BankerFox.A and Nuqel.exe

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

BankerFox.A and Nuqel.exe19th February 2010, 1:55 am

I keep getting popups for viagra porn and two virus remover programs? I can't download anything because a box pops up that says the file _____.exe is infected for any file i try to open. I can do stuff in safe mode but it just seems to find hikeys and some other thing to deleter as soon as I reboot the viruses start causing trouble again.

Re: BankerFox.A and Nuqel.exe19th February 2010, 5:50 pm

It has disappeared and I can't find it? no more popups but seriously slow ? I ran bitdefender and avg while I was asleep and when I got up it was gone? It has to be there in part somewhere because it is waay slow now. (thank you for being here i hope someone can help me) Please (puppy eyes)

Re: BankerFox.A and Nuqel.exe19th February 2010, 8:51 pm

Hello.

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A and Nuqel.exe DXwU4

Re: BankerFox.A and Nuqel.exe20th February 2010, 2:59 pm

OTL logfile created on: 2/20/2010 9:31:15 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = D:\profile.cu\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 374.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 33.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 63.15 Gb Free Space | 84.75% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 73.43 Gb Free Space | 98.53% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: T40R40IMAGE
Current User Name: Student
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 09:04:28 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\profile.cu\Desktop\OTL.exe
PRC - [2010/02/15 10:28:55 | 003,533,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgui.exe
PRC - [2010/02/15 10:28:43 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/02/15 10:28:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2010/02/05 10:13:00 | 003,099,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe
PRC - [2010/01/18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/11/24 20:14:42 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/24 20:14:38 | 001,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/07 10:11:29 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/11/07 10:11:19 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/14 08:45:34 | 000,319,488 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/04/13 19:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/14 05:40:44 | 000,013,312 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/12/10 18:36:32 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2006/12/10 18:36:22 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2006/11/16 20:57:18 | 000,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/09/01 14:57:48 | 000,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2006/02/24 01:22:00 | 000,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/02/14 13:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/14 13:16:28 | 000,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/11/11 00:33:00 | 000,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2005/08/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe
PRC - [2005/07/11 13:21:18 | 000,221,184 | ---- | M] (PASCO Scientific) -- C:\Program Files\DataStudio\PASPortal.exe
PRC - [2005/03/03 16:10:32 | 000,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2004/10/14 08:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/09/22 20:00:00 | 000,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
PRC - [2004/09/06 15:03:52 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/08/06 02:50:00 | 000,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2004/08/06 02:50:00 | 000,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
PRC - [2004/08/06 02:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2004/05/17 13:27:28 | 000,032,859 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\dpmw32.exe
PRC - [2004/02/23 10:18:56 | 000,217,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe
PRC - [2003/10/07 09:48:56 | 000,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
PRC - [2003/08/22 01:01:00 | 000,225,280 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2003/07/11 17:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2003/06/27 07:53:32 | 000,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/08/29 07:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2002/03/12 09:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe
PRC - [2002/01/10 15:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

========== Modules (SafeList) ==========

MOD - [2010/02/20 09:04:28 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\profile.cu\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2006/02/14 13:17:12 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/02/15 10:28:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/24 20:14:38 | 001,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/08/14 08:45:34 | 000,319,488 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/04/13 19:12:02 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2008/04/13 19:11:55 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007/06/14 05:40:44 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/12/10 18:36:22 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006/11/16 20:57:18 | 000,364,544 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/11/11 00:33:00 | 000,073,782 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2005/08/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield)
SRV - [2005/08/22 20:00:00 | 000,029,184 | ---- | M] (Network Associates, Inc.) [Auto | Stopped] -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager)
SRV - [2005/01/18 08:17:56 | 000,036,864 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/06 02:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2003/07/16 11:37:58 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/07/11 17:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [1985/01/01 05:02:46 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/11/07 10:11:28 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/07 10:11:28 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/07 10:11:20 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/23 07:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 13:34:12 | 000,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/02/19 00:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/11/16 21:02:24 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/10/18 02:00:00 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006/06/29 16:11:08 | 000,011,712 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2006/05/15 01:53:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/04/27 08:26:30 | 000,164,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel(R)
DRV - [2006/03/28 07:24:00 | 000,041,456 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2006/02/14 13:04:58 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/17 00:56:00 | 000,051,120 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/12/17 00:56:00 | 000,021,744 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/12/17 00:56:00 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/11/22 08:46:58 | 000,159,985 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2005/11/22 08:46:10 | 000,502,223 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2005/11/11 00:33:00 | 000,010,112 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2005/11/10 06:53:00 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005/10/27 15:15:14 | 000,039,731 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2005/10/12 12:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005/10/12 12:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS)
DRV - [2005/08/22 20:00:00 | 000,114,624 | ---- | M] (Network Associates, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/08/22 20:00:00 | 000,058,464 | ---- | M] (Network Associates, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1)
DRV - [2005/08/22 20:00:00 | 000,008,448 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51)
DRV - [2005/05/26 17:14:00 | 000,015,891 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2005/04/20 00:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/03/28 08:19:38 | 000,220,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2005/03/04 18:53:00 | 000,127,872 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2005/01/03 13:51:38 | 000,020,332 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2004/09/06 15:03:46 | 000,016,370 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2004/08/19 11:34:06 | 000,038,848 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nicm.sys -- (NICM)
DRV - [2004/06/01 17:19:34 | 000,027,249 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2004/05/04 11:35:56 | 000,119,296 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCX504.sys -- (PCX504)
DRV - [2003/10/24 00:35:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2003/10/24 00:35:00 | 000,008,831 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2003/06/27 07:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/02/26 13:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2002/11/13 20:43:56 | 000,140,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2002/08/29 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/08/29 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/02/15 10:36:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/11/07 10:16:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 12:55:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 10:42:05 | 000,000,000 | ---D | M]

[2009/11/06 21:59:44 | 000,000,000 | ---D | M] -- D:\profile.cu\Application Data\Mozilla\Extensions
[2004/07/27 10:11:30 | 000,000,000 | ---D | M] -- D:\profile.cu\Application Data\Mozilla\Firefox\Profiles\default.ft5\extensions
[2009/11/08 12:34:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\profile.cu\Application Data\Mozilla\Firefox\Profiles\default.ft5\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/18 13:02:34 | 000,000,000 | ---D | M] (No name found) -- D:\profile.cu\Application Data\Mozilla\Firefox\Profiles\default.ft5\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/11/06 21:59:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/01/09 15:31:14 | 000,599,496 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 images.real.com
O1 - Hosts: 127.0.0.1 real.com
O1 - Hosts: 127.0.0.1 ct5.hypercount.com
O1 - Hosts: 127.0.0.1 acme.bfast.com
O1 - Hosts: 127.0.0.1 ads.bfast.com
O1 - Hosts: 127.0.0.1 affiliates.bfast.com
O1 - Hosts: 127.0.0.1 affnet.bfast.com
O1 - Hosts: 127.0.0.1 airedale.bfast.com
O1 - Hosts: 127.0.0.1 application.bfast.com
O1 - Hosts: 127.0.0.1 applications.bfast.com
O1 - Hosts: 127.0.0.1 artuframe.bfast.com
O1 - Hosts: 127.0.0.1 barnesandnoble.bfast.com
O1 - Hosts: 127.0.0.1 bfast.com
O1 - Hosts: 127.0.0.1 bn.bfast.com
O1 - Hosts: 127.0.0.1 bst.bfast.com
O1 - Hosts: 127.0.0.1 bullmastiff.bfast.com
O1 - Hosts: 127.0.0.1 coonhound.bfast.com
O1 - Hosts: 127.0.0.1 dev-geocities.bfast.com
O1 - Hosts: 127.0.0.1 dev.bfast.com
O1 - Hosts: 127.0.0.1 devmgt.befree.com
O1 - Hosts: 127.0.0.1 devmgt.bfast.com
O1 - Hosts: 127.0.0.1 doberman.befree.com
O1 - Hosts: 127.0.0.1 enews.bfast.com
O1 - Hosts: 127.0.0.1 etoys.bfast.com
O1 - Hosts: 18039 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ACUMon] C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bhinfrku] D:\profile.cu\Local Settings\Application Data\agvlpr\mnsbsftav.exe File not found
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [imlvpxum] D:\profile.cu\Local Settings\Application Data\itiwsd\mypssftav.exe File not found
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [bhinfrku] D:\profile.cu\Local Settings\Application Data\agvlpr\mnsbsftav.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231534438586 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.com/pc/support/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37929.3022800926 (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (cswGina.dll) - C:\WINDOWS\System32\CSWGINA.DLL (Cisco Systems, Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: D:\profile.cu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\profile.cu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/24 08:40:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0f4d04e0-9010-11d9-b729-00061bd0ebc4}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{836c3490-bb26-11d9-9654-00028aa8aba1}\Shell\AutoRun\command - "" = autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/20 09:04:29 | 000,549,376 | ---- | C] (OldTimer Tools) -- D:\profile.cu\Desktop\OTL.exe
[2010/02/19 12:32:49 | 000,000,000 | ---D | C] -- D:\profile.cu\Local Settings\Application Data\Threat Expert
[2010/02/18 22:27:35 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/02/18 22:27:35 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/02/18 22:27:35 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/02/18 22:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/02/18 22:27:12 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/18 22:26:55 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/02/18 22:26:55 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/02/18 22:26:36 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/18 22:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/02/18 22:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/02/18 22:26:05 | 000,000,000 | ---D | C] -- D:\profile.cu\Application Data\PC Tools
[2010/02/18 22:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/02/18 22:15:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/02/18 22:11:12 | 000,158,552 | ---- | C] (Microsoft Corporation) -- D:\profile.cu\Desktop\bitdefender_free.exe
[2010/02/18 22:03:22 | 034,870,008 | ---- | C] (PC Tools ) -- D:\profile.cu\Desktop\sdasetup_aff.exe
[2010/02/18 21:37:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/18 21:37:55 | 000,000,000 | --SD | C] -- C:\Commy
[2010/02/18 21:36:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/18 19:44:09 | 000,000,000 | ---D | C] -- D:\profile.cu\Application Data\Malwarebytes
[2010/02/18 19:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/18 13:02:47 | 000,000,000 | ---D | C] -- D:\profile.cu\Application Data\QuickScan
[2010/02/18 12:02:15 | 000,000,000 | ---D | C] -- D:\profile.cu\Local Settings\Application Data\itiwsd
[2010/02/18 11:54:18 | 000,000,000 | ---D | C] -- D:\profile.cu\Local Settings\Application Data\agvlpr
[2010/02/18 11:51:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/02/17 09:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2010/02/17 09:05:01 | 000,000,000 | ---D | C] -- D:\profile.cu\Application Data\MSN6
[2010/02/15 16:58:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Student\Recent
[2010/02/15 16:55:36 | 000,000,000 | ---D | C] -- D:\profile.cu\Application Data\Yahoo!
[2010/02/15 16:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/02/15 16:28:21 | 015,439,712 | ---- | C] (Lenovo Group Limited ) -- D:\profile.cu\Desktop\1kwc42ww.exer40.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/20 09:04:28 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\profile.cu\Desktop\OTL.exe
[2010/02/20 01:35:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/19 20:17:11 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/19 11:42:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/19 11:42:24 | 000,002,245 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PASPortal.lnk
[2010/02/19 11:38:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/19 11:38:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/19 11:38:17 | 1072,680,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/19 11:36:04 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Student\NTUSER.DAT
[2010/02/19 11:36:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Student\ntuser.ini
[2010/02/19 11:35:38 | 003,772,516 | -H-- | M] () -- D:\profile.cu\Local Settings\Application Data\IconCache.db
[2010/02/19 11:17:34 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/19 11:09:38 | 055,899,862 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/18 22:11:42 | 000,158,552 | ---- | M] (Microsoft Corporation) -- D:\profile.cu\Desktop\bitdefender_free.exe
[2010/02/18 22:07:44 | 034,870,008 | ---- | M] (PC Tools ) -- D:\profile.cu\Desktop\sdasetup_aff.exe
[2010/02/18 19:00:15 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010/02/17 09:04:30 | 000,004,484 | ---- | M] () -- C:\coinst.trc
[2010/02/17 08:23:48 | 000,082,944 | ---- | M] () -- D:\profile.cu\My Documents\table.doc
[2010/02/15 19:24:22 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/02/15 17:00:00 | 000,002,354 | ---- | M] () -- D:\profile.cu\My Documents\regclean1510.reg
[2010/02/15 16:54:56 | 000,001,458 | ---- | M] () -- D:\profile.cu\Desktop\CCleaner.lnk
[2010/02/15 16:30:24 | 015,439,712 | ---- | M] (Lenovo Group Limited ) -- D:\profile.cu\Desktop\1kwc42ww.exer40.exe
[2010/02/15 10:35:30 | 000,031,645 | ---- | M] () -- C:\logfile
[2010/02/15 10:23:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/14 21:40:52 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/14 18:39:30 | 000,000,791 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/14 18:39:30 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/14 18:39:30 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/19 10:44:47 | 1072,680,960 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/18 22:27:36 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/02/18 22:27:35 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/02/18 22:27:35 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/02/18 22:27:35 | 000,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/02/18 22:27:35 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/02/18 22:27:12 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/02/18 22:26:55 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/02/18 22:26:55 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/02/18 22:26:48 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/18 22:26:36 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/02/17 08:23:45 | 000,082,944 | ---- | C] () -- D:\profile.cu\My Documents\table.doc
[2010/02/15 16:59:56 | 000,002,354 | ---- | C] () -- D:\profile.cu\My Documents\regclean1510.reg
[2009/03/31 08:41:14 | 000,000,357 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/01 10:32:30 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/02/14 15:16:17 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2006/02/14 15:16:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2005/05/30 07:55:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2004/08/12 19:11:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2004/08/02 08:53:36 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\GAMSWrap.dll
[2004/07/26 15:29:39 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2004/07/26 15:29:38 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2004/07/26 15:29:38 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2004/07/26 15:29:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2004/07/26 15:29:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2004/07/26 15:29:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2004/07/26 15:29:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2004/07/26 15:29:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2004/07/26 15:29:33 | 000,236,032 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2004/03/18 11:55:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/11/12 10:00:09 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\noctxnt.dll
[2003/11/11 10:06:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/11/04 10:31:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/04 09:28:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/11/04 09:26:32 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2002/11/15 12:13:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll
[2002/10/07 19:15:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[1985/01/01 05:02:46 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
< End of report >

Re: BankerFox.A and Nuqel.exe20th February 2010, 3:00 pm

OTL Extras logfile created on: 2/20/2010 9:31:15 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = D:\profile.cu\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 374.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 33.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 63.15 Gb Free Space | 84.75% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 73.43 Gb Free Space | 98.53% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: T40R40IMAGE
Current User Name: Student
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\IBMTools\Updater\jre\bin\javaw.exe" = C:\IBMTools\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- File not found
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:dpmw32 -- (Novell, Inc.)
"C:\Program Files\att-nap\McciBrowser.exe" = C:\Program Files\att-nap\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel(R) PROSet for Wired Connections
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{EF19AC82-649F-43B9-9D79-89A9E051C0CE}" = DataStudio
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F70350CC-639E-4F9A-85CA-CFC84F7744AD}" = Eudora
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"ATT-PRT22" = ATT-PRT22
"AVG8Uninstall" = AVG 8.5
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CCleaner" = CCleaner
"CiscoInstallWizard" = Cisco Aironet Installation Wizard
"ie8" = Windows Internet Explorer 8
"InstallShield_{EF19AC82-649F-43B9-9D79-89A9E051C0CE}" = DataStudio
"Maple 10" = Maple 10
"MatlabR14SP3" = MATLAB 7.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Novell Client for Windows" = Novell Client for Windows
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"PROSet" = Intel(R) PRO Network Connections Drivers
"PSSENSOR_ab977ca22ef595e0c55853eb3fbfffd950acc82c" = Windows Driver Package - PASCO Scientific (PASCO) USB 01/17/2004 1.9.0.0
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.82.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2009 3:40:01 PM | Computer Name = T40R40IMAGE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2009 9:11:30 PM | Computer Name = T40R40IMAGE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/28/2009 1:58:58 PM | Computer Name = T40R40IMAGE | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The update failed; see event log.(from T40R40IMAGE
IP 127.0.0.1 user SYSTEM running VirusScan Ent. 8.0.0 UPD)

Error - 12/28/2009 2:16:43 PM | Computer Name = T40R40IMAGE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 12/28/2009 6:29:05 PM | Computer Name = T40R40IMAGE | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The update failed; see event log.(from T40R40IMAGE
IP 127.0.0.1 user SYSTEM running VirusScan Ent. 8.0.0 UPD)

Error - 12/29/2009 2:54:04 AM | Computer Name = T40R40IMAGE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 12/29/2009 1:00:49 PM | Computer Name = T40R40IMAGE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2009 1:00:55 PM | Computer Name = T40R40IMAGE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/30/2009 2:42:05 AM | Computer Name = T40R40IMAGE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 12/30/2009 6:04:07 PM | Computer Name = T40R40IMAGE | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The update failed; see event log.(from T40R40IMAGE
IP 127.0.0.1 user SYSTEM running VirusScan Ent. 8.0.0 UPD)

[ System Events ]
Error - 12/28/2009 1:58:54 PM | Computer Name = T40R40IMAGE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/28/2009 2:01:05 PM | Computer Name = T40R40IMAGE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/28/2009 2:01:05 PM | Computer Name = T40R40IMAGE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/28/2009 2:01:05 PM | Computer Name = T40R40IMAGE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/28/2009 2:16:44 PM | Computer Name = T40R40IMAGE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/28/2009 2:16:44 PM | Computer Name = T40R40IMAGE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/28/2009 2:16:44 PM | Computer Name = T40R40IMAGE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/28/2009 3:27:21 PM | Computer Name = T40R40IMAGE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/28/2009 3:27:21 PM | Computer Name = T40R40IMAGE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/28/2009 3:27:21 PM | Computer Name = T40R40IMAGE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

< End of report >

Re: BankerFox.A and Nuqel.exe20th February 2010, 8:24 pm

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKLM..\Run: [imlvpxum] D:\profile.cu\Local Settings\Application Data\itiwsd\mypssftav.exe File not found
O4 - HKCU..\Run: [bhinfrku] D:\profile.cu\Local Settings\Application Data\agvlpr\mnsbsftav.exe File not found
O33 - MountPoints2\{0f4d04e0-9010-11d9-b729-00061bd0ebc4}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{836c3490-bb26-11d9-9654-00028aa8aba1}\Shell\AutoRun\command - "" = autorun.exe
[2010/02/18 12:02:15 | 000,000,000 | ---D | C] -- D:\profile.cu\Local Settings\Application Data\itiwsd
[2010/02/18 11:54:18 | 000,000,000 | ---D | C] -- D:\profile.cu\Local Settings\Application Data\agvlpr

:commands
[resethosts]
[reboot]
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: BankerFox.A and Nuqel.exe20th February 2010, 11:29 pm

So run it again then do that?

Re: BankerFox.A and Nuqel.exe20th February 2010, 11:52 pm

Yes, run my script in it.

Re: BankerFox.A and Nuqel.exe21st February 2010, 3:36 pm

It stopped and rebooted but did not give me anything in notepad?

(thank you for helping me I know I am dumb with computers)

Re: BankerFox.A and Nuqel.exe21st February 2010, 4:46 pm

Please re-run the script.

Re: BankerFox.A and Nuqel.exe21st February 2010, 5:29 pm

I tried it 2 more times it still isn't doing anything but I have not had anypop ups since the avg scan maybe it hid it somewhere?

Re: BankerFox.A and Nuqel.exe21st February 2010, 8:10 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: BankerFox.A and Nuqel.exe21st February 2010, 9:42 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3772
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/21/2010 4:41:48 PM
mbam-log-2010-02-21 (16-41-48).txt

Scan type: Quick Scan
Objects scanned: 107337
Time elapsed: 18 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bhinfrku (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: BankerFox.A and Nuqel.exe22nd February 2010, 1:06 am

Hello.
How is the machine running? logs look good.

Re: BankerFox.A and Nuqel.exe22nd February 2010, 1:38 am

Belahzur wrote:

Hello.
How is the machine running? logs look good.

It seems to be running better than before thank you so much. Thank You!

What else can I do to prevent this from happening again? It my husbands school laptop and has Macafee on it....

Re: BankerFox.A and Nuqel.exe22nd February 2010, 9:02 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

it came back22nd February 2010, 9:38 pm

It already came back I was on Facebook and it started popping up again Sad tearing

I ran malware thing again but it wont go away

Re: BankerFox.A and Nuqel.exe22nd February 2010, 9:41 pm

Can you run OTL?

I don't know I can try23rd February 2010, 12:23 am

I'll try it and post whatever it says ?

It23rd February 2010, 12:58 am

only did one this time

OTL logfile created on: 2/22/2010 7:32:39 PM - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = D:\profile.cu\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 453.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 63.44 Gb Free Space | 85.15% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 73.42 Gb Free Space | 98.52% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: T40R40IMAGE
Current User Name: Student
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 09:04:28 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\profile.cu\Desktop\OTL.exe
PRC - [2010/02/15 10:28:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/11/24 20:14:38 | 001,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/07 10:11:29 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/11/07 10:11:19 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/14 08:45:34 | 000,319,488 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/14 05:40:44 | 000,013,312 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/12/10 18:36:32 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2006/12/10 18:36:22 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2006/11/16 20:57:18 | 000,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/09/01 14:57:48 | 000,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2006/02/24 01:22:00 | 000,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/02/14 13:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/14 13:16:28 | 000,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/11/11 00:33:00 | 000,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2005/08/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe
PRC - [2005/03/03 16:10:32 | 000,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2004/10/14 08:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/09/22 20:00:00 | 000,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
PRC - [2004/09/06 15:03:52 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/08/06 02:50:00 | 000,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2004/08/06 02:50:00 | 000,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
PRC - [2004/08/06 02:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2004/05/17 13:27:28 | 000,032,859 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\dpmw32.exe
PRC - [2004/02/23 10:18:56 | 000,217,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe
PRC - [2003/10/07 09:48:56 | 000,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
PRC - [2003/07/11 17:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2003/06/27 07:53:32 | 000,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/03/12 09:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe
PRC - [2002/01/10 15:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

========== Modules (SafeList) ==========

MOD - [2010/02/20 09:04:28 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\profile.cu\Desktop\OTL.exe
MOD - [2006/02/14 13:17:12 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/02/15 10:28:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/11/24 20:14:38 | 001,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/14 08:45:34 | 000,319,488 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/04/13 19:12:02 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2008/04/13 19:11:55 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007/06/14 05:40:44 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/12/10 18:36:22 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006/11/16 20:57:18 | 000,364,544 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/11/11 00:33:00 | 000,073,782 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2005/08/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield)
SRV - [2005/08/22 20:00:00 | 000,029,184 | ---- | M] (Network Associates, Inc.) [Auto | Stopped] -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager)
SRV - [2005/01/18 08:17:56 | 000,036,864 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/06 02:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2003/07/16 11:37:58 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/07/11 17:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [1985/01/01 05:02:46 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/11/07 10:11:28 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/07 10:11:28 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/07 10:11:20 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/09/23 07:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 13:34:12 | 000,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/02/19 00:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/11/16 21:02:24 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/10/18 02:00:00 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006/06/29 16:11:08 | 000,011,712 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2006/05/15 01:53:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/04/27 08:26:30 | 000,164,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel(R)
DRV - [2006/03/28 07:24:00 | 000,041,456 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2006/02/14 13:04:58 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/17 00:56:00 | 000,051,120 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/12/17 00:56:00 | 000,021,744 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/12/17 00:56:00 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/11/22 08:46:58 | 000,159,985 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2005/11/22 08:46:10 | 000,502,223 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2005/11/11 00:33:00 | 000,010,112 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2005/11/10 06:53:00 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005/10/27 15:15:14 | 000,039,731 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2005/10/12 12:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005/10/12 12:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS)
DRV - [2005/08/22 20:00:00 | 000,114,624 | ---- | M] (Network Associates, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/08/22 20:00:00 | 000,058,464 | ---- | M] (Network Associates, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1)
DRV - [2005/08/22 20:00:00 | 000,008,448 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51)
DRV - [2005/05/26 17:14:00 | 000,015,891 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2005/04/20 00:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/03/28 08:19:38 | 000,220,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2005/03/04 18:53:00 | 000,127,872 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2005/01/03 13:51:38 | 000,020,332 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2004/09/06 15:03:46 | 000,016,370 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2004/08/19 11:34:06 | 000,038,848 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nicm.sys -- (NICM)
DRV - [2004/06/01 17:19:34 | 000,027,249 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2004/05/04 11:35:56 | 000,119,296 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCX504.sys -- (PCX504)
DRV - [2003/10/24 00:35:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2003/10/24 00:35:00 | 000,008,831 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2003/06/27 07:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/02/26 13:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2002/11/13 20:43:56 | 000,140,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2002/08/29 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/08/29 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/02/15 10:36:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/11/07 10:16:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 12:55:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 10:42:05 | 000,000,000 | ---D | M]

[2009/11/06 21:59:44 | 000,000,000 | ---D | M] -- D:\profile.cu\Application Data\Mozilla\Extensions
[2004/07/27 10:11:30 | 000,000,000 | ---D | M] -- D:\profile.cu\Application Data\Mozilla\Firefox\Profiles\default.ft5\extensions
[2009/11/08 12:34:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\profile.cu\Application Data\Mozilla\Firefox\Profiles\default.ft5\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/18 13:02:34 | 000,000,000 | ---D | M] (No name found) -- D:\profile.cu\Application Data\Mozilla\Firefox\Profiles\default.ft5\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/11/06 21:59:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/21 12:18:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ACUMon] C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231534438586 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.com/pc/support/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37929.3022800926 (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (cswGina.dll) - C:\WINDOWS\System32\CSWGINA.DLL (Cisco Systems, Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: D:\profile.cu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\profile.cu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/24 08:40:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/22 12:21:39 | 000,000,000 | ---D | C] -- D:\profile.cu\Local Settings\Application Data\xopfqb
[2010/02/21 15:18:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/21 15:18:15 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/21 15:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/21 15:16:15 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- D:\profile.cu\Desktop\mbam-setup.exe
[2010/02/20 09:04:29 | 000,549,376 | ---- | C] (OldTimer Tools) -- D:\profile.cu\Desktop\OTL.exe
[2010/02/19 12:32:49 | 000,000,000 | ---D | C] -- D:\profile.cu\Local Settings\Application Data\Threat Expert
[2010/02/18 22:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/02/18 22:15:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/02/18 22:11:12 | 000,158,552 | ---- | C] (Microsoft Corporation) -- D:\profile.cu\Desktop\bitdefender_free.exe
[2010/02/18 22:03:22 | 034,870,008 | ---- | C] (PC Tools ) -- D:\profile.cu\Desktop\sdasetup_aff.exe
[2010/02/18 21:37:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/18 21:37:55 | 000,000,000 | --SD | C] -- C:\Commy
[2010/02/18 21:36:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/18 19:44:09 | 000,000,000 | ---D | C] -- D:\profile.cu\Application Data\Malwarebytes
[2010/02/18 19:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/18 13:02:47 | 000,000,000 | ---D | C] -- D:\profile.cu\Application Data\QuickScan
[2010/02/18 11:51:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/02/17 09:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2010/02/17 09:05:01 | 000,000,000 | ---D | C] -- D:\profile.cu\Application Data\MSN6
[2010/02/15 16:58:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Student\Recent
[2010/02/15 16:55:36 | 000,000,000 | ---D | C] -- D:\profile.cu\Application Data\Yahoo!
[2010/02/15 16:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/02/15 16:28:21 | 015,439,712 | ---- | C] (Lenovo Group Limited ) -- D:\profile.cu\Desktop\1kwc42ww.exer40.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/22 19:39:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/22 19:33:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/22 19:33:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/22 19:32:42 | 000,002,245 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PASPortal.lnk
[2010/02/22 19:29:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/22 19:29:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/22 19:29:22 | 1072,680,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/22 19:27:31 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Student\NTUSER.DAT
[2010/02/22 19:26:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Student\ntuser.ini
[2010/02/22 19:26:14 | 004,305,630 | -H-- | M] () -- D:\profile.cu\Local Settings\Application Data\IconCache.db
[2010/02/22 18:19:24 | 056,103,866 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/22 17:29:32 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010/02/21 15:18:27 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/21 15:16:54 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- D:\profile.cu\Desktop\mbam-setup.exe
[2010/02/21 12:18:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/02/20 09:04:28 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\profile.cu\Desktop\OTL.exe
[2010/02/18 22:11:42 | 000,158,552 | ---- | M] (Microsoft Corporation) -- D:\profile.cu\Desktop\bitdefender_free.exe
[2010/02/18 22:07:44 | 034,870,008 | ---- | M] (PC Tools ) -- D:\profile.cu\Desktop\sdasetup_aff.exe
[2010/02/17 09:04:30 | 000,004,484 | ---- | M] () -- C:\coinst.trc
[2010/02/17 08:23:48 | 000,082,944 | ---- | M] () -- D:\profile.cu\My Documents\table.doc
[2010/02/15 19:24:22 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/02/15 17:00:00 | 000,002,354 | ---- | M] () -- D:\profile.cu\My Documents\regclean1510.reg
[2010/02/15 16:54:56 | 000,001,458 | ---- | M] () -- D:\profile.cu\Desktop\CCleaner.lnk
[2010/02/15 16:30:24 | 015,439,712 | ---- | M] (Lenovo Group Limited ) -- D:\profile.cu\Desktop\1kwc42ww.exer40.exe
[2010/02/15 10:35:30 | 000,031,645 | ---- | M] () -- C:\logfile
[2010/02/15 10:23:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/14 21:40:52 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/14 18:39:30 | 000,000,791 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/14 18:39:30 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/14 18:39:30 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/21 15:18:27 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/19 10:44:47 | 1072,680,960 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/17 08:23:45 | 000,082,944 | ---- | C] () -- D:\profile.cu\My Documents\table.doc
[2010/02/15 16:59:56 | 000,002,354 | ---- | C] () -- D:\profile.cu\My Documents\regclean1510.reg
[2009/03/31 08:41:14 | 000,000,357 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/01 10:32:30 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/02/14 15:16:17 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2006/02/14 15:16:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2005/05/30 07:55:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2004/08/12 19:11:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2004/08/02 08:53:36 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\GAMSWrap.dll
[2004/07/26 15:29:39 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2004/07/26 15:29:38 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2004/07/26 15:29:38 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2004/07/26 15:29:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2004/07/26 15:29:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2004/07/26 15:29:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2004/07/26 15:29:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2004/07/26 15:29:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2004/07/26 15:29:33 | 000,236,032 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2004/03/18 11:55:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/11/12 10:00:09 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\noctxnt.dll
[2003/11/11 10:06:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/11/04 10:31:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/04 09:28:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/11/04 09:26:32 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2002/11/15 12:13:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll
[2002/10/07 19:15:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[1985/01/01 05:02:46 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
< End of report >

Re: BankerFox.A and Nuqel.exe23rd February 2010, 10:11 pm

Hello.
This returning too quickly to mean we missed something, so something you ran/website you visited is either a dropper or infected.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
[2010/02/22 12:21:39 | 000,000,000 | ---D | C] -- D:\profile.cu\Local Settings\Application Data\xopfqb
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: BankerFox.A and Nuqel.exe23rd February 2010, 11:46 pm

I think I got from Farmville on facebook???

Here is the log

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
D:\profile.cu\Local Settings\Application Data\xopfqb folder moved successfully.

OTL by OldTimer - Version 3.1.30.1 log created on 02232010_184531

Re: BankerFox.A and Nuqel.exe25th February 2010, 12:21 am

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

How is the machine running now?

Re: BankerFox.A and Nuqel.exe25th February 2010, 2:13 am

umm OTL disappeared after I ran it it my Ie keeps trying to open and saying it is offline ??Is the virus gone now?

Re: BankerFox.A and Nuqel.exe25th February 2010, 10:59 pm

Is it set to work offline? go to the File menu in IE, if "Work offline" is checked, untick it.

Re: BankerFox.A and Nuqel.exe26th February 2010, 2:36 am

I don't ever use it I just don't know why it keeps trying to come up? Do you think the virus is gone now?

it26th February 2010, 2:44 pm

is running super slow even using firefox?

Re: BankerFox.A and Nuqel.exe26th February 2010, 2:46 pm

I'm leaving for Disney in the morning and wont be back until the 5th or 6th I'll come back and check in this thread then is that ok?

Re: BankerFox.A and Nuqel.exe26th February 2010, 10:14 pm

Yes, that's fine, we'll continue this then.

Re: BankerFox.A and Nuqel.exe9th March 2010, 8:46 pm

Hi I'm back

Re: BankerFox.A and Nuqel.exe10th March 2010, 12:28 am

Hello.
One more thing I want to check.

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

Double-click mbr.exe to start the program.
When done scanning, it will save a log on the Desktop called mbr.log.
Please post the contents of that log in your next reply.

Re: BankerFox.A and Nuqel.exe13th March 2010, 6:39 pm

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Re: BankerFox.A and Nuqel.exe13th March 2010, 6:40 pm

The computer is acting really funny still it is super slow and I get lots of errors when trying to open firefox too

Re: BankerFox.A and Nuqel.exe13th March 2010, 7:26 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: BankerFox.A and Nuqel.exe14th March 2010, 3:03 pm

ComboFix 10-03-13.01 - Student 03/13/2010 21:46:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.563 [GMT -5:00]
Running from: d:\profile.cu\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\PASPortal.lnk

.
((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-13 18:25 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-21 20:18 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 20:18 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-21 20:18 . 2010-02-21 20:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 17:32 . 2010-02-19 17:32 -------- d-----w- d:\profile.cu\Local Settings\Application Data\Threat Expert
2010-02-19 00:44 . 2010-02-19 00:44 -------- d-----w- d:\profile.cu\Application Data\Malwarebytes
2010-02-19 00:36 . 2010-02-19 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-18 18:02 . 2010-02-18 18:02 -------- d-----w- d:\profile.cu\Application Data\QuickScan
2010-02-18 16:51 . 2010-02-18 16:51 -------- d-----w- c:\windows\Sun
2010-02-17 14:05 . 2010-02-17 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-02-17 14:05 . 2010-02-17 14:05 -------- d-----w- d:\profile.cu\Application Data\MSN6
2010-02-15 21:55 . 2010-02-15 21:55 -------- d-----w- d:\profile.cu\Application Data\Yahoo!
2010-02-15 21:55 . 2010-02-15 22:07 -------- d-----w- c:\program files\Yahoo!
2010-02-15 00:05 . 2010-02-15 00:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 01:01 . 2004-09-01 17:51 74824 ----a-w- d:\profile.cu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 14:16 . 2009-11-07 01:10 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 03:39 . 2009-11-09 02:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-19 16:39 . 2009-04-12 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-19 03:27 . 2009-01-09 20:51 -------- d-----w- c:\program files\Google
2010-02-18 22:39 . 2003-11-11 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-15 22:03 . 2003-11-04 14:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 16:50 . 2002-08-29 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2003-10-24 13:35 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2002-08-29 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-03 94208]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-17 344064]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"TP4EX"="tp4ex.exe" [2004-11-12 40960]
"ACUMon"="c:\program files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" [2004-02-23 217088]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 536576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-02-15 2043160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-06-07 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-07 15:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 00:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IBM RecordNow!"=
"AIM"=c:\progra~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"=c:\program files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/24/2009 8:17 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/12/2009 5:29 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/12/2009 5:29 PM 108552]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [4/15/2005 10:03 AM 58464]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [11/4/2003 9:27 AM 16384]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/7/2009 10:11 AM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [2/14/2003 5:16 PM 119296]
.
Contents of the 'Scheduled Tasks' folder

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:19]

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:19]

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:19]

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:19]

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:19]

2006-08-01 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2003-11-04 05:38]

2010-03-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\profile.cu\Application Data\Mozilla\Firefox\Profiles\default.ft5\
FF - prefs.js: browser.startup.homepage - hxxp://www.clemson.edu
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: d:\profile.cu\Application Data\Mozilla\Firefox\Profiles\default.ft5\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: d:\profile.cu\Application Data\Mozilla\Firefox\Profiles\default.ft5\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 21:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\cswGina.dll
c:\windows\system32\ACrd10SM.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-03-13 21:56:36
ComboFix-quarantined-files.txt 2010-03-14 02:56

Pre-Run: 67,976,138,752 bytes free
Post-Run: 67,981,787,136 bytes free

- - End Of File - - 65FEA1DAFEED397D81DBE7BF6CCA6B2C

Re: BankerFox.A and Nuqel.exe14th March 2010, 8:00 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Re: BankerFox.A and Nuqel.exe14th March 2010, 9:46 pm

Seems to be running pretty good now. I wanted to ask though when can
I go back on farmville safely? I am afraid to even use my other laptop both times I got the virus it was immediately during or after using farmville.

Re: BankerFox.A and Nuqel.exe14th March 2010, 11:55 pm

Hello.

Updating Java:

Download the latest version of Java SE Runtime Environment (JRE) 6 Update 18.
Click the "Download JRE" button to the right.
In the Window that opens, select your platform, check the "agree" box, and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader 9.3

Try Farmville now.

Re: BankerFox.A and Nuqel.exe15th March 2010, 3:58 pm

Ok I downloaded that stuff . Now what can I do to keep this from happening again?

Re: BankerFox.A and Nuqel.exe15th March 2010, 10:15 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

Re: BankerFox.A and Nuqel.exe15th March 2010, 11:22 pm

SpywareGuard says it is corrupted when I download it.

Re: BankerFox.A and Nuqel.exe16th March 2010, 1:12 am

Okay, forget SpywareGuard then.

Re: BankerFox.A and Nuqel.exe16th March 2010, 2:41 am

Thank you for all your help Thank You!

BankerFox.A and Nuqel.exe

descriptionBankerFox.A and Nuqel.exe19th February 2010, 1:55 am

descriptionRe: BankerFox.A and Nuqel.exe19th February 2010, 5:50 pm

descriptionRe: BankerFox.A and Nuqel.exe19th February 2010, 8:51 pm

descriptionRe: BankerFox.A and Nuqel.exe20th February 2010, 2:59 pm

descriptionRe: BankerFox.A and Nuqel.exe20th February 2010, 3:00 pm

descriptionRe: BankerFox.A and Nuqel.exe20th February 2010, 8:24 pm

descriptionRe: BankerFox.A and Nuqel.exe20th February 2010, 11:29 pm

descriptionRe: BankerFox.A and Nuqel.exe20th February 2010, 11:52 pm

descriptionRe: BankerFox.A and Nuqel.exe21st February 2010, 3:36 pm

descriptionRe: BankerFox.A and Nuqel.exe21st February 2010, 4:46 pm

descriptionRe: BankerFox.A and Nuqel.exe21st February 2010, 5:29 pm

descriptionRe: BankerFox.A and Nuqel.exe21st February 2010, 8:10 pm

descriptionRe: BankerFox.A and Nuqel.exe21st February 2010, 9:42 pm

descriptionRe: BankerFox.A and Nuqel.exe22nd February 2010, 1:06 am

descriptionRe: BankerFox.A and Nuqel.exe22nd February 2010, 1:38 am

descriptionRe: BankerFox.A and Nuqel.exe22nd February 2010, 9:02 pm

descriptionit came back22nd February 2010, 9:38 pm

descriptionRe: BankerFox.A and Nuqel.exe22nd February 2010, 9:41 pm

descriptionI don't know I can try23rd February 2010, 12:23 am

descriptionIt23rd February 2010, 12:58 am

descriptionRe: BankerFox.A and Nuqel.exe23rd February 2010, 10:11 pm

descriptionRe: BankerFox.A and Nuqel.exe23rd February 2010, 11:46 pm

descriptionRe: BankerFox.A and Nuqel.exe25th February 2010, 12:21 am

descriptionRe: BankerFox.A and Nuqel.exe25th February 2010, 2:13 am

descriptionRe: BankerFox.A and Nuqel.exe25th February 2010, 10:59 pm

descriptionRe: BankerFox.A and Nuqel.exe26th February 2010, 2:36 am

descriptionit26th February 2010, 2:44 pm

descriptionRe: BankerFox.A and Nuqel.exe26th February 2010, 2:46 pm

descriptionRe: BankerFox.A and Nuqel.exe26th February 2010, 10:14 pm

descriptionRe: BankerFox.A and Nuqel.exe9th March 2010, 8:46 pm

descriptionRe: BankerFox.A and Nuqel.exe10th March 2010, 12:28 am

descriptionRe: BankerFox.A and Nuqel.exe13th March 2010, 6:39 pm

descriptionRe: BankerFox.A and Nuqel.exe13th March 2010, 6:40 pm

descriptionRe: BankerFox.A and Nuqel.exe13th March 2010, 7:26 pm

descriptionRe: BankerFox.A and Nuqel.exe14th March 2010, 3:03 pm

descriptionRe: BankerFox.A and Nuqel.exe14th March 2010, 8:00 pm

descriptionRe: BankerFox.A and Nuqel.exe14th March 2010, 9:46 pm

descriptionRe: BankerFox.A and Nuqel.exe14th March 2010, 11:55 pm

descriptionRe: BankerFox.A and Nuqel.exe15th March 2010, 3:58 pm

descriptionRe: BankerFox.A and Nuqel.exe15th March 2010, 10:15 pm

descriptionRe: BankerFox.A and Nuqel.exe15th March 2010, 11:22 pm

descriptionRe: BankerFox.A and Nuqel.exe16th March 2010, 1:12 am

descriptionRe: BankerFox.A and Nuqel.exe16th March 2010, 2:41 am

descriptionRe: BankerFox.A and Nuqel.exe