Windows Security Alert: Bankerfox.A threat?

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Windows Security Alert: Bankerfox.A threat?17th June 2010, 6:06 am

First thanks in advance to anyone who may be able to help me. I've ran ATF-Cleaner and Malwarebytes Malware removal program without any luck. I'm getting Antivirus Software Alerts notifying me of "vulnerabilities" and "spyware alert" problems. I'm also having to "Allow" any programs to run thanks to an annoying pop up window that has also plagued my computer along with this virus.

I've attached my OTL files.

Thanks again!

Re: Windows Security Alert: Bankerfox.A threat?17th June 2010, 12:05 pm

Here's the OTL.txt. I guess it didnt attach earlier.

OTL logfile created on: 6/17/2010 1:30:56 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Robert\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 507.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 84.56 Gb Total Space | 13.11 Gb Free Space | 15.50% Space Free | Partition Type: NTFS
Drive D: | 7.58 Gb Total Space | 0.44 Gb Free Space | 5.74% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/17 01:20:59 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\My Documents\Downloads\OTL.exe
PRC - [2010/06/16 20:29:29 | 000,298,752 | ---- | M] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\dunonq\xbbgbv.exe
PRC - [2010/04/03 01:20:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/28 02:02:44 | 001,524,824 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/05/22 10:36:02 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/23 19:37:52 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/05/15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/12/08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005/12/07 14:56:56 | 000,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/11/02 23:01:14 | 000,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1148531195\ee\aolsoftware.exe
PRC - [2005/09/24 04:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/10/07 10:42:57 | 000,167,936 | ---- | M] () -- C:\WINDOWS\CDProxyServ.exe

========== Modules (SafeList) ==========

MOD - [2010/06/17 01:20:59 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:12:08 | 000,186,368 | ---- | M] () -- C:\WINDOWS\orumumokek.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/11/30 19:31:34 | 000,282,624 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\cpqinfo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (COMServer)
SRV - File not found [Auto | Stopped] -- -- ($sys$DRMServer)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/01/23 19:37:52 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/05/15 18:24:33 | 002,086,592 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2004/10/07 10:42:57 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\WINDOWS\CDProxyServ.exe -- (CD_Proxy)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2009/10/07 04:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/28 02:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2008/12/02 07:05:34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/10/23 02:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/09/15 03:09:44 | 000,213,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/10 11:29:40 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys -- (eeCtrl)
DRV - [2006/05/17 13:58:25 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/12/01 19:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/20 06:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 17:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 16:06:14 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/22 16:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 05:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/18 04:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/01 18:00:04 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/01 17:58:28 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/05/05 14:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 14:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 19:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/29 06:07:06 | 000,010,368 | ---- | M] (First 4 Internet) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\$sys$cor.sys -- ($sys$cor)
DRV - [2003/10/21 02:07:30 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2001/08/17 16:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1046

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1046
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\extensions\\{171BD0B4-F109-4CDA-B606-F0B0F0219E98}: C:\Documents and Settings\Robert\Local Settings\Application Data\{171BD0B4-F109-4CDA-B606-F0B0F0219E98} [2010/06/08 17:53:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/15 15:24:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 19:24:05 | 000,000,000 | ---D | M]

[2009/03/17 21:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2010/06/15 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\deqhc1xf.default\extensions
[2010/06/09 02:01:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\deqhc1xf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/01/05 23:50:40 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\deqhc1xf.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2008/01/05 23:48:44 | 000,000,000 | ---D | M] (Blue Ice) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\deqhc1xf.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2010/03/27 14:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\deqhc1xf.default\extensions\nasanightlaunch@example.com
[2010/06/15 21:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/29 19:24:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/03/31 22:57:36 | 000,387,032 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13350 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {A057A204-BACC-4D26-8087-36EE87E26986} - No CLSID value found.
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Emeyuhiqopuhuhiq] C:\WINDOWS\orumumokek.DLL ()
O4 - HKLM..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148531195\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [uvlvytsqit] c:\Documents and Settings\Robert\Local Settings\Application Data\dunonq\xbbgbv.exe ()
O4 - HKCU..\Run: [Afixahejozugit] C:\WINDOWS\lsares.DLL (CyberLink Corp.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uvlvytsqit] c:\Documents and Settings\Robert\Local Settings\Application Data\dunonq\xbbgbv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Symantec script Runner Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163621122750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab (HGPlugin9USA Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Desktop\indianapolis.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/02/14 23:31:18 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: svcWRSSSDK - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - Reg Error: Value error.
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: svcWRSSSDK - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WebrootSpySweeperService - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/16 21:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/16 21:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/16 20:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\dunonq
[2010/06/08 17:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\{171BD0B4-F109-4CDA-B606-F0B0F0219E98}
[2010/06/08 17:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msapps
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/17 01:31:03 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3500152745-3418190402-2306375663-1006UA.job
[2010/06/17 01:28:20 | 011,534,336 | -H-- | M] () -- C:\Documents and Settings\Robert\NTUSER.DAT
[2010/06/17 01:25:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hvumoxul.bin
[2010/06/17 01:25:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/17 01:25:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/17 01:24:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/17 01:24:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/17 01:24:44 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/17 00:52:16 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/17 00:37:11 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/17 00:37:11 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/17 00:37:11 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/17 00:31:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Robert\ntuser.ini
[2010/06/16 20:41:36 | 006,443,574 | -H-- | M] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\IconCache.db
[2010/06/16 20:39:31 | 000,001,698 | ---- | M] () -- C:\WINDOWS\Hriqusax.dat
[2010/06/16 17:26:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/06/15 17:37:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/06/09 02:19:22 | 000,306,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 02:17:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 02:26:29 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Robert\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/06/06 04:31:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3500152745-3418190402-2306375663-1006Core.job
[2010/05/30 02:42:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/08 17:53:52 | 000,001,698 | ---- | C] () -- C:\WINDOWS\Hriqusax.dat
[2010/06/08 17:53:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hvumoxul.bin
[2010/06/08 02:26:29 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Robert\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/04/17 17:44:32 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/01/08 20:39:18 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/11/23 11:45:09 | 000,001,283 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2007/11/23 11:44:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/11/23 11:44:28 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/03/04 04:31:30 | 000,058,904 | ---- | C] () -- C:\WINDOWS\System32\sysfolderazipcnt.dll
[2007/03/04 04:31:29 | 000,058,904 | ---- | C] () -- C:\WINDOWS\System32\azipcontmn.dll
[2006/08/17 15:45:58 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/05/25 01:13:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/05/25 01:11:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/05/25 01:11:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/05/25 01:11:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/05/25 00:24:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/17 14:27:45 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/05/17 14:27:45 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/02/15 00:36:05 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/15 00:32:29 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/15 00:13:03 | 000,000,085 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/14 23:58:55 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/04 04:00:00 | 000,186,368 | ---- | C] () -- C:\WINDOWS\orumumokek.dll
[2004/01/13 15:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/07 01:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/07 01:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/07 01:45:26 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 04:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 04:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 04:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 04:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 04:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2005/01/04 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys
[2004/08/04 04:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 04:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 04:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 04:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 04:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 04:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2005/11/10 12:37:10 | 000,032,356 | ---- | M] (Phoenix Technologies K.K.) -- C:\WINDOWS\system32\pusbfd1.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2005/12/01 18:46:32 | 000,040,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2009/10/07 01:23:08 | 000,013,584 | ---- | M] () -- C:\WINDOWS\system32\drivers\iKeyLFT2.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2008/06/13 17:21:05 | 000,000,387 | ---- | M] () -- C:\aaw7boot.log
[2006/05/17 21:10:54 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2006/08/11 02:52:04 | 000,026,416 | ---- | M] () -- C:\f8812d7d-3c81-483c-bdc7-fbe291f559c5.xml
[2010/06/17 01:24:44 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/09 18:24:09 | 000,001,378 | -HS- | M] () -- C:\hpqp.ini
[2007/02/01 01:10:37 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/12/31 22:01:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/11/19 20:45:12 | 000,002,452 | -H-- | M] () -- C:\IPH.PH
[2010/05/20 20:29:59 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/12/31 22:01:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2008/09/20 02:26:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/17 01:24:41 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009/01/09 18:24:06 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2009/07/26 15:04:46 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2008/11/18 01:07:13 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/10/09 22:00:15 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2006/08/05 21:13:13 | 000,000,000 | ---D | M] -- C:\Program Files\AIM OLD
[2007/04/30 06:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\AlphaZIP
[2006/02/14 23:51:52 | 000,000,000 | ---D | M] -- C:\Program Files\AMD
[2006/07/23 22:58:05 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2009/01/31 19:02:04 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/11/23 11:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2006/02/14 23:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/09/06 01:21:13 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2006/08/17 16:23:39 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2010/04/17 17:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/02/14 23:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/01/10 02:28:02 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2007/08/14 03:06:10 | 000,000,000 | ---D | M] -- C:\Program Files\Cycling '74
[2007/02/24 08:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\DFX
[2007/11/23 11:43:20 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2009/01/16 02:20:41 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/07/25 02:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/03/31 20:30:21 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2006/02/15 00:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/01/09 18:34:28 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2006/05/17 21:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2009/01/09 18:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2010/03/31 20:27:53 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/09 02:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/01/16 00:01:35 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/01/16 00:02:40 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/04/29 19:23:55 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/04/18 01:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\Last.fm
[2010/03/31 18:30:23 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/04/17 17:46:25 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/05/20 20:29:58 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/20 02:39:43 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2007/05/14 22:05:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/02/14 23:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2006/02/15 00:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2006/02/15 00:05:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/02/15 00:11:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Trial Wizard
[2010/06/08 02:22:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/02/15 00:05:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/03/12 19:58:18 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/03 01:21:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/05/27 07:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2006/02/14 23:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/06/25 04:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2006/02/14 23:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/14 23:57:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/08/15 20:02:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2006/02/15 00:34:22 | 000,000,000 | ---D | M] -- C:\Program Files\music_now
[2006/02/15 00:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2008/09/20 02:30:03 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/01/09 18:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\oovooToolbar
[2006/08/16 12:29:44 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.0
[2010/05/11 18:17:21 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/06/17 01:33:42 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock
[2009/01/09 18:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\Pluggo
[2009/01/09 18:35:49 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2007/08/18 10:14:13 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2006/02/15 00:36:03 | 000,000,000 | ---D | M] -- C:\Program Files\Quickensetup
[2010/01/16 00:00:36 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/05/27 07:18:35 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/29 22:52:44 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/01/09 18:41:07 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/03/31 22:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2007/12/28 21:24:15 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2006/02/15 00:14:01 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2007/04/29 05:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\Syncrosoft
[2009/05/31 21:41:42 | 000,000,000 | ---D | M] -- C:\Program Files\Total Video Converter
[2007/12/28 20:11:12 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/02/14 23:31:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/08/26 02:13:29 | 000,000,000 | ---D | M] -- C:\Program Files\Universal Extractor
[2007/03/04 04:21:46 | 000,000,000 | ---D | M] -- C:\Program Files\Unrar
[2007/11/23 11:43:24 | 000,000,000 | ---D | M] -- C:\Program Files\VGA USB Camera
[2009/05/06 20:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2007/01/10 16:17:15 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/01/10 21:35:36 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2007/08/18 10:11:17 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2009/08/06 00:32:36 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009/01/09 18:52:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/09/20 02:29:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/20 02:29:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/02/14 23:31:15 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/04/30 06:59:31 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2006/02/14 23:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2004/08/07 01:46:48 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Robert\Application Data\desktop.ini
[2010/03/25 18:54:04 | 000,004,476 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\wklnhst.dat

< MD5 for: AGP440.SYS >
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/20 02:20:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/20 02:20:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/20 02:20:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/20 02:20:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/20 02:20:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/20 02:20:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbstor.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/20 02:20:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/09/20 02:20:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-09 06:17:52
< End of report >

Re: Windows Security Alert: Bankerfox.A threat?17th June 2010, 12:06 pm

And here's the Extra.txt

OTL Extras logfile created on: 6/17/2010 1:30:56 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Robert\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 507.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 84.56 Gb Total Space | 13.11 Gb Free Space | 15.50% Space Free | Partition Type: NTFS
Drive D: | 7.58 Gb Total Space | 0.44 Gb Free Space | 5.74% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1148531195\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1148531195\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink -- File not found
"C:\Program Files\Diablo II\Diablo II.exe" = C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1148531195\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1148531195\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Ruckus Player\Ruckus.exe" = C:\Program Files\Ruckus Player\Ruckus.exe:*:Enabled:Ruckus -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- File not found
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM -- (Last.fm)
"C:\Nexon\MapleStory\MapleStory.exe" = C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory -- File not found
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- File not found
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application -- File not found
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{25B4B52B-3998-4a62-AD83-E990B1338F79}" = PS8000
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}" = OpenOffice.org 2.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

4.2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ED10343F-D30A-4200-9B00-665FC45F52B4}" = ArcSoft VideoImpression 1.6
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Antress Modern Plugins v2.50" = Antress Modern Plugins v2.50
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LastFM_is1" = Last.fm 1.5.4.24567
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.21_is1" = Total Video Converter 3.21 090220
"Universal Extractor_is1" = Universal Extractor 1.5
"VGA USB Camera" = VGA USB Camera
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/16/2010 10:50:29 PM | Computer Name = JAMES | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10a.ocx, version 10.0.12.36, fault address 0x00213522.

Error - 6/16/2010 11:35:03 PM | Computer Name = JAMES | Source = Google Update | ID = 20
Description =

Error - 6/16/2010 11:55:57 PM | Computer Name = JAMES | Source = Google Update | ID = 20
Description =

Error - 6/17/2010 12:01:01 AM | Computer Name = JAMES | Source = Application Error | ID = 1000
Description = Faulting application xbbgbv.exe, version 1.0.0.1, faulting module
orumumokek.dll, version 0.0.0.0, fault address 0x0001f9eb.

Error - 6/17/2010 12:31:16 AM | Computer Name = JAMES | Source = Google Update | ID = 20
Description =

Error - 6/17/2010 12:34:49 AM | Computer Name = JAMES | Source = Application Error | ID = 1000
Description = Faulting application lws.exe, version 12.10.1113.0, faulting module
lws.exe, version 12.10.1113.0, fault address 0x000c4e57.

Error - 6/17/2010 12:39:54 AM | Computer Name = JAMES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 6/17/2010 12:39:54 AM | Computer Name = JAMES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 6/17/2010 1:26:39 AM | Computer Name = JAMES | Source = Application Error | ID = 1000
Description = Faulting application lws.exe, version 12.10.1113.0, faulting module
lws.exe, version 12.10.1113.0, fault address 0x000c4e57.

Error - 6/17/2010 1:27:51 AM | Computer Name = JAMES | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

[ System Events ]
Error - 6/17/2010 12:33:03 AM | Computer Name = JAMES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
$sys$crater

Error - 6/17/2010 12:42:06 AM | Computer Name = JAMES | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/17/2010 12:42:17 AM | Computer Name = JAMES | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 2 time(s).

Error - 6/17/2010 1:25:09 AM | Computer Name = JAMES | Source = Service Control Manager | ID = 7000
Description = The Plug and Play Device Manager service failed to start due to the
following error: %%2

Error - 6/17/2010 1:25:09 AM | Computer Name = JAMES | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 6/17/2010 1:25:11 AM | Computer Name = JAMES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
$sys$crater

Error - 6/17/2010 1:25:11 AM | Computer Name = JAMES | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/17/2010 1:25:11 AM | Computer Name = JAMES | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/17/2010 1:27:53 AM | Computer Name = JAMES | Source = DCOM | ID = 10010
Description = The server {657C7A59-4FEC-4C06-A354-607B1EB184FB} did not register
with DCOM within the required timeout.

Error - 6/17/2010 1:30:06 AM | Computer Name = JAMES | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

Re: Windows Security Alert: Bankerfox.A threat?17th June 2010, 1:31 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

Internet Explorer

Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

Firefox

Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (no name) - {A057A204-BACC-4D26-8087-36EE87E26986} - No CLSID value found.
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Emeyuhiqopuhuhiq] C:\WINDOWS\orumumokek.DLL ()
O4 - HKLM..\Run: [uvlvytsqit] c:\Documents and Settings\Robert\Local Settings\Application Data\dunonq\xbbgbv.exe ()
O4 - HKCU..\Run: [Afixahejozugit] C:\WINDOWS\lsares.DLL (CyberLink Corp.)
O4 - HKCU..\Run: [uvlvytsqit] c:\Documents and Settings\Robert\Local Settings\Application Data\dunonq\xbbgbv.exe ()
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
[2010/06/16 20:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\dunonq
[2010/06/08 17:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\{171BD0B4-F109-4CDA-B606-F0B0F0219E98}
[2010/06/17 01:25:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hvumoxul.bin
[2010/06/16 20:39:31 | 000,001,698 | ---- | M] () -- C:\WINDOWS\Hriqusax.dat
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Windows Security Alert: Bankerfox.A threat?26th June 2010, 9:11 pm

Belahzur,

Thanks for the quick reply!

Here's the log you've requested:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8087-36EE87E26986}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Emeyuhiqopuhuhiq deleted successfully.
C:\WINDOWS\orumumokek.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uvlvytsqit deleted successfully.
c:\Documents and Settings\Robert\Local Settings\Application Data\dunonq\xbbgbv.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Afixahejozugit deleted successfully.
C:\WINDOWS\lsares.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uvlvytsqit deleted successfully.
File c:\Documents and Settings\Robert\Local Settings\Application Data\dunonq\xbbgbv.exe not found.
Starting removal of ActiveX control {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Robert\Local Settings\Application Data\dunonq folder moved successfully.
C:\Documents and Settings\Robert\Local Settings\Application Data\{171BD0B4-F109-4CDA-B606-F0B0F0219E98}\chrome\content folder moved successfully.
C:\Documents and Settings\Robert\Local Settings\Application Data\{171BD0B4-F109-4CDA-B606-F0B0F0219E98}\chrome folder moved successfully.
C:\Documents and Settings\Robert\Local Settings\Application Data\{171BD0B4-F109-4CDA-B606-F0B0F0219E98} folder moved successfully.
C:\WINDOWS\Hvumoxul.bin moved successfully.
C:\WINDOWS\Hriqusax.dat moved successfully.

OTL by OldTimer - Version 3.2.6.0 log created on 06262010_171055

Re: Windows Security Alert: Bankerfox.A threat?27th June 2010, 10:57 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Windows Security Alert: Bankerfox.A threat?7th July 2010, 1:45 pm

Done thanks!

ComboFix 10-07-04.04 - Robert 07/06/2010 1:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.699 [GMT -4:00]
Running from: c:\documents and settings\Robert\Desktop\Combo-Fix.exe
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Robert\Local Settings\Application Data\706991270.dll
c:\windows\xpsp1hfm.log
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_$SYS$DRMSERVER
-------\Legacy_CD_PROXY
-------\Service_$sys$DRMServer
-------\Service_CD_Proxy

((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-06-27 01:29 . 2010-06-27 01:29 -------- d-----w- c:\documents and settings\Robert\Application Data\Facebook
2010-06-26 21:10 . 2010-06-26 21:10 -------- d-----w- C:\_OTL
2010-06-08 21:52 . 2010-06-17 00:42 -------- d-----w- c:\windows\system32\msapps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 06:07 . 2006-08-16 16:31 -------- d-----w- c:\documents and settings\Robert\Application Data\OpenOffice.org2
2010-07-06 06:07 . 2010-04-01 02:01 -------- d-----w- c:\program files\PeerBlock
2010-06-27 01:29 . 2010-06-27 01:29 50354 ----a-w- c:\documents and settings\Robert\Application Data\Facebook\uninstall.exe
2010-06-26 20:14 . 2007-12-31 23:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-16 21:26 . 2010-04-17 21:45 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-15 21:48 . 2010-03-30 02:52 -------- d-----w- c:\documents and settings\Robert\Application Data\Skype
2010-06-15 21:37 . 2010-04-17 21:44 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-06-15 21:36 . 2008-03-23 19:09 -------- d-----w- c:\documents and settings\Robert\Application Data\skypePM
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Robert\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-08 06:22 . 2008-11-04 03:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-23 05:22 . 2010-05-23 05:22 503808 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4834b000-n\msvcp71.dll
2010-05-23 05:22 . 2010-05-23 05:22 499712 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4834b000-n\jmc.dll
2010-05-23 05:22 . 2010-05-23 05:22 348160 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4834b000-n\msvcr71.dll
2010-05-23 05:22 . 2010-05-23 05:22 61440 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-36dc4867-n\decora-sse.dll
2010-05-23 05:22 . 2010-05-23 05:22 12800 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-36dc4867-n\decora-d3d.dll
2010-05-21 00:29 . 2010-03-31 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 04:28 . 2010-05-18 04:28 -------- d-----w- c:\documents and settings\Robert\Application Data\Unity
2010-05-04 17:20 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-03-31 23:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-31 23:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 21:29 . 2010-04-29 23:24 411368 ----a-w- c:\windows\system32\deployJava1.dll
2006-08-16 16:27 . 2006-08-16 16:27 96793015 -c--a-w- c:\program files\OOo_2.0.3_Win32Intel_install.exe
2006-08-11 06:54 . 2006-08-11 06:54 2855080 -c--a-w- c:\program files\aawsepersonal.exe
2008-04-23 21:40 . 2008-04-23 21:40 22 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-08 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-22 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"HostManager"="c:\program files\Common Files\AOL\1148531195\ee\AOLSoftware.exe" [2005-11-03 50792]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

c:\documents and settings\Robert\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-1-25 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1148531195\\ee\\aim6.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1148531195\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [10/6/2004 10:11 AM 10368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 4:17 PM 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [4/29/2007 5:00 AM 33792]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
S1 $sys$crater;$sys$crater;\??\c:\windows\system32\$sys$filesystem\crater.sys --> c:\windows\system32\$sys$filesystem\crater.sys [?]
S2 COMServer;COMServer;"c:\windows\system32\msapps\comsrvr.exe" s --> c:\windows\system32\msapps\comsrvr.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/31/2010 8:30 PM 135664]
S3 o1394bul;o1394bul;\??\c:\docume~1\Robert\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\Robert\LOCALS~1\Temp\o1394bul.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [3/31/2010 10:01 PM 14424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PBFILTER
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 00:30]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 00:30]

2010-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500152745-3418190402-2306375663-1006Core.job
- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 20:10]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500152745-3418190402-2306375663-1006UA.job
- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 20:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:1032
uInternet Settings,ProxyOverride =
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\deqhc1xf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Robert\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Robert\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Robert\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Robert\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-Aim6 - (no file)
HKCU-Run-Afixahejozugit - c:\windows\lsares.dll
HKLM-Run-Emeyuhiqopuhuhiq - c:\windows\orumumokek.dll
Notify-WRNotifier - (no file)
SafeBoot-svcWRSSSDK
AddRemove-IL Download Manager - c:\program files\Image-Line\Downloader\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 02:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2372)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2010-07-06 02:15:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-06 06:15

Pre-Run: 13,814,816,768 bytes free
Post-Run: 13,911,498,752 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 6DC31A58A5C083A0E4C581E45A9EFAF7

Re: Windows Security Alert: Bankerfox.A threat?7th July 2010, 4:19 pm

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
KILLALL:: File:: c:\windows\system32\drivers\$sys$cor.sys Folder:: c:\windows\system32\msapps c:\windows\system32\$sys$filesystem Driver:: $sys$cor $sys$crater COMServer o1394bul DDS:: uInternet Settings,ProxyServer = http=127.0.0.1:1032 uInternet Settings,ProxyOverride =
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Windows Security Alert: Bankerfox.A threat?9th July 2010, 3:13 am

Here ya go!

ComboFix 10-07-07.02 - Robert 07/08/2010 22:51:41.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.592 [GMT -4:00]
Running from: c:\documents and settings\Robert\Desktop\Combo-Fix.exe
Command switches used :: C:\CFScript.txt
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\$sys$cor.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\$sys$filesystem
c:\windows\system32\$sys$filesystem\$sys$parking
c:\windows\system32\$sys$filesystem\DbgHelp.dll
c:\windows\system32\$sys$filesystem\lim.sys
c:\windows\system32\$sys$filesystem\oct.sys
c:\windows\system32\$sys$filesystem\Unicows.dll
c:\windows\system32\drivers\$sys$cor.sys
c:\windows\system32\msapps

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COMSERVER
-------\Legacy_O1394BUL
-------\Service_$sys$cor
-------\Service_$sys$crater
-------\Service_COMServer
-------\Service_o1394bul

((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-06-27 01:29 . 2010-06-27 01:29 -------- d-----w- c:\documents and settings\Robert\Application Data\Facebook
2010-06-26 21:10 . 2010-06-26 21:10 -------- d-----w- C:\_OTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 03:04 . 2010-04-01 02:01 -------- d-----w- c:\program files\PeerBlock
2010-07-09 03:03 . 2006-08-16 16:31 -------- d-----w- c:\documents and settings\Robert\Application Data\OpenOffice.org2
2010-06-27 01:29 . 2010-06-27 01:29 50354 ----a-w- c:\documents and settings\Robert\Application Data\Facebook\uninstall.exe
2010-06-26 20:14 . 2007-12-31 23:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-16 21:26 . 2010-04-17 21:45 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-15 21:48 . 2010-03-30 02:52 -------- d-----w- c:\documents and settings\Robert\Application Data\Skype
2010-06-15 21:37 . 2010-04-17 21:44 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-06-15 21:36 . 2008-03-23 19:09 -------- d-----w- c:\documents and settings\Robert\Application Data\skypePM
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Robert\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-08 06:22 . 2008-11-04 03:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-23 05:22 . 2010-05-23 05:22 503808 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4834b000-n\msvcp71.dll
2010-05-23 05:22 . 2010-05-23 05:22 499712 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4834b000-n\jmc.dll
2010-05-23 05:22 . 2010-05-23 05:22 348160 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4834b000-n\msvcr71.dll
2010-05-23 05:22 . 2010-05-23 05:22 61440 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-36dc4867-n\decora-sse.dll
2010-05-23 05:22 . 2010-05-23 05:22 12800 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-36dc4867-n\decora-d3d.dll
2010-05-21 00:29 . 2010-03-31 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 04:28 . 2010-05-18 04:28 -------- d-----w- c:\documents and settings\Robert\Application Data\Unity
2010-05-04 17:20 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-03-31 23:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-31 23:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 21:29 . 2010-04-29 23:24 411368 ----a-w- c:\windows\system32\deployJava1.dll
2006-08-16 16:27 . 2006-08-16 16:27 96793015 -c--a-w- c:\program files\OOo_2.0.3_Win32Intel_install.exe
2006-08-11 06:54 . 2006-08-11 06:54 2855080 -c--a-w- c:\program files\aawsepersonal.exe
2008-04-23 21:40 . 2008-04-23 21:40 22 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-08 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-22 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"HostManager"="c:\program files\Common Files\AOL\1148531195\ee\AOLSoftware.exe" [2005-11-03 50792]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

c:\documents and settings\Robert\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-1-25 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WRNotifier]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1148531195\\ee\\aim6.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1148531195\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 4:17 PM 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [4/29/2007 5:00 AM 33792]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [3/31/2010 10:01 PM 14424]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/31/2010 8:30 PM 135664]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PBFILTER
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 00:30]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 00:30]

2010-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500152745-3418190402-2306375663-1006Core.job
- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 20:10]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500152745-3418190402-2306375663-1006UA.job
- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 20:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\deqhc1xf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 22:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2010-07-08 23:10:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-09 03:10
ComboFix2.txt 2010-07-06 06:15

Pre-Run: 13,861,339,136 bytes free
Post-Run: 13,855,145,984 bytes free

- - End Of File - - A819C16F1B46C2CD7C9789582F4C6EA2

Re: Windows Security Alert: Bankerfox.A threat?9th July 2010, 5:45 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Windows Security Alert: Bankerfox.A threat?

descriptionWindows Security Alert: Bankerfox.A threat?17th June 2010, 6:06 am

descriptionRe: Windows Security Alert: Bankerfox.A threat?17th June 2010, 12:05 pm

descriptionRe: Windows Security Alert: Bankerfox.A threat?17th June 2010, 12:06 pm

descriptionRe: Windows Security Alert: Bankerfox.A threat?17th June 2010, 1:31 pm

descriptionRe: Windows Security Alert: Bankerfox.A threat?26th June 2010, 9:11 pm

descriptionRe: Windows Security Alert: Bankerfox.A threat?27th June 2010, 10:57 pm

descriptionRe: Windows Security Alert: Bankerfox.A threat?7th July 2010, 1:45 pm

descriptionRe: Windows Security Alert: Bankerfox.A threat?7th July 2010, 4:19 pm

descriptionRe: Windows Security Alert: Bankerfox.A threat?9th July 2010, 3:13 am

descriptionRe: Windows Security Alert: Bankerfox.A threat?9th July 2010, 5:45 pm

descriptionRe: Windows Security Alert: Bankerfox.A threat?