Can someone here actually help with this Win32/Nuqel.E?

View previous topic View next topic Go down

Can someone here actually help with this Win32/Nuqel.E?

Post by tru_2_ku on Tue Nov 10, 2009 8:00 am

I have tried following advice in forums, that is saying there are free removal tools..but whatever this is, it's blocking half the downloads, or stopping the scans midway through...it is saying almost every dll file is infected when a certain activity needs to operate...

Yes, I'm not computer literate, and am wondering if I simply just need to take the computer in and have it swiped cleaned?

tru_2_ku
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-11-10
OS OS : WINDOWS 7 PROFESSIONAL
Points Points : 26155
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by Nazzgull on Tue Nov 10, 2009 8:16 am

Hi,
Please read [You must be registered and logged in to see this link.] topic and post your HijackThis log file in this post. [You must be registered and logged in to see this link.]







Nazzgull
Top Dog
Top Dog

Posts Posts : 2343
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : Windows 7 Professional
Points Points : 40475
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by tru_2_ku on Tue Nov 10, 2009 8:25 am

Ok...I guess I'll try...I went to the java link, and only found the update 17...should I get that instead of the 16?

tru_2_ku
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-11-10
OS OS : WINDOWS 7 PROFESSIONAL
Points Points : 26155
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by Nazzgull on Tue Nov 10, 2009 8:31 am

Yes, you should get version 16.



Nazzgull
Top Dog
Top Dog

Posts Posts : 2343
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : Windows 7 Professional
Points Points : 40475
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by tru_2_ku on Tue Nov 10, 2009 8:37 am

grrr...ok..I clicked on download the update 17..and due to an barage' of pop-ups, I'm guessing I'm updated..the next thing was to go and get javaRa....for a free download of Perforce..is that now what I need t

tru_2_ku
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-11-10
OS OS : WINDOWS 7 PROFESSIONAL
Points Points : 26155
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by Nazzgull on Tue Nov 10, 2009 8:47 am

JavaRa Download - [You must be registered and logged in to see this link.]

Most important :
Post it here and wait for instructions given only by [You must be registered and logged in to see this link.], [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]



Nazzgull
Top Dog
Top Dog

Posts Posts : 2343
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : Windows 7 Professional
Points Points : 40475
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by tru_2_ku on Tue Nov 10, 2009 9:07 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:32 AM, on 11/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\wvjitk\htjdsysguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\winlogon.scr
C:\WINDOWS\system32\notepad.exe

O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 win-guard2009.microsoft.com
O1 - Hosts: 91.212.127.227 win-guard2009.com
O1 - Hosts: 91.212.127.227 [You must be registered and logged in to see this link.]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bxxempxu] C:\Documents and Settings\Owner\Local Settings\Application Data\woobfy\hnaesysguard.exe
O4 - HKLM\..\Run: [yyttjqmm] C:\Documents and Settings\Owner\Local Settings\Application Data\wvjitk\htjdsysguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bxxempxu] C:\Documents and Settings\Owner\Local Settings\Application Data\woobfy\hnaesysguard.exe
O4 - HKCU\..\Run: [yyttjqmm] C:\Documents and Settings\Owner\Local Settings\Application Data\wvjitk\htjdsysguard.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5704 bytes

Ok...here's what Hijack came up with...

tru_2_ku
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-11-10
OS OS : WINDOWS 7 PROFESSIONAL
Points Points : 26155
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by Nazzgull on Tue Nov 10, 2009 9:20 am


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 win-guard2009.microsoft.com
O1 - Hosts: 91.212.127.227 win-guard2009.com
O1 - Hosts: 91.212.127.227 [You must be registered and logged in to see this link.]

O4 - HKLM\..\Run: [bxxempxu] C:\Documents and Settings\Owner\Local Settings\Application Data\woobfy\hnaesysguard.exe
O4 - HKLM\..\Run: [yyttjqmm] C:\Documents and Settings\Owner\Local Settings\Application Data\wvjitk\htjdsysguard.exe
O4 - HKCU\..\Run: [bxxempxu] C:\Documents and Settings\Owner\Local Settings\Application Data\woobfy\hnaesysguard.exe
O4 - HKCU\..\Run: [yyttjqmm] C:\Documents and Settings\Owner\Local Settings\Application Data\wvjitk\htjdsysguard.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown
owner - C:\Program Files\Microsoft Windows OneCare
Live\Antivirus\MsMpEng.exe (file missing)



  • Press "Fix Checked"
  • Close Hijack This.
Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.



Nazzgull
Top Dog
Top Dog

Posts Posts : 2343
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : Windows 7 Professional
Points Points : 40475
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by tru_2_ku on Tue Nov 10, 2009 9:55 am

Malwarebytes' Anti-Malware 1.41
Database version: 3139
Windows 5.1.2600 Service Pack 3

11/10/2009 8:48:23 AM
mbam-log-2009-11-10 (08-48-23).txt

Scan type: Quick Scan
Objects scanned: 120095
Time elapsed: 16 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


I will tell you this...all pop ups have ceased, and I was able to download without seeing any infected files notices....If you tell me this is fȋxed...I'll name my firstborn after you....hahaha

tru_2_ku
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-11-10
OS OS : WINDOWS 7 PROFESSIONAL
Points Points : 26155
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by tru_2_ku on Tue Nov 10, 2009 11:10 am

Ok...I haven't heard back, so am I to assume since the pop-ups stopped, the problem I was having is gone?

tru_2_ku
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-11-10
OS OS : WINDOWS 7 PROFESSIONAL
Points Points : 26155
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by Belahzur on Tue Nov 10, 2009 12:22 pm

Hello.
Nazzgull will be with you shortly, for now, lets carry on.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by tru_2_ku on Thu Nov 12, 2009 1:33 pm

Sorry...just now getting back to this...here are the 2 scans you asked for..

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/30/2009 12:53:11 AM
System Uptime: 11/11/2009 4:02:38 PM (20 hours ago)

Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel(R) Pentium(R) 4 CPU 2.20GHz | Microprocessor | 2193/400mhz

==== Disk Partitions =========================

A: is Removable
C: is fȋxed (NTFS) - 37 GiB total, 26.74 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Network Controller
Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&3B1CAF2B&0&20F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&3B1CAF2B&0&20F0
Service:

==== System Restore Points ===================

RP81: 8/15/2009 3:50:53 AM - System Checkpoint
RP82: 8/16/2009 4:46:31 AM - System Checkpoint
RP83: 8/17/2009 6:02:39 AM - System Checkpoint
RP84: 8/18/2009 6:47:38 AM - System Checkpoint
RP85: 8/19/2009 7:46:32 AM - System Checkpoint
RP86: 8/20/2009 8:46:32 AM - System Checkpoint
RP87: 8/21/2009 9:46:32 AM - System Checkpoint
RP88: 8/22/2009 10:46:32 AM - System Checkpoint
RP89: 8/23/2009 10:54:28 AM - Installed SpadeClub Poker.
RP90: 8/24/2009 11:46:34 AM - System Checkpoint
RP91: 8/25/2009 1:46:02 PM - System Checkpoint
RP92: 8/26/2009 3:00:14 AM - Software Distribution Service 3.0
RP93: 8/27/2009 3:04:21 AM - System Checkpoint
RP94: 8/28/2009 4:04:21 AM - System Checkpoint
RP95: 8/28/2009 8:38:13 AM - Avg8 Update
RP96: 8/28/2009 8:39:36 AM - Avg8 Update
RP97: 8/29/2009 8:45:30 AM - System Checkpoint
RP98: 8/30/2009 9:03:47 AM - System Checkpoint
RP99: 8/31/2009 9:18:24 AM - System Checkpoint
RP100: 9/1/2009 10:18:24 AM - System Checkpoint
RP101: 9/2/2009 11:18:24 AM - System Checkpoint
RP102: 9/2/2009 4:33:48 PM - Installed Adobe Reader 9.1.
RP103: 9/3/2009 5:37:06 AM - Removed SpadeClub Poker.
RP104: 9/4/2009 6:17:06 AM - System Checkpoint
RP105: 9/5/2009 7:49:45 AM - System Checkpoint
RP106: 9/6/2009 8:04:20 AM - System Checkpoint
RP107: 9/7/2009 8:41:34 AM - System Checkpoint
RP108: 9/8/2009 9:26:17 AM - System Checkpoint
RP109: 9/9/2009 10:27:22 AM - System Checkpoint
RP110: 9/10/2009 3:00:16 AM - Software Distribution Service 3.0
RP111: 9/10/2009 1:59:27 PM - Installed Java(TM) 6 Update 15
RP112: 9/11/2009 2:09:07 PM - System Checkpoint
RP113: 9/12/2009 3:09:07 PM - System Checkpoint
RP114: 9/13/2009 10:03:13 PM - System Checkpoint
RP115: 9/14/2009 10:03:21 PM - System Checkpoint
RP116: 9/16/2009 3:32:07 AM - System Checkpoint
RP117: 9/17/2009 4:24:23 AM - System Checkpoint
RP118: 9/19/2009 10:07:04 AM - System Checkpoint
RP119: 9/20/2009 10:24:23 AM - System Checkpoint
RP120: 9/21/2009 2:26:57 PM - System Checkpoint
RP121: 9/22/2009 2:46:21 PM - System Checkpoint
RP122: 9/23/2009 4:31:24 PM - System Checkpoint
RP123: 9/24/2009 5:33:47 PM - System Checkpoint
RP124: 9/25/2009 7:38:36 PM - System Checkpoint
RP125: 9/26/2009 7:38:58 PM - System Checkpoint
RP126: 9/27/2009 8:39:02 PM - System Checkpoint
RP127: 9/29/2009 7:02:07 AM - System Checkpoint
RP128: 9/30/2009 10:46:12 AM - System Checkpoint
RP129: 10/1/2009 11:06:42 AM - System Checkpoint
RP130: 10/2/2009 2:55:48 PM - System Checkpoint
RP131: 10/3/2009 3:00:15 AM - Software Distribution Service 3.0
RP132: 10/3/2009 3:22:47 AM - Printer Driver Microsoft XPS Document Writer Installed
RP133: 10/4/2009 1:53:56 AM - Software Distribution Service 3.0
RP134: 10/5/2009 2:06:28 AM - System Checkpoint
RP135: 10/5/2009 7:04:10 AM - Installed Windows Media Player 11
RP136: 10/5/2009 7:09:41 AM - Software Distribution Service 3.0
RP137: 10/5/2009 9:42:15 AM - Avg8 Update
RP138: 10/5/2009 9:43:43 AM - Avg8 Update
RP139: 10/6/2009 2:25:34 PM - System Checkpoint
RP140: 10/7/2009 3:00:14 AM - Software Distribution Service 3.0
RP141: 10/7/2009 8:57:12 AM - Avg8 Update
RP142: 10/8/2009 11:21:37 AM - System Checkpoint
RP143: 10/9/2009 11:34:07 AM - System Checkpoint
RP144: 10/10/2009 11:35:23 AM - System Checkpoint
RP145: 10/11/2009 1:49:48 PM - System Checkpoint
RP146: 10/12/2009 2:57:36 PM - System Checkpoint
RP147: 10/12/2009 4:07:44 PM - Software Distribution Service 3.0
RP148: 10/13/2009 4:12:47 PM - System Checkpoint
RP149: 10/14/2009 6:59:29 PM - System Checkpoint
RP150: 10/15/2009 9:33:24 PM - System Checkpoint
RP151: 10/16/2009 3:31:01 PM - Software Distribution Service 3.0
RP152: 10/20/2009 12:10:16 PM - Avg8 Update
RP153: 10/21/2009 9:08:09 AM - Installed Driver Detective.
RP154: 10/21/2009 9:26:27 AM - Removed Driver Detective.
RP155: 10/22/2009 11:51:02 AM - System Checkpoint
RP156: 10/23/2009 3:00:16 AM - Software Distribution Service 3.0
RP157: 10/24/2009 3:53:42 AM - System Checkpoint
RP158: 10/25/2009 6:11:52 AM - System Checkpoint
RP159: 10/26/2009 6:39:17 AM - System Checkpoint
RP160: 10/27/2009 9:24:07 AM - System Checkpoint
RP161: 10/28/2009 10:49:26 AM - System Checkpoint
RP162: 10/29/2009 2:08:21 PM - System Checkpoint
RP163: 10/30/2009 4:40:03 PM - System Checkpoint
RP164: 10/31/2009 4:51:44 PM - System Checkpoint
RP165: 11/1/2009 5:07:44 PM - System Checkpoint
RP166: 11/2/2009 5:14:40 PM - System Checkpoint
RP167: 11/3/2009 10:07:12 AM - Avg8 Update
RP168: 11/4/2009 4:00:15 AM - Software Distribution Service 3.0
RP169: 11/5/2009 4:19:05 AM - System Checkpoint
RP170: 11/6/2009 5:17:35 AM - System Checkpoint
RP171: 11/6/2009 9:02:44 AM - Avg8 Update
RP172: 11/6/2009 1:08:14 PM - Restore Operation
RP173: 11/6/2009 1:11:20 PM - Restore Operation
RP174: 11/6/2009 1:55:15 PM - Restore Operation
RP175: 11/7/2009 2:08:48 PM - System Checkpoint
RP176: 11/8/2009 1:23:22 PM - System Checkpoint
RP177: 11/9/2009 2:08:41 PM - System Checkpoint
RP178: 11/10/2009 8:16:58 AM - Removed iTunes
RP179: 11/11/2009 11:16:44 AM - System Checkpoint
RP180: 11/11/2009 3:55:50 PM - Software Distribution Service 3.0
RP181: 11/11/2009 4:07:46 PM - Removed AVG Free 8.5

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
AIO_Scan
Apple Mobile Device Support
Apple Software Update
BCM V.92 56K Modem
Bejeweled 2 Deluxe
Bonjour
Broadcom 440x 10/100 Integrated Controller
Dell Digital Jukebox Driver
Dell ResourceCD
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Photosmart All-In-One Software 9.0
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 15
Lexmark P910 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Move Media Player
MSXML 4.0 SP2 (KB954430)
MUSICMATCH® Jukebox
PokerStars
PowerDVD
PS_AIO_Software_min
QuickTime
Scan
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spy Sweeper
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/5/2009 4:17:19 AM, error: Dhcp [1002] - The IP address lease 72.135.102.106 for the Network Card with network address 000D5608C65A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/5/2009 3:15:41 AM, error: Dhcp [1002] - The IP address lease 75.81.18.255 for the Network Card with network address 000D5608C65A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/10/2009 6:26:22 AM, error: Service Control Manager [7000] - The OneCare AntiSpyware and AntiVirus service failed to start due to the following error: The system cannot find the path specified.
11/10/2009 6:14:57 AM, error: OneCareMP [3002] -

==== End Of File ===========================

tru_2_ku
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-11-10
OS OS : WINDOWS 7 PROFESSIONAL
Points Points : 26155
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by tru_2_ku on Thu Nov 12, 2009 1:35 pm

Here is the other scan log....

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 12:30:34.53 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.365 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [LXBYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBYtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S3 WMP110;Linksys WMP110 RangePlus Wireless PCI Adapter Service;c:\windows\system32\drivers\wmp110.sys --> c:\windows\system32\drivers\WMP110.sys [?]

=============== Created Last 30 ================

2009-11-10 18:01:46 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-10 14:30:07 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-11-10 14:30:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-10 14:30:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 14:30:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 14:30:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-10 12:39:23 0 d-----w- c:\program files\Registry Easy
2009-11-06 18:09:48 0 d-----w- c:\docume~1\owner\applic~1\Webroot
2009-11-06 18:03:43 0 d-----w- c:\program files\Webroot
2009-11-03 08:26:02 16 ----a-w- c:\windows\popcinfo.dat
2009-11-03 05:36:43 720896 ----a-w- c:\windows\iun6002ev.exe
2009-11-03 05:36:34 0 d-----w- c:\program files\Bejeweled 2 Deluxe
2009-11-03 03:52:39 0 d-----w- c:\windows\system32\Adobe
2009-10-30 08:49:25 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-23 08:00:27 0 d-----w- c:\program files\MSXML 4.0
2009-10-21 14:49:40 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-10-21 14:48:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2009-10-21 14:48:11 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-21 14:48:11 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-21 14:48:02 267864 ----a-w- c:\windows\system32\hpzids01.dll
2009-10-21 14:47:52 958464 ----a-w- c:\windows\system32\hpotiop4.dll
2009-10-21 14:47:52 675840 ----a-w- c:\windows\system32\hpowiax4.dll
2009-10-21 14:47:52 303104 ----a-w- c:\windows\system32\hpovst11.dll
2009-10-21 14:47:41 0 d-----w- c:\program files\HP
2009-10-21 14:46:51 121299 ----a-w- c:\windows\hpoins15.dat
2009-10-21 14:46:51 1037 ------w- c:\windows\hpomdl15.dat
2009-10-21 14:46:36 307237 ----a-w- c:\windows\system32\autorun.inf
2009-10-21 14:12:15 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2009-10-21 14:12:14 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-10-21 14:09:29 0 d-----w- c:\docume~1\alluse~1\applic~1\UAB
2009-10-21 14:09:26 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

============= FINISH: 12:30:59.26 ===============

tru_2_ku
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-11-10
OS OS : WINDOWS 7 PROFESSIONAL
Points Points : 26155
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by tru_2_ku on Thu Nov 12, 2009 1:37 pm

I'm not sure if this would have anything to do with the viruses...but I wanted to also let you know...I'm now hearing internet static through my speakers and can't get rid of it....like refreshing a page...or going from 1 link to another....I can open windows media and play my music and I don't hear it, but when surfing the net the static is there....

tru_2_ku
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-11-10
OS OS : WINDOWS 7 PROFESSIONAL
Points Points : 26155
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can someone here actually help with this Win32/Nuqel.E?

Post by Nazzgull on Thu Nov 12, 2009 1:50 pm

Hi,
DSS have two logs, please post first one here.

As Belahzur said
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.

    Sorry, posted in same time.


    Last edited by Nazzgull on Thu Nov 12, 2009 1:54 pm; edited 1 time in total



    Nazzgull
    Top Dog
    Top Dog

    Posts Posts : 2343
    Joined Joined : 2008-08-03
    Gender Gender : Male
    OS OS : Windows 7 Professional
    Points Points : 40475
    # Likes # Likes : 1

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 1:53 pm

    Ok..I'll re-post them...I just did that though, I thought..

    DDS (Ver_09-10-26.01) - NTFSx86
    Run by Owner at 12:30:34.53 on Thu 11/12/2009
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.365 [GMT -6:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uStart Page = [You must be registered and logged in to see this link.]
    uSearch Page = [You must be registered and logged in to see this link.]
    uSearch Bar = [You must be registered and logged in to see this link.]
    mDefault_Search_URL = [You must be registered and logged in to see this link.]
    mSearch Page = [You must be registered and logged in to see this link.]
    mSearch Bar = [You must be registered and logged in to see this link.]
    uSearchURL,(Default) = [You must be registered and logged in to see this link.]
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Sonic RecordNow!]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [LXBYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBYtime.dll,_RunDLLEntry@16
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
    R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
    S3 WMP110;Linksys WMP110 RangePlus Wireless PCI Adapter Service;c:\windows\system32\drivers\wmp110.sys --> c:\windows\system32\drivers\WMP110.sys [?]

    =============== Created Last 30 ================

    2009-11-10 18:01:46 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-10 14:30:07 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
    2009-11-10 14:30:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-10 14:30:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-10 14:30:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-10 14:30:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-11-10 12:39:23 0 d-----w- c:\program files\Registry Easy
    2009-11-06 18:09:48 0 d-----w- c:\docume~1\owner\applic~1\Webroot
    2009-11-06 18:03:43 0 d-----w- c:\program files\Webroot
    2009-11-03 08:26:02 16 ----a-w- c:\windows\popcinfo.dat
    2009-11-03 05:36:43 720896 ----a-w- c:\windows\iun6002ev.exe
    2009-11-03 05:36:34 0 d-----w- c:\program files\Bejeweled 2 Deluxe
    2009-11-03 03:52:39 0 d-----w- c:\windows\system32\Adobe
    2009-10-30 08:49:25 0 d-----w- c:\windows\system32\SoftwareDistribution
    2009-10-23 08:00:27 0 d-----w- c:\program files\MSXML 4.0
    2009-10-21 14:49:40 0 d-----w- c:\program files\common files\Hewlett-Packard
    2009-10-21 14:48:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
    2009-10-21 14:48:11 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2009-10-21 14:48:11 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2009-10-21 14:48:02 267864 ----a-w- c:\windows\system32\hpzids01.dll
    2009-10-21 14:47:52 958464 ----a-w- c:\windows\system32\hpotiop4.dll
    2009-10-21 14:47:52 675840 ----a-w- c:\windows\system32\hpowiax4.dll
    2009-10-21 14:47:52 303104 ----a-w- c:\windows\system32\hpovst11.dll
    2009-10-21 14:47:41 0 d-----w- c:\program files\HP
    2009-10-21 14:46:51 121299 ----a-w- c:\windows\hpoins15.dat
    2009-10-21 14:46:51 1037 ------w- c:\windows\hpomdl15.dat
    2009-10-21 14:46:36 307237 ----a-w- c:\windows\system32\autorun.inf
    2009-10-21 14:12:15 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
    2009-10-21 14:12:14 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
    2009-10-21 14:09:29 0 d-----w- c:\docume~1\alluse~1\applic~1\UAB
    2009-10-21 14:09:26 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters

    ==================== Find3M ====================

    2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

    ============= FINISH: 12:30:59.26 ===============

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 2:25 pm

    Is that the right log?

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by Belahzur on Thu Nov 12, 2009 3:27 pm

    Hello.
    That's DDS.txt, the other log is called attach.txt, can you post that log please? Smile


    [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur
    Administrator
    Administrator

    Posts Posts : 34918
    Joined Joined : 2008-08-03
    Gender Gender : Male
    OS OS : 7 Home Premium x64
    Points Points : 245091
    # Likes # Likes : 1

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 5:11 pm

    Those were the only 2 logs that opened as you had said would....I'm not certain what the attached text would be....do you want me to run it again?

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by Belahzur on Thu Nov 12, 2009 5:12 pm

    Yes, run it again.
    Watch the log names closely. Smile


    [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur
    Administrator
    Administrator

    Posts Posts : 34918
    Joined Joined : 2008-08-03
    Gender Gender : Male
    OS OS : 7 Home Premium x64
    Points Points : 245091
    # Likes # Likes : 1

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 5:15 pm

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-10-26.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/30/2009 12:53:11 AM
    System Uptime: 11/11/2009 4:02:38 PM (24 hours ago)

    Motherboard: Dell Computer Corp. | | 0C2425
    Processor: Intel(R) Pentium(R) 4 CPU 2.20GHz | Microprocessor | 2193/400mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is fȋxed (NTFS) - 37 GiB total, 26.74 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Network Controller
    Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&3B1CAF2B&0&20F0
    Manufacturer:
    Name: Network Controller
    PNP Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&3B1CAF2B&0&20F0
    Service:

    ==== System Restore Points ===================

    RP81: 8/15/2009 3:50:53 AM - System Checkpoint
    RP82: 8/16/2009 4:46:31 AM - System Checkpoint
    RP83: 8/17/2009 6:02:39 AM - System Checkpoint
    RP84: 8/18/2009 6:47:38 AM - System Checkpoint
    RP85: 8/19/2009 7:46:32 AM - System Checkpoint
    RP86: 8/20/2009 8:46:32 AM - System Checkpoint
    RP87: 8/21/2009 9:46:32 AM - System Checkpoint
    RP88: 8/22/2009 10:46:32 AM - System Checkpoint
    RP89: 8/23/2009 10:54:28 AM - Installed SpadeClub Poker.
    RP90: 8/24/2009 11:46:34 AM - System Checkpoint
    RP91: 8/25/2009 1:46:02 PM - System Checkpoint
    RP92: 8/26/2009 3:00:14 AM - Software Distribution Service 3.0
    RP93: 8/27/2009 3:04:21 AM - System Checkpoint
    RP94: 8/28/2009 4:04:21 AM - System Checkpoint
    RP95: 8/28/2009 8:38:13 AM - Avg8 Update
    RP96: 8/28/2009 8:39:36 AM - Avg8 Update
    RP97: 8/29/2009 8:45:30 AM - System Checkpoint
    RP98: 8/30/2009 9:03:47 AM - System Checkpoint
    RP99: 8/31/2009 9:18:24 AM - System Checkpoint
    RP100: 9/1/2009 10:18:24 AM - System Checkpoint
    RP101: 9/2/2009 11:18:24 AM - System Checkpoint
    RP102: 9/2/2009 4:33:48 PM - Installed Adobe Reader 9.1.
    RP103: 9/3/2009 5:37:06 AM - Removed SpadeClub Poker.
    RP104: 9/4/2009 6:17:06 AM - System Checkpoint
    RP105: 9/5/2009 7:49:45 AM - System Checkpoint
    RP106: 9/6/2009 8:04:20 AM - System Checkpoint
    RP107: 9/7/2009 8:41:34 AM - System Checkpoint
    RP108: 9/8/2009 9:26:17 AM - System Checkpoint
    RP109: 9/9/2009 10:27:22 AM - System Checkpoint
    RP110: 9/10/2009 3:00:16 AM - Software Distribution Service 3.0
    RP111: 9/10/2009 1:59:27 PM - Installed Java(TM) 6 Update 15
    RP112: 9/11/2009 2:09:07 PM - System Checkpoint
    RP113: 9/12/2009 3:09:07 PM - System Checkpoint
    RP114: 9/13/2009 10:03:13 PM - System Checkpoint
    RP115: 9/14/2009 10:03:21 PM - System Checkpoint
    RP116: 9/16/2009 3:32:07 AM - System Checkpoint
    RP117: 9/17/2009 4:24:23 AM - System Checkpoint
    RP118: 9/19/2009 10:07:04 AM - System Checkpoint
    RP119: 9/20/2009 10:24:23 AM - System Checkpoint
    RP120: 9/21/2009 2:26:57 PM - System Checkpoint
    RP121: 9/22/2009 2:46:21 PM - System Checkpoint
    RP122: 9/23/2009 4:31:24 PM - System Checkpoint
    RP123: 9/24/2009 5:33:47 PM - System Checkpoint
    RP124: 9/25/2009 7:38:36 PM - System Checkpoint
    RP125: 9/26/2009 7:38:58 PM - System Checkpoint
    RP126: 9/27/2009 8:39:02 PM - System Checkpoint
    RP127: 9/29/2009 7:02:07 AM - System Checkpoint
    RP128: 9/30/2009 10:46:12 AM - System Checkpoint
    RP129: 10/1/2009 11:06:42 AM - System Checkpoint
    RP130: 10/2/2009 2:55:48 PM - System Checkpoint
    RP131: 10/3/2009 3:00:15 AM - Software Distribution Service 3.0
    RP132: 10/3/2009 3:22:47 AM - Printer Driver Microsoft XPS Document Writer Installed
    RP133: 10/4/2009 1:53:56 AM - Software Distribution Service 3.0
    RP134: 10/5/2009 2:06:28 AM - System Checkpoint
    RP135: 10/5/2009 7:04:10 AM - Installed Windows Media Player 11
    RP136: 10/5/2009 7:09:41 AM - Software Distribution Service 3.0
    RP137: 10/5/2009 9:42:15 AM - Avg8 Update
    RP138: 10/5/2009 9:43:43 AM - Avg8 Update
    RP139: 10/6/2009 2:25:34 PM - System Checkpoint
    RP140: 10/7/2009 3:00:14 AM - Software Distribution Service 3.0
    RP141: 10/7/2009 8:57:12 AM - Avg8 Update
    RP142: 10/8/2009 11:21:37 AM - System Checkpoint
    RP143: 10/9/2009 11:34:07 AM - System Checkpoint
    RP144: 10/10/2009 11:35:23 AM - System Checkpoint
    RP145: 10/11/2009 1:49:48 PM - System Checkpoint
    RP146: 10/12/2009 2:57:36 PM - System Checkpoint
    RP147: 10/12/2009 4:07:44 PM - Software Distribution Service 3.0
    RP148: 10/13/2009 4:12:47 PM - System Checkpoint
    RP149: 10/14/2009 6:59:29 PM - System Checkpoint
    RP150: 10/15/2009 9:33:24 PM - System Checkpoint
    RP151: 10/16/2009 3:31:01 PM - Software Distribution Service 3.0
    RP152: 10/20/2009 12:10:16 PM - Avg8 Update
    RP153: 10/21/2009 9:08:09 AM - Installed Driver Detective.
    RP154: 10/21/2009 9:26:27 AM - Removed Driver Detective.
    RP155: 10/22/2009 11:51:02 AM - System Checkpoint
    RP156: 10/23/2009 3:00:16 AM - Software Distribution Service 3.0
    RP157: 10/24/2009 3:53:42 AM - System Checkpoint
    RP158: 10/25/2009 6:11:52 AM - System Checkpoint
    RP159: 10/26/2009 6:39:17 AM - System Checkpoint
    RP160: 10/27/2009 9:24:07 AM - System Checkpoint
    RP161: 10/28/2009 10:49:26 AM - System Checkpoint
    RP162: 10/29/2009 2:08:21 PM - System Checkpoint
    RP163: 10/30/2009 4:40:03 PM - System Checkpoint
    RP164: 10/31/2009 4:51:44 PM - System Checkpoint
    RP165: 11/1/2009 5:07:44 PM - System Checkpoint
    RP166: 11/2/2009 5:14:40 PM - System Checkpoint
    RP167: 11/3/2009 10:07:12 AM - Avg8 Update
    RP168: 11/4/2009 4:00:15 AM - Software Distribution Service 3.0
    RP169: 11/5/2009 4:19:05 AM - System Checkpoint
    RP170: 11/6/2009 5:17:35 AM - System Checkpoint
    RP171: 11/6/2009 9:02:44 AM - Avg8 Update
    RP172: 11/6/2009 1:08:14 PM - Restore Operation
    RP173: 11/6/2009 1:11:20 PM - Restore Operation
    RP174: 11/6/2009 1:55:15 PM - Restore Operation
    RP175: 11/7/2009 2:08:48 PM - System Checkpoint
    RP176: 11/8/2009 1:23:22 PM - System Checkpoint
    RP177: 11/9/2009 2:08:41 PM - System Checkpoint
    RP178: 11/10/2009 8:16:58 AM - Removed iTunes
    RP179: 11/11/2009 11:16:44 AM - System Checkpoint
    RP180: 11/11/2009 3:55:50 PM - Software Distribution Service 3.0
    RP181: 11/11/2009 4:07:46 PM - Removed AVG Free 8.5

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1.3
    Adobe Shockwave Player 11.5
    AIO_Scan
    Apple Mobile Device Support
    Apple Software Update
    BCM V.92 56K Modem
    Bejeweled 2 Deluxe
    Bonjour
    Broadcom 440x 10/100 Integrated Controller
    Dell Digital Jukebox Driver
    Dell ResourceCD
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    HP Photosmart All-In-One Software 9.0
    Intel(R) Extreme Graphics Driver
    Java(TM) 6 Update 15
    Lexmark P910 Series
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Move Media Player
    MSXML 4.0 SP2 (KB954430)
    MUSICMATCH® Jukebox
    PokerStars
    PowerDVD
    PS_AIO_Software_min
    QuickTime
    Scan
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    SoundMAX
    Spy Sweeper
    Toolbox
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Mail Advisor
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    11/5/2009 4:17:19 AM, error: Dhcp [1002] - The IP address lease 72.135.102.106 for the Network Card with network address 000D5608C65A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    11/5/2009 3:15:41 AM, error: Dhcp [1002] - The IP address lease 75.81.18.255 for the Network Card with network address 000D5608C65A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    11/10/2009 6:26:22 AM, error: Service Control Manager [7000] - The OneCare AntiSpyware and AntiVirus service failed to start due to the following error: The system cannot find the path specified.
    11/10/2009 6:14:57 AM, error: OneCareMP [3002] -

    ==== End Of File ===========================


    This is the one named attach

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 5:16 pm

    This is the one named DDS....

    DDS (Ver_09-10-26.01) - NTFSx86
    Run by Owner at 16:11:32.25 on Thu 11/12/2009
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.370 [GMT -6:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uStart Page = [You must be registered and logged in to see this link.]
    uSearch Page = [You must be registered and logged in to see this link.]
    uSearch Bar = [You must be registered and logged in to see this link.]
    mDefault_Search_URL = [You must be registered and logged in to see this link.]
    mSearch Page = [You must be registered and logged in to see this link.]
    mSearch Bar = [You must be registered and logged in to see this link.]
    uSearchURL,(Default) = [You must be registered and logged in to see this link.]
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Sonic RecordNow!]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [LXBYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBYtime.dll,_RunDLLEntry@16
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
    R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
    S3 WMP110;Linksys WMP110 RangePlus Wireless PCI Adapter Service;c:\windows\system32\drivers\wmp110.sys --> c:\windows\system32\drivers\WMP110.sys [?]

    =============== Created Last 30 ================

    2009-11-10 18:01:46 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-10 14:30:07 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
    2009-11-10 14:30:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-10 14:30:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-10 14:30:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-10 14:30:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-11-10 12:39:23 0 d-----w- c:\program files\Registry Easy
    2009-11-06 18:09:48 0 d-----w- c:\docume~1\owner\applic~1\Webroot
    2009-11-06 18:03:43 0 d-----w- c:\program files\Webroot
    2009-11-03 08:26:02 16 ----a-w- c:\windows\popcinfo.dat
    2009-11-03 05:36:43 720896 ----a-w- c:\windows\iun6002ev.exe
    2009-11-03 05:36:34 0 d-----w- c:\program files\Bejeweled 2 Deluxe
    2009-11-03 03:52:39 0 d-----w- c:\windows\system32\Adobe
    2009-10-30 08:49:25 0 d-----w- c:\windows\system32\SoftwareDistribution
    2009-10-23 08:00:27 0 d-----w- c:\program files\MSXML 4.0
    2009-10-21 14:49:40 0 d-----w- c:\program files\common files\Hewlett-Packard
    2009-10-21 14:48:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
    2009-10-21 14:48:11 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2009-10-21 14:48:11 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2009-10-21 14:48:02 267864 ----a-w- c:\windows\system32\hpzids01.dll
    2009-10-21 14:47:52 958464 ----a-w- c:\windows\system32\hpotiop4.dll
    2009-10-21 14:47:52 675840 ----a-w- c:\windows\system32\hpowiax4.dll
    2009-10-21 14:47:52 303104 ----a-w- c:\windows\system32\hpovst11.dll
    2009-10-21 14:47:41 0 d-----w- c:\program files\HP
    2009-10-21 14:46:51 121299 ----a-w- c:\windows\hpoins15.dat
    2009-10-21 14:46:51 1037 ------w- c:\windows\hpomdl15.dat
    2009-10-21 14:46:36 307237 ----a-w- c:\windows\system32\autorun.inf
    2009-10-21 14:12:15 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
    2009-10-21 14:12:14 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
    2009-10-21 14:09:29 0 d-----w- c:\docume~1\alluse~1\applic~1\UAB
    2009-10-21 14:09:26 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters

    ==================== Find3M ====================

    2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

    ============= FINISH: 16:11:41.76 ===============

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by Belahzur on Thu Nov 12, 2009 5:19 pm

    There you go. Smile

    Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

      Java(TM) 6 Update 15

    Delete this file in bold:
    c:\windows\system32\autorun.inf

    Did you uninstall AVG during our removal process? your first Hijack This log shows AVG is present, I can see the services, but then later logs, those are gone.

    Let me know.


    [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur
    Administrator
    Administrator

    Posts Posts : 34918
    Joined Joined : 2008-08-03
    Gender Gender : Male
    OS OS : 7 Home Premium x64
    Points Points : 245091
    # Likes # Likes : 1

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 5:24 pm

    oops...sorry...yes I did. I was told it might be hurting me by having it and spysweeper both...Like I said...I really have no idea what's best...

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 5:29 pm

    ok...I deleted the java...then ran a search and found that file, and deleted it.

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by Belahzur on Thu Nov 12, 2009 5:30 pm

    Hello.

    I don't like AVG anyhow, so we'll keep that off your system, and Spysweeper isn't that good neither.

    Please install Avira antivirus otherwise you won't be protected.

    1) [You must be registered and logged in to see this link.]
    -Free anti-virus software for Windows.
    -Detects and removes more than 50,000 viruses. Free support.

    It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

    After you've installed Avira, post a new Hijack This log.


    [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur
    Administrator
    Administrator

    Posts Posts : 34918
    Joined Joined : 2008-08-03
    Gender Gender : Male
    OS OS : 7 Home Premium x64
    Points Points : 245091
    # Likes # Likes : 1

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 5:36 pm

    Ok...not to sound stupid here...but the link you posted above for Antivir PersonalEditionClassic
    Is telling me that page is no longer there. They do however show Antivir Premium, and say it's free....should I get it?

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 5:38 pm

    Nevermind...I went to Majorgeeks and got it from there.

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 6:09 pm

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:07:58 PM, on 11/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Documents and Settings\Owner\Desktop\hijack.scr

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 5673 bytes


    Here's the hijack Log

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 6:27 pm

    Heck, that Avira already found something named....HIDDENEXT/crypted...

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by Belahzur on Thu Nov 12, 2009 6:50 pm

    Hello.

    • Open HijackThis
    • Choose "Do a system scan only"
    • Check the boxes in front of these lines:


      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)


    • Press "Fix Checked"
    • Close Hijack This.

    Go to Start > Run. In the Run box, copy and paste in the following:

    sc stop AvgTdiX

    Hit enter, then repeat for this command.

    sc delete AvgTdiX

    Hit enter.

    How is the machine running now?


    [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur
    Administrator
    Administrator

    Posts Posts : 34918
    Joined Joined : 2008-08-03
    Gender Gender : Male
    OS OS : 7 Home Premium x64
    Points Points : 245091
    # Likes # Likes : 1

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 7:07 pm

    Ok...going to go and do your last instructions....while i'm away...can you go over this report from that Avira scan and let me know if these are things to worry about.....It supposably quarantined that crypted item just minutes before....

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 7:12 pm

    Avira AntiVir Personal
    Report file date: Thursday, November 12, 2009 17:30

    Scanning for 1894103 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : JAYHAWK21

    Version information:
    BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
    AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 20:36:14
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 17:58:24
    LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 18:35:49
    LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 17:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 19:30:36
    ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 16:21:42
    ANTIVIR2.VDF : 7.1.6.222 5998592 Bytes 11/11/2009 22:44:23
    ANTIVIR3.VDF : 7.1.6.223 2048 Bytes 11/11/2009 22:44:23
    Engineversion : 8.2.1.65
    AEVDF.DLL : 8.1.1.2 106867 Bytes 11/12/2009 22:44:31
    AESCRIPT.DLL : 8.1.2.44 586107 Bytes 11/12/2009 22:44:31
    AESCN.DLL : 8.1.2.5 127346 Bytes 11/12/2009 22:44:30
    AERDL.DLL : 8.1.3.2 479604 Bytes 11/12/2009 22:44:30
    AEPACK.DLL : 8.2.0.3 422261 Bytes 11/12/2009 22:44:28
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 16:59:39
    AEHEUR.DLL : 8.1.0.180 2093432 Bytes 11/12/2009 22:44:27
    AEHELP.DLL : 8.1.7.0 237940 Bytes 11/12/2009 22:44:25
    AEGEN.DLL : 8.1.1.74 364917 Bytes 11/12/2009 22:44:25
    AEEMU.DLL : 8.1.1.0 393587 Bytes 11/12/2009 22:44:24
    AECORE.DLL : 8.1.8.2 184694 Bytes 11/12/2009 22:44:24
    AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 21:32:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 15:47:59
    AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 17:32:15
    AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 21:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 17:32:09
    AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 22:05:41
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 17:37:08
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 22:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 15:21:33
    NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 17:32:10
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 22:39:58
    RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 17:19:48

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Thursday, November 12, 2009 17:30

    Starting search for hȋdden objects.
    '39622' objects were checked, '0' hȋdden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'PokerStars.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'SearchProtection.exe' - '1' Module(s) have been scanned
    Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'mmtask.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    33 processes with 33 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '54' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    C:\System Volume Information\_restore{4C9CD2AC-0854-47F4-ADD1-9B1E100E509B}\RP178\A0028833.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{4C9CD2AC-0854-47F4-ADD1-9B1E100E509B}\RP178\A0028834.scr
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{4C9CD2AC-0854-47F4-ADD1-9B1E100E509B}\RP183\A0029236.pif
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

    Beginning disinfection:
    C:\System Volume Information\_restore{4C9CD2AC-0854-47F4-ADD1-9B1E100E509B}\RP178\A0028833.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '4b2ca27e.qua'!
    C:\System Volume Information\_restore{4C9CD2AC-0854-47F4-ADD1-9B1E100E509B}\RP178\A0028834.scr
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '4b2ca27f.qua'!
    C:\System Volume Information\_restore{4C9CD2AC-0854-47F4-ADD1-9B1E100E509B}\RP183\A0029236.pif
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [NOTE] The file was moved to '4a5ef5d8.qua'!


    End of the scan: Thursday, November 12, 2009 18:03
    Used time: 32:41 Minute(s)

    The scan has been done completely.

    4594 Scanned directories
    114897 Files were scanned
    3 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    3 Files were moved to quarantine
    0 Files were renamed
    1 Files cannot be scanned
    114893 Files not concerned
    728 Archives were scanned
    1 Warnings
    4 Notes
    39622 Objects were scanned with rootkit scan
    0 hȋdden objects were found

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Thu Nov 12, 2009 7:15 pm

    Ok...I've tried putting that command in the *run* window...I am seeing a window trying to pop-up...which looks like the dds scan window..( all black)...but it is just disappearing before I can do anything else

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by Belahzur on Thu Nov 12, 2009 7:31 pm

    Hello.
    That is all that is meant to happen, black window popups, then closes again real quick.

    Avira report is fine, just restore points.

    We need to make a new restore point.

    To turn off System Restore, follow these steps:
    1. Click Start, right-click My Computer, and then click Properties.
    2. Click the System Restore tab.
    3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
    4. Click Yes when you receive the prompt to the turn off System Restore.

    Now we need to make a new restore point.
    To turn on System Restore, follow these steps:
    1. Click Start, right-click My Computer, and then click Properties.
    2. Click the System Restore tab.
    3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

    Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

    1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

    Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

    2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

    [You must be registered and logged in to see this link.]
    A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

    [You must be registered and logged in to see this link.]
    A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

    [You must be registered and logged in to see this link.]
    A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

    [You must be registered and logged in to see this link.]
    A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

    Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

    3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
    [You must be registered and logged in to see this link.]
    I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

    To help you keep your software updated, please considering using this free software program that will check for program updates.
    [You must be registered and logged in to see this link.]

    5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
    [You must be registered and logged in to see this link.]
    A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

    Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

    If you would take a moment to fill out our feedback form, we would appreciate it.
    The link can be found [You must be registered and logged in to see this link.].

    Hopefully this should take care of your problems! Good luck. Big Grin


    [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur
    Administrator
    Administrator

    Posts Posts : 34918
    Joined Joined : 2008-08-03
    Gender Gender : Male
    OS OS : 7 Home Premium x64
    Points Points : 245091
    # Likes # Likes : 1

    View user profile

    Back to top Go down

    Re: Can someone here actually help with this Win32/Nuqel.E?

    Post by tru_2_ku on Fri Nov 13, 2009 3:43 am

    Ok...I've installed firefox as you suggested...I already had the windows updates turned on, so there were no updates I needed...and I uninstalled spysweeper, as well as downloaded outpost firewall.

    Still getting the static from my speakers..even when I have the volume turned all the way down, so that's a bit annoying, but other than that, everything seems to be running decent.

    I'll certainly go fill out the form for you..as well as ask..your suggestion of size of system I should upgrade to. Since this is about 6 years old now, I think I might go ahead and see if I can still get a little out of it and put it towards something newer....

    tru_2_ku
    Novice
    Novice

    Posts Posts : 49
    Joined Joined : 2009-11-10
    OS OS : WINDOWS 7 PROFESSIONAL
    Points Points : 26155
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum