Antivirus System Pro / bankerfox.a / nuqel.e

View previous topic View next topic Go down

Antivirus System Pro / bankerfox.a / nuqel.e

Post by tommehr on Tue Nov 17, 2009 9:22 pm

Hi there,

Having trouble with some malware that seems to be imitating an antivirus program and trying to get me to buy some software. I keep getting 'Infiltration Alerts' saying that Antivirus System Pro has detected either Nuqel.E or Bankerfox.A and asking if I want to block this attack, plus popups stating that I have lots of vulnerabilities and a mocked-up version of a antivirus that tries to look like it is scanning my files. Everytime I try and open a program it says that the file/program is infected and it won't open it (although if I leave that warning popup up then it will let me open the program). It also keeps opening up IE and trying to go to unsavoury websites (I have Firefox set as my default browser).

I'll post a HijackThis log in my next post.

Thanks,
Tom

tommehr
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-11-17
OS : XP

View user profile

Back to top Go down

Re: Antivirus System Pro / bankerfox.a / nuqel.e

Post by tommehr on Tue Nov 17, 2009 9:37 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:09, on 17/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Documents and Settings\Tom Rowberry\Local Settings\Application Data\xopcpj\jngrsysguard.exe
C:\Program Files\TouchFreeze\TouchFreeze.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\Tom Rowberry\Start Menu\Programs\Startup\AutoHotkey.exe
C:\Documents and Settings\Tom Rowberry\Local Settings\Application Data\xopcpj\jngrsysguard.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\Tom Rowberry\My Documents\Firefox Downloads\winlogon(2).scr
C:\Program Files\Windows Live\Contacts\wlcomm.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 winsecurepro2009.microsoft.com
O1 - Hosts: 91.212.127.227 winsecurepro2009.com
O1 - Hosts: 91.212.127.227 [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ubaqqsmd] C:\Documents and Settings\Tom Rowberry\Local Settings\Application Data\xopcpj\jngrsysguard.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ubaqqsmd] C:\Documents and Settings\Tom Rowberry\Local Settings\Application Data\xopcpj\jngrsysguard.exe
O4 - Startup: AutoHotkey.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8014 bytes

tommehr
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-11-17
OS : XP

View user profile

Back to top Go down

Re: Antivirus System Pro / bankerfox.a / nuqel.e

Post by Belahzur on Tue Nov 17, 2009 9:51 pm

Hello.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: ::1 localhost
    O1 - Hosts: 91.212.127.227 winsecurepro2009.microsoft.com
    O1 - Hosts: 91.212.127.227 winsecurepro2009.com
    O1 - Hosts: 91.212.127.227 [You must be registered and logged in to see this link.]
    O4 - HKLM\..\Run: [ubaqqsmd] C:\Documents and Settings\Tom Rowberry\Local Settings\Application Data\xopcpj\jngrsysguard.exe
    O4 - HKCU\..\Run: [ubaqqsmd] C:\Documents and Settings\Tom Rowberry\Local Settings\Application Data\xopcpj\jngrsysguard.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus System Pro / bankerfox.a / nuqel.e

Post by tommehr on Tue Nov 17, 2009 10:12 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

17/11/2009 22:12:20
mbam-log-2009-11-17 (22-12-20).txt

Scan type: Quick Scan
Objects scanned: 87437
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

tommehr
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-11-17
OS : XP

View user profile

Back to top Go down

Re: Antivirus System Pro / bankerfox.a / nuqel.e

Post by Belahzur on Tue Nov 17, 2009 11:02 pm

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus System Pro / bankerfox.a / nuqel.e

Post by tommehr on Wed Nov 18, 2009 10:11 am

Okay, will do. It refused to Update when I downloaded the program (came up with some kind of error message) so I assumed that it was already updated. Running an updated scan now.

The laptop seems to running fine now apart from one thing. When I startup the computer it seems to default to the Advanced Windows Options screen (i.e. with Safe Mode, Start Windows Normally, etc.). That in itself wouldn't be that much of a problem, but most of the time I am unable to use arrow or enter keys to select an option leaving me unable to do anything other than hold the power button and switch the laptop off. I have to keep starting and switching off until it either bypasses that AWO screen or gives me control of the arrow and enter keys and lets me select Windows.

Would this be related to the Malware? It only started when I tried to go into Safe Mode to try and deal with the malware before I came here. Any idea what's wrong with it or how I rectify the problem?

Thanks.

tommehr
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-11-17
OS : XP

View user profile

Back to top Go down

Re: Antivirus System Pro / bankerfox.a / nuqel.e

Post by tommehr on Wed Nov 18, 2009 10:15 am

Objects scanned: 96701
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b6d223f6-c185-49a2-ba7e-a03e84744702} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

tommehr
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-11-17
OS : XP

View user profile

Back to top Go down

Re: Antivirus System Pro / bankerfox.a / nuqel.e

Post by Belahzur on Wed Nov 18, 2009 6:20 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus System Pro / bankerfox.a / nuqel.e

Post by tommehr on Wed Nov 18, 2009 8:09 pm

DDS (Ver_09-10-26.01) - NTFSx86
Run by Tom Rowberry at 20:07:17.32 on 18/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.377 [GMT 0:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1356 [VPS 091118-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TouchFreeze\TouchFreeze.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\Tom Rowberry\Start Menu\Programs\Startup\AutoHotkey.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tom Rowberry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [TouchFreeze] c:\program files\touchfreeze\TouchFreeze.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dump:os_startup
StartupFolder: c:\documents and settings\tom rowberry\start menu\programs\startup\AutoHotkey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tomrow~1\applic~1\mozilla\firefox\profiles\9rr0tpq7.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-17 114768]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-11-17 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2009-11-17 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-17 20560]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-11-17 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-11-17 257432]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-6-27 11264]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-5-21 25088]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-6-27 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-6-27 625024]

=============== Created Last 30 ================

2009-11-17 22:32:56 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-11-17 22:32:56 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2009-11-17 22:32:54 0 d-----w- c:\program files\SpywareBlaster
2009-11-17 22:22:26 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-11-17 22:22:09 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-11-17 22:20:42 49 ----a-w- c:\windows\transp.gif
2009-11-17 22:20:41 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-11-17 22:20:32 0 d-----w- c:\program files\Agnitum
2009-11-17 22:20:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Agnitum
2009-11-17 22:02:47 0 d-----w- c:\docume~1\tomrow~1\applic~1\Malwarebytes
2009-11-17 22:02:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-17 22:02:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-17 22:02:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-17 22:02:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-17 19:49:33 0 d-----w- C:\_OTM
2009-11-17 19:43:09 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 19:43:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-16 23:15:07 0 d-----w- c:\windows\system32\XPSViewer
2009-11-16 23:14:22 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-16 23:14:22 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-16 23:14:21 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-16 23:14:21 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-16 23:14:21 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-16 23:14:21 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-16 23:14:21 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-15 10:08:57 0 d-----w- c:\windows\Performance
2009-11-15 10:08:25 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-05-07 23:34:00 15523560 ----a-w- c:\program files\U1 Setup.exe

============= FINISH: 20:09:00.20 ===============

tommehr
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-11-17
OS : XP

View user profile

Back to top Go down

Re: Antivirus System Pro / bankerfox.a / nuqel.e

Post by tommehr on Wed Nov 18, 2009 8:10 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 04/10/2008 06:57:16
System Uptime: 18/11/2009 17:11:36 (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | 1000H
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1710/133mhz

==== Disk Partitions =========================

C: is fȋxed (NTFS) - 40 GiB total, 27.475 GiB free.
D: is fȋxed (NTFS) - 34 GiB total, 33.262 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP48: 26/08/2009 11:35:55 - Software Distribution Service 3.0
RP49: 29/08/2009 09:41:50 - System Checkpoint
RP50: 03/09/2009 19:29:25 - Software Distribution Service 3.0
RP51: 10/09/2009 09:18:47 - Software Distribution Service 3.0
RP52: 17/09/2009 19:45:08 - System Checkpoint
RP53: 20/09/2009 19:36:03 - System Checkpoint
RP54: 21/09/2009 20:21:21 - System Checkpoint
RP55: 29/09/2009 17:12:16 - System Checkpoint
RP56: 03/10/2009 20:16:49 - System Checkpoint
RP57: 05/10/2009 08:43:38 - Software Distribution Service 3.0
RP58: 08/10/2009 18:25:41 - System Checkpoint
RP59: 10/10/2009 16:52:52 - System Checkpoint
RP60: 14/10/2009 09:31:54 - Software Distribution Service 3.0
RP61: 21/10/2009 12:52:37 - System Checkpoint
RP62: 24/10/2009 19:21:36 - System Checkpoint
RP63: 26/10/2009 10:09:52 - System Checkpoint
RP64: 29/10/2009 12:55:26 - System Checkpoint
RP65: 02/11/2009 00:16:43 - System Checkpoint
RP66: 03/11/2009 17:12:08 - System Checkpoint
RP67: 04/11/2009 10:17:55 - Software Distribution Service 3.0
RP68: 05/11/2009 22:08:18 - System Checkpoint
RP69: 06/11/2009 22:42:02 - System Checkpoint
RP70: 09/11/2009 13:27:18 - System Checkpoint
RP71: 11/11/2009 13:02:16 - System Checkpoint
RP72: 11/11/2009 14:17:50 - Software Distribution Service 3.0
RP73: 12/11/2009 15:15:25 - System Checkpoint
RP74: 14/11/2009 11:13:19 - System Checkpoint
RP75: 15/11/2009 10:08:25 - Installed Windows 7 Upgrade Advisor
RP76: 16/11/2009 17:05:00 - System Checkpoint
RP77: 16/11/2009 23:10:02 - Software Distribution Service 3.0
RP78: 17/11/2009 18:47:16 - Avira AntiVir Personal - 17/11/2009 18:47
RP79: 17/11/2009 18:59:04 - Software Distribution Service 3.0
RP80: 17/11/2009 22:20:38 - Agnitum Outpost Firewall Restore Point: install

==== Installed Programs ======================


µTorrent
Adabas D 13.01.00
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.5
Asus ACPI Driver
ASUSUpdate for Eee PC
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
AutoHotkey 1.0.47.06
avast! Antivirus
Azurewave Wireless LAN
Cisco Systems VPN Client 5.0.00.0340
Citrix Presentation Server Client
Compatibility Pack for the 2007 Office system
Eee Instant Key
ETDWare PS/2-x86 7.0.2.5 WHQL
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
IrfanView (remove only)
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.5)
Mozilla Thunderbird (2.0.0.22)
MSVC80_x86
MSVCRT
Nokia Connectivity Cable Driver
Nokia PC Suite
OpenOffice.org 2.4
Outpost Firewall 2009
PC Connectivity Solution
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Skype™ 3.6
Spotify
Spybot - Search & Destroy
SpywareBlaster 4.2
Stream Torrent 1.0
Super Hybrid Engine
TouchFreeze
Transcribe! 7.51
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
WIDCOMM Bluetooth Software
Windows 7 Upgrade Advisor
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
WinZip 12.0

==== Event Viewer Messages From Past Week ========

12/11/2009 20:17:20, error: Service Control Manager [7023] - The Uninterruptible Power Supply service terminated with the following error: %%2481
12/11/2009 20:17:19, error: UPS [2481] - The UPS service is not configured correctly.

==== End Of File ===========================

tommehr
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-11-17
OS : XP

View user profile

Back to top Go down

Re: Antivirus System Pro / bankerfox.a / nuqel.e

Post by Belahzur on Thu Nov 19, 2009 1:58 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    µTorrent
    Java(TM) 6 Update 3
    Java(TM) 6 Update 4
    Java(TM) 6 Update 7

How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus System Pro / bankerfox.a / nuqel.e

Post by tommehr on Thu Nov 19, 2009 10:47 am

It's running much better now. Thanks so much!

tommehr
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-11-17
OS : XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum