Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

View previous topic View next topic Go down

Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 23rd October 2009, 3:23 pm

Hi,

I have a laptop that is running on vista and 2 days ago, I downloaded a file which I presume was the one that infected my laptop. Ever since I get the pop-ups from antivirus system pro, and it wont let me run almost anything because it says "it's infected" . As well as getting warnings and threats from bankerfox.a and win32/nuqel.e

I read on this forums and tried downloading the "malwarebytes' anti-malware" software but then again after several tries it won't let me run it because it says the file is "infected".
I've read on and then the next step (i think) is to either download the hijack this, or the combofix software and post the log in here. So unless told otherwise my next post my combofix log as soon as I get to my laptop.

Thanks in advance for your help!

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by Dr Jay on 23rd October 2009, 7:21 pm

Please run [You must be registered and logged in to see this link.] online scan.

  • Click Scan now.
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 23rd October 2009, 7:50 pm

Hi,

I got to the Trend micro webpage and I got to launch Housecall, and it started housecall and supposedly started scanning.
So when scanning it shows 3 steps that it has to go through
1) Preparing to scan the computer
2) scanning local computer
3)listing and removing detected malware

the problem is that on step2 a pop-up window shows up that says
"Message from the webpage

An error ocurred while trying to transfer data from the internet! Do you want Tren Micro Housecall to try resending the required files?

OK Cancel"

I keep pressing OK but the window keeps popping up after like 10 seconds. So waht now? DO i keep pressing ok? or something is wrong?

thanks in advance

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by Dr Jay on 23rd October 2009, 7:59 pm

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 23rd October 2009, 8:39 pm

Something weird happened, once I told the Trend micro Housecall program to stay idle, the pop-ups telling me that my computer was threathened by Win32/nuqel.e and bankerfox.a stopped appearing as well as the internet explorer windows telling me to buy the antivirus system pro.

I'm still running the Kaspersky online scanner and I'm going to still post the report when its done, though just to make sure.

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by Dr Jay on 24th October 2009, 12:19 am

Ok Post when Ready


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 24th October 2009, 1:39 am

hi,

I tried several times running the kaspersky scan but it would either get stuck or my laptop would crash. It never got pass 40%completion, like I said the pop-ups of the antivirus system pro are gone, but the laptop is still slow and I still can't run the Malwarebytes anti-malware. What should I do?

thanks

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by Dr Jay on 24th October 2009, 2:20 am

Try this:

Please use Internet Explorer and run a [You must be registered and logged in to see this link.]

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 24th October 2009, 3:31 am

hi,

When i try to run the bitdefender a windows shows up telling me that Internet explorer is not running with administrative privileges so bitdefender wont work properly, and if I tell it to go on anyways the scan fails.

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by Dr Jay on 24th October 2009, 5:29 am

Right-click on Internet Explorer icon and click Run as Administrator, then try again, please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 24th October 2009, 7:28 pm

BitDefender Online Scanner



Scan report generated at: Sat, Oct 24, 2009 - 14:20:57





Scan path: C:\;D:\;







Statistics

Time
02:59:27

Files
362338

Folders
26624

Boot Sectors
0

Archives
5036

Packed Files
19105




Results

Identified Viruses
22

Infected Files
138

Suspect Files
1

Warnings
0

Disinfected
0

Deleted Files
238




Engines Info

Virus Definitions
4452409

Engine build
AVCORE v2.1 Windows/i386 11.0.0.26 (Aug 27 2009)

Scan plugins
17

Archive plugins
44

Unpack plugins
8

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\ProgramData\safevayi\safevayi.dll
Infected with: Trojan.Generic.2591710

C:\ProgramData\safevayi\safevayi.dll
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D4C0000\4FCCCA35.VBN=>(Quarantine-PE)
Infected with: Trojan.Dropper.Peerad.A

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D4C0000\4FCCCA35.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D4C0000\4FCCCA35.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900000\4FDDEB55.VBN=>(Quarantine-PE)
Infected with: Trojan.Dropper.Peerad.A

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900000\4FDDEB55.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900000\4FDDEB55.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DA40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Dropper.Peerad.A

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DA40000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DA40000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E980000.VBN=>(Quarantine-PE)
Infected with: Trojan.Generic.1745884

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E980000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E980000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Trojan.FakeAV.AM

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Infected with: Trojan.Generic.764000

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FF18DAA.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Trojan.FakeAV.AM

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Infected with: Trojan.Generic.764000

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Trojan.FakeAV.AM

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Infected with: Trojan.Generic.764000

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E1D.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Trojan.FakeAV.AM

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Infected with: Trojan.Generic.764000

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E20.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Trojan.FakeAV.AM

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Infected with: Trojan.Generic.764000

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E24.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Trojan.FakeAV.AM

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Infected with: Trojan.Generic.764000

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E27.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Trojan.FakeAV.AM

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0005
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Infected with: Trojan.Generic.764000

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0008
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0014
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)=>lzma_solid_nsis0000
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300001\4FF18E2A.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0019=>(NSIS g)
Update failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F440008\4FC5903A.VBN=>(Quarantine-PE)
Infected with: Trojan.Peed.JRX

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F440008\4FC5903A.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F440008\4FC5903A.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F440009\4FC59055.VBN=>(Quarantine-PE)
Infected with: Trojan.Peed.JSB

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F440009\4FC59055.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F440009\4FC59055.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F440009\4FC59055.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500000.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.VB.mm0@daWRGCoi

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500000.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F540000.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F540000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F540000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F840002.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F840002.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F840002.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00000.VBN=>(Quarantine-PE)
Infected with: Trojan.Generic.2525630

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00001.VBN=>(Quarantine-PE)
Infected with: Trojan.Generic.IS.612488

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00001.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00001.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00002.VBN=>(Quarantine-PE)
Infected with: Trojan.Generic.IS.612488

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00002.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00002.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00004.VBN=>(Quarantine-PE)
Infected with: Trojan.Generic.IS.612488

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00004.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00004.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00000.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00001.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00001.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00001.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00002.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00002.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00002.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00003.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00003.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00003.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00004.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00004.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00004.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00005.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00005.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00005.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00006.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00006.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00006.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FE00000.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FE00000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FE00000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FE40000.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FE40000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FE40000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100000.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100001.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100001.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100001.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100002.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100002.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100002.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100003.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100003.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100003.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11940000.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11940000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11940000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11940001.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11940001.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11940001.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00000.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.bu8@ySVBDZic

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00000.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00001.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.bu8@ySVBDZic

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00001.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00001.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00001.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00002.VBN=>(Quarantine-PE)
Infected with: Worm.Generic.95233

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00002.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00002.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12140000.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12140000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12140000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12140001.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12140001.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12140001.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12140002.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12140002.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12140002.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12140003.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12140003.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12140003.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0000.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0001.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0001.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0001.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0002.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0002.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0002.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0003.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0003.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0003.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0004.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0004.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0004.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0005.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0005.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0005.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0006.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0006.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0006.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0007.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0007.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0007.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0008.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0008.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0008.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0009.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0009.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0009.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000A.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000A.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000A.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000B.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000B.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000B.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000C.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000C.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000C.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000D.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000D.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000D.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000E.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000E.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000E.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000F.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000F.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C000F.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0010.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0010.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0010.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0011.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0011.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0011.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0012.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0012.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0012.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0013.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0013.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0013.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0014.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0014.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0014.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0015.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0015.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0015.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0016.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0016.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0016.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0017.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0017.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0017.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0018.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0018.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0018.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0019.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0019.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0019.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001A.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001A.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001A.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001B.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001B.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001B.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001C.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001C.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001C.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001D.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001D.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001D.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001E.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001E.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001E.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001F.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001F.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C001F.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0020.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0020.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0020.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0021.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0021.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0021.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0022.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0022.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0022.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0023.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0023.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0023.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0024.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0024.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\121C0024.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13E40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Dropper.Peerad.A

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13E40000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13E40000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13E40001.VBN=>(Quarantine-PE)
Infected with: Trojan.Dropper.Peerad.A

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13E40001.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13E40001.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13E40002.VBN=>(Quarantine-PE)
Infected with: Trojan.Dropper.Peerad.A

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13E40002.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13E40002.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13E40003.VBN=>(Quarantine-PE)
Infected with: Trojan.Dropper.Peerad.A

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13E40003.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13E40003.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14840000.VBN=>(Quarantine-PE)
Infected with: Trojan.Generic.1370981

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14840000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14840000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14B40000.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14B40000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14B40000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14B40001.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14B40001.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14B40001.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14B40002.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14B40002.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14B40002.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\158C0000.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\158C0000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\158C0000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\158C0001.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\158C0001.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\158C0001.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15940000.VBN=>(Quarantine-PE)
Infected with: Trojan.FakeAlert.ACU

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15940000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15940000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17A40000.VBN=>(Quarantine-PE)
Infected with: Backdoor.Generic.220839

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17A40000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17A40000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0000.VBN=>(Quarantine-PE)
Infected with: Worm.Generic.95233

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0001.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.bu8@ySVBDZic

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0001.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0001.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0001.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0002.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.bu1@zGoSS1pi

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0002.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0002.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0002.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0003.VBN=>(Quarantine-PE)
Infected with: Backdoor.Generic.220839

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0003.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0003.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0004.VBN=>(Quarantine-PE)
Infected with: Backdoor.Generic.220839

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0004.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0004.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0005.VBN=>(Quarantine-PE)
Detected with: Application.Generic.248984

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0005.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0005.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0005.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0006.VBN=>(Quarantine-PE)
Infected with: Worm.Generic.95233

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0006.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17AC0006.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17B80000.VBN=>(Quarantine-PE)
Detected with: Application.Tool.3394

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17B80000.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17B80000.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17B80000.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400000\5EE25721.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.bu8@ySVBDZic

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400000\5EE25721.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400000\5EE25721.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400000\5EE25721.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400000\5EE259F2.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.bu8@ySVBDZic

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400000\5EE259F2.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400000\5EE259F2.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400000\5EE259F2.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400000\5EE259F3.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.bu8@ySVBDZic

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400000\5EE259F3.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400000\5EE259F3.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400000\5EE259F3.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400001\5EE25AF7.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.bu8@ySVBDZic

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400001\5EE25AF7.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400001\5EE25AF7.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400001\5EE25AF7.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400002\5EE25E16.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.bu8@ySVBDZic

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400002\5EE25E16.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400002\5EE25E16.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400002\5EE25E16.VBN
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400002\5EE25F7E.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.bu8@ySVBDZic

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400002\5EE25F7E.VBN=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400002\5EE25F7E.VBN=>(Quarantine-PE)
Deleted

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E400002\5EE25F7E.VBN
Deleted

C:\Users\Chris\AppData\Local\Temp\Acr9F0C.tmp=>(JAVASCRIPT)
Suspected of: Exploit.PDF-JS.Gen

C:\Users\Chris\AppData\Local\Temp\Acr9F0C.tmp=>(JAVASCRIPT)
Disinfection failed

C:\Users\Chris\AppData\Local\Temp\Acr9F0C.tmp=>(JAVASCRIPT)
Deleted

C:\Users\Chris\AppData\Local\Temp\Acr9F0C.tmp
Update failed

C:\Users\Chris\AppData\Local\Temp\MPSampleSubmit\umspnsau.dll.xor=>(Quarantine-PE)
Infected with: Trojan.Generic.2590460

C:\Users\Chris\AppData\Local\Temp\MPSampleSubmit\umspnsau.dll.xor=>(Quarantine-PE)
Deleted

C:\Users\Chris\AppData\Local\Temp\MPSampleSubmit\umspnsau.dll.xor
Deleted

C:\Users\Chris\AppData\Local\Temp\uacf2f6.tmp
Infected with: Gen:Trojan.Heur.wvW@vj8oOPdkx

C:\Users\Chris\AppData\Local\Temp\uacf2f6.tmp
Disinfection failed

C:\Users\Chris\AppData\Local\Temp\uacf2f6.tmp
Deleted

C:\Users\Chris\AppData\Local\Temp\wscsvc32.exe
Infected with: Gen:Trojan.Heur.1u0@vDtMG!jkx

C:\Users\Chris\AppData\Local\Temp\wscsvc32.exe
Disinfection failed

C:\Users\Chris\AppData\Local\Temp\wscsvc32.exe
Deleted

C:\Windows\Temp\TMP0000007A69BCAC340E084202
Infected with: Trojan.Generic.2590460

C:\Windows\Temp\TMP0000007A69BCAC340E084202
Deleted

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by Dr Jay on 24th October 2009, 9:33 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 24th October 2009, 9:52 pm

Malwarebytes' Anti-Malware 1.41
Database version: 3027
Windows 6.0.6002 Service Pack 2

10/24/2009 4:17:10 PM
mbam-log-2009-10-24 (16-17-01).txt

Scan type: Quick Scan
Objects scanned: 102860
Time elapsed: 10 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 7
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2234b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Ertfor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Active Security (Rogue.ActiveSecurity) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\CoreGuard (Rogue.CoreguardAV) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a2234b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Ertfor) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yjafosi8kdf98winmdkmnkmfnwe (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\bitanazo.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\fadonovi.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\gedekuye.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\jokilake.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\kezehide.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\kusudewi.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\madujeri.exe (Rogue.SecurityTool) -> No action taken.
C:\Windows\System32\melidawa.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\nelonezi.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\nudegoya.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\rivesogo.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\pewofesa.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\vipuliji.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\vohetufa.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\wizunipo.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\zisilore.dll (Trojan.Vundo) -> No action taken.
C:\Users\Chris\AppData\Local\Temp\uacbe01.tmp (Trojan.FakeAlert) -> No action taken.
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.
C:\Windows\System32\ruyutego.dll (Trojan.Vundo) -> No action taken.
C:\Users\Chris\AppData\Local\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\Users\Chris\AppData\Local\Temp\c.exe (Trojan.Downloader) -> No action taken.
C:\Users\Chris\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> No action taken.

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by Dr Jay on 24th October 2009, 9:56 pm

Hi

Please take action on those items by clicking Remove Selected.

Please download ComboFix from [You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 24th October 2009, 11:05 pm

Hi,

I was able to install Combofix as commy.exe on my desktop. However when i did the start->Run "%userprofile%\desktop\commy.exe" /stepdel

It showed combofix being loaded but then once it finished loading I got several pop-up warnings saying
"C:\ProgramData\ladowozi.dll is either not designed to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."

and then i press ok but the same window pop-up again for several times until it stops poppin up but combofix never runs.

NVM I got combofix to run, i'll post the txt files in a moment


Last edited by jcs829 on 24th October 2009, 11:40 pm; edited 1 time in total (Reason for editing : got the program to run)

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 24th October 2009, 11:52 pm

ComboFix 09-10-24.01 - Chris 10/24/2009 18:10.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.797 [GMT -5:00]
Running from: c:\users\Chris\Desktop\commy.exe
Command switches used :: /stepdel
AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3325274441-2933238227-355094248-500
c:\$recycle.bin\S-1-5-21-3325274441-2933238227-355094248-500\desktop.ini
c:\programdata\ntuser.dat{e5811f88-c762-11db-a035-00a0d1df235d}.TMContainer00000000000000000001.regtrans-ms
c:\programdata\ntuser.dat{e5811f98-c762-11db-a035-00a0d1df235d}.TMContainer00000000000000000001.regtrans-ms

.
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-24 23:23 . 2009-10-24 23:29 -------- d-----w- c:\users\Chris\AppData\Local\temp
2009-10-24 23:23 . 2009-10-24 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-24 22:31 . 2009-10-24 22:33 -------- d-----w- C:\commy
2009-10-24 03:09 . 2009-10-24 19:21 -------- d-----w- c:\windows\BDOSCAN8
2009-10-24 01:18 . 2009-10-24 01:18 -------- d-----w- c:\programdata\WindowsSearch
2009-10-23 22:36 . 2009-10-23 22:36 -------- d-----w- c:\windows\Sun
2009-10-23 19:36 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-23 05:06 . 2009-10-23 05:06 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-23 04:31 . 2009-10-23 04:31 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2009-10-23 04:15 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 04:15 . 2009-10-24 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 04:15 . 2009-10-23 04:15 -------- d-----w- c:\programdata\Malwarebytes
2009-10-23 04:15 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 23:16 . 2009-10-22 23:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-10-22 03:58 . 2009-10-22 03:58 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2009-10-22 01:27 . 2009-10-23 03:45 -------- d-----w- c:\programdata\puleluro
2009-10-22 01:27 . 2009-10-24 17:26 -------- d-----w- c:\programdata\safevayi
2009-10-22 01:27 . 2009-10-23 19:17 -------- d-----w- c:\programdata\simipari
2009-10-22 01:27 . 2009-10-23 03:45 -------- d-----w- c:\programdata\sufohuwe
2009-10-22 01:20 . 2009-10-24 04:32 -------- d-----w- c:\programdata\somotiye
2009-10-22 01:20 . 2009-10-24 02:58 -------- d-----w- c:\programdata\miriniwi
2009-10-22 01:20 . 2009-10-22 01:20 -------- d-----w- c:\programdata\ladowozi
2009-10-19 23:38 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-19 23:37 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-19 23:37 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-19 23:37 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-19 23:36 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-19 23:36 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-19 23:36 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-19 23:35 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-19 23:35 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-16 20:17 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 20:17 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 20:17 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 20:17 . 2009-08-27 05:22 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-16 20:15 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 20:15 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 20:15 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-04 16:15 . 2009-10-04 16:15 127872 ----a-w- c:\users\Chris\AppData\Roaming\Move Networks\uninstall.exe
2009-10-04 16:15 . 2009-10-04 16:15 -------- d-----w- c:\users\Chris\AppData\Roaming\Move Networks
2009-10-02 19:22 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 21:14 . 2009-09-29 21:14 -------- d-----w- c:\programdata\SiteAdvisor
2009-09-27 21:47 . 2006-03-03 13:07 143360 ----a-w- c:\windows\system32\dunzip32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 19:35 . 2007-02-28 20:29 -------- d-----w- c:\program files\McAfee
2009-10-22 03:58 . 2009-07-15 02:08 -------- d-----w- c:\users\Chris\AppData\Roaming\uTorrent
2009-10-19 03:43 . 2009-07-27 03:05 -------- d-----w- c:\users\Chris\AppData\Roaming\Skype
2009-10-19 03:27 . 2009-07-27 03:12 -------- d-----w- c:\users\Chris\AppData\Roaming\skypePM
2009-10-17 06:12 . 2007-03-20 21:14 -------- d-----w- c:\programdata\Microsoft Help
2009-10-17 06:08 . 2007-03-20 21:09 -------- d-----w- c:\program files\Microsoft Works
2009-10-05 20:11 . 2007-02-28 20:29 -------- d-----w- c:\programdata\McAfee
2009-10-04 16:15 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Chris\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-10-02 01:35 . 2009-06-24 01:52 -------- d-----w- c:\program files\Microsoft
2009-09-28 01:09 . 2007-02-28 20:29 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-22 00:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-22 00:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-16 15:22 . 2007-02-28 20:29 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2007-02-28 20:29 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2007-02-28 20:29 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2007-02-28 20:29 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-16 01:32 . 2009-09-16 01:32 -------- d-----w- c:\program files\MATLAB
2009-09-10 04:44 . 2009-06-25 04:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-27 05:17 . 2009-10-16 20:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-16 20:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-16 20:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 02:25 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 02:25 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 02:25 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 02:25 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 02:25 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 02:25 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 02:25 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 02:25 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 02:25 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 02:25 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 02:25 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-30 14:38 . 2009-08-16 01:25 5173960 ----a-w- c:\windows\BAA Screensaver.scr
2009-07-27 03:12 . 2009-07-27 03:12 56 ---ha-w- c:\programdata\ezsidmv.dat
2004-03-15 23:51 . 2004-03-15 23:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 16:32 . 2006-01-23 16:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 16:48 . 2007-02-08 16:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-25 01:03 . 2007-07-25 01:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2009-07-23 19:18 . 2009-07-23 19:18 16384 --sha-w- c:\windows\System32\buhedina.exe
2009-07-22 23:10 . 2009-07-22 23:10 16384 --sha-w- c:\windows\System32\davozido.exe
2009-07-24 00:19 . 2009-07-24 00:19 69632 --sha-w- c:\windows\System32\vukolosu.exe
2009-07-23 20:18 . 2009-07-23 20:18 75776 --sha-w- c:\windows\System32\wimoroka.exe
2009-07-23 23:18 . 2009-07-23 23:18 81920 --sha-w- c:\windows\System32\wogutopa.exe
2009-07-23 20:18 . 2009-07-23 20:18 32768 --sha-w- c:\windows\System32\zarajubo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-28 220160]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-05 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Citi Virtual Account Numbers"="c:\progra~1\VIRTUA~1\CitiVAN.exe" [2007-12-07 270336]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-07 4374528]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2007-9-9 488728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):13,16,9e,46,1c,3b,ca,01

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [7/10/2007 9:08 PM 15448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2009 3:17 PM 210216]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\System32\drivers\NiViPxiKl.sys [7/19/2007 12:56 PM 11360]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/16/2009 8:04 PM 102448]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2/28/2007 3:00 PM 7168]
S3 nidimk;nidimk;c:\windows\System32\drivers\nidimkl.sys [7/12/2007 7:18 PM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\System32\drivers\nipalfwedl.sys [7/18/2007 10:11 PM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\System32\drivers\nipalusbedl.sys [7/18/2007 10:12 PM 11896]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\System32\drivers\NiViFWKl.sys [7/19/2007 12:48 PM 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\System32\drivers\NiViPciKl.sys [7/19/2007 12:56 PM 11360]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/28/2006 6:34 AM 122008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]

2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]

2009-10-24 c:\windows\Tasks\User_Feed_Synchronization-{D7724767-7F5C-499C-B4D0-65A7A70C97B9}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-lphcj4jj0e92o - c:\windows\system32\lphcj4jj0e92o.exe
HKCU-Run-dukogutel - c:\progra~2\simipari\simipari.dll
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
SharedTaskScheduler-{beeee39e-a28e-43b5-9408-ebb8ee69cf2c} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-24 18:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(172)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\commy29219c\CF30835.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\commy29219c\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-24 18:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-24 23:39

Pre-Run: 63,233,265,664 bytes free
Post-Run: 65,183,571,968 bytes free

- - End Of File - - 9AC10F27839C2D82B6F44000C6CDC8F7

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 24th October 2009, 11:53 pm

µTorrent
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BAA Screensaver
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Bluetooth Stack for Windows by Toshiba
Bonjour
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
Desktop Dialer
DivX Codec
DivX Player
DivX Web Player
DVD MovieFactory for TOSHIBA
GOM Player
Google Desktop
Google Toolbar for Internet Explorer
GRE POWERPREP
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InfraRecorder
Intel(R) Graphics Media Accelerator Driver
Internet Offers
iPod for Windows 2005-11-17
iTunes
IVI Shared Component
IVI Shared Components
Java(TM) SE Runtime Environment 6
JEOPARDY
JMP 6
Junk Mail filter update
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Mathcad 8 Explorer
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Move Media Player
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
National Instruments Software
NI-DAQmx - LabVIEW shared documentation
NI-DIM 1.7.0f0
NI-IVI Provider for MAX
NI-ORB 1.7.0f0
NI-PAL 2.1.0f1
NI-RPC 3.4.0f1
NI-RPC 3.4.0f1 for Phar Lap ETS
NI-VISA Runtime 4.2
NI AFW Channel Configuration Tool
NI Assistant Framework
NI Assistant Framework LabVIEW Code Generator 6.1
NI Assistant Framework LabVIEW Code Generator 7.0
NI Assistant Framework LabVIEW Code Generator 7.1
NI Assistant Framework LabVIEW Code Generator 8.0
NI Assistant Framework LabVIEW Code Generator 8.2
NI Assistant Framework LabVIEW Code Generator 8.5
NI Certificates Deployment Support
NI Circuit Design Suite 10 Core
NI Circuit Design Suite 10 Educational
NI Circuit Design Suite Support and Upgrade Utility
NI Control Design Mathscript VIs
NI Control Design Shared VIs
NI DataSocket 4.5.0
NI DN 2.0 installer
NI EULA Depot
NI Example Finder 8.5
NI Help Assistant
NI Instrument IO Assistant for LabVIEW 8.5
NI IVI Class Driver LabVIEW 8.5 Support
NI IVI Class Drivers
NI IVI Class Simulation Drivers
NI IVI Compliance Package 3.1
NI IVI Engine
NI IVI Online Help
NI LabVIEW 8.5
NI LabVIEW 8.5 Applibs
NI LabVIEW 8.5 CINtools
NI LabVIEW 8.5 Control Design and Simulation Module - Control Design Support
NI LabVIEW 8.5 Control Design and Simulation Module - Simulation Support
NI LabVIEW 8.5 Device Detection and Deployment Support
NI LabVIEW 8.5 Examples
NI LabVIEW 8.5 gMath
NI LabVIEW 8.5 Help
NI LabVIEW 8.5 Help File
NI LabVIEW 8.5 iMath
NI LabVIEW 8.5 Instr.lib
NI LabVIEW 8.5 License
NI LabVIEW 8.5 Manuals
NI LabVIEW 8.5 MeasAppChm File
NI LabVIEW 8.5 Menus
NI LabVIEW 8.5 Project
NI LabVIEW 8.5 Resource
NI LabVIEW 8.5 Simulation
NI LabVIEW 8.5 Templates
NI LabVIEW 8.5 User.lib
NI LabVIEW 8.5 VI.lib
NI LabVIEW 8.5 WWW
NI LabVIEW Analog Modulation Toolkit 4.0
NI LabVIEW Broker
NI LabVIEW C Interface
NI LabVIEW Deployable License 8.5.0
NI LabVIEW Digital Filter Design Toolkit 8.2.1
NI LabVIEW MAX XML
NI LabVIEW Merge Utility 8.5.0
NI LabVIEW Modulation Toolkit 4.0
NI LabVIEW Real-Time Error Dialog
NI LabVIEW Real-Time FIFO for Runtime
NI LabVIEW Run-Time Engine 7.1.1
NI LabVIEW Run-Time Engine 8.0.1
NI LabVIEW Run-Time Engine 8.2.1
NI LabVIEW Run-Time Engine 8.5
NI LabVIEW SignalExpress 2.5
NI LabVIEW SignalExpress 2.5 Core
NI LabVIEW SignalExpress 2.5 Core LabVIEW Support
NI LabVIEW SignalExpress 2.5 Datatypes
NI LabVIEW SignalExpress 2.5 LabVIEW Support
NI LabVIEW SignalExpress 2.5 Licenses
NI LabVIEW SignalExpress 2.5 Steps
NI LabVIEW SignalExpress 2.5 Tools
NI LabVIEW SimControl Shared Help Files
NI LabVIEW Simulation Module Converter
NI LabVIEW Simulation Module Optimization
NI LabVIEW Simulation Module Shared Files
NI LabVIEW System Identification 3.0 Assistant
NI LabVIEW System Identification 3.0 Toolkit VIs
NI LabVIEW System Identification Toolkit 3.0.1
NI LabWindows/CVI 8.1.1 Run-Time Engine
NI LabWindows/CVI Code Generator
NI License Manager
NI Logos 4.9
NI Logos LabVIEW 8.5 Support
NI Logos XT Support
NI LVBrokerAux 8.2.1
NI LVBrokerAux 8.5.0
NI LVBrokerAux71
NI LVBrokerAux8.0
NI Math Kernel Libraries
NI MAX LabVIEW Support
NI MDF Support
NI Measurement & Automation Explorer 4.3
NI Measurement Studio 8.1 Enterprise RunTime for VS2005
NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
NI Measurement Studio Recipe Processor
NI MXS
NI OPC Support
NI Portable Configuration
NI Registration Wizard
NI Remote Provider for MAX
NI Remote PXI Provider for MAX
NI Service Locator
NI Session Manager 3.5
NI Software Provider for MAX
NI Sound and Vibration Frequency Analysis 5.0
NI System Identification Assistant LabVIEW Support
NI TDMS
NI Uninstaller
NI USI 1.5.0
NI Variable Engine
NI Variable Engine LabVIEW 8.5 Support
NI Variable Manager
NI VC2005MSMs x86
NI Web Pipeline
Penguins!
Polar Bowler
Polar Golfer
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody Player Engine
RoboWorks Demo 3.0
SCRABBLE
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Encoder (KB954156)
Skype web features
Skype™ 4.1
SolidWorks 2008 SP0
Symantec AntiVirus
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (KB974810)
Virtual Account Numbers
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
WinDVD for TOSHIBA
WinRAR archiver
World of Warcraft

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by Belahzur on 26th October 2009, 12:24 am

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight µTorrent and Java(TM) SE Runtime Environment 6
  • Click on the Uninstall/Change button at the top.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\programdata\puleluro
    c:\programdata\safevayi
    c:\programdata\simipari
    c:\programdata\sufohuwe
    c:\programdata\somotiye
    c:\programdata\miriniwi
    c:\programdata\ladowozi

    File::
    c:\windows\System32\buhedina.exe
    c:\windows\System32\davozido.exe
    c:\windows\System32\vukolosu.exe
    c:\windows\System32\wimoroka.exe
    c:\windows\System32\wogutopa.exe
    c:\windows\System32\zarajubo.dll

    DDS::
    uStart Page = about:blank

    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 26th October 2009, 2:17 am

ComboFix 09-10-25.02 - Chris 10/25/2009 20:47.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.795 [GMT -5:00]
Running from: c:\users\Chris\Desktop\commy.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"c:\windows\System32\buhedina.exe"
"c:\windows\System32\davozido.exe"
"c:\windows\System32\vukolosu.exe"
"c:\windows\System32\wimoroka.exe"
"c:\windows\System32\wogutopa.exe"
"c:\windows\System32\zarajubo.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\ladowozi
c:\programdata\ladowozi\ladowozi.dll
c:\programdata\miriniwi
c:\programdata\puleluro
c:\programdata\safevayi
c:\programdata\simipari
c:\programdata\somotiye
c:\programdata\sufohuwe
c:\windows\System32\buhedina.exe
c:\windows\System32\davozido.exe
c:\windows\System32\vukolosu.exe
c:\windows\System32\wimoroka.exe
c:\windows\System32\wogutopa.exe
c:\windows\System32\zarajubo.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-26 02:03 . 2009-10-26 02:05 -------- d-----w- c:\users\Chris\AppData\Local\temp
2009-10-26 02:03 . 2009-10-26 02:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-26 02:03 . 2009-10-26 02:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-24 22:31 . 2009-10-24 22:33 -------- d-----w- C:\commy
2009-10-24 03:09 . 2009-10-24 19:21 -------- d-----w- c:\windows\BDOSCAN8
2009-10-24 01:18 . 2009-10-24 01:18 -------- d-----w- c:\programdata\WindowsSearch
2009-10-23 22:36 . 2009-10-23 22:36 -------- d-----w- c:\windows\Sun
2009-10-23 19:36 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-23 05:06 . 2009-10-23 05:06 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-23 04:31 . 2009-10-23 04:31 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2009-10-23 04:15 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 04:15 . 2009-10-24 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 04:15 . 2009-10-23 04:15 -------- d-----w- c:\programdata\Malwarebytes
2009-10-23 04:15 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 23:16 . 2009-10-22 23:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-10-22 03:58 . 2009-10-22 03:58 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2009-10-19 23:38 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-19 23:37 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-19 23:37 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-19 23:37 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-19 23:36 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-19 23:36 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-19 23:36 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-19 23:35 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-19 23:35 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-16 20:17 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 20:17 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 20:17 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 20:17 . 2009-08-27 05:22 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-16 20:15 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 20:15 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 20:15 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-04 16:15 . 2009-10-04 16:15 127872 ----a-w- c:\users\Chris\AppData\Roaming\Move Networks\uninstall.exe
2009-10-04 16:15 . 2009-10-04 16:15 -------- d-----w- c:\users\Chris\AppData\Roaming\Move Networks
2009-10-02 19:22 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 21:14 . 2009-09-29 21:14 -------- d-----w- c:\programdata\SiteAdvisor
2009-09-27 21:47 . 2006-03-03 13:07 143360 ----a-w- c:\windows\system32\dunzip32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 01:30 . 2009-07-15 02:08 -------- d-----w- c:\users\Chris\AppData\Roaming\uTorrent
2009-10-23 19:35 . 2007-02-28 20:29 -------- d-----w- c:\program files\McAfee
2009-10-19 03:43 . 2009-07-27 03:05 -------- d-----w- c:\users\Chris\AppData\Roaming\Skype
2009-10-19 03:27 . 2009-07-27 03:12 -------- d-----w- c:\users\Chris\AppData\Roaming\skypePM
2009-10-17 06:12 . 2007-03-20 21:14 -------- d-----w- c:\programdata\Microsoft Help
2009-10-17 06:08 . 2007-03-20 21:09 -------- d-----w- c:\program files\Microsoft Works
2009-10-05 20:11 . 2007-02-28 20:29 -------- d-----w- c:\programdata\McAfee
2009-10-04 16:15 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Chris\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-10-02 01:35 . 2009-06-24 01:52 -------- d-----w- c:\program files\Microsoft
2009-09-28 01:09 . 2007-02-28 20:29 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-22 00:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-22 00:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-16 15:22 . 2007-02-28 20:29 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2007-02-28 20:29 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2007-02-28 20:29 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2007-02-28 20:29 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-16 01:32 . 2009-09-16 01:32 -------- d-----w- c:\program files\MATLAB
2009-09-10 04:44 . 2009-06-25 04:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-27 05:17 . 2009-10-16 20:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-16 20:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-16 20:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 02:25 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 02:25 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 02:25 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 02:25 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 02:25 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 02:25 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 02:25 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 02:25 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 02:25 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 02:25 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 02:25 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-30 14:38 . 2009-08-16 01:25 5173960 ----a-w- c:\windows\BAA Screensaver.scr
2004-03-15 23:51 . 2004-03-15 23:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 16:32 . 2006-01-23 16:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 16:48 . 2007-02-08 16:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-25 01:03 . 2007-07-25 01:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2007-02-28 20:52 . 2009-10-24 22:44 85102 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-02-28 20:52 . 2009-10-25 16:27 85102 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-10-24 23:30 70052 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-26 01:36 70052 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-06-25 05:08 . 2009-10-24 23:30 20054 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3325274441-2933238227-355094248-1000_UserData.bin
+ 2007-06-25 05:08 . 2009-10-26 01:36 20054 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3325274441-2933238227-355094248-1000_UserData.bin
- 2007-03-20 20:42 . 2009-10-24 23:29 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-03-20 20:42 . 2009-10-26 02:05 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-03-20 20:42 . 2009-10-24 23:29 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-03-20 20:42 . 2009-10-26 02:05 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-26 01:37 . 2009-10-26 01:37 6130 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\EB5AF50E0B263C13B3D628ADA3AC42B02C51003D\EB5AF50E0B263C13B3D628ADA3AC42B02C51003D\Data.dat
- 2009-10-24 22:25 . 2009-10-24 22:25 4962 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B7B77EFB009E907FCA5AED9F5CD78AF3EC2558D6\B7B77EFB009E907FCA5AED9F5CD78AF3EC2558D6\Data.dat
+ 2009-10-26 01:05 . 2009-10-26 01:05 4962 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B7B77EFB009E907FCA5AED9F5CD78AF3EC2558D6\B7B77EFB009E907FCA5AED9F5CD78AF3EC2558D6\Data.dat
+ 2009-10-26 01:12 . 2009-10-26 01:12 5756 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\41F1CD21CD05A267CEDD8C0E1104AD4C595D6FA2\41F1CD21CD05A267CEDD8C0E1104AD4C595D6FA2\Data.dat
- 2009-10-24 21:50 . 2009-10-24 21:50 5756 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\41F1CD21CD05A267CEDD8C0E1104AD4C595D6FA2\41F1CD21CD05A267CEDD8C0E1104AD4C595D6FA2\Data.dat
- 2009-10-24 22:00 . 2009-10-24 22:00 5988 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
+ 2009-10-26 01:39 . 2009-10-26 01:39 5988 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
+ 2009-10-26 01:05 . 2009-10-26 01:05 6158 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\217C5A9988F137C191AB2A26D7B4807D49DFC2EC\217C5A9988F137C191AB2A26D7B4807D49DFC2EC\Data.dat
+ 2009-10-26 01:37 . 2009-10-26 01:37 5866 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\0FAD3B8C5C374914520A72A77FB0B694C13391B5\0FAD3B8C5C374914520A72A77FB0B694C13391B5\Data.dat
+ 2009-10-25 16:25 . 2009-10-26 01:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-24 23:28 . 2009-10-24 23:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-24 23:28 . 2009-10-24 23:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-25 16:25 . 2009-10-26 01:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2007-03-20 20:42 . 2009-10-24 23:29 311296 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-20 20:42 . 2009-10-26 02:05 311296 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-30 06:04 . 2009-10-25 06:04 2268008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-03-30 06:04 . 2009-10-24 23:26 2268008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-28 220160]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-05 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Citi Virtual Account Numbers"="c:\progra~1\VIRTUA~1\CitiVAN.exe" [2007-12-07 270336]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-07 4374528]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2007-9-9 488728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):13,16,9e,46,1c,3b,ca,01

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [7/10/2007 9:08 PM 15448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2009 3:17 PM 210216]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\System32\drivers\NiViPxiKl.sys [7/19/2007 12:56 PM 11360]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/16/2009 8:04 PM 102448]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2/28/2007 3:00 PM 7168]
S3 nidimk;nidimk;c:\windows\System32\drivers\nidimkl.sys [7/12/2007 7:18 PM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\System32\drivers\nipalfwedl.sys [7/18/2007 10:11 PM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\System32\drivers\nipalusbedl.sys [7/18/2007 10:12 PM 11896]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\System32\drivers\NiViFWKl.sys [7/19/2007 12:48 PM 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\System32\drivers\NiViPciKl.sys [7/19/2007 12:56 PM 11360]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/28/2006 6:34 AM 122008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]

2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]

2009-10-25 c:\windows\Tasks\User_Feed_Synchronization-{D7724767-7F5C-499C-B4D0-65A7A70C97B9}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-25 21:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2009-10-26 21:09
ComboFix-quarantined-files.txt 2009-10-26 02:08
ComboFix2.txt 2009-10-24 23:40

Pre-Run: 63,628,644,352 bytes free
Post-Run: 63,607,091,200 bytes free

- - End Of File - - 4A429E1F218831BA2FA08E6FC6DB4D68

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 27th October 2009, 5:39 pm

Bump...

or does that mean my computer is clean now?

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 29th October 2009, 3:34 pm

hello?

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by Belahzur on 29th October 2009, 5:44 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by jcs829 on 30th October 2009, 1:05 am

It's running good and haven't had any sign of viruses. DO you think it's good now? Any more suggestions/comments?

jcs829
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-10-23
OS OS : vista
Points Points : 26114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

Post by Belahzur on 30th October 2009, 1:27 am

Yes, this looks fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum