Need a little help finding the rest of nuqel.e

View previous topic View next topic Go down

Need a little help finding the rest of nuqel.e

Post by frankc916 on 29th December 2009, 9:05 pm

i got this win32/nuqel.e and bankerfox virus but i can run all files and programs. at start up i just quickly open up task manager and stop the virus processes when they open up. but here's my question: how do i get rid of it all? i've ran my anti-virus eset nod32 and malwarebytes and spy-bot search and destroy and there still seems to be some still popping up. any help please

frankc916
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-26
Gender Gender : Male
OS OS : windows xp
Points Points : 25503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by Belahzur on 29th December 2009, 10:33 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by frankc916 on 7th January 2010, 9:53 pm

i couldn't install the new version of hijack this but already had this version

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:54 PM, on 1/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Drivers\bwcsrv.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TurboTax\Home and Business 2009\32bit\TurboTax.exe
C:\Program Files\TurboTax\Home and Business 2009\32bit\TurboTax.exe
C:\Program Files\TurboTax\Home and Business 2009\32bit\TurboTax.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{79158D15-B808-4B0B-8741-69488A14C123}: NameServer = 192.168.11.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\System32\Drivers\bwcsrv.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9132 bytes

frankc916
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-26
Gender Gender : Male
OS OS : windows xp
Points Points : 25503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by Belahzur on 7th January 2010, 11:22 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by frankc916 on 12th January 2010, 12:55 pm

i ran malwarebytes and it took 9 hours to finish and it said there were no viruses but i noticed that there was about 20 or more instances of CLI.exe running at the same time now my computer stays at 100% cpu, keeps freezing and i cant do anything maybe 5-6 minutes after start up. can this be fixed?

frankc916
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-26
Gender Gender : Male
OS OS : windows xp
Points Points : 25503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by Belahzur on 12th January 2010, 6:51 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by frankc916 on 14th January 2010, 11:27 pm

ComboFix 10-01-14.02 - Frank 01/14/2010 13:59:36.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1374 [GMT -8:00]
Running from: J:\Combo-Fix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\alexa toolbar
c:\windows\Downloaded Program Files\popcaploader.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-09 13:21 . 2010-01-09 13:21 -------- d-----w- c:\program files\ewido anti-malware
2010-01-07 21:58 . 2010-01-07 21:58 -------- d-----w- c:\program files\TrendMicro
2010-01-03 11:19 . 2010-01-03 11:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2010-01-03 11:19 . 2010-01-03 11:19 -------- d-----w- c:\documents and settings\Frank\Local Settings\Application Data\Intuit
2010-01-03 11:17 . 2010-01-03 11:17 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-01-03 10:43 . 2010-01-03 10:43 -------- d-----w- c:\documents and settings\Frank\Local Settings\Application Data\IsolatedStorage
2009-12-29 21:15 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 11:32 . 2009-12-29 11:33 -------- d-----w- c:\program files\Safari
2009-12-28 19:48 . 2009-12-28 19:53 -------- d-----w- c:\windows\system32\NtmsData
2009-12-26 23:10 . 2009-12-26 23:10 -------- d-----w- c:\documents and settings\Frank\Application Data\Malwarebytes
2009-12-26 23:05 . 2009-12-26 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-26 23:05 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 23:05 . 2010-01-08 11:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 10:39 . 2009-12-28 11:54 -------- d-----w- c:\documents and settings\Frank\Local Settings\Application Data\ygmokc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 13:18 . 2007-10-17 10:22 -------- d-----w- c:\program files\dl_Cats
2010-01-04 07:25 . 2007-08-17 19:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-04 07:24 . 2008-12-06 19:51 -------- d-----w- c:\documents and settings\Frank\Application Data\uTorrent
2010-01-03 11:13 . 2008-02-04 00:58 -------- d-----w- c:\program files\Common Files\Intuit
2010-01-03 11:02 . 2008-02-04 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-01-03 10:59 . 2008-02-04 00:57 -------- d-----w- c:\program files\TurboTax
2010-01-03 08:17 . 2009-03-17 05:41 -------- d-----w- c:\documents and settings\Frank\Application Data\Move Networks
2010-01-02 22:14 . 2009-10-03 22:14 -------- d-----w- c:\documents and settings\Frank\Application Data\FrostWire
2010-01-02 08:50 . 2009-08-31 06:13 -------- d-----w- c:\program files\iCall
2009-12-27 15:26 . 2008-02-14 17:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-04 01:40 . 2009-07-13 04:55 -------- d-----w- c:\program files\Full Tilt Poker
2009-12-03 04:20 . 2009-12-03 04:20 -------- d-----w- c:\program files\Compedia
2009-12-03 04:20 . 2007-08-16 10:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 04:20 . 2009-12-03 04:20 -------- d-----w- c:\documents and settings\Frank\Application Data\InterTrust
2009-12-03 04:20 . 2007-08-31 01:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-03 03:58 . 2009-10-03 22:13 -------- d-----w- c:\program files\FrostWire
2009-12-03 03:55 . 2008-04-01 06:15 -------- d-----w- c:\program files\The Learning Company
2009-12-03 03:06 . 2009-12-03 03:06 -------- d-----w- c:\program files\Animal Kids
2009-12-03 02:07 . 2009-12-03 02:07 -------- d-----w- c:\program files\brighter child
2009-12-01 03:33 . 2008-06-19 09:27 96200 ----a-w- c:\documents and settings\Aimee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 19:33 . 2009-11-03 19:33 1716297 ----a-w- c:\windows\system32\InetClnt.dll
2009-10-31 11:32 . 2009-10-31 11:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-10-29 07:45 . 2004-08-04 15:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 15:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 15:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 20:24 . 2009-03-18 18:20 64604 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-20 19:55 . 2007-08-20 21:25 96200 ----a-w- c:\documents and settings\Frank\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 16:20 . 2004-08-04 15:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Frank\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-20 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-26 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"eBook Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe" [2009-07-03 902440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-22 198160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ClientManager3.lnk - c:\program files\BUFFALO\Client Manager3\cm3_tray.exe [2007-8-16 471040]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC SpeedScan Pro

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" /background
"Aim6"=
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"20090604"=c:\program files\Common Files\Datalode\Encore\Hoyle Casino 2010\encore_reg.exe /r "c:\program files\Common Files\Datalode\Encore\Hoyle Casino 2010\encore_reg.rpd"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"iCall Internet Phone"="c:\program files\iCall\iCall.exe" /startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AdCalls\\Dialer.exe"=
"c:\\Program Files\\iCall\\iCall.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17403:TCP"= 17403:TCP:eus
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 Bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\BWCDRV.SYS [12/21/2003 12:21 AM 19840]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [7/16/2009 2:11 PM 266240]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/16/2008 3:21 PM 24652]
R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\CBG54.SYS [11/1/2005 12:13 AM 372480]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/5/2007 3:59 PM 716272]
S4 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-04 c:\windows\Tasks\Ace Optimizer Maintenance.job
- c:\program files\Ace Utilities\au.exe [2008-08-14 07:02]

2010-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1960408961-682003330-1004Core.job
- c:\documents and settings\Frank\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-20 11:48]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1960408961-682003330-1004UA.job
- c:\documents and settings\Frank\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-20 11:48]

2010-01-09 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 19:25]

2010-01-09 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 19:25]

2010-01-14 c:\windows\Tasks\User_Feed_Synchronization-{865632C5-7C41-447A-A510-E5563E1C29C4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-16 11:31]

2010-01-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: {79158D15-B808-4B0B-8741-69488A14C123} = 192.168.11.1
FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\j25rniry.default\
FF - plugin: c:\documents and settings\Frank\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Frank\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A0729639-D831-46C9-811B-9B0AA79FB45A} - (no file)
AddRemove-Samantha Swift and the Golden Touch1.0 - c:\windows\Samantha Swift and the Golden Touch\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-14 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1960408961-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7F8B6BB-0EF8-6D52-7613-DD3ACE95E03D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abepjkfgpdgnoleemmedddmpodgdpbaoaj"=hex:61,62,67,6f,66,67,61,70,67,6b,67,62,
62,6d,62,70,65,69,64,6c,6f,6e,63,64,6e,6c,64,6a,66,6f,6e,6d,65,66,00,77
"bbepjkfgpdgnoleemmfdagjjcgflknbmeelk"=hex:61,62,6c,6f,64,6b,69,64,6f,69,69,61,
6f,6f,69,64,61,69,6f,64,6f,6c,63,61,68,6d,6d,67,63,6d,70,6d,61,70,00,77

[HKEY_USERS\S-1-5-21-1202660629-1960408961-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:38,97,f4,fd,80,9c,91,07,db,25,e0,8d,f6,3c,9b,f6,e4,a5,11,e0,bf,00,a3,
49,21,d3,e6,76,f5,f5,2f,16,76,54,79,8a,fb,1c,ed,8b,17,74,e5,3a,9e,cb,28,3a,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\Drivers\bwcsrv.exe
c:\program files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2010-01-14 14:32:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-14 22:32

Pre-Run: 14,242,406,400 bytes free
Post-Run: 15,286,259,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A8B40044AF23E248D3FA5F563A97CF43

frankc916
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-26
Gender Gender : Male
OS OS : windows xp
Points Points : 25503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by Belahzur on 15th January 2010, 12:24 am

Hello.
Before we continue, please post the next log.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by frankc916 on 15th January 2010, 5:45 am

7-Zip 4.57
Ace Utilities
Acoustica Effects Pack
AdCalls
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.7
Adobe Shockwave Player 11
Adobe Stock Photos 1.0
AIM 6
AllToAVI v4 r5394
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtistScope Plugin FX 42
ArtistScope Plugin IE 42
ASIO4ALL
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AusLogics System Information
Avi2Dvd 0.4.5 beta
AVIcodec (remove only)
AviSynth 2.5
AVIVO Codecs
AVS4YOU Software Navigator 1.3
Azureus
Belarc Advisor 7.2
Bonjour
Bridge to Reading
BUFFALO Client Manager 3
Caillou(R) Four Seasons of Fun
Caillou's Kindergarten
CCE SP Trial Version
Collab
Combined Community Codec Pack 2008-01-24
Compatibility Pack for the 2007 Office system
Cool Edit Pro 2.1
Crayon Physics Deluxe - release 51
Critical Update for Windows Media Player 11 (KB959772)
dBpowerAMP
DFX for Winamp
Diet + Exercise Assistant Desktop
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DJ Twist & Burn
eBook Library by Sony
ESET NOD32 Antivirus
ffdshow
FL Studio 8
Foxit PDF Editor
Free Mp3 Wma Converter V 1.8.0
Free_TV_Bar Toolbar
FrostWire 4.18.4
Full Tilt Poker
G-Force
Good Keywords v3 121708
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GSpot Codec Information Appliance
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hoyle Card Games 2010 (remove only)
Hoyle Casino 2010 (remove only)
Hoyle Puzzle & Board Games 2010 (remove only)
Hoyle Slots 2010 (remove only)
HP Games
iCall
IL Download Manager
ImgBurn (Remove Only)
InterActual Player
iPhone Configuration Utility
iSEEK AnswerWorks English Runtime
iTunes
Java(TM) 6 Update 14
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Jumpstart Preschool v2.4
K-Lite Codec Pack 3.4.5 Full
Magic ISO Maker v5.4 (build 0245)
MagicDisc 2.5.79
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX SDK (November 2007)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
MKV TO AVI CONVERTER version 3.0
Mozilla Firefox (3.5.7)
MP4 to MP3 Converter
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Traktor DJ Studio 3
Nero 7 Ultra Edition
neroxml
NI Service Center
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
NSIS SmartTagFix
Oracle 8.1.7 ODBC Driver for BMW Applications
ParetoLogic Data Recovery
PC SpeedScan Pro
PDF to Word
Peer2Mail (remove only)
PFPortChecker 1.0.28
Picturetrail Photo Editor 1.9.0
Playtime For Baby & Toddler
PoiZone
PokerStars
PowerISO
PRS-500 USB driver
QuickTime
Reader Rabbit Preschool(R) Sparkle Star Rescue!(TM)
RealPlayer
Safari
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Sea Adventure
Secret Keys AppFix
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SoftSkies
Sony ACID Pro 6.0
Sony Media Manager 2.2
SopCast 3.0.3
SoulSeek 157 NS 13e
SoundMAX
Spybot - Search & Destroy
Subtitle Workshop
Super DVD Creator 9.5
Sysadm
TagScanner 5.0 build 531
The Rosetta Stone
Tis
TMPGEnc DVD Author 3 with DivX Authoring
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TVAnts 1.0
Ultra MP4 Video Converter 3.2.0607
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Virtools 3D Life Player
VLC media player 0.9.4
VP6 Decoder
WAV MP3 Converter 2.9 build 889
WhiteCap
Winamp
Winamp Remote
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Winnie the Pooh Preschool
WinRAR archiver
Yahoo! Messenger
Zoboomafoo Animal Kids
Zoboomafoo Creature Quest(TM)

frankc916
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-26
Gender Gender : Male
OS OS : windows xp
Points Points : 25503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by Belahzur on 15th January 2010, 7:22 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Azureus
    FrostWire 4.18.4
    Java(TM) 6 Update 14
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Viewpoint Media Player

Next,

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =

    RegNull::
    [HKEY_USERS\S-1-5-21-1202660629-1960408961-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7F8B6BB-0EF8-6D52-7613-DD3ACE95E03D}*]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by frankc916 on 16th January 2010, 12:53 am

i cant uninstall azureus. it says "No JVM could be found on your system. Please define EXE4J_JAVA_HOME to point to an installed JDK or JRE or download a JRE from [You must be registered and logged in to see this link.] everything else uninstalled just fine

frankc916
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-26
Gender Gender : Male
OS OS : windows xp
Points Points : 25503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by Origin on 16th January 2010, 1:27 am

If Azureus isn't present in your computer then its fine. How is the computer doing now?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by frankc916 on 18th January 2010, 9:21 am

It seems to be ok. should i do that CFScript and post results still?

frankc916
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-26
Gender Gender : Male
OS OS : windows xp
Points Points : 25503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need a little help finding the rest of nuqel.e

Post by Belahzur on 18th January 2010, 10:32 pm

Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum