BankerFox.A and Win32/Nugel.E

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

BankerFox.A and Win32/Nugel.E24th March 2010, 10:32 pm

Hi, I am very very new to all this and my computer has BankerFox.A and Win32/Nugel.E virus and I am unable to access the internet. Apart from viagra.com which keeps popping up!, luckily I have a notebook which I can still access the internet on and have found you. All the solutions I've found say you need to go onto sites and download malware stuff and I can't. I don't even know what malware is?!?!? We have AVG 9.0 on the PC and I managed to get it to scan and it came up with no problems??? Please help!!! Lady in distress!!!!!

Re: BankerFox.A and Win32/Nugel.E25th March 2010, 1:24 am

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A and Win32/Nugel.E DXwU4

OTL.txt1st April 2010, 8:40 pm

So sorry for the delay, my daughter has been ill, I do really appriciate your help. Results for you........

OTL logfile created on: 01/04/2010 21:27:15 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Gary\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 47.56 Gb Free Space | 20.85% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 165.37 Gb Free Space | 71.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 393.50 Gb Free Space | 84.48% Space Free | Partition Type: NTFS

Computer Name: DF5PWZ2J
Current User Name: Gary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/01 21:21:26 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
PRC - [2010/03/24 22:25:22 | 000,027,648 | ---- | M] () -- C:\WINDOWS\system32\stsystra.exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\ccihus\ywvbsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\tgarvj\yuqhsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\uwsyjx\yubcsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\simduj\yoxnsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\mtqbvd\ymmisftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\hxyril\yfqfsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\WINDOWS\yfbasftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Application Data\eqndih\yexpsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\davwvs\yeousftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\WINDOWS\yehksftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Application Data\bjdpje\ydfasftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\lturcf\wyprsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\kddlpp\wygwsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\howpbb\wrejsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\ehlbcx\wqltsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\csffnj\wkifsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\rgficl\whuqsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Application Data\twxppa\whelsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\mknyot\waymsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Application Data\obggbi\waihsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\tpaaug\qrsbsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\otiqgo\qjxxsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\lmwdhk\qifisftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\gqgsts\qbjesftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\djuftp\qaqpsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\mtdmhk\hppnsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\sygpmf\fsdxsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\NetworkService\Local Settings\Application Data\wvqjoe\diuvsftav .exe
PRC - [2010/03/16 13:09:07 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Program Files\AVG\AVG9\avgtray .exe
PRC - [2010/03/16 13:08:58 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/16 13:08:56 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/16 13:08:40 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/16 13:08:18 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/16 13:08:13 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/15 19:07:02 | 000,141,608 | ---- | M] (Apple Inc.) -- c:\Program Files\iTunes\ituneshelper .exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 12:31:12 | 000,247,144 | ---- | M] (TomTom) -- c:\Program Files\TomTom HOME 2\tomtomhomerunner .exe
PRC - [2009/10/10 14:32:18 | 000,305,664 | ---- | M] (ArcSoft Inc.) -- c:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2009/10/10 14:32:18 | 000,203,264 | ---- | M] (ArcSoft Inc.) -- c:\Program Files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe
PRC - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/05 13:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/08/03 10:33:06 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\ekij5000mui .exe
PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/18 15:10:32 | 000,271,360 | ---- | M] (Nokia) -- c:\Program Files\Nokia\Nokia PC Suite 6\launchapplication .exe
PRC - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/01/30 13:02:28 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewerS\QuickDCF2.exe
PRC - [2006/11/03 17:00:54 | 001,585,152 | ---- | M] (Belkin Corporation) -- C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- c:\Program Files\Dell Support\dsagnt .exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- c:\Program Files\Dell\Media Experience\dmxlauncher .exe

========== Modules (SafeList) ==========

MOD - [2010/04/01 21:21:26 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010/03/16 13:08:40 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/05 13:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2010/03/16 13:09:05 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/16 13:08:57 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/16 13:08:19 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/09/15 09:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/09/15 09:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/09/15 09:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/15 09:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/08/06 02:36:08 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsnmea.sys -- (zgwhsnmea)
DRV - [2008/08/06 02:36:08 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV - [2008/08/06 02:36:08 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 19:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/01 17:17:12 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2008/02/01 17:17:06 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2007/06/18 16:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/25 21:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/09/15 15:22:18 | 000,219,392 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerCap.sys -- (AVMNgCapM779)
DRV - [2006/09/15 15:22:06 | 000,049,152 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerBas.sys -- (AVMNgBasM779)
DRV - [2006/09/15 10:14:26 | 000,147,456 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerTun.sys -- (AVMNgTunM779)
DRV - [2006/08/15 03:00:18 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 06:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/05 07:00:48 | 000,089,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
DRV - [2006/08/05 07:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/06/07 15:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/10 03:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2070625
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2070625

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2070625
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

[2009/01/30 23:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2008/08/06 21:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/01/30 23:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/03/24 22:42:49 | 000,006,925 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 99.189.54
O1 - Hosts: 127.0.0.1 99.189.52
O1 - Hosts: 127.0.0.1 99.14.103
O1 - Hosts: 127.0.0.1 98.223.73
O1 - Hosts: 127.0.0.1 97.80.137
O1 - Hosts: 127.0.0.1 95.134.16
O1 - Hosts: 127.0.0.1 95.133.8.
O1 - Hosts: 127.0.0.1 95.133.23
O1 - Hosts: 127.0.0.1 95.133.23
O1 - Hosts: 127.0.0.1 95.133.14
O1 - Hosts: 127.0.0.1 95.133.11
O1 - Hosts: 127.0.0.1 95.105.17
O1 - Hosts: 127.0.0.1 94.53.2.1
O1 - Hosts: 127.0.0.1 94.23.201
O1 - Hosts: 127.0.0.1 94.179.55
O1 - Hosts: 127.0.0.1 94.179.48
O1 - Hosts: 127.0.0.1 94.179.19
O1 - Hosts: 127.0.0.1 94.179.11
O1 - Hosts: 127.0.0.1 94.178.65
O1 - Hosts: 127.0.0.1 93.39.197
O1 - Hosts: 127.0.0.1 93.186.17
O1 - Hosts: 127.0.0.1 93.136.83
O1 - Hosts: 127.0.0.1 93.112.91
O1 - Hosts: 127.0.0.1 92.86.197
O1 - Hosts: 127.0.0.1 92.80.81.
O1 - Hosts: 271 more lines...
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier.exe ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\acdaemon.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe ()
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe File not found
O4 - HKLM..\Run: [cdpnwnkb] C:\Documents and Settings\NetworkService\Local Settings\Application Data\wvqjoe\diuvsftav.exe ()
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\dmxlauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\ekij5000mui.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [ktdntssd] C:\Documents and Settings\Gary\Local Settings\Application Data\gqgsts\qbjesftav.exe ()
O4 - HKLM..\Run: [kteovwqn] C:\Documents and Settings\Gary\Local Settings\Application Data\djuftp\qaqpsftav.exe ()
O4 - HKLM..\Run: [kttblgnr] C:\Documents and Settings\Gary\Local Settings\Application Data\otiqgo\qjxxsftav.exe ()
O4 - HKLM..\Run: [ktvbnklc] C:\Documents and Settings\Gary\Local Settings\Application Data\lmwdhk\qifisftav.exe ()
O4 - HKLM..\Run: [kunofyhq] C:\Documents and Settings\Gary\Local Settings\Application Data\tpaaug\qrsbsftav.exe ()
O4 - HKLM..\Run: [MDNS] C:\WINDOWS\system32\service.exe ()
O4 - HKLM..\Run: [mpjveynr] C:\Documents and Settings\Gary\Local Settings\Application Data\sygpmf\fsdxsftav.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe File not found
O4 - HKLM..\Run: [paowdamy] C:\Documents and Settings\Gary\Application Data\twxppa\whelsftav.exe ()
O4 - HKLM..\Run: [papkepxq] C:\Documents and Settings\Gary\Local Settings\Application Data\rgficl\whuqsftav.exe ()
O4 - HKLM..\Run: [pawkmmqk] C:\Documents and Settings\Gary\Local Settings\Application Data\lturcf\wyprsftav.exe ()
O4 - HKLM..\Run: [pawwlwfs] C:\Documents and Settings\Gary\Local Settings\Application Data\mknyot\waymsftav.exe ()
O4 - HKLM..\Run: [paxxmcdc] C:\Documents and Settings\Gary\Local Settings\Application Data\kddlpp\wygwsftav.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe ()
O4 - HKLM..\Run: [qafjtjje] C:\Documents and Settings\Gary\Local Settings\Application Data\ehlbcx\wqltsftav.exe ()
O4 - HKLM..\Run: [qavjkisa] C:\Documents and Settings\Gary\Application Data\obggbi\waihsftav.exe ()
O4 - HKLM..\Run: [qmbikxlg] C:\Documents and Settings\Gary\Local Settings\Application Data\tgarvj\yuqhsftav.exe ()
O4 - HKLM..\Run: [qmsvclhu] C:\Documents and Settings\Gary\Application Data\bjdpje\ydfasftav.exe ()
O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask .exe ()
O4 - HKLM..\Run: [qyejrfmt] C:\Documents and Settings\Gary\Local Settings\Application Data\howpbb\wrejsftav.exe ()
O4 - HKLM..\Run: [rlqharxs] C:\WINDOWS\yehksftav.exe ()
O4 - HKLM..\Run: [rlruahjk] C:\Documents and Settings\Gary\Application Data\eqndih\yexpsftav.exe ()
O4 - HKLM..\Run: [rmbujian] C:\Documents and Settings\Gary\Local Settings\Application Data\uwsyjx\yubcsftav.exe ()
O4 - HKLM..\Run: [rmjirufy] C:\Documents and Settings\Gary\Local Settings\Application Data\mtqbvd\ymmisftav.exe ()
O4 - HKLM..\Run: [rmsibvvd] C:\Documents and Settings\Gary\Local Settings\Application Data\davwvs\yeousftav.exe ()
O4 - HKLM..\Run: [rsonsyuo] C:\Documents and Settings\Gary\Local Settings\Application Data\mtdmhk\hppnsftav.exe ()
O4 - HKLM..\Run: [rykuymsv] C:\Documents and Settings\Gary\Local Settings\Application Data\csffnj\wkifsftav.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\System32\stsystra.exe ()
O4 - HKLM..\Run: [slggoljg] C:\Documents and Settings\Gary\Local Settings\Application Data\simduj\yoxnsftav.exe ()
O4 - HKLM..\Run: [slpgxnaj] C:\WINDOWS\yfbasftav.exe ()
O4 - HKLM..\Run: [slqtyclb] C:\Documents and Settings\Gary\Local Settings\Application Data\hxyril\yfqfsftav.exe ()
O4 - HKLM..\Run: [slwgfksd] C:\Documents and Settings\Gary\Local Settings\Application Data\ccihus\ywvbsftav.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe ()
O4 - HKCU..\Run: [ktdntssd] C:\Documents and Settings\Gary\Local Settings\Application Data\gqgsts\qbjesftav.exe ()
O4 - HKCU..\Run: [kteovwqn] C:\Documents and Settings\Gary\Local Settings\Application Data\djuftp\qaqpsftav.exe ()
O4 - HKCU..\Run: [kttblgnr] C:\Documents and Settings\Gary\Local Settings\Application Data\otiqgo\qjxxsftav.exe ()
O4 - HKCU..\Run: [ktvbnklc] C:\Documents and Settings\Gary\Local Settings\Application Data\lmwdhk\qifisftav.exe ()
O4 - HKCU..\Run: [kunofyhq] C:\Documents and Settings\Gary\Local Settings\Application Data\tpaaug\qrsbsftav.exe ()
O4 - HKCU..\Run: [mpjveynr] C:\Documents and Settings\Gary\Local Settings\Application Data\sygpmf\fsdxsftav.exe ()
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe ()
O4 - HKCU..\Run: [paowdamy] C:\Documents and Settings\Gary\Application Data\twxppa\whelsftav.exe ()
O4 - HKCU..\Run: [papkepxq] C:\Documents and Settings\Gary\Local Settings\Application Data\rgficl\whuqsftav.exe ()
O4 - HKCU..\Run: [pawkmmqk] C:\Documents and Settings\Gary\Local Settings\Application Data\lturcf\wyprsftav.exe ()
O4 - HKCU..\Run: [pawwlwfs] C:\Documents and Settings\Gary\Local Settings\Application Data\mknyot\waymsftav.exe ()
O4 - HKCU..\Run: [paxxmcdc] C:\Documents and Settings\Gary\Local Settings\Application Data\kddlpp\wygwsftav.exe ()
O4 - HKCU..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\psfree.exe ()
O4 - HKCU..\Run: [qafjtjje] C:\Documents and Settings\Gary\Local Settings\Application Data\ehlbcx\wqltsftav.exe ()
O4 - HKCU..\Run: [qavjkisa] C:\Documents and Settings\Gary\Application Data\obggbi\waihsftav.exe ()
O4 - HKCU..\Run: [qmbikxlg] C:\Documents and Settings\Gary\Local Settings\Application Data\tgarvj\yuqhsftav.exe ()
O4 - HKCU..\Run: [qmsvclhu] C:\Documents and Settings\Gary\Application Data\bjdpje\ydfasftav.exe ()
O4 - HKCU..\Run: [qyejrfmt] C:\Documents and Settings\Gary\Local Settings\Application Data\howpbb\wrejsftav.exe ()
O4 - HKCU..\Run: [rlqharxs] C:\WINDOWS\yehksftav.exe ()
O4 - HKCU..\Run: [rlruahjk] C:\Documents and Settings\Gary\Application Data\eqndih\yexpsftav.exe ()
O4 - HKCU..\Run: [rmbujian] C:\Documents and Settings\Gary\Local Settings\Application Data\uwsyjx\yubcsftav.exe ()
O4 - HKCU..\Run: [rmjirufy] C:\Documents and Settings\Gary\Local Settings\Application Data\mtqbvd\ymmisftav.exe ()
O4 - HKCU..\Run: [rmsibvvd] C:\Documents and Settings\Gary\Local Settings\Application Data\davwvs\yeousftav.exe ()
O4 - HKCU..\Run: [rsonsyuo] C:\Documents and Settings\Gary\Local Settings\Application Data\mtdmhk\hppnsftav.exe ()
O4 - HKCU..\Run: [rykuymsv] C:\Documents and Settings\Gary\Local Settings\Application Data\csffnj\wkifsftav.exe ()
O4 - HKCU..\Run: [slggoljg] C:\Documents and Settings\Gary\Local Settings\Application Data\simduj\yoxnsftav.exe ()
O4 - HKCU..\Run: [slpgxnaj] C:\WINDOWS\yfbasftav.exe ()
O4 - HKCU..\Run: [slqtyclb] C:\Documents and Settings\Gary\Local Settings\Application Data\hxyril\yfqfsftav.exe ()
O4 - HKCU..\Run: [slwgfksd] C:\Documents and Settings\Gary\Local Settings\Application Data\ccihus\ywvbsftav.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www3.snapfish.co.uk/TruprintActivia.cab (Snapfish Activia)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} https://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O20 - HKLM Winlogon: TaskMan - (C:\WINDOWS\TEMP\eqrx.tmp\svchost.exe) - C:\WINDOWS\TEMP\eqrx.tmp\svchost.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Gary\Application Data\oaozf.exe) - C:\Documents and Settings\Gary\Application Data\oaozf.exe File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\WINDOWS\TEMP\eqrx.tmp\svchost.exe) - C:\WINDOWS\TEMP\eqrx.tmp\svchost.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\RapportMgmtService.exe: Debugger - ZASRAKOMONDOHUI31338.EXE File not found
O27 - HKLM IFEO\RapportService.exe: Debugger - ZASRAKOMONDOHUI31338.EXE File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{40438cef-2b24-11dd-a737-001aa0136c6a}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{95a51a66-63f2-11dd-a79c-001aa0136c6a}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/01 21:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\wvqjoe
[2010/04/01 21:26:57 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2010/03/24 22:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\eqndih
[2010/03/24 22:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\bjdpje
[2010/03/24 22:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\ghgkvv
[2010/03/24 22:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\bjdpje
[2010/03/24 22:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\davwvs
[2010/03/24 22:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\ccihus
[2010/03/24 22:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\mtqbvd
[2010/03/24 22:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\ghgkvv
[2010/03/24 22:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\uwsyjx
[2010/03/24 22:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\tgarvj
[2010/03/24 22:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\simduj
[2010/03/24 22:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\eqndih
[2010/03/24 22:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\ioryua
[2010/03/24 22:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\hxyril
[2010/03/24 22:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\ioryua
[2010/03/24 22:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\twxppa
[2010/03/24 22:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\lturcf
[2010/03/24 22:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\rgficl
[2010/03/24 22:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\mknyot
[2010/03/24 22:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\ehlbcx
[2010/03/24 22:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\twxppa
[2010/03/24 22:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\kddlpp
[2010/03/24 22:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\obggbi
[2010/03/24 22:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\obggbi
[2010/03/24 22:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\howpbb
[2010/03/24 22:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\csffnj
[2010/03/24 21:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\otiqgo
[2010/03/24 21:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\tpaaug
[2010/03/24 21:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\djuftp
[2010/03/24 21:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\lmwdhk
[2010/03/24 21:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\gqgsts
[2010/03/24 12:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\mtdmhk
[2010/03/24 12:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\sygpmf
[2010/03/24 09:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
[2010/03/24 09:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\bearsharetb
[2010/03/21 09:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/20 23:08:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2010/03/19 19:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/19 19:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/19 19:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/19 18:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/19 18:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/19 18:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/19 18:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/03/16 13:08:57 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/14 08:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/13 20:31:40 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/13 20:31:04 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/13 20:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/03/13 20:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/13 20:28:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/13 20:28:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/12 08:57:25 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/09 11:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\BitTorrent
[2010/03/09 11:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/03/09 09:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\AskToolbar
[2010/03/09 09:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/03/03 09:59:38 | 000,402,944 | R--- | C] (Belkin Corporation) -- C:\WINDOWS\System32\drivers\BLKWGU.sys
[2010/03/03 09:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2009/12/31 11:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[2008/08/29 21:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/08/29 21:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\HP
[2008/07/13 21:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2008/06/26 08:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/28 10:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/01 21:30:00 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/01 21:30:00 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/01 21:30:00 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/01 21:27:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/01 21:27:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/04/01 21:27:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/04/01 21:27:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/04/01 21:27:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/04/01 21:27:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/04/01 21:27:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/04/01 21:27:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/04/01 21:27:35 | 000,027,648 | ---- | M] () -- C:\WINDOWS\yehksftav.exe
[2010/04/01 21:27:26 | 000,027,648 | ---- | M] () -- C:\WINDOWS\yfbasftav.exe
[2010/04/01 21:26:52 | 000,027,648 | ---- | M] () -- C:\WINDOWS\System32\service.exe
[2010/04/01 21:26:49 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Gary\stsystra.exe
[2010/04/01 21:24:46 | 000,000,238 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/01 21:24:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/01 21:24:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/01 21:24:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/01 21:24:34 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/01 21:21:26 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2010/03/25 14:13:40 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Gary\NTUSER.DAT
[2010/03/25 14:13:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Gary\ntuser.ini
[2010/03/25 14:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/24 22:29:08 | 000,000,004 | ---- | M] () -- C:\Program Files\57421.dat
[2010/03/24 22:29:08 | 000,000,004 | ---- | M] () -- C:\Program Files\57093.dat
[2010/03/24 22:29:08 | 000,000,004 | ---- | M] () -- C:\Program Files\56765.dat
[2010/03/24 22:29:07 | 000,000,004 | ---- | M] () -- C:\Program Files\56078.dat
[2010/03/24 22:29:06 | 000,000,004 | ---- | M] () -- C:\Program Files\54859.dat
[2010/03/24 22:29:06 | 000,000,004 | ---- | M] () -- C:\Program Files\54750.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | M] () -- C:\Program Files\54640.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | M] () -- C:\Program Files\54531.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | M] () -- C:\Program Files\54421.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | M] () -- C:\Program Files\54312.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | M] () -- C:\Program Files\54203.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | M] () -- C:\Program Files\54093.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | M] () -- C:\Program Files\53765.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | M] () -- C:\Program Files\53656.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | M] () -- C:\Program Files\53546.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | M] () -- C:\Program Files\53437.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | M] () -- C:\Program Files\53328.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | M] () -- C:\Program Files\53109.dat
[2010/03/24 22:25:22 | 000,027,648 | ---- | M] () -- C:\WINDOWS\System32\stsystra.exe
[2010/03/24 21:58:02 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/24 09:25:34 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/24 09:21:25 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Gary\stsystra .exe
[2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- C:\WINDOWS\yfbasftav .exe
[2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- C:\WINDOWS\yehksftav .exe
[2010/03/24 09:12:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/24 08:57:14 | 000,027,648 | ---- | M] () -- C:\WINDOWS\System32\service .exe
[2010/03/24 08:57:10 | 000,027,648 | ---- | M] () -- C:\WINDOWS\System32\stsystra .exe
[2010/03/24 08:38:10 | 057,594,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/19 19:15:04 | 000,001,180 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/16 13:09:05 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/16 13:08:57 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/16 13:08:57 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/16 13:08:19 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/13 20:31:14 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/03/13 20:31:06 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/13 20:31:04 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/11 15:51:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/09 19:00:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2010/03/09 11:29:17 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Email.url
[2010/03/09 11:05:21 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/03/09 09:19:22 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\LimeWire 5.5.5.lnk
[2010/03/03 09:58:20 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
[2010/03/03 09:58:20 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belkin Wireless USB Utility.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/24 22:45:44 | 000,269,568 | ---- | C] () -- C:\WINDOWS\yehksftav .exe
[2010/03/24 22:45:44 | 000,027,648 | ---- | C] () -- C:\WINDOWS\yehksftav.exe
[2010/03/24 22:45:26 | 000,269,568 | ---- | C] () -- C:\WINDOWS\yfbasftav .exe
[2010/03/24 22:45:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\yfbasftav.exe
[2010/03/24 22:29:08 | 000,000,004 | ---- | C] () -- C:\Program Files\57421.dat
[2010/03/24 22:29:08 | 000,000,004 | ---- | C] () -- C:\Program Files\57093.dat
[2010/03/24 22:29:08 | 000,000,004 | ---- | C] () -- C:\Program Files\56765.dat
[2010/03/24 22:29:07 | 000,000,004 | ---- | C] () -- C:\Program Files\56078.dat
[2010/03/24 22:29:06 | 000,000,004 | ---- | C] () -- C:\Program Files\54859.dat
[2010/03/24 22:29:06 | 000,000,004 | ---- | C] () -- C:\Program Files\54750.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\54640.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\54531.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\54421.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\54312.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\54203.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\54093.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\53765.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | C] () -- C:\Program Files\53656.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | C] () -- C:\Program Files\53546.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | C] () -- C:\Program Files\53437.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | C] () -- C:\Program Files\53328.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | C] () -- C:\Program Files\53109.dat
[2010/03/24 09:21:25 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Gary\stsystra.exe
[2010/03/24 09:21:25 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Gary\stsystra .exe
[2010/03/24 08:57:26 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/03/24 08:57:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/03/24 08:57:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\service.exe
[2010/03/24 08:57:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\service .exe
[2010/03/24 08:57:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\stsystra.exe
[2010/03/24 08:57:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\stsystra .exe
[2010/03/19 19:54:49 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/19 18:19:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/13 20:31:06 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/09 11:05:21 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/03/09 09:19:33 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/09 09:19:22 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\LimeWire 5.5.5.lnk
[2010/03/03 09:58:20 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
[2010/03/03 09:58:20 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belkin Wireless USB Utility.lnk
[2010/01/12 12:53:20 | 000,115,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/07 22:25:40 | 000,037,830 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\c4u.log
[2009/12/31 11:52:36 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\LaunchHomeCenter.log
[2009/12/31 11:44:19 | 000,178,554 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\installer.log
[2009/11/15 12:06:42 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Smiley.ico
[2009/04/11 21:17:22 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2008/09/11 19:32:43 | 000,005,248 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\NMM-MetaData.db
[2008/07/27 10:35:16 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2008/07/22 20:18:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2008/06/28 15:53:46 | 000,084,864 | ---- | C] () -- C:\WINDOWS\System32\ebvtvsrd.dll
[2008/06/24 20:18:14 | 001,706,234 | -HS- | C] () -- C:\WINDOWS\System32\rdfdoktc.ini
[2008/06/23 20:09:39 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/04/16 17:59:12 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/16 17:59:12 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/23 21:47:03 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\dvd.bmk
[2008/02/17 20:57:14 | 000,090,290 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/15 22:08:51 | 000,001,066 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\wklnhst.dat
[2007/08/07 10:34:56 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/05 10:38:06 | 000,000,267 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/07/26 17:20:18 | 000,003,800 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/13 16:55:13 | 000,188,416 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/11 09:34:44 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat
[2007/07/06 20:02:30 | 000,000,091 | ---- | C] () -- C:\WINDOWS\quadriga.ini
[2007/06/25 16:33:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/25 16:28:25 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/25 16:04:50 | 000,001,207 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/21 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
< End of report >

Extras.txt1st April 2010, 8:42 pm

OTL Extras logfile created on: 01/04/2010 21:27:15 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Gary\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 47.56 Gb Free Space | 20.85% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 165.37 Gb Free Space | 71.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 393.50 Gb Free Space | 84.48% Space Free | Partition Type: NTFS

Computer Name: DF5PWZ2J
Current User Name: Gary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"15448:TCP" = 15448:TCP:*:Enabled:BitComet 15448 TCP
"15448:UDP" = 15448:UDP:*:Enabled:BitComet 15448 UDP
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- File not found
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- ()
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe" = C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe" = C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide -- File not found
"C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- File not found
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- ()
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- File not found
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (KODAK)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{283A5643-C7C8-4EC9-899D-01D63E906510}" = ArcSoft Print Creations
"{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{638EBB3E-04BC-40DB-9176-DDEC2C5CB2BC}" = ArcSoft MediaConverter 2.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBDE9C7D-CF52-4558-B23E-B66359CB586A}" = Nokia Connectivity Cable Driver
"{CDE526C5-69CD-4124-8AC3-7FA06946A9FD}" = Motorola Phone Tools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.3
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"bearsharetb" = MediaBar
"BitTorrent" = BitTorrent
"BroadJump Client Foundation" = BroadJump Client Foundation
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 1.3
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InternetProgram" = InternetProgram
"LimeWire" = LimeWire 5.5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"SearchAssist" = SearchAssist
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Uninstall_is1" = Uninstall 1.0.0.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/03/2010 03:51:37 | Computer Name = DF5PWZ2J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 24/03/2010 04:24:52 | Computer Name = DF5PWZ2J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: A connection with the server could not be established

Error - 24/03/2010 04:24:53 | Computer Name = DF5PWZ2J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 24/03/2010 06:24:56 | Computer Name = DF5PWZ2J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 24/03/2010 07:16:21 | Computer Name = DF5PWZ2J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 24/03/2010 07:16:22 | Computer Name = DF5PWZ2J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 24/03/2010 16:48:55 | Computer Name = DF5PWZ2J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 24/03/2010 16:48:56 | Computer Name = DF5PWZ2J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 24/03/2010 17:46:40 | Computer Name = DF5PWZ2J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 24/03/2010 17:46:41 | Computer Name = DF5PWZ2J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

[ System Events ]
Error - 25/03/2010 07:36:19 | Computer Name = DF5PWZ2J | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 25/03/2010 07:36:19 | Computer Name = DF5PWZ2J | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 25/03/2010 07:37:16 | Computer Name = DF5PWZ2J | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg9wd service.

Error - 25/03/2010 07:37:47 | Computer Name = DF5PWZ2J | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg9wd service.

Error - 25/03/2010 08:02:25 | Computer Name = DF5PWZ2J | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 25/03/2010 08:13:04 | Computer Name = DF5PWZ2J | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 01/04/2010 16:25:10 | Computer Name = DF5PWZ2J | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 01/04/2010 16:25:11 | Computer Name = DF5PWZ2J | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 01/04/2010 16:25:11 | Computer Name = DF5PWZ2J | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 01/04/2010 16:25:17 | Computer Name = DF5PWZ2J | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

< End of report >

Re: BankerFox.A and Win32/Nugel.E1st April 2010, 11:23 pm

Hello.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\ccihus\ywvbsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\tgarvj\yuqhsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\uwsyjx\yubcsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\simduj\yoxnsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\mtqbvd\ymmisftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\hxyril\yfqfsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\WINDOWS\yfbasftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Application Data\eqndih\yexpsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\davwvs\yeousftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\WINDOWS\yehksftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Application Data\bjdpje\ydfasftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\lturcf\wyprsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\kddlpp\wygwsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\howpbb\wrejsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\ehlbcx\wqltsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\csffnj\wkifsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\rgficl\whuqsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Application Data\twxppa\whelsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\mknyot\waymsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Application Data\obggbi\waihsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\tpaaug\qrsbsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\otiqgo\qjxxsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\lmwdhk\qifisftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\gqgsts\qbjesftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\djuftp\qaqpsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\mtdmhk\hppnsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\Gary\Local Settings\Application Data\sygpmf\fsdxsftav .exe
PRC - [2010/03/24 09:12:24 | 000,269,568 | ---- | M] () -- c:\Documents and Settings\NetworkService\Local Settings\Application Data\wvqjoe\diuvsftav .exe
O4 - HKLM..\Run: [cdpnwnkb] C:\Documents and Settings\NetworkService\Local Settings\Application Data\wvqjoe\diuvsftav.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\ekij5000mui.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [ktdntssd] C:\Documents and Settings\Gary\Local Settings\Application Data\gqgsts\qbjesftav.exe ()
O4 - HKLM..\Run: [kteovwqn] C:\Documents and Settings\Gary\Local Settings\Application Data\djuftp\qaqpsftav.exe ()
O4 - HKLM..\Run: [kttblgnr] C:\Documents and Settings\Gary\Local Settings\Application Data\otiqgo\qjxxsftav.exe ()
O4 - HKLM..\Run: [ktvbnklc] C:\Documents and Settings\Gary\Local Settings\Application Data\lmwdhk\qifisftav.exe ()
O4 - HKLM..\Run: [kunofyhq] C:\Documents and Settings\Gary\Local Settings\Application Data\tpaaug\qrsbsftav.exe ()
O4 - HKLM..\Run: [MDNS] C:\WINDOWS\system32\service.exe ()
O4 - HKLM..\Run: [mpjveynr] C:\Documents and Settings\Gary\Local Settings\Application Data\sygpmf\fsdxsftav.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe File not found
O4 - HKLM..\Run: [paowdamy] C:\Documents and Settings\Gary\Application Data\twxppa\whelsftav.exe ()
O4 - HKLM..\Run: [papkepxq] C:\Documents and Settings\Gary\Local Settings\Application Data\rgficl\whuqsftav.exe ()
O4 - HKLM..\Run: [pawkmmqk] C:\Documents and Settings\Gary\Local Settings\Application Data\lturcf\wyprsftav.exe ()
O4 - HKLM..\Run: [pawwlwfs] C:\Documents and Settings\Gary\Local Settings\Application Data\mknyot\waymsftav.exe ()
O4 - HKLM..\Run: [paxxmcdc] C:\Documents and Settings\Gary\Local Settings\Application Data\kddlpp\wygwsftav.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe ()
O4 - HKLM..\Run: [qafjtjje] C:\Documents and Settings\Gary\Local Settings\Application Data\ehlbcx\wqltsftav.exe ()
O4 - HKLM..\Run: [qavjkisa] C:\Documents and Settings\Gary\Application Data\obggbi\waihsftav.exe ()
O4 - HKLM..\Run: [qmbikxlg] C:\Documents and Settings\Gary\Local Settings\Application Data\tgarvj\yuqhsftav.exe ()
O4 - HKLM..\Run: [qmsvclhu] C:\Documents and Settings\Gary\Application Data\bjdpje\ydfasftav.exe ()
O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask .exe ()
O4 - HKLM..\Run: [qyejrfmt] C:\Documents and Settings\Gary\Local Settings\Application Data\howpbb\wrejsftav.exe ()
O4 - HKLM..\Run: [rlqharxs] C:\WINDOWS\yehksftav.exe ()
O4 - HKLM..\Run: [rlruahjk] C:\Documents and Settings\Gary\Application Data\eqndih\yexpsftav.exe ()
O4 - HKLM..\Run: [rmbujian] C:\Documents and Settings\Gary\Local Settings\Application Data\uwsyjx\yubcsftav.exe ()
O4 - HKLM..\Run: [rmjirufy] C:\Documents and Settings\Gary\Local Settings\Application Data\mtqbvd\ymmisftav.exe ()
O4 - HKLM..\Run: [rmsibvvd] C:\Documents and Settings\Gary\Local Settings\Application Data\davwvs\yeousftav.exe ()
O4 - HKLM..\Run: [rsonsyuo] C:\Documents and Settings\Gary\Local Settings\Application Data\mtdmhk\hppnsftav.exe ()
O4 - HKLM..\Run: [rykuymsv] C:\Documents and Settings\Gary\Local Settings\Application Data\csffnj\wkifsftav.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\System32\stsystra.exe ()
O4 - HKLM..\Run: [slggoljg] C:\Documents and Settings\Gary\Local Settings\Application Data\simduj\yoxnsftav.exe ()
O4 - HKLM..\Run: [slpgxnaj] C:\WINDOWS\yfbasftav.exe ()
O4 - HKLM..\Run: [slqtyclb] C:\Documents and Settings\Gary\Local Settings\Application Data\hxyril\yfqfsftav.exe ()
O4 - HKLM..\Run: [slwgfksd] C:\Documents and Settings\Gary\Local Settings\Application Data\ccihus\ywvbsftav.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe ()
O4 - HKCU..\Run: [ktdntssd] C:\Documents and Settings\Gary\Local Settings\Application Data\gqgsts\qbjesftav.exe ()
O4 - HKCU..\Run: [kteovwqn] C:\Documents and Settings\Gary\Local Settings\Application Data\djuftp\qaqpsftav.exe ()
O4 - HKCU..\Run: [kttblgnr] C:\Documents and Settings\Gary\Local Settings\Application Data\otiqgo\qjxxsftav.exe ()
O4 - HKCU..\Run: [ktvbnklc] C:\Documents and Settings\Gary\Local Settings\Application Data\lmwdhk\qifisftav.exe ()
O4 - HKCU..\Run: [kunofyhq] C:\Documents and Settings\Gary\Local Settings\Application Data\tpaaug\qrsbsftav.exe ()
O4 - HKCU..\Run: [mpjveynr] C:\Documents and Settings\Gary\Local Settings\Application Data\sygpmf\fsdxsftav.exe ()
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe ()
O4 - HKCU..\Run: [paowdamy] C:\Documents and Settings\Gary\Application Data\twxppa\whelsftav.exe ()
O4 - HKCU..\Run: [papkepxq] C:\Documents and Settings\Gary\Local Settings\Application Data\rgficl\whuqsftav.exe ()
O4 - HKCU..\Run: [pawkmmqk] C:\Documents and Settings\Gary\Local Settings\Application Data\lturcf\wyprsftav.exe ()
O4 - HKCU..\Run: [pawwlwfs] C:\Documents and Settings\Gary\Local Settings\Application Data\mknyot\waymsftav.exe ()
O4 - HKCU..\Run: [paxxmcdc] C:\Documents and Settings\Gary\Local Settings\Application Data\kddlpp\wygwsftav.exe ()
O4 - HKCU..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\psfree.exe ()
O4 - HKCU..\Run: [qafjtjje] C:\Documents and Settings\Gary\Local Settings\Application Data\ehlbcx\wqltsftav.exe ()
O4 - HKCU..\Run: [qavjkisa] C:\Documents and Settings\Gary\Application Data\obggbi\waihsftav.exe ()
O4 - HKCU..\Run: [qmbikxlg] C:\Documents and Settings\Gary\Local Settings\Application Data\tgarvj\yuqhsftav.exe ()
O4 - HKCU..\Run: [qmsvclhu] C:\Documents and Settings\Gary\Application Data\bjdpje\ydfasftav.exe ()
O4 - HKCU..\Run: [qyejrfmt] C:\Documents and Settings\Gary\Local Settings\Application Data\howpbb\wrejsftav.exe ()
O4 - HKCU..\Run: [rlqharxs] C:\WINDOWS\yehksftav.exe ()
O4 - HKCU..\Run: [rlruahjk] C:\Documents and Settings\Gary\Application Data\eqndih\yexpsftav.exe ()
O4 - HKCU..\Run: [rmbujian] C:\Documents and Settings\Gary\Local Settings\Application Data\uwsyjx\yubcsftav.exe ()
O4 - HKCU..\Run: [rmjirufy] C:\Documents and Settings\Gary\Local Settings\Application Data\mtqbvd\ymmisftav.exe ()
O4 - HKCU..\Run: [rmsibvvd] C:\Documents and Settings\Gary\Local Settings\Application Data\davwvs\yeousftav.exe ()
O4 - HKCU..\Run: [rsonsyuo] C:\Documents and Settings\Gary\Local Settings\Application Data\mtdmhk\hppnsftav.exe ()
O4 - HKCU..\Run: [rykuymsv] C:\Documents and Settings\Gary\Local Settings\Application Data\csffnj\wkifsftav.exe ()
O4 - HKCU..\Run: [slggoljg] C:\Documents and Settings\Gary\Local Settings\Application Data\simduj\yoxnsftav.exe ()
O4 - HKCU..\Run: [slpgxnaj] C:\WINDOWS\yfbasftav.exe ()
O4 - HKCU..\Run: [slqtyclb] C:\Documents and Settings\Gary\Local Settings\Application Data\hxyril\yfqfsftav.exe ()
O4 - HKCU..\Run: [slwgfksd] C:\Documents and Settings\Gary\Local Settings\Application Data\ccihus\ywvbsftav.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O20 - HKLM Winlogon: TaskMan - (C:\WINDOWS\TEMP\eqrx.tmp\svchost.exe) - C:\WINDOWS\TEMP\eqrx.tmp\svchost.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Gary\Application Data\oaozf.exe) - C:\Documents and Settings\Gary\Application Data\oaozf.exe File not found
O20 - HKCU Winlogon: Shell - (C:\WINDOWS\TEMP\eqrx.tmp\svchost.exe) - C:\WINDOWS\TEMP\eqrx.tmp\svchost.exe File not found
O27 - HKLM IFEO\RapportMgmtService.exe: Debugger - ZASRAKOMONDOHUI31338.EXE File not found
O27 - HKLM IFEO\RapportService.exe: Debugger - ZASRAKOMONDOHUI31338.EXE File not found
[2010/04/01 21:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\wvqjoe
[2010/03/24 22:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\eqndih
[2010/03/24 22:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\bjdpje
[2010/03/24 22:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\ghgkvv
[2010/03/24 22:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\bjdpje
[2010/03/24 22:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\davwvs
[2010/03/24 22:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\ccihus
[2010/03/24 22:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\mtqbvd
[2010/03/24 22:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\ghgkvv
[2010/03/24 22:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\uwsyjx
[2010/03/24 22:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\tgarvj
[2010/03/24 22:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\simduj
[2010/03/24 22:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\eqndih
[2010/03/24 22:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\ioryua
[2010/03/24 22:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\hxyril
[2010/03/24 22:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\ioryua
[2010/03/24 22:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\twxppa
[2010/03/24 22:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\lturcf
[2010/03/24 22:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\rgficl
[2010/03/24 22:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\mknyot
[2010/03/24 22:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\ehlbcx
[2010/03/24 22:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\twxppa
[2010/03/24 22:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\kddlpp
[2010/03/24 22:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\obggbi
[2010/03/24 22:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\obggbi
[2010/03/24 22:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\howpbb
[2010/03/24 22:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\csffnj
[2010/03/24 21:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\otiqgo
[2010/03/24 21:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\tpaaug
[2010/03/24 21:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\djuftp
[2010/03/24 21:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\lmwdhk
[2010/03/24 21:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\gqgsts
[2010/03/24 12:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\mtdmhk
[2010/03/24 12:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\sygpmf
[2010/03/20 23:08:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2010/03/24 22:45:44 | 000,269,568 | ---- | C] () -- C:\WINDOWS\yehksftav .exe
[2010/03/24 22:45:44 | 000,027,648 | ---- | C] () -- C:\WINDOWS\yehksftav.exe
[2010/03/24 22:45:26 | 000,269,568 | ---- | C] () -- C:\WINDOWS\yfbasftav .exe
[2010/03/24 22:45:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\yfbasftav.exe
[2010/03/24 22:29:08 | 000,000,004 | ---- | C] () -- C:\Program Files\57421.dat
[2010/03/24 22:29:08 | 000,000,004 | ---- | C] () -- C:\Program Files\57093.dat
[2010/03/24 22:29:08 | 000,000,004 | ---- | C] () -- C:\Program Files\56765.dat
[2010/03/24 22:29:07 | 000,000,004 | ---- | C] () -- C:\Program Files\56078.dat
[2010/03/24 22:29:06 | 000,000,004 | ---- | C] () -- C:\Program Files\54859.dat
[2010/03/24 22:29:06 | 000,000,004 | ---- | C] () -- C:\Program Files\54750.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\54640.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\54531.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\54421.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\54312.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\54203.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\54093.dat
[2010/03/24 22:29:05 | 000,000,004 | ---- | C] () -- C:\Program Files\53765.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | C] () -- C:\Program Files\53656.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | C] () -- C:\Program Files\53546.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | C] () -- C:\Program Files\53437.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | C] () -- C:\Program Files\53328.dat
[2010/03/24 22:29:04 | 000,000,004 | ---- | C] () -- C:\Program Files\53109.dat
[2010/03/24 09:21:25 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Gary\stsystra.exe
[2010/03/24 09:21:25 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Gary\stsystra .exe
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Results......2nd April 2010, 10:26 am

========== OTL ==========
Process ywvbsftav .exe killed successfully!
Process yuqhsftav .exe killed successfully!
Process yubcsftav .exe killed successfully!
Process yoxnsftav .exe killed successfully!
Process ymmisftav .exe killed successfully!
Process yfqfsftav .exe killed successfully!
Process yfbasftav .exe killed successfully!
Process yexpsftav .exe killed successfully!
Process yeousftav .exe killed successfully!
Process yehksftav .exe killed successfully!
Process ydfasftav .exe killed successfully!
Process wyprsftav .exe killed successfully!
Process wygwsftav .exe killed successfully!
Process wrejsftav .exe killed successfully!
Process wqltsftav .exe killed successfully!
Process wkifsftav .exe killed successfully!
Process whuqsftav .exe killed successfully!
Process whelsftav .exe killed successfully!
Process waymsftav .exe killed successfully!
Process waihsftav .exe killed successfully!
Process qrsbsftav .exe killed successfully!
Process qjxxsftav .exe killed successfully!
Process qifisftav .exe killed successfully!
Process qbjesftav .exe killed successfully!
Process qaqpsftav .exe killed successfully!
Process hppnsftav .exe killed successfully!
Process fsdxsftav .exe killed successfully!
Process diuvsftav .exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cdpnwnkb deleted successfully.
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\wvqjoe\diuvsftav.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EKIJ5000StatusMonitor deleted successfully.
C:\WINDOWS\system32\spool\drivers\w32x86\3\ekij5000mui.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ktdntssd deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\gqgsts\qbjesftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kteovwqn deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\djuftp\qaqpsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kttblgnr deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\otiqgo\qjxxsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ktvbnklc deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\lmwdhk\qifisftav.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kunofyhq deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\tpaaug\qrsbsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MDNS deleted successfully.
C:\WINDOWS\system32\service.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mpjveynr deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\sygpmf\fsdxsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PAC7302_Monitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\paowdamy deleted successfully.
C:\Documents and Settings\Gary\Application Data\twxppa\whelsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\papkepxq deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\rgficl\whuqsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pawkmmqk deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\lturcf\wyprsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pawwlwfs deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\mknyot\waymsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\paxxmcdc deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\kddlpp\wygwsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCSuiteTrayApplication deleted successfully.
C:\Program Files\Nokia\Nokia PC Suite 6\launchapplication.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qafjtjje deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\ehlbcx\wqltsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qavjkisa deleted successfully.
C:\Documents and Settings\Gary\Application Data\obggbi\waihsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qmbikxlg deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\tgarvj\yuqhsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qmsvclhu deleted successfully.
C:\Documents and Settings\Gary\Application Data\bjdpje\ydfasftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
c:\Program Files\QuickTime\qttask .exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qyejrfmt deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\howpbb\wrejsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rlqharxs deleted successfully.
File C:\WINDOWS\yehksftav.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rlruahjk deleted successfully.
C:\Documents and Settings\Gary\Application Data\eqndih\yexpsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rmbujian deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\uwsyjx\yubcsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rmjirufy deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\mtqbvd\ymmisftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rmsibvvd deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\davwvs\yeousftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rsonsyuo deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\mtdmhk\hppnsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rykuymsv deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\csffnj\wkifsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SigmatelSysTrayApp deleted successfully.
C:\WINDOWS\system32\stsystra.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\slggoljg deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\simduj\yoxnsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\slpgxnaj deleted successfully.
C:\WINDOWS\yfbasftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\slqtyclb deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\hxyril\yfqfsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\slwgfksd deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\ccihus\ywvbsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender deleted successfully.
C:\Program Files\Windows Defender\msascui.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DellSupport deleted successfully.
C:\Program Files\Dell Support\dsagnt.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ktdntssd deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\gqgsts\qbjesftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kteovwqn deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\djuftp\qaqpsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kttblgnr deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\otiqgo\qjxxsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ktvbnklc deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\lmwdhk\qifisftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kunofyhq deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\tpaaug\qrsbsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mpjveynr deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\sygpmf\fsdxsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr deleted successfully.
C:\Program Files\Windows Live\Messenger\msnmsgr.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\paowdamy deleted successfully.
File C:\Documents and Settings\Gary\Application Data\twxppa\whelsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\papkepxq deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\rgficl\whuqsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pawkmmqk deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\lturcf\wyprsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pawwlwfs deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\mknyot\waymsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\paxxmcdc deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\kddlpp\wygwsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PopUpStopperFreeEdition deleted successfully.
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\psfree.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qafjtjje deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\ehlbcx\wqltsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qavjkisa deleted successfully.
File C:\Documents and Settings\Gary\Application Data\obggbi\waihsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qmbikxlg deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\tgarvj\yuqhsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qmsvclhu deleted successfully.
File C:\Documents and Settings\Gary\Application Data\bjdpje\ydfasftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qyejrfmt deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\howpbb\wrejsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rlqharxs deleted successfully.
C:\WINDOWS\yehksftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rlruahjk deleted successfully.
File C:\Documents and Settings\Gary\Application Data\eqndih\yexpsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rmbujian deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\uwsyjx\yubcsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rmjirufy deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\mtqbvd\ymmisftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rmsibvvd deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\davwvs\yeousftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rsonsyuo deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\mtdmhk\hppnsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rykuymsv deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\csffnj\wkifsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\slggoljg deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\simduj\yoxnsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\slpgxnaj deleted successfully.
File C:\WINDOWS\yfbasftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\slqtyclb deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\hxyril\yfqfsftav.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\slwgfksd deleted successfully.
File C:\Documents and Settings\Gary\Local Settings\Application Data\ccihus\ywvbsftav.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.
File move failed. C:\WINDOWS\system32\sdra64.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\WINDOWS\TEMP\eqrx.tmp\svchost.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Gary\Application Data\oaozf.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\WINDOWS\TEMP\eqrx.tmp\svchost.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe\ deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\wvqjoe folder moved successfully.
C:\Documents and Settings\Gary\Application Data\eqndih folder moved successfully.
C:\Documents and Settings\Gary\Application Data\bjdpje folder moved successfully.
C:\Documents and Settings\Gary\Application Data\ghgkvv folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\bjdpje folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\davwvs folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\ccihus folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\mtqbvd folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\ghgkvv folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\uwsyjx folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\tgarvj folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\simduj folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\eqndih folder moved successfully.
C:\Documents and Settings\Gary\Application Data\ioryua folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\hxyril folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\ioryua folder moved successfully.
C:\Documents and Settings\Gary\Application Data\twxppa folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\lturcf folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\rgficl folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\mknyot folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\ehlbcx folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\twxppa folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\kddlpp folder moved successfully.
C:\Documents and Settings\Gary\Application Data\obggbi folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\obggbi folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\howpbb folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\csffnj folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\otiqgo folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\tpaaug folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\djuftp folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\lmwdhk folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\gqgsts folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\mtdmhk folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Application Data\sygpmf folder moved successfully.
Folder move failed. C:\WINDOWS\System32\lowsec scheduled to be moved on reboot.
C:\WINDOWS\yehksftav .exe moved successfully.
File C:\WINDOWS\yehksftav.exe not found.
C:\WINDOWS\yfbasftav .exe moved successfully.
File C:\WINDOWS\yfbasftav.exe not found.
C:\Program Files\57421.dat moved successfully.
C:\Program Files\57093.dat moved successfully.
C:\Program Files\56765.dat moved successfully.
C:\Program Files\56078.dat moved successfully.
C:\Program Files\54859.dat moved successfully.
C:\Program Files\54750.dat moved successfully.
File C:\Program Files\54640.dat not found.
C:\Program Files\54531.dat moved successfully.
C:\Program Files\54421.dat moved successfully.
C:\Program Files\54312.dat moved successfully.
C:\Program Files\54203.dat moved successfully.
C:\Program Files\54093.dat moved successfully.
C:\Program Files\53765.dat moved successfully.
C:\Program Files\53656.dat moved successfully.
C:\Program Files\53546.dat moved successfully.
C:\Program Files\53437.dat moved successfully.
C:\Program Files\53328.dat moved successfully.
C:\Program Files\53109.dat moved successfully.
C:\Documents and Settings\Gary\stsystra.exe moved successfully.
C:\Documents and Settings\Gary\stsystra .exe moved successfully.

OTL by OldTimer - Version 3.1.37.3 log created on 04022010_112152

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\sdra64.exe scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\System32\lowsec scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Re: BankerFox.A and Win32/Nugel.E2nd April 2010, 1:45 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

More results.......2nd April 2010, 8:18 pm

ComboFix 10-04-01.02 - Gary 02/04/2010 20:38:28.1.2 - x86
Running from: K:\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
PEV Error: AppFile

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gary\Application Data\FunWebProducts
c:\documents and settings\Julie\Local Settings\Temporary Internet Files\pse_350_enu.exe
c:\program files\Adobe\2499750.old
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\1078289B.urr
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\windows\AppPatch\AcAdProc.dll
c:\windows\BMcb148468.txt
c:\windows\BMcb148468.xml
c:\windows\pskt.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\conime .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\ebvtvsrd.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\mcrh.tmp
c:\windows\system32\rdfdoktc.ini
c:\windows\system32\service .exe
c:\windows\system32\stsystra .exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS

((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-02 10:21 . 2010-04-02 10:21 -------- d-----w- C:\_OTL
2010-03-24 08:16 . 2010-03-24 08:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-03-24 08:16 . 2010-03-24 08:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\bearsharetb
2010-03-19 18:53 . 2010-03-19 18:53 -------- d-----w- c:\program files\iPod
2010-03-19 18:53 . 2010-04-02 20:04 -------- d-----w- c:\program files\iTunes
2010-03-19 18:50 . 2010-04-02 10:21 -------- d-----w- c:\program files\QuickTime
2010-03-19 18:37 . 2010-03-19 18:37 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-19 17:19 . 2010-03-19 17:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-13 19:31 . 2010-03-16 12:22 -------- d-----w- C:\$AVG
2010-03-13 19:31 . 2010-03-16 12:09 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 19:31 . 2010-03-13 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-03-13 19:30 . 2010-03-21 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-12 07:57 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 10:05 . 2010-03-21 11:55 -------- d-----w- c:\documents and settings\Gary\Application Data\BitTorrent
2010-03-09 10:05 . 2010-03-09 10:05 -------- d-----w- c:\program files\BitTorrent
2010-03-09 08:21 . 2010-03-09 08:27 -------- d-----w- c:\documents and settings\Gary\Local Settings\Application Data\AskToolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 20:04 . 2010-04-02 20:04 94208 ----a-w- c:\windows\system32\app_dll.dll
2010-04-02 20:04 . 2009-08-06 08:51 -------- d-----w- c:\program files\uTorrent
2010-04-02 20:04 . 2008-08-06 20:09 -------- d-----w- c:\program files\TomTom HOME 2
2010-04-02 20:02 . 2008-08-25 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-04-02 10:21 . 2008-06-28 16:08 -------- d-----w- c:\program files\Windows Defender
2010-04-02 10:21 . 2007-06-25 15:30 -------- d-----w- c:\program files\Dell Support
2010-03-24 08:12 . 2010-03-19 17:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-21 21:04 . 2009-12-31 10:44 -------- d-----w- c:\documents and settings\Gary\Application Data\Temp
2010-03-19 18:53 . 2007-07-13 15:06 -------- d-----w- c:\program files\Common Files\Apple
2010-03-19 17:12 . 2010-03-19 17:12 -------- d-----w- c:\program files\TomTom International B.V
2010-03-16 12:09 . 2010-03-16 12:09 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-16 12:09 . 2010-03-16 12:09 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-16 12:09 . 2010-03-16 12:09 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-16 12:08 . 2010-03-16 12:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 12:08 . 2007-11-23 20:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 12:08 . 2008-06-28 14:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 19:30 . 2010-03-16 12:07 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-13 19:30 . 2010-03-16 12:07 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-13 19:30 . 2010-03-16 12:07 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-13 19:30 . 2010-03-16 12:07 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-13 19:30 . 2008-06-28 14:50 -------- d-----w- c:\program files\AVG
2010-03-09 10:10 . 2008-01-10 19:56 -------- d-----w- c:\documents and settings\Gary\Application Data\LimeWire
2010-03-08 11:33 . 2009-08-06 08:51 -------- d-----w- c:\documents and settings\Gary\Application Data\uTorrent
2010-03-03 08:58 . 2010-03-03 08:58 -------- d-----w- c:\program files\Belkin
2010-02-24 09:16 . 2009-10-05 15:59 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 10:03 . 2010-02-24 20:55 293376 ------w- c:\windows\system32\browserchoice.exe
2010-01-25 21:59 . 2007-10-15 21:08 1066 ----a-w- c:\documents and settings\Gary\Application Data\wklnhst.dat
2010-01-12 11:53 . 2010-01-12 11:53 115704 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-07 21:41 . 2010-01-07 21:40 23831816 ----a-w- c:\documents and settings\Gary\Application Data\Arcsoft\ArcSoft MediaImpression\1.2.19\$Download$\5D9B8F6A-7417-4ca9-B390-CF8FBE84B9201.0.0.1.exe
2010-01-05 10:00 . 2005-08-16 03:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2005-08-16 03:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-08-16 03:18 17408 ----a-w- c:\windows\system32\corpol.dll
.

Code:

<pre>
c:\program files\Adobe\acrotray .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Dell\Media Experience\dmxlauncher .exe
c:\program files\Dell Support\dsagnt .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Nokia\Nokia PC Suite 6\launchapplication .exe
c:\program files\Nokia\Nokia PC Suite 6\pcsync2 .exe
c:\program files\Panicware\Pop-Up Stopper Free Edition\psfree .exe
c:\program files\QuickTime\qttask          .exe
c:\program files\QuickTime\qttask         .exe
c:\program files\QuickTime\qttask        .exe
c:\program files\QuickTime\qttask       .exe
c:\program files\QuickTime\qttask      .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\QuickTime\qttask    .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\TomTom HOME 2\tomtomhomerunner .exe
c:\program files\uTorrent\utorrent .exe
c:\program files\Windows Defender\msascui .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\spool\drivers\w32x86\3\ekij5000mui .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06 91576 ----a-w- c:\program files\BearShareTb\BearShareDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 16:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-04-02 27648]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-02 27648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2010-04-02 27648]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [N/A]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-04-02 27648]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-04-02 27648]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-02 27648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-03-24 27648]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2010-03-24 27648]

c:\documents and settings\Julie\Start Menu\Programs\Startup\
Office Startup.lnk - c:\program files\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE [1996-11-21 16304]
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2006-6-4 21504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-12-28 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 12:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 15:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 15:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15448:TCP"= 15448:TCP:BitComet 15448 TCP
"15448:UDP"= 15448:UDP:BitComet 15448 UDP
"9322:TCP"= 9322:TCP:EKDiscovery

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/06/2008 15:50 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/03/2010 20:31 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/03/2010 13:08 308064]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [05/08/2009 13:49 284016]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 AVMNgBasM779;AVerMedia M779 Base Driver;c:\windows\system32\drivers\AVerBas.sys [15/09/2006 15:22 49152]
S3 AVMNgCapM779;AVerMedia M779 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [15/09/2006 15:22 219392]
S3 AVMNgTunM779;AVerMedia M779 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [15/09/2006 10:14 147456]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [06/12/2008 21:36 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [06/12/2008 21:36 8320]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [06/08/2008 02:36 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [06/08/2008 02:36 105216]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [06/08/2008 02:36 105216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-02 c:\windows\Tasks\At25.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At26.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At27.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At28.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At29.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At30.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At31.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At32.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At33.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At34.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At35.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At36.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At37.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At38.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At39.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At40.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At41.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At42.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At43.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At44.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At45.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At46.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At47.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-04-02 c:\windows\Tasks\At48.job
- c:\program files\adobe\acrotray .exe [2010-04-02 20:04]

2010-03-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BroadJump Client Foundation - c:\program files\BroadJump\Client Foundation\Uninst.isu
AddRemove-InternetProgram - c:\program files\InternetProgram\uninstall.exe
AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\program files\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 21:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86DFCCA1]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74abf28
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> atapi.sys @ 0xf72da852
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\dell\media experience\dmxlauncher .exe
c:\program files\itunes\ituneshelper .exe
c:\program files\common files\arcsoft\connection service\bin\acdaemon .exe
c:\program files\tomtom home 2\tomtomhomerunner .exe
c:\program files\common files\arcsoft\connection service\bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\Gary\LOCALS~1\Temp\f169234 .exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2010-04-02 21:11:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-02 20:11

Pre-Run: 54,602,686,464 bytes free
Post-Run: 55,898,075,136 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 6AD4AE0E78451CDED0564D8B79B46C48

Re: BankerFox.A and Win32/Nugel.E3rd April 2010, 12:23 am

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File:: c:\windows\system32\app_dll.dll RenV:: c:\program files\Adobe\acrotray .exe c:\program files\AVG\AVG9\avgtray .exe c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe c:\program files\Dell\Media Experience\dmxlauncher .exe c:\program files\Dell Support\dsagnt .exe c:\program files\iTunes\ituneshelper .exe c:\program files\Java\jre6\bin\jusched .exe c:\program files\Nokia\Nokia PC Suite 6\launchapplication .exe c:\program files\Nokia\Nokia PC Suite 6\pcsync2 .exe c:\program files\Panicware\Pop-Up Stopper Free Edition\psfree .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\TomTom HOME 2\tomtomhomerunner .exe c:\program files\uTorrent\utorrent .exe c:\program files\Windows Defender\msascui .exe c:\program files\Windows Live\Messenger\msnmsgr .exe c:\windows\ehome\ehtray .exe c:\windows\system32\spool\drivers\w32x86\3\ekij5000mui .exe Registry:: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=- AtJob:: DDS:: uInternet Settings,ProxyOverride = uInternet Settings,ProxyServer = http=127.0.0.1:5555
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

More Results.......7th April 2010, 8:42 pm

Hi, sorry for delay, these are the results for you. Thanks Julie

ComboFix 10-04-01.02 - Gary 07/04/2010 21:24:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.573 [GMT 1:00]
Running from: c:\documents and settings\Gary\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Gary\Desktop\CFscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\app_dll.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Adobe\168265.old
c:\program files\Adobe\169859.old
c:\program files\adobe\acrotray.exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\conime .exe
c:\windows\system32\ctfmon .exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

Infected copy of c:\windows\system32\drivers\nvata.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-07 20:18 . 2010-04-07 20:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\bearsharetb
2010-04-02 10:21 . 2010-04-02 10:21 -------- d-----w- C:\_OTL
2010-03-24 08:16 . 2010-03-24 08:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-03-24 08:16 . 2010-03-24 08:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\bearsharetb
2010-03-19 18:53 . 2010-03-19 18:53 -------- d-----w- c:\program files\iPod
2010-03-19 18:53 . 2010-04-07 20:24 -------- d-----w- c:\program files\iTunes
2010-03-19 18:50 . 2010-04-07 20:24 -------- d-----w- c:\program files\QuickTime
2010-03-19 17:19 . 2010-03-19 17:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-19 17:19 . 2010-03-24 08:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-19 17:12 . 2010-03-19 17:12 -------- d-----w- c:\program files\TomTom International B.V
2010-03-16 12:08 . 2010-03-16 12:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 19:31 . 2010-03-16 12:22 -------- d-----w- C:\$AVG
2010-03-13 19:31 . 2010-03-16 12:09 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 19:31 . 2010-03-13 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-03-13 19:30 . 2010-04-07 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-12 07:57 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 10:05 . 2010-03-21 11:55 -------- d-----w- c:\documents and settings\Gary\Application Data\BitTorrent
2010-03-09 10:05 . 2010-03-09 10:05 -------- d-----w- c:\program files\BitTorrent
2010-03-09 08:21 . 2010-03-09 08:27 -------- d-----w- c:\documents and settings\Gary\Local Settings\Application Data\AskToolbar
2010-03-09 08:19 . 2010-03-09 08:19 -------- d-----w- c:\program files\Ask.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 20:33 . 2008-08-06 20:09 -------- d-----w- c:\program files\TomTom HOME 2
2010-04-07 20:31 . 2008-08-25 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-04-07 20:24 . 2009-08-06 08:51 -------- d-----w- c:\program files\uTorrent
2010-04-07 20:24 . 2008-06-28 16:08 -------- d-----w- c:\program files\Windows Defender
2010-04-07 20:24 . 2007-06-25 15:30 -------- d-----w- c:\program files\Dell Support
2010-04-07 20:08 . 2010-04-07 20:08 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-07 20:08 . 2010-04-07 20:08 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-21 21:04 . 2009-12-31 10:44 -------- d-----w- c:\documents and settings\Gary\Application Data\Temp
2010-03-19 18:53 . 2007-07-13 15:06 -------- d-----w- c:\program files\Common Files\Apple
2010-03-19 18:37 . 2010-03-19 18:37 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-16 12:09 . 2010-03-16 12:09 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-16 12:09 . 2010-03-16 12:09 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-16 12:09 . 2010-03-16 12:09 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-16 12:08 . 2007-11-23 20:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 12:08 . 2008-06-28 14:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 19:30 . 2010-03-16 12:07 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-13 19:30 . 2010-03-16 12:07 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-13 19:30 . 2008-06-28 14:50 -------- d-----w- c:\program files\AVG
2010-03-09 10:10 . 2008-01-10 19:56 -------- d-----w- c:\documents and settings\Gary\Application Data\LimeWire
2010-03-08 11:33 . 2009-08-06 08:51 -------- d-----w- c:\documents and settings\Gary\Application Data\uTorrent
2010-03-03 08:58 . 2010-03-03 08:58 -------- d-----w- c:\program files\Belkin
2010-02-24 09:16 . 2009-10-05 15:59 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 10:03 . 2010-02-24 20:55 293376 ------w- c:\windows\system32\browserchoice.exe
2010-01-25 21:59 . 2007-10-15 21:08 1066 ----a-w- c:\documents and settings\Gary\Application Data\wklnhst.dat
2010-01-12 11:53 . 2010-01-12 11:53 115704 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-07 21:41 . 2010-01-07 21:40 23831816 ----a-w- c:\documents and settings\Gary\Application Data\Arcsoft\ArcSoft MediaImpression\1.2.19\$Download$\5D9B8F6A-7417-4ca9-B390-CF8FBE84B9201.0.0.1.exe
.

Code:

<pre>
c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe
c:\program files\Dell\Media Experience\dmxlauncher .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\QuickTime\qttask         .exe
c:\program files\QuickTime\qttask       .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\TomTom HOME 2\tomtomhomerunner .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\conime .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06 91576 ----a-w- c:\program files\BearShareTb\BearShareDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 16:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-04-07 27648]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-24 27648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2010-04-07 27648]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [N/A]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-04-07 27648]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-04-07 27648]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-07 27648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Julie\Start Menu\Programs\Startup\
Office Startup.lnk - c:\program files\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE [1996-11-21 16304]
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2006-6-4 21504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-12-28 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 12:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 15:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 15:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15448:TCP"= 15448:TCP:BitComet 15448 TCP
"15448:UDP"= 15448:UDP:BitComet 15448 UDP
"9322:TCP"= 9322:TCP:EKDiscovery

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/06/2008 15:50 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/03/2010 20:31 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/03/2010 13:08 308064]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [05/08/2009 13:49 284016]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 AVMNgBasM779;AVerMedia M779 Base Driver;c:\windows\system32\drivers\AVerBas.sys [15/09/2006 15:22 49152]
S3 AVMNgCapM779;AVerMedia M779 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [15/09/2006 15:22 219392]
S3 AVMNgTunM779;AVerMedia M779 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [15/09/2006 10:14 147456]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [06/12/2008 21:36 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [06/12/2008 21:36 8320]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [06/08/2008 02:36 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [06/08/2008 02:36 105216]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [06/08/2008 02:36 105216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-07 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-04-07 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 20:33]

2010-03-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 21:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2108)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-07 21:38:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-07 20:38
ComboFix2.txt 2010-04-02 20:11

Pre-Run: 55,803,813,888 bytes free
Post-Run: 55,768,014,848 bytes free

- - End Of File - - B2B1650978B1C80B8B75B86717E54E76

Re: BankerFox.A and Win32/Nugel.E7th April 2010, 9:03 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Next, please download the CFScript I have made for you, and run that script as before. Post the resulting log.

Results............8th April 2010, 11:01 am

We couldn't find Ask Toolbar to remove it but everything else has been removed.

KILLALL::

File::
c:\program files\internet explorer\wmpscfgs.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

RenV::
c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe
c:\program files\Dell\Media Experience\dmxlauncher .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\TomTom HOME 2\tomtomhomerunner .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\conime .exe

AtJob::

Re: BankerFox.A and Win32/Nugel.E8th April 2010, 8:15 pm

That's my CFScript, not the actual Combofix log. LMBO or ROFL

2nd time lucky..............8th April 2010, 9:08 pm

ComboFix 10-04-01.02 - Gary 08/04/2010 21:51:34.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.472 [GMT 1:00]
Running from: c:\documents and settings\Gary\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Gary\Desktop\CFscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\program files\internet explorer\wmpscfgs.exe"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\internet explorer\wmpscfgs.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-08 10:44 . 2010-04-08 10:57 -------- d-----w- C:\Combo-Fix
2010-04-07 20:18 . 2010-04-07 20:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\bearsharetb
2010-04-02 10:21 . 2010-04-02 10:21 -------- d-----w- C:\_OTL
2010-03-24 08:16 . 2010-03-24 08:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-03-24 08:16 . 2010-03-24 08:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\bearsharetb
2010-03-19 18:53 . 2010-03-19 18:53 -------- d-----w- c:\program files\iPod
2010-03-19 18:53 . 2010-04-08 20:51 -------- d-----w- c:\program files\iTunes
2010-03-19 18:50 . 2010-04-07 20:24 -------- d-----w- c:\program files\QuickTime
2010-03-19 17:19 . 2010-03-19 17:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-19 17:19 . 2010-03-24 08:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-19 17:12 . 2010-03-19 17:12 -------- d-----w- c:\program files\TomTom International B.V
2010-03-16 12:08 . 2010-03-16 12:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 19:31 . 2010-03-16 12:22 -------- d-----w- C:\$AVG
2010-03-13 19:31 . 2010-03-16 12:09 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 19:31 . 2010-03-13 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-03-13 19:30 . 2010-04-07 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-12 07:57 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 21:00 . 2009-08-06 08:51 -------- d-----w- c:\program files\uTorrent
2010-04-08 21:00 . 2008-08-06 20:09 -------- d-----w- c:\program files\TomTom HOME 2
2010-04-08 20:59 . 2008-08-25 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-04-08 20:47 . 2007-07-10 19:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-08 10:39 . 2010-03-09 08:19 -------- d-----w- c:\program files\Ask.com
2010-04-08 10:39 . 2009-01-25 11:20 -------- d-----w- c:\program files\LimeWire
2010-04-07 20:24 . 2008-06-28 16:08 -------- d-----w- c:\program files\Windows Defender
2010-04-07 20:24 . 2007-06-25 15:30 -------- d-----w- c:\program files\Dell Support
2010-04-07 20:08 . 2010-04-07 20:08 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-07 20:08 . 2010-04-07 20:08 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-21 21:04 . 2009-12-31 10:44 -------- d-----w- c:\documents and settings\Gary\Application Data\Temp
2010-03-19 18:53 . 2007-07-13 15:06 -------- d-----w- c:\program files\Common Files\Apple
2010-03-19 18:37 . 2010-03-19 18:37 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-16 12:09 . 2010-03-16 12:09 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-16 12:09 . 2010-03-16 12:09 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-16 12:09 . 2010-03-16 12:09 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-16 12:08 . 2007-11-23 20:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 12:08 . 2008-06-28 14:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 19:30 . 2010-03-16 12:07 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-13 19:30 . 2010-03-16 12:07 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-13 19:30 . 2008-06-28 14:50 -------- d-----w- c:\program files\AVG
2010-03-11 12:38 . 2005-08-16 03:18 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2005-08-16 03:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2005-08-16 03:18 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-08 11:33 . 2009-08-06 08:51 -------- d-----w- c:\documents and settings\Gary\Application Data\uTorrent
2010-03-03 08:58 . 2010-03-03 08:58 -------- d-----w- c:\program files\Belkin
2010-02-24 09:16 . 2009-10-05 15:59 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 10:03 . 2010-02-24 20:55 293376 ------w- c:\windows\system32\browserchoice.exe
2010-01-25 21:59 . 2007-10-15 21:08 1066 ----a-w- c:\documents and settings\Gary\Application Data\wklnhst.dat
2010-01-12 11:53 . 2010-01-12 11:53 115704 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.

Code:

<pre>
c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe
c:\program files\Dell\Media Experience\dmxlauncher .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre1.5.0_06\bin\jusched .exe
c:\program files\QuickTime\qttask         .exe
c:\program files\QuickTime\qttask       .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\TomTom HOME 2\tomtomhomerunner .exe
c:\program files\uTorrent\utorrent .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\conime .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-04-08 27648]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-08 27648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2010-04-08 27648]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [N/A]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-04-08 27648]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-04-08 27648]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-08 27648]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [2010-04-08 27648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2010-04-08 27648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Julie\Start Menu\Programs\Startup\
Office Startup.lnk - c:\program files\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE [1996-11-21 16304]
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2006-6-4 21504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-12-28 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 12:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 15:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 15:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15448:TCP"= 15448:TCP:BitComet 15448 TCP
"15448:UDP"= 15448:UDP:BitComet 15448 UDP
"9322:TCP"= 9322:TCP:EKDiscovery

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/06/2008 15:50 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/03/2010 20:31 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/03/2010 13:08 308064]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [05/08/2009 13:49 284016]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 AVMNgBasM779;AVerMedia M779 Base Driver;c:\windows\system32\drivers\AVerBas.sys [15/09/2006 15:22 49152]
S3 AVMNgCapM779;AVerMedia M779 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [15/09/2006 15:22 219392]
S3 AVMNgTunM779;AVerMedia M779 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [15/09/2006 10:14 147456]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [06/12/2008 21:36 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [06/12/2008 21:36 8320]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [06/08/2008 02:36 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [06/08/2008 02:36 105216]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [06/08/2008 02:36 105216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-08 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]

2010-04-08 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-08 21:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 21:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\java\jre1.5.0_06\bin\jusched .exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-04-08 22:04:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-08 21:04
ComboFix2.txt 2010-04-08 10:57
ComboFix3.txt 2010-04-07 20:38
ComboFix4.txt 2010-04-02 20:11

Pre-Run: 55,777,341,440 bytes free
Post-Run: 55,733,960,704 bytes free

- - End Of File - - 39475E9761EBFD3AF6688719C3D9C7F2

Re: BankerFox.A and Win32/Nugel.E9th April 2010, 12:29 am

Okay, one more round, please download the next CFScript and run it as before.

Results......11th April 2010, 7:56 am

Hi, sorry for the delay.

ComboFix 10-04-01.02 - Gary 11/04/2010 8:44.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.434 [GMT 1:00]
Running from: c:\documents and settings\Gary\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Gary\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
"c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe"
"c:\program files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe"
"c:\program files\Dell\Media Experience\dmxlauncher .exe"
"c:\program files\internet explorer\wmpscfgs.exe"
"c:\program files\iTunes\ituneshelper .exe"
"c:\program files\Java\jre1.5.0_06\bin\jusched .exe"
"c:\program files\QuickTime\qttask .exe"
"c:\program files\QuickTime\qttask .exe"
"c:\program files\QuickTime\qttask .exe"
"c:\program files\QuickTime\qttask .exe"
"c:\program files\TomTom HOME 2\tomtomhomerunner .exe"
"c:\program files\uTorrent\utorrent .exe"
"c:\windows\ehome\ehtray .exe"
"c:\windows\system32\conime .exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe
c:\program files\Dell\Media Experience\dmxlauncher .exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre1.5.0_06\bin\jusched .exe
c:\program files\TomTom HOME 2\tomtomhomerunner .exe
c:\program files\uTorrent\utorrent .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\conime .exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-08 10:44 . 2010-04-08 10:57 -------- d-----w- C:\Combo-Fix
2010-04-07 20:18 . 2010-04-07 20:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\bearsharetb
2010-04-02 10:21 . 2010-04-02 10:21 -------- d-----w- C:\_OTL
2010-03-24 08:16 . 2010-03-24 08:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-03-24 08:16 . 2010-03-24 08:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\bearsharetb
2010-03-19 18:53 . 2010-03-19 18:53 -------- d-----w- c:\program files\iPod
2010-03-19 18:53 . 2010-04-11 07:45 -------- d-----w- c:\program files\iTunes
2010-03-19 18:50 . 2010-04-07 20:24 -------- d-----w- c:\program files\QuickTime
2010-03-19 17:19 . 2010-03-19 17:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-19 17:19 . 2010-03-24 08:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-19 17:12 . 2010-03-19 17:12 -------- d-----w- c:\program files\TomTom International B.V
2010-03-16 12:08 . 2010-03-16 12:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 19:31 . 2010-03-16 12:22 -------- d-----w- C:\$AVG
2010-03-13 19:31 . 2010-03-16 12:09 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 19:31 . 2010-03-13 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-03-13 19:30 . 2010-04-11 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-12 07:57 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 07:48 . 2008-08-25 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-04-11 07:45 . 2009-08-06 08:51 -------- d-----w- c:\program files\uTorrent
2010-04-11 07:45 . 2008-08-06 20:09 -------- d-----w- c:\program files\TomTom HOME 2
2010-04-08 20:47 . 2007-07-10 19:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-08 10:39 . 2010-03-09 08:19 -------- d-----w- c:\program files\Ask.com
2010-04-08 10:39 . 2009-01-25 11:20 -------- d-----w- c:\program files\LimeWire
2010-04-07 20:24 . 2008-06-28 16:08 -------- d-----w- c:\program files\Windows Defender
2010-04-07 20:24 . 2007-06-25 15:30 -------- d-----w- c:\program files\Dell Support
2010-04-07 20:08 . 2010-04-07 20:08 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-07 20:08 . 2010-04-07 20:08 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-21 21:04 . 2009-12-31 10:44 -------- d-----w- c:\documents and settings\Gary\Application Data\Temp
2010-03-19 18:53 . 2007-07-13 15:06 -------- d-----w- c:\program files\Common Files\Apple
2010-03-19 18:37 . 2010-03-19 18:37 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-16 12:09 . 2010-03-16 12:09 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-16 12:09 . 2010-03-16 12:09 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-16 12:09 . 2010-03-16 12:09 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-16 12:08 . 2007-11-23 20:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 12:08 . 2008-06-28 14:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 19:30 . 2010-03-16 12:07 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-13 19:30 . 2010-03-16 12:07 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-13 19:30 . 2008-06-28 14:50 -------- d-----w- c:\program files\AVG
2010-03-11 12:38 . 2005-08-16 03:18 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2005-08-16 03:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2005-08-16 03:18 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-08 11:33 . 2009-08-06 08:51 -------- d-----w- c:\documents and settings\Gary\Application Data\uTorrent
2010-03-03 08:58 . 2010-03-03 08:58 -------- d-----w- c:\program files\Belkin
2010-02-24 09:16 . 2009-10-05 15:59 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 10:03 . 2010-02-24 20:55 293376 ------w- c:\windows\system32\browserchoice.exe
2010-01-25 21:59 . 2007-10-15 21:08 1066 ----a-w- c:\documents and settings\Gary\Application Data\wklnhst.dat
2010-01-12 11:53 . 2010-01-12 11:53 115704 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2010-04-11 27648]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [2010-04-11 27648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Julie\Start Menu\Programs\Startup\
Office Startup.lnk - c:\program files\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE [1996-11-21 16304]
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2006-6-4 21504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-12-28 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 12:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 15:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 15:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15448:TCP"= 15448:TCP:BitComet 15448 TCP
"15448:UDP"= 15448:UDP:BitComet 15448 UDP
"9322:TCP"= 9322:TCP:EKDiscovery

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/06/2008 15:50 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/03/2010 20:31 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/03/2010 13:08 308064]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [05/08/2009 13:49 284016]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 AVMNgBasM779;AVerMedia M779 Base Driver;c:\windows\system32\drivers\AVerBas.sys [15/09/2006 15:22 49152]
S3 AVMNgCapM779;AVerMedia M779 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [15/09/2006 15:22 219392]
S3 AVMNgTunM779;AVerMedia M779 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [15/09/2006 10:14 147456]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [06/12/2008 21:36 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [06/12/2008 21:36 8320]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [06/08/2008 02:36 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [06/08/2008 02:36 105216]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [06/08/2008 02:36 105216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-11 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]

2010-04-11 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-11 07:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 08:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\conime .exe 27648 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-04-11 08:54:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-11 07:54
ComboFix2.txt 2010-04-08 21:04
ComboFix3.txt 2010-04-08 10:57
ComboFix4.txt 2010-04-07 20:38
ComboFix5.txt 2010-04-11 07:42

Pre-Run: 55,698,554,880 bytes free
Post-Run: 55,680,520,192 bytes free

- - End Of File - - 4F4F096A51C997D2C4947F0AB5A34EA6

Re: BankerFox.A and Win32/Nugel.E11th April 2010, 10:56 pm

Something weird is still happening here.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Can't save the log?????16th April 2010, 10:16 pm

Hi, sorry for being so long. I have run this scan and then when I click on save the computer freezes and I cannot choose where to save the log. I have tried it about 4 or 5 times over the last week and it keeps happening, the scan seems to run and finish but I can't save the log????

Re: BankerFox.A and Win32/Nugel.E17th April 2010, 12:26 pm

Hello.
Please boot to Safe Mode and try GMER in Safe Mode, I am aware GMER crashes on some machines, my own being one of them when I tested it.

Results...18th April 2010, 7:51 pm

Hi, it seemed to run ok this time, I could save the log and did so, but when I open it to paste it onto here it is blank??????

Re: BankerFox.A and Win32/Nugel.E18th April 2010, 10:25 pm

Try running it again.

Been on holiday, sorry!6th May 2010, 4:31 pm

I ran it again and got something on the log, but not a lot. Hope it's run ok this time.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-05 17:02:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Gary\LOCALS~1\Temp\kwddapow.sys

---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7341112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF73202D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF73204C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7341900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7341BB4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF733FE12]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7342020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73413D2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF731FF44]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Re: BankerFox.A and Win32/Nugel.E6th May 2010, 9:17 pm

Hello.

Please delete the copy of Combofix you have now and re-download a copy of it.
Then run Combofix once again, post the new log when done.

Results....17th May 2010, 3:38 pm

Since we've had this problem, when I start the PC I have to press F1 as it says something about a driver 0 seek failure. My boyfriend was 'tinkering' about before I contacted you guys and was trying something with the discs we originally got with PC, do you know what this is and how to stop it??????

ComboFix 10-05-16.01 - Gary 17/05/2010 11:20:18.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.393 [GMT 1:00]
Running from: c:\documents and settings\Gary\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\js.mui
c:\windows\system32\AbaleZip.dll
c:\windows\system32\conime .exe
c:\windows\system32\ctfmon .exe

.
((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-15 09:32 . 2010-05-15 09:32 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-05-15 09:31 . 2010-05-15 09:31 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-05-01 07:06 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-01 07:06 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-01 07:06 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-01 07:06 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-01 07:06 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-05-01 07:06 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-05-01 07:05 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-01 07:05 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-01 07:05 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-01 07:05 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-01 07:05 . 2010-05-17 10:20 -------- d-----w- c:\program files\Spyware Doctor
2010-05-01 07:05 . 2010-05-01 07:06 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-01 07:05 . 2010-05-01 07:05 -------- d-----w- c:\documents and settings\Gary\Application Data\PC Tools
2010-05-01 07:05 . 2010-05-01 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-30 09:09 . 2010-04-30 09:09 -------- d-----w- c:\documents and settings\Gary\Local Settings\Application Data\Threat Expert

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 10:13 . 2007-08-06 16:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-17 09:17 . 2008-08-25 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-05-15 09:31 . 2010-03-13 19:31 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-18 20:41 . 2010-03-19 18:50 -------- d-----w- c:\program files\QuickTime
2010-04-18 20:07 . 2010-03-19 18:53 -------- d-----w- c:\program files\iTunes
2010-04-17 18:32 . 2010-03-13 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-11 07:45 . 2009-08-06 08:51 -------- d-----w- c:\program files\uTorrent
2010-04-11 07:45 . 2008-08-06 20:09 -------- d-----w- c:\program files\TomTom HOME 2
2010-04-08 20:47 . 2007-07-10 19:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-08 10:39 . 2010-03-09 08:19 -------- d-----w- c:\program files\Ask.com
2010-04-08 10:39 . 2009-01-25 11:20 -------- d-----w- c:\program files\LimeWire
2010-04-07 20:24 . 2008-06-28 16:08 -------- d-----w- c:\program files\Windows Defender
2010-04-07 20:24 . 2007-06-25 15:30 -------- d-----w- c:\program files\Dell Support
2010-04-07 20:18 . 2010-04-07 20:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\bearsharetb
2010-03-24 08:16 . 2010-03-24 08:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\bearsharetb
2010-03-24 08:12 . 2010-03-19 17:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-21 21:04 . 2009-12-31 10:44 -------- d-----w- c:\documents and settings\Gary\Application Data\Temp
2010-03-19 18:53 . 2010-03-19 18:53 -------- d-----w- c:\program files\iPod
2010-03-19 18:53 . 2007-07-13 15:06 -------- d-----w- c:\program files\Common Files\Apple
2010-03-19 18:37 . 2010-03-19 18:37 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-19 17:12 . 2010-03-19 17:12 -------- d-----w- c:\program files\TomTom International B.V
2010-03-16 12:08 . 2010-03-16 12:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 12:08 . 2007-11-23 20:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 12:08 . 2008-06-28 14:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 12:38 . 2005-08-16 03:18 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2005-08-16 03:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2005-08-16 03:18 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2005-08-16 03:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2005-08-16 03:18 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 09:16 . 2009-10-05 15:59 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 14:08 . 2005-08-16 03:18 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 21:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
.

Code:

<pre>
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Nokia\Nokia PC Suite 6\pcsync2 .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\spool\drivers\w32x86\3\ekij5000mui .exe
</pre>

((((((((((((((((((((((((((((( SnapShot_2010-04-08_10.53.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2010-05-17 09:17 . 2010-05-17 09:17 16384 c:\windows\temp\Perflib_Perfdata_ab0.dat
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2007-07-01 18:40 . 2010-04-30 09:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-01 18:40 . 2010-04-07 20:16 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-01 18:40 . 2010-04-30 09:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-07-01 18:40 . 2010-04-07 20:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-04-30 09:09 . 2010-04-30 09:09 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-08-16 03:18 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981349\update\spcustom.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981349\spmsg.dll
+ 2010-04-17 17:49 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-04-17 17:49 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-01-13 13:48 . 2010-01-13 13:48 86016 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-04-17 17:49 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-04-17 17:49 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2005-08-16 03:18 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2005-08-16 03:40 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2005-08-16 03:40 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2005-08-16 03:18 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-11-13 07:44 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
- 2008-08-14 19:08 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-08-14 19:08 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2005-08-16 03:18 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2010-05-01 09:54 . 2010-05-01 09:54 195584 c:\windows\Installer\9cedf8.msi
+ 2010-04-30 08:59 . 2010-04-30 08:59 228352 c:\windows\Installer\5be1c.msi
+ 2010-03-19 18:55 . 2010-04-18 20:08 102400 c:\windows\Installer\{81063354-9060-42B2-A000-1EBE96778AA9}\iTunesIco.exe
- 2010-03-19 18:55 . 2010-03-19 18:55 102400 c:\windows\Installer\{81063354-9060-42B2-A000-1EBE96778AA9}\iTunesIco.exe
+ 2008-11-13 07:44 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-04-17 17:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981349\update\updspapi.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981349\update\update.exe
+ 2010-04-17 17:49 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981349\spuninst.exe
+ 2010-03-09 11:06 . 2010-03-09 11:06 430080 c:\windows\$hf_mig$\KB981349\SP3QFE\vbscript.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979309\update\updspapi.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-04-17 17:49 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-04-17 17:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978601\update\updspapi.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-04-17 17:49 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2009-12-24 06:42 . 2009-12-24 06:42 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-04-17 17:49 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-02-12 04:27 . 2010-02-12 04:27 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-04-17 17:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-04-17 17:49 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-10-16 18:42 . 2010-02-17 08:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 18:42 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 18:42 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 18:42 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-08-13 10:25 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
- 2009-08-13 10:25 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-10-16 18:42 . 2010-02-17 08:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 18:42 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 18:42 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 18:42 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-07-13 19:54 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-12-28 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 12:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 15:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 15:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15448:TCP"= 15448:TCP:BitComet 15448 TCP
"15448:UDP"= 15448:UDP:BitComet 15448 UDP
"9322:TCP"= 9322:TCP:EKDiscovery

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [01/05/2010 08:05 218592]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/06/2008 15:50 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/03/2010 20:31 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/03/2010 13:08 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [01/05/2010 08:06 112592]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [05/08/2009 13:49 284016]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [01/05/2010 08:05 366840]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 AVMNgBasM779;AVerMedia M779 Base Driver;c:\windows\system32\drivers\AVerBas.sys [15/09/2006 15:22 49152]
S3 AVMNgCapM779;AVerMedia M779 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [15/09/2006 15:22 219392]
S3 AVMNgTunM779;AVerMedia M779 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [15/09/2006 10:14 147456]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [06/12/2008 21:36 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [06/12/2008 21:36 8320]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [06/08/2008 02:36 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [06/08/2008 02:36 105216]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [06/08/2008 02:36 105216]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 11:29
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-17 11:33:36
ComboFix-quarantined-files.txt 2010-05-17 10:33
ComboFix2.txt 2010-04-11 07:54
ComboFix3.txt 2010-04-08 21:04
ComboFix4.txt 2010-04-08 10:57
ComboFix5.txt 2010-05-17 10:15

Pre-Run: 56,001,986,560 bytes free
Post-Run: 55,985,229,824 bytes free

- - End Of File - - 17D37FF32661CD78A2C77C159A07EEA7

Spyware Doctor Scan17th May 2010, 6:21 pm

Hi, I didn't realise we had Spyware Doctor on our PC??? But it has come up saying the results of a scan show there are 8 threats and 101 infections!!! Do I need to do anything with this???

Re: BankerFox.A and Win32/Nugel.E17th May 2010, 9:36 pm

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
KILLALL:: RenV:: c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe c:\program files\Nokia\Nokia PC Suite 6\pcsync2 .exe c:\windows\ehome\ehtray .exe c:\windows\system32\spool\drivers\w32x86\3\ekij5000mui .exe
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

BankerFox.A and Win32/Nugel.E

descriptionBankerFox.A and Win32/Nugel.E24th March 2010, 10:32 pm

descriptionRe: BankerFox.A and Win32/Nugel.E25th March 2010, 1:24 am

descriptionOTL.txt1st April 2010, 8:40 pm

descriptionExtras.txt1st April 2010, 8:42 pm

descriptionRe: BankerFox.A and Win32/Nugel.E1st April 2010, 11:23 pm

descriptionResults......2nd April 2010, 10:26 am

descriptionRe: BankerFox.A and Win32/Nugel.E2nd April 2010, 1:45 pm

descriptionMore results.......2nd April 2010, 8:18 pm

descriptionRe: BankerFox.A and Win32/Nugel.E3rd April 2010, 12:23 am

descriptionMore Results.......7th April 2010, 8:42 pm

descriptionRe: BankerFox.A and Win32/Nugel.E7th April 2010, 9:03 pm

descriptionResults............8th April 2010, 11:01 am

descriptionRe: BankerFox.A and Win32/Nugel.E8th April 2010, 8:15 pm

description2nd time lucky..............8th April 2010, 9:08 pm

descriptionRe: BankerFox.A and Win32/Nugel.E9th April 2010, 12:29 am

descriptionResults......11th April 2010, 7:56 am

descriptionRe: BankerFox.A and Win32/Nugel.E11th April 2010, 10:56 pm

descriptionCan't save the log?????16th April 2010, 10:16 pm

descriptionRe: BankerFox.A and Win32/Nugel.E17th April 2010, 12:26 pm

descriptionResults...18th April 2010, 7:51 pm

descriptionRe: BankerFox.A and Win32/Nugel.E18th April 2010, 10:25 pm

descriptionBeen on holiday, sorry!6th May 2010, 4:31 pm

descriptionRe: BankerFox.A and Win32/Nugel.E6th May 2010, 9:17 pm

descriptionResults....17th May 2010, 3:38 pm

descriptionSpyware Doctor Scan17th May 2010, 6:21 pm

descriptionRe: BankerFox.A and Win32/Nugel.E17th May 2010, 9:36 pm

descriptionRe: BankerFox.A and Win32/Nugel.E