win32/nuqel.e and banker fox

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

win32/nuqel.e and banker fox3rd February 2010, 1:47 am

clicked on the wrong link and now im getting tons of popups and i cant open any of my antivirus...any help would be much appreciated

Last edited by mikevan119 on 3rd February 2010, 2:08 am; edited 1 time in total

Re: win32/nuqel.e and banker fox3rd February 2010, 1:51 am

after searching i have seen where you have asked to download otl.exe...what ever is getting my computer will not let me open the exe

Re: win32/nuqel.e and banker fox3rd February 2010, 2:11 am

Please download Ice Sword from HERE

Download the zip to your desktop and extract it.
Open the Ice Sword folder and then launch IceSword.exe.
Will IceSword open?

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
win32/nuqel.e and banker fox DXwU4

Re: win32/nuqel.e and banker fox3rd February 2010, 2:24 am

would not let me open it....when it got to the file screen to open there was a flash...then a security warning popped up with explorer.exe is now infected..do you want to activate your antivirus now?

i have no desktop icons now...im typing this from another computer...

Re: win32/nuqel.e and banker fox3rd February 2010, 3:14 am

got my desktop icons back and tried to open icesword again....no luck..

Re: win32/nuqel.e and banker fox3rd February 2010, 7:52 pm

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: win32/nuqel.e and banker fox4th February 2010, 12:47 am

no luck...will not let me open it says that the file otl.exe is infected. do i want to activate my anivirus software now...

tried to download this file last night with the same results...this time i tried to open it from a flash drive..

any suggestions?

Re: win32/nuqel.e and banker fox4th February 2010, 1:16 am

ok...opened it in safemode and was able to run otl...this is what i came up with...
otl-
OTL logfile created on: 2/3/2010 7:06:46 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = G:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.97 Gb Total Space | 72.66 Gb Free Space | 32.88% Space Free | Partition Type: NTFS
Drive D: | 11.91 Gb Total Space | 1.91 Gb Free Space | 16.00% Space Free | Partition Type: NTFS
Drive E: | 7.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.72 Gb Total Space | 1.44 Gb Free Space | 38.76% Space Free | Partition Type: FAT32
Drive G: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.93% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VANDUSEN-PC
Current User Name: VanDusen
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/03 18:44:14 | 000,548,864 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/01/19 01:33:33 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/19 01:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

========== Modules (SafeList) ==========

MOD - [2010/02/03 18:44:14 | 000,548,864 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
MOD - [2008/01/19 01:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/09/21 15:36:02 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/25 08:09:29 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/25 08:08:34 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/21 19:28:12 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca22c7de70b0e0) Google Update Service (gupdate1ca22c7de70b0e0)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/08/26 12:23:24 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008/08/26 12:23:20 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008/08/26 12:23:02 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008/06/16 08:02:28 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 23:20:56 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 23:20:52 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/09/30 21:34:54 | 000,271,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/09/30 21:34:54 | 000,112,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/08/23 17:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/07/23 17:33:06 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/10 08:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/09 04:25:30 | 000,272,024 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 06:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 16:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/25 08:09:53 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/25 08:09:53 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/10 20:24:38 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/12/04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/20 19:33:50 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/01/18 23:57:15 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/18 23:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/09/15 02:50:56 | 000,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/09/09 16:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 08:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 05:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 05:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 05:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 17:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/05/01 03:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 20:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 15:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/27 03:49:24 | 000,012,160 | ---- | M] (Devguru Corporation, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\camflt.sys -- (camflt)
DRV - [2007/01/27 03:49:22 | 000,054,656 | ---- | M] (Samsung electronics, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camav.sys -- (Camav)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 10:24:58 | 000,026,496 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:54 | 000,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 01:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 00:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/18 20:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/06/18 17:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:0.7.5.5
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de680400}:1.4.0.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 18:00:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/26 20:42:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/30 20:28:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/30 20:48:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/30 20:48:45 | 000,000,000 | ---D | M]

[2009/10/16 18:50:10 | 000,000,000 | ---D | M] -- C:\Users\VanDusen\AppData\Roaming\Mozilla\Extensions
[2009/10/16 18:50:10 | 000,000,000 | ---D | M] -- C:\Users\VanDusen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/03 16:37:57 | 000,000,000 | ---D | M] -- C:\Users\VanDusen\AppData\Roaming\Mozilla\Firefox\Profiles\s3r8hw70.default\extensions
[2009/06/26 13:57:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\VanDusen\AppData\Roaming\Mozilla\Firefox\Profiles\s3r8hw70.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/07/30 21:02:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\VanDusen\AppData\Roaming\Mozilla\Firefox\Profiles\s3r8hw70.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/23 11:06:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/26 20:43:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2007/03/02 07:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
[2007/01/17 05:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2007/07/02 09:42:20 | 000,103,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CinemaNowMediaManagerApp] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [battlxir] C:\Users\VanDusen\AppData\Local\dahlgq\tqkgsftav.exe ()
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\VanDusen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\VanDusen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.202.15 216.47.210.14 216.47.193.14
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\VanDusen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\VanDusen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/09 16:55:03 | 000,000,124 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2007/07/26 10:18:32 | 000,000,025 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2399e275-9765-11de-a162-001b24f1a04d}\Shell - "" = AutoRun
O33 - MountPoints2\{2399e275-9765-11de-a162-001b24f1a04d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{56892bf6-d0f9-11dc-8d4f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{56892bf6-d0f9-11dc-8d4f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2007/12/27 08:07:02 | 008,153,539 | R--- | M] ()
O33 - MountPoints2\{5aff2fa0-8b44-11dd-80b2-001b24f1a04d}\Shell - "" = AutoRun
O33 - MountPoints2\{5aff2fa0-8b44-11dd-80b2-001b24f1a04d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9837d983-3c3d-11de-afb9-001b24f1a04d}\Shell\AutoRun\command - "" = F:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{9837d983-3c3d-11de-afb9-001b24f1a04d}\Shell\Flip Video for PC\command - "" = F:\system\viewer\FlipVideoforPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/02 21:34:21 | 000,000,000 | ---D | C] -- C:\Users\VanDusen\AppData\Roaming\Malwarebytes
[2010/02/02 21:34:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/02 21:34:15 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/02 21:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/02 21:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/02 20:20:15 | 000,000,000 | ---D | C] -- C:\Users\VanDusen\Desktop\IceSword122en
[2010/02/02 13:44:55 | 000,000,000 | ---D | C] -- C:\Users\VanDusen\AppData\Local\dahlgq
[2010/01/30 19:30:54 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010/01/30 19:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\PDQ for NCLEX-RN
[2010/01/25 21:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Kap.NCLEX
[2010/01/21 19:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Hallmark
[2010/01/17 19:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Delmar Learning
[2010/01/17 19:42:59 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010/01/17 19:42:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010/01/12 18:52:46 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/12 18:52:46 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/08 21:20:57 | 000,000,000 | ---D | C] -- C:\Users\VanDusen\Desktop\Youtube upload
[2010/01/07 12:25:10 | 000,000,000 | ---D | C] -- C:\Users\VanDusen\Desktop\for bathroom
[2010/01/05 19:31:54 | 000,000,000 | ---D | C] -- C:\Users\VanDusen\Desktop\xmas upload

========== Files - Modified Within 30 Days ==========

[2010/02/03 19:04:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/03 18:58:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/03 18:56:57 | 000,111,476 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/03 18:56:48 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/03 18:56:48 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/03 18:55:40 | 003,145,728 | -HS- | M] () -- C:\Users\VanDusen\ntuser.dat
[2010/02/03 18:55:38 | 000,524,288 | -HS- | M] () -- C:\Users\VanDusen\ntuser.dat{a87ad59a-02d5-11df-82d1-001b24f1a04d}.TMContainer00000000000000000001.regtrans-ms
[2010/02/03 18:55:38 | 000,065,536 | -HS- | M] () -- C:\Users\VanDusen\ntuser.dat{a87ad59a-02d5-11df-82d1-001b24f1a04d}.TM.blf
[2010/02/03 18:55:06 | 002,092,818 | -H-- | M] () -- C:\Users\VanDusen\AppData\Local\IconCache.db
[2010/02/03 18:54:46 | 000,111,476 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/03 18:54:11 | 000,000,836 | ---- | M] () -- C:\Users\VanDusen\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/03 18:52:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/03 18:46:56 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/03 18:46:56 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/03 18:46:56 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/03 16:15:47 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/02/03 16:15:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/03 15:45:24 | 229,620,684 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/02 21:34:19 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/02 16:13:28 | 000,220,672 | ---- | M] () -- C:\Users\VanDusen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/02 09:53:02 | 054,983,659 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/30 19:30:36 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010/01/27 23:40:33 | 000,044,855 | ---- | M] () -- C:\Users\VanDusen\Desktop\NUR204 180.jpg
[2010/01/25 21:22:54 | 000,000,974 | ---- | M] () -- C:\Users\VanDusen\Desktop\NCLEX-RN Strategy Practice Exam.lnk
[2010/01/21 19:37:22 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\TearPad Val.lnk
[2010/01/21 09:20:24 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/17 19:43:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010/01/17 19:42:58 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010/01/17 10:40:11 | 000,524,288 | -HS- | M] () -- C:\Users\VanDusen\ntuser.dat{a87ad59a-02d5-11df-82d1-001b24f1a04d}.TMContainer00000000000000000002.regtrans-ms
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/13 14:48:17 | 000,081,058 | ---- | M] () -- C:\Users\VanDusen\Desktop\1509768.JPG
[2010/01/11 22:37:51 | 072,513,101 | ---- | M] () -- C:\Users\VanDusen\Desktop\Storage.wmv
[2010/01/11 18:56:25 | 000,000,670 | ---- | M] () -- C:\Users\VanDusen\Desktop\108 - Shortcut.lnk
[2010/01/11 14:39:20 | 000,072,320 | ---- | M] () -- C:\Users\VanDusen\Desktop\l_318cd39e87c34a57974056c534bd1035.jpg
[2010/01/11 14:39:12 | 000,046,518 | ---- | M] () -- C:\Users\VanDusen\Desktop\l_da81ad0a53f34c8d9e4f1573be374768.jpg
[2010/01/11 10:39:40 | 000,095,216 | ---- | M] () -- C:\Users\VanDusen\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/11 03:24:42 | 000,360,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/11 03:23:27 | 000,524,288 | -HS- | M] () -- C:\Users\VanDusen\ntuser.dat{e5924866-d570-11de-a235-001b24f1a04d}.TMContainer00000000000000000001.regtrans-ms
[2010/01/11 03:23:27 | 000,065,536 | -HS- | M] () -- C:\Users\VanDusen\ntuser.dat{e5924866-d570-11de-a235-001b24f1a04d}.TM.blf
[2010/01/07 16:33:29 | 000,086,661 | ---- | M] () -- C:\Users\VanDusen\Desktop\hair.jpg
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/02/03 18:54:11 | 000,000,836 | ---- | C] () -- C:\Users\VanDusen\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/02 21:34:19 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/27 23:40:33 | 000,044,855 | ---- | C] () -- C:\Users\VanDusen\Desktop\NUR204 180.jpg
[2010/01/25 21:22:54 | 000,000,974 | ---- | C] () -- C:\Users\VanDusen\Desktop\NCLEX-RN Strategy Practice Exam.lnk
[2010/01/21 19:37:22 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\TearPad Val.lnk
[2010/01/16 13:32:35 | 000,524,288 | -HS- | C] () -- C:\Users\VanDusen\ntuser.dat{a87ad59a-02d5-11df-82d1-001b24f1a04d}.TMContainer00000000000000000002.regtrans-ms
[2010/01/16 13:32:35 | 000,524,288 | -HS- | C] () -- C:\Users\VanDusen\ntuser.dat{a87ad59a-02d5-11df-82d1-001b24f1a04d}.TMContainer00000000000000000001.regtrans-ms
[2010/01/16 13:32:35 | 000,065,536 | -HS- | C] () -- C:\Users\VanDusen\ntuser.dat{a87ad59a-02d5-11df-82d1-001b24f1a04d}.TM.blf
[2010/01/13 14:48:10 | 000,081,058 | ---- | C] () -- C:\Users\VanDusen\Desktop\1509768.JPG
[2010/01/11 22:28:39 | 072,513,101 | ---- | C] () -- C:\Users\VanDusen\Desktop\Storage.wmv
[2010/01/11 18:56:25 | 000,000,670 | ---- | C] () -- C:\Users\VanDusen\Desktop\108 - Shortcut.lnk
[2010/01/11 14:39:15 | 000,072,320 | ---- | C] () -- C:\Users\VanDusen\Desktop\l_318cd39e87c34a57974056c534bd1035.jpg
[2010/01/11 14:39:02 | 000,046,518 | ---- | C] () -- C:\Users\VanDusen\Desktop\l_da81ad0a53f34c8d9e4f1573be374768.jpg
[2010/01/07 16:33:20 | 000,086,661 | ---- | C] () -- C:\Users\VanDusen\Desktop\hair.jpg
[2009/02/15 08:16:17 | 000,111,476 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/15 08:15:59 | 000,111,476 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/15 16:29:14 | 000,009,616 | ---- | C] () -- C:\Users\VanDusen\AppData\Roaming\wklnhst.dat
[2008/10/07 17:22:43 | 000,000,680 | ---- | C] () -- C:\Users\VanDusen\AppData\Local\d3d9caps.dat
[2008/09/15 19:04:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/07/06 12:44:05 | 000,000,000 | ---- | C] () -- C:\Users\VanDusen\AppData\Local\FnF4.txt
[2008/06/10 18:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/06/10 18:03:26 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/06/10 18:03:26 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/22 16:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/19 00:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008/02/02 09:18:48 | 000,095,356 | ---- | C] () -- C:\Users\VanDusen\AppData\Roaming\nvModes.001
[2008/02/01 17:31:29 | 000,095,356 | ---- | C] () -- C:\Users\VanDusen\AppData\Roaming\nvModes.dat
[2008/01/31 22:10:56 | 000,220,672 | ---- | C] () -- C:\Users\VanDusen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/31 21:32:14 | 000,000,000 | ---- | C] () -- C:\Users\VanDusen\AppData\Local\QSwitch.txt
[2008/01/31 21:32:14 | 000,000,000 | ---- | C] () -- C:\Users\VanDusen\AppData\Local\DSwitch.txt
[2008/01/31 21:32:14 | 000,000,000 | ---- | C] () -- C:\Users\VanDusen\AppData\Local\AtStart.txt
[2007/12/21 20:53:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/10/23 01:35:58 | 000,000,743 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\VanDusen\Desktop\norest.mp3:TOC.WMV
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:13EDD51B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:AC9C6AC1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:E342738F
< End of report >

Re: win32/nuqel.e and banker fox*now with OTL report4th February 2010, 1:16 am

now extras:

OTL Extras logfile created on: 2/3/2010 7:06:46 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = G:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.97 Gb Total Space | 72.66 Gb Free Space | 32.88% Space Free | Partition Type: NTFS
Drive D: | 11.91 Gb Total Space | 1.91 Gb Free Space | 16.00% Space Free | Partition Type: NTFS
Drive E: | 7.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.72 Gb Total Space | 1.44 Gb Free Space | 38.76% Space Free | Partition Type: FAT32
Drive G: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.93% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VANDUSEN-PC
Current User Name: VanDusen
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5087B7-A301-4808-8AF4-0A987E538322}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for psp\mediamanager.exe |
"{140FE904-9EF1-4D05-8B58-2F3C00734597}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{170CDA6A-111A-4A9A-98ED-2A85D43D77DB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1821144B-DD61-4CA7-A3F8-1FACA95663E9}" = protocol=17 | dir=in | app=c:\program files\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{1E65766C-5257-47D2-8D60-F8793A9E9408}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{21FCF814-4FFB-4B51-972B-BEAD68B38352}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for psp\mediamanager.exe |
"{29DA7670-1067-4EF0-89EE-9BD6B12C9B54}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{2EC29FE9-3415-4D3C-B1F0-B4BFE2841551}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2F635961-175D-4664-B4FD-26A3D12F4096}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{39B3D989-6E77-4032-8CD7-F8CA94EF8C0D}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3EC86714-8387-408B-96E6-981610836165}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{45353C69-11B0-49DF-A153-FAEF489D2F33}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{47CBD45B-3374-4020-9C57-C070937F5861}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4C72DC6C-BFC7-4D86-8CFD-91D670510DE9}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{55D5D4EF-4F64-4B06-A299-9FE535D526F7}" = protocol=6 | dir=in | app=c:\program files\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{5899BBF1-FB7D-41BC-8E19-F196537248F7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6164A51F-D551-4CC8-AD8F-D422CDC2518A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{6F50D2C4-8E6C-46EE-88E2-254E72827181}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{73393C90-4238-4C13-83D7-16B386BD4987}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7A7E2685-6AF7-4E86-978B-F14A9DC04116}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{7DDBE758-5C2A-4CBD-BE14-879C45503076}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8A790539-F814-4BBB-9263-49218B6E471C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8C3F9E2A-5330-4574-8522-8FBDDD9AA7DD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9ADC22BC-15B1-4687-A228-E70A11592E5A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A1C4921E-749A-46D9-96CB-BF7D9A68ABA3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AD46698C-9109-4D81-AD70-3637338297B2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE4DC8ED-0354-4D9A-92E1-E2C2DAAEDE37}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B81F62E7-E9A4-4330-BE2B-FBF881E4FAB3}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B83BC943-0037-4598-967D-E859D8534AC1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B9D5E06F-0DF6-4F61-A359-53B94B0B938C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C43D155A-697B-42D6-8400-4426C8F9656D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{CABE275A-2E71-4CD7-BEFE-592949AFE45F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D590BF48-4636-4CC6-A2AA-32633078A3BD}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{F6A10BF2-F0DE-4AAE-BFE2-504D153C766F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FF527A62-126F-4EF9-87EF-AC733799B573}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"TCP Query User{07946763-E8F5-4905-92CD-F9CDE70FF0B7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1E061822-3182-44CF-85F9-08596BB497B6}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{2591E5AC-A248-4022-99DA-4C48591D98F8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3C7A86D7-C5C5-4352-81DA-BAAC96A42C73}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{AE9E100B-48FB-43D3-935E-2F980E1E12E7}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{38CEFDD2-3D16-497D-91CB-427DCF9CB99A}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{8825534C-55FA-4516-AFEB-76DA77A9D611}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{CC4E45CD-A3EE-47B5-BC8D-00860254D084}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E8F2C7BA-48C2-4A97-B2E9-D7E4DA75F15B}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{F6E6F5CA-3D72-4826-8060-E55F95F24017}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{076C5B06-D110-4596-BB49-854B481A7FE4}" = dj_sf_corporate
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{21C6344A-918B-4D35-ADB6-7614F97B78EA}" = Sony Media Manager for PSP 3.0
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{36FED898-68B7-4A00-824F-EB2136E17D6A}" = Barbie(R) idesign(TM) Ultimate Stylist(TM)
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{68471BF2-F1F7-4C89-BBBA-400B94996596}" = ESU for Microsoft Vista
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC93F461-132C-4A10-983D-7DAFE2917D67}" = Roxio Media Manager
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3E7A2A5-A059-4A44-949B-21FBD371A8B8}" = Paint.NET v3.5
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet 9.0 Corporate Edition
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Any Video Converter_is1" = Any Video Converter 2.6.7
"AVG8Uninstall" = AVG Free 8.5
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BlackBerry_{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"Eyles_Comprehensive_Review" = PDQ for NCLEX-RN
"Free Medical Dictionary_is1" = Free Medical Dictionary 1.0
"Google Chrome" = Google Chrome
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NCLEX-RN Strategy Practice Exam_is1" = NCLEX-RN Strategy Practice Exam
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"Peggle Nights Deluxe" = Peggle Nights Deluxe (remove only)
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PokerStars" = PokerStars
"QuickLink Mobile" = QuickLink Mobile
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"ST6UNST #1" = NCLEX-RN Review, sixth edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TearPad Val" = TearPad Val
"ViewpointMediaPlayer" = Viewpoint Media Player
"VL Presets" = VL Transitions and Effects Presets
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/2/2010 11:53:05 AM | Computer Name = VanDusen-PC | Source = VSS | ID = 8194
Description =

Error - 2/2/2010 3:44:17 PM | Computer Name = VanDusen-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0c0c0c0c, process id 0x1f58, application start time 0x01caa4401604ec20.

Error - 2/2/2010 4:15:03 PM | Computer Name = VanDusen-PC | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 2/2/2010 8:26:24 PM | Computer Name = VanDusen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18241, time stamp
0x48ae8fee, faulting module yt.dll_unloaded, version 0.0.0.0, time stamp 0x4a72570f,
exception code 0xc0000005, fault offset 0x629148c4, process id 0x22b4, application
start time 0x01caa46726af05f8.

Error - 2/2/2010 8:26:24 PM | Computer Name = VanDusen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18241, time stamp
0x48ae8fee, faulting module yt.dll_unloaded, version 0.0.0.0, time stamp 0x4a72570f,
exception code 0xc0000005, fault offset 0x629148c4, process id 0x194c, application
start time 0x01caa45b62e9fe08.

Error - 2/2/2010 8:26:24 PM | Computer Name = VanDusen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18241, time stamp
0x48ae8fee, faulting module yt.dll_unloaded, version 0.0.0.0, time stamp 0x4a72570f,
exception code 0xc0000005, fault offset 0x629148c4, process id 0xa04, application
start time 0x01caa461439e0098.

Error - 2/2/2010 9:11:31 PM | Computer Name = VanDusen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18241, time stamp
0x48ae8fee, faulting module yt.dll_unloaded, version 0.0.0.0, time stamp 0x4a72570f,
exception code 0xc0000005, fault offset 0x629148c4, process id 0x27c4, application
start time 0x01caa46981582f90.

Error - 2/2/2010 10:54:13 PM | Computer Name = VanDusen-PC | Source = Application Error | ID = 1000
Description = Faulting application HpqSRmon.exe, version 10.0.0.202, time stamp
0x46c64b4e, faulting module HpqSRmon.exe, version 10.0.0.202, time stamp 0x46c64b4e,
exception code 0xc0000005, fault offset 0x000032db, process id 0xce8, application
start time 0x01caa47c1d90bda1.

Error - 2/3/2010 8:12:26 AM | Computer Name = VanDusen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18241, time stamp
0x48ae8fee, faulting module urlmon.dll, version 8.0.6001.18241, time stamp 0x48ae9003,
exception code 0xc0000005, fault offset 0x000a85df, process id 0xb14, application
start time 0x01caa4ca19b4e8e0.

Error - 2/3/2010 8:26:15 AM | Computer Name = VanDusen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18241, time stamp
0x48ae8fee, faulting module urlmon.dll, version 8.0.6001.18241, time stamp 0x48ae9003,
exception code 0xc0000005, fault offset 0x000a85df, process id 0xfc, application
start time 0x01caa4cc0fa8d170.

[ Media Center Events ]
Error - 9/21/2008 5:35:18 PM | Computer Name = VanDusen-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 12/5/2008 8:32:16 AM | Computer Name = VanDusen-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 12/16/2008 2:53:47 PM | Computer Name = VanDusen-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 12/30/2008 6:28:04 PM | Computer Name = VanDusen-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 1/3/2009 8:55:42 PM | Computer Name = VanDusen-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/19/2009 5:53:00 PM | Computer Name = VanDusen-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/23/2009 4:01:03 PM | Computer Name = VanDusen-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 4/2/2009 2:08:45 PM | Computer Name = VanDusen-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 4/25/2009 11:44:23 PM | Computer Name = VanDusen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 6:53:20 PM | Computer Name = VanDusen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 2/3/2010 9:05:35 PM | Computer Name = VanDusen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/3/2010 9:05:35 PM | Computer Name = VanDusen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/3/2010 9:05:35 PM | Computer Name = VanDusen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/3/2010 9:05:35 PM | Computer Name = VanDusen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/3/2010 9:05:35 PM | Computer Name = VanDusen-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/3/2010 9:05:35 PM | Computer Name = VanDusen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/3/2010 9:05:35 PM | Computer Name = VanDusen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/3/2010 9:05:35 PM | Computer Name = VanDusen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/3/2010 9:05:55 PM | Computer Name = VanDusen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/3/2010 9:06:01 PM | Computer Name = VanDusen-PC | Source = DCOM | ID = 10005
Description =

< End of report >

Re: win32/nuqel.e and banker fox4th February 2010, 1:28 am

i have also just uninstalled limewire

Re: win32/nuqel.e and banker fox4th February 2010, 3:23 am

here is the malwarebytes info...thanks again for your help...

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18241

2/3/2010 8:50:44 PM
mbam-log-2010-02-03 (20-50-44).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 352160
Time elapsed: 1 hour(s), 24 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\VanDusen\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Re: win32/nuqel.e and banker fox4th February 2010, 10:05 pm

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [battlxir] C:\Users\VanDusen\AppData\Local\dahlgq\tqkgsftav.exe ()
O32 - AutoRun File - [2007/07/26 10:18:32 | 000,000,025 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2399e275-9765-11de-a162-001b24f1a04d}\Shell - "" = AutoRun
O33 - MountPoints2\{2399e275-9765-11de-a162-001b24f1a04d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{56892bf6-d0f9-11dc-8d4f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{56892bf6-d0f9-11dc-8d4f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2007/12/27 08:07:02 | 008,153,539 | R--- | M] ()
O33 - MountPoints2\{5aff2fa0-8b44-11dd-80b2-001b24f1a04d}\Shell - "" = AutoRun
O33 - MountPoints2\{5aff2fa0-8b44-11dd-80b2-001b24f1a04d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9837d983-3c3d-11de-afb9-001b24f1a04d}\Shell\AutoRun\command - "" = F:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{9837d983-3c3d-11de-afb9-001b24f1a04d}\Shell\Flip Video for PC\command - "" = F:\system\viewer\FlipVideoforPC.exe -- File not found
[2010/02/02 13:44:55 | 000,000,000 | ---D | C] -- C:\Users\VanDusen\AppData\Local\dahlgq
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: win32/nuqel.e and banker fox5th February 2010, 2:36 am

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\battlxir not found.
File C:\Users\VanDusen\AppData\Local\dahlgq\tqkgsftav.exe not found.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2399e275-9765-11de-a162-001b24f1a04d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2399e275-9765-11de-a162-001b24f1a04d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2399e275-9765-11de-a162-001b24f1a04d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2399e275-9765-11de-a162-001b24f1a04d}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56892bf6-d0f9-11dc-8d4f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56892bf6-d0f9-11dc-8d4f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56892bf6-d0f9-11dc-8d4f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56892bf6-d0f9-11dc-8d4f-806e6f6e6963}\ not found.
File move failed. E:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5aff2fa0-8b44-11dd-80b2-001b24f1a04d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5aff2fa0-8b44-11dd-80b2-001b24f1a04d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5aff2fa0-8b44-11dd-80b2-001b24f1a04d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5aff2fa0-8b44-11dd-80b2-001b24f1a04d}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9837d983-3c3d-11de-afb9-001b24f1a04d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9837d983-3c3d-11de-afb9-001b24f1a04d}\ not found.
File F:\system\viewer\FlipVideoforPC.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9837d983-3c3d-11de-afb9-001b24f1a04d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9837d983-3c3d-11de-afb9-001b24f1a04d}\ not found.
File F:\system\viewer\FlipVideoforPC.exe not found.
C:\Users\VanDusen\AppData\Local\dahlgq folder moved successfully.

OTL by OldTimer - Version 3.1.27.1 log created on 02042010_202636

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\setup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Re: win32/nuqel.e and banker fox5th February 2010, 4:56 pm

Hello.

Click Start >> Control Panel.
Under the Programs click Uninstall a Program
Highlight the following:

Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
LimeWire 5.3.6
Viewpoint Media Player
Click on the Uninstall/Change button at the top.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Updating Java:

Download the latest version of Java SE Runtime Environment (JRE) 6 Update 18.
Click the "Download JRE" button to the right.
In the Window that opens, select your platform, check the "agree" box, and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.

Please download Firefox 3.6 and install it. It will install over version 3.0 you currently have installed, so you won't lose any bookmarked websites.

How is the machine running now?

win32/nuqel.e and banker fox

descriptionwin32/nuqel.e and banker fox3rd February 2010, 1:47 am

descriptionRe: win32/nuqel.e and banker fox3rd February 2010, 1:51 am

descriptionRe: win32/nuqel.e and banker fox3rd February 2010, 2:11 am

descriptionRe: win32/nuqel.e and banker fox3rd February 2010, 2:24 am

descriptionRe: win32/nuqel.e and banker fox3rd February 2010, 3:14 am

descriptionRe: win32/nuqel.e and banker fox3rd February 2010, 7:52 pm

descriptionRe: win32/nuqel.e and banker fox4th February 2010, 12:47 am

descriptionRe: win32/nuqel.e and banker fox4th February 2010, 1:16 am

descriptionRe: win32/nuqel.e and banker fox*now with OTL report4th February 2010, 1:16 am

descriptionRe: win32/nuqel.e and banker fox4th February 2010, 1:28 am

descriptionRe: win32/nuqel.e and banker fox4th February 2010, 3:23 am

descriptionRe: win32/nuqel.e and banker fox4th February 2010, 10:05 pm

descriptionRe: win32/nuqel.e and banker fox5th February 2010, 2:36 am

descriptionRe: win32/nuqel.e and banker fox5th February 2010, 4:56 pm

descriptionRe: win32/nuqel.e and banker fox