UI
Shop for HP Supplies
SPBBC
Symantec Script Blocking Installer
SymNet
The Sims™ 2 Bon Voyage
The Sims™ 2 Double Deluxe
Viewpoint Media Player
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime

Broken
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-05-10
OS OS : XP
Points Points : 27707
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a

Post by Belahzur on 11th May 2009, 3:16 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

You are also running two antivirus', I see from the uninstall list you have Norton/Symantec and Mcafee along with AVG. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Symantec and Mcafee to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Ask Toolbar
  • FrostWire 4.17.2
  • J2SE Runtime Environment 5.0 Update 2
  • Java(TM) 6 Update 7
  • McAfee AntiSpyware
  • McAfee SecurityCenter
  • Napster
  • Viewpoint Media Player

Completely Uninstall Norton software using:

Instructions

  1. Please download and save SymNRT.exe to your desktop.
  2. Close all programs and double click on the tool.
  3. Follow the on-screen instructions.
  4. Restart the computer if asked.
  5. Then delete the SymNRT.exe tool from your desktop.
  6. Open the Program Files folder on your local disk ( normally C: )
  7. Find and delete the following folders (if present):
    [list]
  8. Norton AntiVirus
  9. Norton Internet Security
  10. Norton SystemWorks
  11. Norton Personal Firewall

Once you have done that, let me know.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum