win32/nuqel and Bankerfox.A infection HELP

View previous topic View next topic Go down

win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 25th October 2009, 7:09 pm

I have run Hijackthis with the following log.
Can you tell me what to FixCheck please
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:28 PM, on 10/25/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\swaemd\pqwysysguard.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\EndItAll\enditall.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\UF2JIP6V\HJTInstall[1].exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O1 - Hosts: ::1 localhost
O1 - Hosts: [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
O4 - HKLM\..\Run: [system tool] C:\Program Files\swaemd\pqwysysguard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\system32\BMUpdate.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [system tool] C:\Program Files\swaemd\pqwysysguard.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10464 bytes

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 25th October 2009, 8:14 pm

Is there no help to remove this virus out there??

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 25th October 2009, 11:33 pm

Does nobody know how to remove this virus ??

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by Belahzur on 26th October 2009, 12:18 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: ::1 localhost
    O1 - Hosts: [You must be registered and logged in to see this link.]
    O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
    O4 - HKLM\..\Run: [system tool] C:\Program Files\swaemd\pqwysysguard.exe
    O4 - HKCU\..\Run: [system tool] C:\Program Files\swaemd\pqwysysguard.exe



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 26th October 2009, 1:02 am

OK..........running it now...thanks

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 26th October 2009, 1:24 am

so far so good...

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 26th October 2009, 1:35 am

Here is the log....

Malwarebytes' Anti-Malware 1.41
Database version: 3033
Windows 5.1.2600 Service Pack 3

10/25/09 9:34:28 PM
mbam-log-2009-10-25 (21-34-28).txt

Scan type: Quick Scan
Objects scanned: 114105
Time elapsed: 15 minute(s), 8 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
C:\Program Files\AdvancedVirusRemover\PAVRM.exe (Rogue.Installer) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c277b942-1f68-486b-8f95-6e486a13f148} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c277b942-1f68-486b-8f95-6e486a13f148} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c277b942-1f68-486b-8f95-6e486a13f148} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advanced virus remover (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AdvancedVirusRemover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\AdvancedVirusRemover\PAVRM.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\ldvx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winhelper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ellen\Desktop\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ellen\Start Menu\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 26th October 2009, 1:48 am

Looks like the virus is gone....thanks...but the system is running very slow. Should I run another scan?

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by Belahzur on 26th October 2009, 6:10 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 26th October 2009, 6:41 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/08/06 4:44:56 PM
System Uptime: 10/26/09 2:13:10 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | TUSL2
Processor: Intel Pentium III processor | PGA 370 | 1005/133mhz

==== Disk Partitions =========================

A: is Removable
C: is fȋxed (NTFS) - 38 GiB total, 19.774 GiB free.
D: is fȋxed (NTFS) - 38 GiB total, 24.536 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/26/09 11:29:51 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS
Adobe InDesign CS
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Type Manager Deluxe 4.1
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
Avery DesignPro
Bonjour
Business Contact Manager for Outlook 2003
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Diskeeper Professional Edition
DVD Suite
EndItAll 2.0
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
J2SE Runtime Environment 5.0 Update 6
LG ODD Auto Firmware Update
LiveUpdate 2.6 (Symantec Corporation)
LogMeIn
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MYOB Accounting Plus V11
Nero 6 Ultra Edition
NetMeter 1.1.3
OneTouch Version 3.0
PaperPort 7.02
Physio Logic BP Manager
PowerDVD
PowerProducer
QuarkXPress 4.0
QuickBooks Pro Edition 2007
QuickTime
Readiris Pro 9
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 4.0
Spyware Doctor 6.1
Symantec AntiVirus
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebEx
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Service Pack 3
WinRAR archiver
WinZip

==== Event Viewer Messages From Past Week ========

10/26/09 2:22:01 PM, error: SAVRT [20] - Unable to initialize the virus scanning engine database files.
10/25/09 7:30:40 PM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] Scan ID: {07E93AA2-60A7-4A78-8BC7-387E679ACC5A} User: ELLEN\Ellen Name: Trojan:Win32/FakeSpypro ID: 136370 Severity: High Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
10/25/09 6:48:08 PM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] Scan ID: {5DB51372-9ED2-402E-83E0-89A4CAA94D86} User: ELLEN\Ellen Name: Trojan:Win32/FakeSpypro ID: 136370 Severity: High Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
10/25/09 5:00:42 PM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] Scan ID: {2E92CA7E-414C-4ADB-8FB7-4281ACE1CA2C} User: ELLEN\Ellen Name: Trojan:Win32/FakeSpypro ID: 136370 Severity: High Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
10/25/09 4:44:56 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
10/25/09 4:44:56 PM, error: Service Control Manager [7034] - The MSSQL$MICROSOFTBCM service terminated unexpectedly. It has done this 1 time(s).
10/25/09 4:44:56 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/25/09 4:44:53 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/25/09 4:44:32 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
10/25/09 4:44:32 PM, error: Service Control Manager [7031] - The Symantec AntiVirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/25/09 4:44:09 PM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
10/25/09 4:43:50 PM, error: Service Control Manager [7034] - The Symantec AntiVirus Definition Watcher service terminated unexpectedly. It has done this 1 time(s).
10/25/09 4:43:48 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s).
10/25/09 4:43:45 PM, error: Service Control Manager [7034] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s).
10/25/09 4:43:27 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/25/09 4:33:07 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/25/09 4:33:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
10/25/09 12:35:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
10/25/09 12:35:27 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/25/09 12:34:36 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

==== End Of File ===========================

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 26th October 2009, 6:41 pm

DDS (Ver_09-10-26.01) - NTFSx86
Run by Ellen at 14:38:32.10 on 10/26/09
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.511.65 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\SYMANT~1\DWHWIZRD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Ellen\Local Settings\Temporary Internet Files\Content.IE5\U8HIQKZL\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [PPWebCap] c:\progra~1\scansoft\paperp~1\PPWebCap.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\ellen\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\ellen\startm~1\programs\startup\remind~1.lnk - c:\program files\scansoft\paperport\config\ereg\REMIND32.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - [You must be registered and logged in to see this link.]
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-25 206256]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-9-5 47640]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2006-9-21 23200]
R3 lne100tx;Linksys LNE100TX Fast Ethernet PCI Adapter;c:\windows\system32\drivers\lne100tx.sys [2006-9-8 70730]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-10-26 17:53:18 0 d-----w- c:\program files\CCleaner
2009-10-26 01:16:47 0 d-----w- c:\docume~1\ellen\applic~1\Malwarebytes
2009-10-26 01:16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 01:16:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-26 01:16:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-26 01:16:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 18:55:00 0 d-----w- c:\program files\Trend Micro
2009-10-25 17:56:36 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-25 17:56:18 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-25 17:56:18 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-25 17:56:18 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-25 17:55:55 0 d-----w- c:\program files\common files\PC Tools
2009-10-25 17:55:53 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-25 17:55:32 0 d-----w- c:\program files\Spyware Doctor
2009-10-25 17:55:32 0 d-----w- c:\docume~1\ellen\applic~1\PC Tools
2009-10-25 17:55:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-25 16:41:21 0 d-----w- c:\program files\swaemd
2009-10-20 15:07:38 0 d-----w- c:\program files\MSECache
2009-10-02 22:01:33 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 03:36:25 4140140 ----a-w- c:\windows\pfirewall.log.old

==================== Find3M ====================

2009-10-20 19:00:38 102876 ----a-w- c:\windows\fonts\AdobeFnt07.lst
2009-10-02 00:23:44 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-02 00:23:43 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-10-02 00:23:43 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 00:23:57 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-08 00:23:57 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 14:20:08 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-09-09 20:53:37 35792800 ----a-w- c:\program files\Nero-6.6.1.4.exe
2005-04-24 12:21:39 381255680 ----a-w- c:\program files\Photoshop CS2.iso
2005-03-21 12:41:02 12793 ----a-w- c:\program files\How To Install.html
2005-03-16 10:35:00 748937 ----a-w- c:\program files\Creative Suite Brochure.pdf
2005-02-25 13:37:00 157035 ----a-w- c:\program files\LegalNotices.pdf
2005-02-24 15:30:06 13842 ----a-w- c:\program files\Activation Read Me.html
2005-02-23 10:24:12 2773 ----a-w- c:\program files\Read Me First.html
2005-02-22 12:32:14 2723276 ----a-w- c:\program files\Photoshop New Features.pdf
2005-02-22 12:31:44 142049 ----a-w- c:\program files\Photoshop At A Glance.pdf
2005-02-04 10:01:04 625 ----a-w- c:\program files\Setup.exe.manifest
2004-12-31 14:42:14 5106 ----a-w- c:\program files\keygen.nfo
2004-08-10 21:09:46 126976 ----a-w- c:\program files\epic_eula.dll
2004-06-16 20:36:10 49 ----a-w- c:\program files\AUTORUN.INF
2004-04-05 23:02:20 32623 ----a-w- c:\program files\keygen.rar
2004-02-11 22:12:08 616 ----a-w- c:\program files\layout.bin
2004-02-11 22:12:08 203724358 ----a-w- c:\program files\data2.cab
2004-02-11 22:11:22 287407 ----a-w- c:\program files\data1.hdr
2004-02-11 22:11:22 1951470 ----a-w- c:\program files\data1.cab
2004-02-11 22:11:02 464 ----a-w- c:\program files\setup.ini
2004-02-11 22:11:02 416704 ----a-w- c:\program files\setup.inx
2004-02-11 22:11:00 333997 ----a-w- c:\program files\setup.boot
2004-02-06 12:56:50 165 ----a-w- c:\program files\setup.iss
2004-02-06 00:46:40 4490 ----a-w- c:\program files\Abcpy.ini
2004-02-06 00:46:20 388856 ----a-w- c:\program files\Setup.bmp
2004-01-20 20:39:12 9728 ----a-w- c:\program files\Thumbs.db
2003-09-26 02:24:48 104960 ----a-w- c:\program files\zidxp.exe
2003-04-21 01:39:50 245408 ----a-w- c:\program files\unicows.dll
2002-12-05 17:16:00 418296 ----a-w- c:\program files\engine32.cab
2002-10-23 20:32:38 243858 ----a-w- c:\program files\setup.skin
2001-09-10 14:00:26 139264 ----a-w- c:\windows\inf\i386\Rtscan.dll
2001-09-10 13:10:36 61440 ----a-w- c:\windows\inf\i386\onetUSD.dll
2001-08-17 23:43:24 32768 ----a-w- c:\windows\inf\i386\Wiamicro.dll
2001-08-03 23:29:18 13824 ----a-w- c:\windows\inf\i386\usbscan.sys
2001-06-29 13:10:24 163840 ----a-w- c:\windows\inf\i386\viceo.dll

============= FINISH: 14:39:29.27 ===============

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 26th October 2009, 6:49 pm

Ok..thanks. I didn't zip the attach.txt...hope that was OK
So, what do you see ?? Sad tearing

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 26th October 2009, 10:28 pm

I can't help 'cause I have 2 screens and was able to drag hijackthis across from behind the blocking pop-up. Maybe one of the techs will offer a suggestion.

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by Belahzur on 27th October 2009, 12:09 am

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 6

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 27th October 2009, 1:40 am

Hi...it is still slow, but better. Plus, since the virus was removed all the text under the desktop icons are on a solid blue background. I tried to change it back to a transparent panel with no luck.

Any ideas ??

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel and Bankerfox.A infection HELP

Post by ellenSol on 27th October 2009, 2:03 am

OK....fȋxed it. No more blue on the icons.
Thanks soooo much ..donation will be made.
Thanks again........

ellenSol
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-25
OS OS : xp
Points Points : 26045
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum